Logi - Koń Trojański

Witam Mam taki problem :
Antywirus nod32 wykrył mi coś takiego:
Pamięć operacyjna » rundll32.exe(1892) - prawdopodobnie odmiana zagrożenia Win32/Ponmocup.AA koń trojański - nie można wyleczyć
oto logi :
file:///D:/Extras.Txt

file:///D:/OTL.Txt


Proszę o pomoc, z góry dziękuje

gdzie są te logi?

Dobra, tutaj już

Użytkownik Malekith44 edytował ten post 28 10 2012 - 19:58

Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej to:

:OTL
[2012-10-25 19:30:43 | 000,094,208 | RHS- | C] () -- C:\WINDOWS\System32\spmsgq.dll
[2012-10-25 19:30:43 | 000,000,318 | ---- | C] () -- C:\WINDOWS\tasks\Fqqpxidgdm.job
O8 - Extra context menu item: Funkcja Google Sidewiki - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Search the Web - C:\Program Files\SweetIM\Toolbars\Internet Explorer\resources\menuext.html File not found
O4 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003..\Run: [PCSpeedUp] "C:\Program Files\Przyspiesz Komputer\PCSpeedUp.exe" File not found
O4 - HKLM..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)
O4 - HKLM..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe" File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [Corel File Shell Monitor] c:\Program Files\Corel\Corel PaintShop Photo Pro\X3\PSPClassic\CorelIOMonitor.exe File not found
O4 - HKLM..\Run: [facemoods] C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodssrv.exe (facemoods.com)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (TBSB01620 Class) - {58124A0B-DC32-4180-9BFF-E0E21AE34026} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\bh\facemoods.dll (facemoods.com BHO)
O2 - BHO: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\prxtbgr0.dll File not found
O2 - BHO: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (gry Toolbar) - {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - C:\Program Files\gry\prxtbgr0.dll File not found
O3 - HKLM\..\Toolbar: (BitTorrentBar Toolbar) - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
O3 - HKLM\..\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files\facemoods.com\facemoods\1.4.17.6\facemoodsTlbr.dll (facemoods.com)
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (gry Toolbar) - {8532A8B7-C06A-41BB-936A-8CE73E4711ED} - C:\Program Files\gry\prxtbgr0.dll File not found
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (BitTorrentBar Toolbar) - {88C7F2AA-F93F-432C-8F0E-B7D85967A527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files\IMinent Toolbar\tbcore3.dll ()
O3 - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll File not found
[2012-07-12 08:59:06 | 000,002,157 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\SearchTheWeb.xml
[2012-05-21 21:25:09 | 000,002,415 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\v9.xml
[2012-08-11 17:05:03 | 000,006,481 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
[2011-05-05 21:20:15 | 000,002,049 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml
[2011-08-04 16:43:32 | 000,002,354 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\aol-web-search.xml
[2012-08-26 21:22:36 | 000,002,573 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\askcom.xml
[2012-10-01 18:41:05 | 000,002,230 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\SearchTheWeb.xml
[2012-09-24 17:05:27 | 000,003,983 | ---- | M] () -- C:\Documents and Settings\Właściciel\Dane aplikacji\Mozilla\Firefox\Profiles\1vnnk5vy.default\searchplugins\sweetim.xml
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1337631904_230548
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = pl.v9.com/idg/idg_1337631904_230548
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Facemoods Search
IE - HKLM\..\SearchScopes,DefaultScope = {EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=31-07-2011
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = pl.v9.com/idg/idg_1337631904_230548
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\InprocServer32 File not found
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\tbSof2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {8532a8b7-c06a-41bb-936a-8ce73e4711ed} - SOFTWARE\Classes\CLSID\{8532a8b7-c06a-41bb-936a-8ce73e4711ed}\InprocServer32 File not found
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\prxtbBit2.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = Facemoods Search
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = Claro Search
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{46F62C9F-47F3-4D1E-AC19-E6B47347FC9D}: "URL" = http://websearch.ask...7-F08E15960BC9
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = DAEMON-Search.com :: SEARCH
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = Szukaj {searchTerms}
IE - HKU\S-1-5-21-1644491937-1993962763-682003330-1003\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = http://slirsredirect...mrud=31-07-2011
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1
FF - prefs.js..keyword.URL: "http://slirsredirect...08-2011&query="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "SearchTheWeb"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "http://search.winamp...08-2011&query="

:Commands
[emptytemp]

Kliknij w Wykonaj Skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania Skryptem.
Użyj >Adw-cleaner. Kliknij w nim Delete
Pokaż raport z niego C:\AdwCleaner[S1].txt
.

Użytkownik ordynat edytował ten post 28 10 2012 - 20:22

Nie mogę dodać raportu ze skryptu, jest napsiane, że nie mam uprawnień, żeby wysyłać takie pliki

dodaje raport skryptu w formacie txt

W nowym logu nie widzę już niczego podejrzanego, więc powinno być OK.

W Adw-Cleaner kliknij na przycisk Uninstall
W OTL kliknij na przycisk Sprzątanie - to go usunie razem z jego Kwarantanną.

.