Wykryto wyłączony javascript

Aktualnie masz wyłączony javascript. Kilka funkcji może nie działać. Włącz ponownie javascript, aby korzystać z pełnej funkcjonalności.

Logi - Wolne wczytywanie storn internetowych

Rozpoczęty przez jack64vp , 09 10 2010 22:09

Temat jest zamknięty

5 odpowiedzi w tym temacie

#1 jack64vp

Początkujący

40 postów

Napisano 09 10 2010 - 22:09

Witam serdecznie, bardzo proszę o sprawdzenie logów. komp strasznie spowalnia, długo otwieraja się strony, niektóre w ogóle//ort nie chcą się otworzyć, ze względu na długi czas oczekiwania. Kilka razy mój program antywirusowy pokazał wyłapanego wirusa, typu banner, o ile dobrze pamiętam.

Załączone pliki

OTL.Txt 71,32 KB 294 Ilość pobrań
Startup Programs (USER-44FC016575) 2010-10-09 10.18.08.txt 21,78 KB 297 Ilość pobrań

0

Do góry

#2 ordynat

Zaawansowany użytkownik

804 postów

Napisano 09 10 2010 - 22:27

Nie widzę tu żadnej infekcji.

Daje do usuwania niepotrzebny ASK.
Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
[2010-10-09 11:01:00 | 000,000,232 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job
O2 - BHO: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKU\S-1-5-21-1085031214-448539723-725345543-1004\..\Toolbar\WebBrowser: (Sopcast Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
IE - HKU\S-1-5-21-1085031214-448539723-725345543-1004\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

:Files
C:\Program Files\Ask.com

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]
[Reboot]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.
.

0

Do góry

#3 jack64vp

Początkujący

40 postów

Napisano 10 10 2010 - 07:00

Jeszcze jedno co mnie nurtuje, codziennie pokazuje mi jakieś wykryte wirusy typu:

TR/Agent.WDCR Trojan
TR/OnlineGam.105411 Trojan
TR/Drop.Autoit.CE.3 Trojan
Worm/Palevo.acoz Worm

Daje raport

Nie wiem dlaczego, ale ten raport z usuwania nie chce sie wkleić w załączniku.

All processes killed

========== OTL ==========

C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ deleted successfully.

C:\Program Files\Ask.com\GenericAskToolbar.dll moved successfully.

Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1085031214-448539723-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

Registry value HKEY_USERS\S-1-5-21-1085031214-448539723-725345543-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{00000000-6E41-4FD3-8538-502F5495E5FC} deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}\ deleted successfully.

File C:\Program Files\Ask.com\GenericAskToolbar.dll not found.

========== FILES ==========

C:\Program Files\Ask.com folder moved successfully.

========== REGISTRY ==========

Registry key HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\ deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33172 bytes

 

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: user

->Temp folder emptied: 55009478 bytes

->Temporary Internet Files folder emptied: 308397286 bytes

->Java cache emptied: 393406 bytes

->Flash cache emptied: 2738 bytes

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 2596 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 948450 bytes

RecycleBin emptied: 0 bytes

 

Total Files Cleaned = 348,00 mb

 

 

OTL by OldTimer - Version 3.2.14.1 log created on 10102010_070322



Files\Folders moved on Reboot...

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\3998100,98139,,pion_3[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\3998100,98139,,pion_3[2].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\3998100,99503,,desercss_deser[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\Bezpiecze%C5%84stwo_w_sieci-f12[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\otl-t2153[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\reklama[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\Reklama[3].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\reklama[4].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\R4RZ0PK5\WOCA7N79YKCASGU6RDCAZCCBQ2CATDN2HACA9DZH9ZCA206QKBCALMMUJ4CAVD3184CAQZOIIJCAO5DJVBCA605V76CAV98KK0CAFV65BNCAQZJP0ZCADDHW94CAMVE0PFCANPPH6SCA2WTSFQCA3OC43H.htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\bezpieczenstwo-f16[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\index[2].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\odebrane[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\overWordLayer[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\reklama[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\reklama[2].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\reklama[5].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LV1Z90SD\topic1789123[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ICCFZ1E3\4110[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ICCFZ1E3\4ICALW7V3HCATDMI7CCABMRD8LCAJ3XTSZCAMQAA02CA24NZBQCA4U6BC6CAQG0ENHCA1DMU2CCAY81EQNCAMUYE5WCA5JSXY0CALWQGXTCAYWJW21CA79FS8CCAGSSHEWCARMSHLJCAKZIQGRCA21HA5E.htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ICCFZ1E3\postview[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\ICCFZ1E3\st[1] moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A2LYUH65\7HCAB7WBCUCABEZ42GCA8EGZO2CA0U23GECATFZW2PCACNV38VCAWBG24SCABNUPX6CALIOCYPCAVRFZ0NCA2UUUNZCA2CD8UJCAINUN32CAS8XEA5CA1ZNLEQCAPNZ1KVCASCMK1WCA09XDT1CA74XTJC.htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A2LYUH65\86CATG2DD5CAB2DV5RCA1PRYKICAWZEVHXCAZAAZBXCACECC72CATQW97KCADA5CAECAFD7ZKGCA7HME7XCA4B4WZUCAO54K14CAFR6W20CATOSC35CA45WFXCCA4C5L4LCAG02NEWCAJ482QTCAR1J3AQ.htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A2LYUH65\DLCAY3FG6MCABGDQ65CAGGA3L9CAMC320MCAHD0O55CAYGHHVKCAIAJ20ICAGEYSCICACUE4KNCANU9P6CCA5J9LSMCAWZQXKWCAX1F3DLCAZV3BKHCAZCK0D1CAG4MT2UCA6G6TAACA0Z0LIPCACSC3GF.htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A2LYUH65\M1CAJ7JFSMCAIA6L59CAZOL356CAE2YSBOCAYNW3G4CAIPRI9OCAECJBLDCAOLE0A0CANKGEEBCAL10NEBCA0GOLRGCA1XD7P0CAC1X1YSCAGLQMJBCACQ8UU1CAXRFUXACADMJDPQCAA6SCYDCABJT4HI.htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A2LYUH65\otlprosze-o-spr-logow-t41603[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A2LYUH65\PSCAS1LR5UCAMBWBRXCAIBK0RGCA69FXOCCACZR2JBCAII3Q96CAFHZUPUCA3601IMCA0YSFSBCA7T3AX3CAE37UHYCA1TIS4PCAX224NMCAPTPTHSCAGS8MQOCAJ03ZN1CA2EZEW3CA0JBLOLCAE4C7MI.htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\A2LYUH65\Reklama[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\09P93FCS\4169[1].htm moved successfully.

C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.



Registry entries deleted on Reboot...

Załączone pliki

OTL.Txt 53,55 KB 286 Ilość pobrań

Użytkownik Katarina edytował ten post 10 10 2010 - 10:13

0

Do góry

#4 ordynat

Zaawansowany użytkownik

804 postów

Napisano 10 10 2010 - 08:04

Jeszcze do usunięcia "vShare" - dopiero teraz zobaczyłem, że to znajduje się na czarnej liście.
Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-1085031214-448539723-725345543-1004\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll ()
[2010-09-30 21:14:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\user\Dane aplikacji\vShare
[2010-09-30 21:14:19 | 000,000,000 | ---D | C] -- C:\Program Files\vShare

:Commands
[emptytemp]
[Reboot]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.

TR/Agent.WDCR Trojan
TR/OnlineGam.105411 Trojan
TR/Drop.Autoit.CE.3 Trojan
Worm/Palevo.acoz Worm

Gdzie to jest wykrywane (ścieżki i nazwy plików) ?

Ponieważ podajesz, że jest wykrywany także "Onlinegames", który jest infekcją pendrivową, to użyj USBFix >http://www.bezpieczenstwosystemow.pl/index.php?topic=7405.0
Kliknij w nim na przycisk DELETION.
Pokaż raport z tego.
.

Użytkownik ordynat edytował ten post 10 10 2010 - 08:05

0

Do góry

#5 jack64vp

Początkujący

40 postów

Napisano 10 10 2010 - 09:15

Jeśli chodzi o te wirusy to są m.inn :

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\OQBDZUY8\banner[1].htm.

Virus or unwanted program 'HEUR/HTML.Malware [heuristic]'
detected in file 'C:\Documents and Settings\user\Ustawienia lokalne\Temporary Internet Files\Content.IE5\LS81WN61\banner[1].htm.

Wszystkie są tam, tylko pod różnymi kodami.
Szukałem tego, ale w folderze\ Ustawienia lokalne\ Nie ma pliku \Temporary Internet Files\

Raport z usuwania:

All processes killed========== OTL ==========Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ deleted successfully.C:\Program Files\vShare\vshare_toolbar.dll moved successfully.Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.File C:\Program Files\vShare\vshare_toolbar.dll not found.Registry value HKEY_USERS\S-1-5-21-1085031214-448539723-725345543-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{043C5167-00BB-4324-AF7E-62013FAEDACF} deleted successfully.Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{043C5167-00BB-4324-AF7E-62013FAEDACF}\ not found.File C:\Program Files\vShare\vshare_toolbar.dll not found.C:\Documents and Settings\user\Dane aplikacji\vShare\radio folder moved successfully.C:\Documents and Settings\user\Dane aplikacji\vShare\cache\tmp folder moved successfully.C:\Documents and Settings\user\Dane aplikacji\vShare\cache folder moved successfully.C:\Documents and Settings\user\Dane aplikacji\vShare folder moved successfully.C:\Program Files\vShare\skin folder moved successfully.C:\Program Files\vShare\radio folder moved successfully.C:\Program Files\vShare folder moved successfully.========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: LocalService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 33170 bytes User: NetworkService->Temp folder emptied: 0 bytes->Temporary Internet Files folder emptied: 0 bytes User: user->Temp folder emptied: 65536 bytes->Temporary Internet Files folder emptied: 23688457 bytes->Java cache emptied: 0 bytes->Flash cache emptied: 1011 bytes %systemdrive% .tmp files removed: 0 bytes%systemroot% .tmp files removed: 0 bytes%systemroot%\System32 .tmp files removed: 0 bytes%systemroot%\System32\dllcache .tmp files removed: 0 bytes%systemroot%\System32\drivers .tmp files removed: 0 bytesWindows Temp folder emptied: 738678 bytesRecycleBin emptied: 0 bytes Total Files Cleaned = 23,00 mb  OTL by OldTimer - Version 3.2.14.1 log created on 10102010_092203Files\Folders moved on Reboot...Registry entries deleted on Reboot...

Załączone pliki

UsbFix.txt 4,83 KB 294 Ilość pobrań
OTL.Txt 50,83 KB 299 Ilość pobrań
Extras.Txt 32,58 KB 319 Ilość pobrań

Użytkownik Katarina edytował ten post 10 10 2010 - 10:14

0

Do góry

#6 ordynat

Zaawansowany użytkownik

804 postów

Napisano 10 10 2010 - 10:39

Pisałem wyraźnie, że w USBFix ma być użyty z opcji DELETION (a nie LISTING).
Ale to właściwie teraz nieważne, bo w raporcie nie widać obiektów infekcji pendrivowej.