Komputer był bardzo zamulony, dodatkowo złapał trojana, który wyświetla komunikat o złamanym prawie autorskim. Komputer przeskanowany narzędziem DrWeb CureIt, który usunął trojana, ale problem wolnego działania pozostał. Załączam logi.
:OTL
PRC - [2012-01-04 20:20:50 | 001,391,272 | ---- | M] (Ask) -- C:\Program Files\Ask.com\Updater\Updater.exe
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis&tb=AVR-3
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis&tb=AVR-3
IE - HKU\S-1-5-21-3238996921-623924418-2247066791-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=10148&l=dis&tb=AVR-3
IE - HKU\S-1-5-21-3238996921-623924418-2247066791-1000\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10401&src=crm&q={searchTerms}&locale=en_PL&apn_ptnrs=^ABZ&apn_dtid=^YYYYYY^YY^PL&apn_uid=D5655D1B-131B-4D88-B084-5E537956BD92&apn_sauid=8A381C8A-433B-477A-A222-6C6A5327A8F1
IE - HKU\S-1-5-21-3238996921-623924418-2247066791-1000\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = http://127.0.0.1:4664/search&s=GCuTTA_AIlQGjvrrNtfMOi82fS8?q={searchTerms}
FF - prefs.js..browser.startup.homepage: "http://www.ask.com?o=10148&l=dis&tb=AVR-3"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKU\S-1-5-21-3238996921-623924418-2247066791-1000\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O33 - MountPoints2\{16181233-f4fa-11dd-a40c-002243c221c1}\Shell\AutoRun\command - "" = F:\iqe68o.bat
O33 - MountPoints2\{16181233-f4fa-11dd-a40c-002243c221c1}\Shell\explore\Command - "" = F:\iqe68o.bat
O33 - MountPoints2\{16181233-f4fa-11dd-a40c-002243c221c1}\Shell\open\Command - "" = F:\iqe68o.bat
O33 - MountPoints2\{594059a3-8cbe-11df-847b-b9aa429ad928}\Shell - "" = AutoRun
O33 - MountPoints2\{594059a3-8cbe-11df-847b-b9aa429ad928}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{594059a5-8cbe-11df-847b-b9aa429ad928}\Shell\AutoRun\command - "" = G:\MARAJAH/karajana.exe
O33 - MountPoints2\{594059a5-8cbe-11df-847b-b9aa429ad928}\Shell\open\command - "" = G:\MARAJAH/karajana.exe
O33 - MountPoints2\{d961a6a4-189e-11de-9a18-000000000000}\Shell\AutoRun\command - "" = 2sm66r.exe
O33 - MountPoints2\{d961a6a4-189e-11de-9a18-000000000000}\Shell\open\Command - "" = 2sm66r.exe
[2012-07-18 20:31:26 | 000,001,036 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012-07-18 20:29:24 | 000,001,032 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
:Files
C:\Users\Dawid\AppData\Roaming\hellomoto
C:\ProgramData\F4D56229000151F5000A54F5EEC1FB6E
:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"SuperHidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"Hidden"=dword:00000001
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced]
"ShowSuperHidden"=dword:00000001
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\Hidden\SHOWALL]
"CheckedValue"=dword:00000001
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Folder\SuperHidden\Policy\DontShowSuperHidden]
@=""
:Commands
[emptytemp]
:OTL
[2012-07-18 22:43:58 | 000,311,312 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\6488382.sys
[2012-07-18 22:43:58 | 000,128,016 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\64883821.sys
[2012-07-18 22:43:58 | 000,037,392 | ---- | C] (Kaspersky Lab) -- C:\Windows\System32\drivers\64883822.sys
:Files
bthservsdp.dat
:Commands
[emptytemp]
DRV - [2009-10-22 13:54:18 | 000,037,392 | ---- | M] (Kaspersky Lab) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\64883822.sys -- (64883822)
DRV - [2009-10-09 23:31:02 | 000,311,312 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\System32\drivers\6488382.sys -- (setup_9.0.0.722_17.07.2012_22-21drv)
DRV - [2009-09-25 17:59:42 | 000,128,016 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\System32\drivers\64883821.sys -- (64883821)
:Commands
[emptytemp]
Użytkownicy przeglądający to forum: Brak zarejestrowanych użytkowników oraz 10 gości