Bmsiak
(Bmsiak)
22 Lipiec 2012 13:42
#1
Witam. Nie wiem jakim cudem, ten syf dostał się na mój komputer. Niestety z takim skutkiem, że nie mogę uruchomić żadnego innego programu na jednym z kont. Proszę o pomoc w usunięciu. Wrzucam logi z OTL.
http://wklej.org/id/795605/ - OTL.txt
http://wklej.org/id/795607/ - Extras.txt
Atis
(Atis)
22 Lipiec 2012 13:50
#2
Odinstaluj:
FreeRIP Toolbar
StartSearch Toolbar
HyperSnap Toolbar
Do okna Własne opcje skanowania / skrypt wklej:
:OTL SRV - [2012-06-27 17:01:34 | 000,791,488 | ---- | M] (Spigot, Inc.) [Auto | Running] – C:\Program Files\Application Updater\ApplicationUpdater.exe – (Application Updater) DRV - File not found [Kernel | On_Demand | Stopped] – D:\INSTALL\GMSIPCI.SYS – (GMSIPCI) IE - HKLM…\SearchScopes{6A1806CD-94D4-4689: “URL” = http://startsear.ch/?aff=1&src=sp&cf=40 … 921f92e&q={searchTerms} IE - HKU\S-1-5-21-1275210071-1960408961-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=407bd2a4- … e54921f92e IE - HKU\S-1-5-21-1275210071-1960408961-839522115-1004…\SearchScopes{6A1806CD-94D4-4689: “URL” = http://startsear.ch/?aff=1&src=sp&cf=40 … 921f92e&q={searchTerms} FF - prefs.js…browser.search.order.1: “Web Search” [2012-07-02 21:25:38 | 000,000,000 | —D | M] (FreeRIP Toolbar) – C:\PROGRAM FILES\FREERIP TOOLBAR\FF [2012-04-03 22:23:33 | 000,000,792 | ---- | M] () – C:\Documents and Settings\Rafal\Application Data\Mozilla\Firefox\Profiles\3egv6wc0.default\searchplugins\startsear.xml [2012-01-02 02:48:42 | 000,083,456 | ---- | M] (StartSearch ) – C:\Program Files\mozilla firefox\plugins\npvsharetvplg.dll O4 - HKLM…\Run: [searchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKU\S-1-5-21-1275210071-1960408961-839522115-1004…\Run: [cdoosoft] C:\WINDOWS\system32\olhrwef.exe File not found O4 - HKU\S-1-5-21-1275210071-1960408961-839522115-1004…\Run: [Gadu-Gadu] C:\Program Files\Gadu-Gadu\gg.exe /tray File not found [2012-07-22 14:20:53 | 000,000,000 | —D | M] – C:\Documents and Settings\All Users\Application Data\036DFF98027B71E9AEEE0F8FE56C3425 :Files C:\Documents and Settings\All Users\Application Data\036DFF98027B71E9AEEE0F8FE56C3425 C:\Documents and Settings\Rafal\Application Data\wtxpcom C:\WINDOWS\System32\eb22963a.exe C:\2009113890.tmp.bat :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
Bmsiak
(Bmsiak)
22 Lipiec 2012 17:47
#3
Atis
(Atis)
22 Lipiec 2012 18:03
#4
Kliknij Skanuj i pokaż nowy log
Bmsiak
(Bmsiak)
22 Lipiec 2012 19:06
#5
Log OTL.txt - http://wklej.org/id/795845/
Log Extras.txt - http://wklej.org/id/795847/
Wszystko działa już bez zarzutów, wielkie dzięki! Pozdrawiam.
Atis
(Atis)
22 Lipiec 2012 19:22
#6
Odinstaluj McAfee Security Scan Plus.
Wklej i kliknij Wykonaj skrypt:
:OTL :OTL IE - HKLM…\SearchScopes{6A1806CD-94D4-4689: “URL” = http://startsear.ch/?aff=1&src=sp&cf=40 … 921f92e&q={searchTerms} IE - HKU\S-1-5-21-1275210071-1960408961-839522115-1003…\URLSearchHook: {E634228A-03CF-4BC8-B0AB-668257F1FD8C} - No CLSID value found O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKU\S-1-5-21-1275210071-1960408961-839522115-1003…\Toolbar\WebBrowser: (no name) - {338B4DFE-2E2C-4338-9E41-E176D497299E} - No CLSID value found. [2012-07-22 14:20:53 | 000,000,000 | —D | C] – C:\Documents and Settings\Bartek\Start Menu\Programs\Live Security Platinum [2012-07-22 19:32:15 | 000,000,000 | —D | M] – C:\Documents and Settings\Rafal\Application Data\Toolbar4 :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [-HKEY_USERS\S-1-5-21-1275210071-1960408961-839522115-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum]
Uruchom OTL i kliknij Sprzątanie.
Wyłącz i ponownie włącz przywracanie systemu:
http://support.microsoft.com/kb/310405/pl
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date