Wirus z pendriva

[bandrzal]

Witam proszę o sprawdzenie logów nie wiem czy prawidłowo skasowałem wirusy z pendriva system windows mx 8.1 zmodyfikowany windows xp sp3

C:\Documents and Settings\Administrator\fuefue.exe

K:\zoazo.scr

Te pliki odpowiadały za tworzenie się skrótów

otl.txt

Extras.Txt

[picasso]

W raporcie z OTL brak oznak infekcji. Tylko drobne korekty zrób. Uruchom OTL i w sekcji Własne opcje skanowania / skrypt wklej:

 

:Reg
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[-HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes]
[-HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes]
 
:OTL
IE - HKU\S-1-5-21-117609710-1425521274-682003330-500\..\URLSearchHook:  - No CLSID value found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} "http://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab" (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} "http://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab" (Reg Error: Key error.)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EagleNT.sys -- (EagleNT)

 

Klik w Wykonaj skrypt.

 

 

skasowałem wirusy z pendriva

 

Potrzebny dodatkowy log listujący zawartość root wszystkich dysków. Uruchom OTL, wszystkie opcje ustaw na Brak + szukanie plików na Żadne, w sekcji Własne opcje skanowania / skrypt wklej:

 

C:\*.*

D:\*.*
F:\*.*
G:\*.*
H:\*.*

 

Klik w Skanuj.

 

 

windows mx 8.1 zmodyfikowany windows xp sp3

 

To widać. Takie Windows mają rozmaite wpisy, które demaskują "roboty".

 

 

 

.

[bandrzal]

========== REGISTRY ==========

HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully!

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\"DefaultScope"|"{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" /E : value set successfully!

Registry key HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

Registry key HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\ not found.

Registry key HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

Registry key HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\ deleted successfully.

========== OTL ==========

Registry value HKEY_USERS\S-1-5-21-117609710-1425521274-682003330-500\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.

Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.

Starting removal of ActiveX control {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA}\ not found.

Service EagleNT stopped successfully!

Service EagleNT deleted successfully!

File C:\WINDOWS\system32\drivers\EagleNT.sys not found.

 

OTL by OldTimer - Version 3.2.69.0 log created on 01242013_190507

 

OTL logfile created on: 2013-01-24 19:09:24 - Run 14

OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Moje dokumenty\Downloads

Windows XP Professional Edition Dodatek Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000415 | Country: Polska | Language: PLK | Date Format: yyyy-MM-dd

 

2,00 Gb Total Physical Memory | 1,40 Gb Available Physical Memory | 70,26% Memory free

4,85 Gb Paging File | 4,43 Gb Available in Paging File | 91,44% Paging File free

Paging file location(s): C:\pagefile.sys 3070 3070 [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 29,30 Gb Total Space | 6,53 Gb Free Space | 22,30% Space Free | Partition Type: NTFS

Drive D: | 157,01 Gb Total Space | 63,12 Gb Free Space | 40,20% Space Free | Partition Type: NTFS

Drive F: | 100,00 Mb Total Space | 75,87 Mb Free Space | 75,87% Space Free | Partition Type: NTFS

Drive G: | 78,03 Gb Total Space | 69,60 Gb Free Space | 89,19% Space Free | Partition Type: NTFS

Drive H: | 387,64 Gb Total Space | 387,54 Gb Free Space | 99,98% Space Free | Partition Type: NTFS

Drive K: | 946,67 Mb Total Space | 153,52 Mb Free Space | 16,22% Space Free | Partition Type: FAT

 

Computer Name: MX8PC | User Name: Administrator | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

 

========== Custom Scans ==========

 

< C:\*.* >

[2012-12-30 16:37:42 | 000,002,818 | ---- | M] () -- C:\AdwCleaner[R1].txt

[2013-01-04 19:52:02 | 000,000,834 | ---- | M] () -- C:\AdwCleaner[R2].txt

[2012-12-30 16:41:25 | 000,002,858 | ---- | M] () -- C:\AdwCleaner[s2].txt

[2010-04-13 23:15:14 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT

[2012-07-11 20:18:17 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2001-07-22 01:13:54 | 000,004,952 | RHS- | M] () -- C:\Bootfont.bin

[2010-04-13 23:15:14 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS

[2010-04-13 23:15:14 | 000,000,000 | RHS- | M] () -- C:\IO.SYS

[2010-04-13 23:15:14 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS

[2008-04-13 23:13:04 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM

[2008-04-14 01:02:00 | 000,251,152 | RHS- | M] () -- C:\ntldr

[2013-01-24 19:06:22 | 3219,128,320 | -HS- | M] () -- C:\pagefile.sys

[2013-01-23 18:27:35 | 000,006,036 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_23.01.2013_18.27.29_log.txt

[2012-12-30 17:48:53 | 000,245,410 | ---- | M] () -- C:\TDSSKiller.2.8.15.0_30.12.2012_17.45.53_log.txt

 

< D:\*.* >

[2012-01-05 20:51:18 | 006,527,851 | ---- | M] () -- D:\Blue Stahli - Metamorphosis (Voicians Remix)-[www_2conv_com].mp3

[2011-01-16 10:35:31 | 000,004,410 | ---- | M] () -- D:\System.cfg

[2012-05-28 17:51:14 | 000,168,448 | -HS- | M] () -- D:\Thumbs.db

[1 D:\*.tmp files -> D:\*.tmp -> ]

 

< F:\*.* >

[2009-07-14 02:38:58 | 000,383,562 | RHS- | M] () -- F:\bootmgr

[2013-01-19 12:33:57 | 000,008,192 | RHS- | M] () -- F:\BOOTSECT.BAK

 

< G:\*.* >

[2009-06-10 22:42:20 | 000,000,024 | ---- | M] () -- G:\autoexec.bat

[2009-06-10 22:42:20 | 000,000,010 | ---- | M] () -- G:\config.sys

[2013-01-19 12:47:18 | 1610,063,872 | -HS- | M] () -- G:\hiberfil.sys

[2013-01-19 12:47:23 | 2146,754,560 | -HS- | M] () -- G:\pagefile.sys

 

< H:\*.* >

 

< End of report >

 

[picasso]

Skan dostosowany nic nie ujawnia dodatkowego. Na zakończenie:

 

1. W OTL uruchom Sprzątanie. Usuń z dysku C logi AdwCleaner i TDSSKiller.

 

2. Wyczyść foldery Przywracania systemu: KLIK.

 

3. Drobne aktualizacje: Starsza Java™ 6 Update 37 do wyrzucenia (a wersja 11 też niestety dziurawa). Sprawdź czy Foxit Reader aktualny. Do aktualizacji OpenOffice.org 3.2 oraz Office 2007 (instalacja pakietu SP3).

 

Temat rozwiązany. Zamykam.

 

 

 

.