Proszę o sprawdzenie logów, antywirus nie radzi sobie z tymi infekcjami.
Log z OTL: http://wklej.to/uyab
Chyba źle wkleiłeś linka do OTL
jeszcze raz wklejam: http://wklej.to/MXOzF
Ale to jest raport Extras.txt a gdzie raport OTL.txt
przepraszam, oto log http://wklej.to/Xa73F
Na początek to:
W okno Własne opcje skanowania / skrypt w OTL wklej:
:OTL PRC - [2011-10-11 12:33:42 | 000,260,608 | -HS- | M] (Radialpoint Inc.) – C:\Users\rd\Network\igfxcv32.exe O3 - HKLM…\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Toolbar\WebBrowser: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O4 - HKLM…\Run: [b7F.exe] C:\Program Files\Internet Explorer\318F\B7F.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [{1CB4BCA1-6C2E-164E-3AAD-E5EFDAFC1B4E}] C:\Users\rd\AppData\Roaming\Fitofa\gexyc.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [{2A458A8B-8239-B217-15B8-33977B369197}] C:\Users\rd\AppData\Roaming\Ceutwa\sofi.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [{52EB5840-1F0E-7E9C-F30B-9D76E8229326}] C:\Users\rd\AppData\Roaming\Diwuti\ezibe.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [{E505DA0D-27EF-185B-E274-6D654DE71F71}] C:\Users\rd\AppData\Roaming\Macromedia\Flash Player\prevhost.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [0ufx5kllao] C:\Users\rd\0ufx5kllao.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [3GVEXX8V2YUXZI4JZICCL] C:\win32system\701BE486559.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [4W1WVWUV1F7XWE6EHSZNABSNIEVXCSE] C:\Recycle.Bin\B6232F3A559.exe /q File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [b7F.exe] C:\Users\rd\AppData\Roaming\Microsoft\318F\B7F.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [F16.exe] C:\Users\rd\AppData\Roaming\Microsoft\7D6F\F16.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [KB300025.exe] “C:\Users\rd\AppData\Roaming\KB300025.exe” File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [Microsoft Firewall 2.9] C:\Users\rd\AppData\Roaming\WMPRWISE.EXE File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [mssend] “C:\Users\rd\AppData\Roaming\xeto2vpz2hbokcgjagafrvponojtnksa2\svcnost.exe” File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [pbfxnucyrto] “C:\Users\rd\AppData\Local\pbfxnucyrto\pbfxnucyrto.exe” File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [PID] C:\Users\rd\AppData\Local\Temp\0.4038574184837862.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [wnszcxwu] C:\Users\rd\AppData\Roaming\Wcsyhtye\Vdszxc\wzcxlxs.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [XH3W7YYD2UUBYFYIUKBDGJME] C:\debug.Bin\111B3F40559.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [XW3X2Y3D2UUBYFYIX] C:\debug.Bin\111B3F40559.exe File not found O4 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001…\Run: [z2epve] C:\Users\rd\z2epve.exe File not found F3 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001 WinNT: Load - (C:\Users\rd\AppData\Roaming\35788\lvvm.exe) - File not found O20 - HKU\S-1-5-21-3453729903-2198609650-955386086-1001 Winlogon: Shell - (C:\Users\rd\AppData\Roaming\F1135\CB17D.exe) - File not found [2011-11-27 11:09:33 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xeto2vpz2hbokcgjagafrvponojtnksa2 [2011-08-14 12:11:05 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xg2zqow1fcjhcnrvismifyrsdskt1tad2 [2011-05-29 09:16:05 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\ximafw3cipxgqreslcwisaih32teuwxz2 [2011-08-30 15:51:43 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xoonntjthqnguuuvdzsfqbnmptubkbus2 [2011-06-06 21:06:03 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xop2twbkpbbjbadjvjhmfenjzleibpci2 [2011-11-10 15:28:18 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xtasrfp2pem2auphwcbrwya1i11rcizm2 [2011-11-14 21:42:53 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xuwjsheozngkcvomqlsvvgucqeviokgm2 [2011-10-11 17:19:16 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xxnbaqj11bbrsrxdd2qowarawkljryyi2 [2011-11-21 22:26:08 | 000,000,000 | —D | M] – C:\Users\rd\AppData\Roaming\xxoy1mapwlxpmtaejxtvbuvbs1jcpncr2 [2011-08-30 15:51:45 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\3709917.exe [2011-08-30 15:51:45 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\3645522.exe [2011-08-30 15:51:45 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\2021562.exe [2011-08-30 15:51:40 | 000,070,144 | ---- | C] () – C:\Users\rd\AppData\Roaming\5053432.exe [2011-06-17 19:33:34 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\9190988.exe [2011-06-17 19:33:34 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\8936439.exe [2011-06-17 19:33:34 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\5736089.exe [2011-06-17 19:33:34 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\3546577.exe [2011-05-30 19:14:37 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\9985422.exe [2011-05-30 19:14:37 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\8064078.exe [2011-05-30 19:14:37 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\4031656.exe [2011-05-26 14:53:30 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\607047.exe [2011-05-26 14:53:30 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\5370604.exe [2011-05-26 14:53:30 | 000,000,000 | ---- | C] () – C:\Users\rd\AppData\Roaming\3469345.exe :Commands [emptytemp]
Klikasz na Wykonaj skrypt . Zgadzasz się na restart komputera. Log z usuwania na forum
Następnie wykonaj pełny skan Malwarebytes http://www.dobreprogramy.pl/Malwarebyte … 13117.html Usuń co znajdzie program pokaż raport na forum
Następnie ponownie uruchamiasz OTL klikasz raz jeszcze Skanuj i dajesz nowy log na forum Czyli dwa logi jeden z usuwania drugi z nowego skanowania po usuwaniu.