Live Security Platinum powalił mi komputer

wykret997 · 15 Sierpień 2012 22:40

Witam . Mam problem jakich ostatnio sporo. Mój komputer został zaatakowany przez wirusa Live Security Platinum - oczywiście nie wiem gdzie to dziadostwo siedziało , mój darmowy avast to przepuścił i dręczy mnie dość mocno. Jeśli można prosić o pomoc bo sam sobie nie poradzę - jestem zielony w sprawach obsługi komputera - ale może się uda. Mam już raport z OTL

http://wklej.org/id/811901/

Atis · 15 Sierpień 2012 23:49

Nie pomyślałeś o tym, że należy się zalogować na zainfekowane konto?

Odinstaluj:

WinZipBar Toolbar

MyAshampoo Toolbar

Akamai NetSession Interface

Do okna Własne opcje skanowania / skrypt wklej:

:OTL DRV - File not found [Kernel | System | Stopped] – C:\Documents and Settings\PPP\Moje dokumenty\SASDIFSV.SYS – (SASDIFSV) DRV - File not found [Kernel | On_Demand | Stopped] – -- (VNic) DRV - File not found [Kernel | On_Demand | Stopped] – -- (USBSNXSTOR) DRV - File not found [Kernel | On_Demand | Stopped] – C:\Documents and Settings\PPP\Pulpit\ntportio.sys – (ntportio) DRV - File not found [Kernel | On_Demand | Stopped] – -- (Nokia USB Phone Parent) DRV - File not found [Kernel | On_Demand | Stopped] – -- (Nokia USB Modem) DRV - File not found [Kernel | On_Demand | Stopped] – -- (Nokia USB Generic) IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=dpgppc&s={searchTerms}&f=4 IE - HKU\S-1-5-21-842925246-1592454029-725345543-1003…\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}: “URL” = http://start.facemoods.com/?a=dpgppc&s={searchTerms}&f=4 IE - HKU\S-1-5-21-842925246-1592454029-725345543-1003…\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=6C7194AA-CE22-409D-BA7B-12BFE938D99C&apn_sauid=E0836DB7-285B-42C8-911A-5ADD3C25D0E3 IE - HKU\S-1-5-21-842925246-1592454029-725345543-1003…\SearchScopes{71B6ACF7-4F0F-4fd8-BB69-6D1A4D271CB7}: “URL” = http://search.marioforever-toolbar.com/ … Q&ts=ne&w={searchTerms}&csrc=search-field IE - HKU\S-1-5-21-842925246-1592454029-725345543-1003…\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}: “URL” = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3106777 IE - HKU\S-1-5-21-842925246-1592454029-725345543-1003…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541858695979224 FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultenginename: “Ask.com” FF - prefs.js…browser.search.defaultthis.engineName: “gry Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2417076&SearchSource=3&q={searchTerms}” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…keyword.URL: “http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f89982cd0000000000000016e6851991&tlver=1.4.35.10&affID=100489” [2012-07-22 19:26:15 | 000,000,000 | —D | M] (WinZipBar Community Toolbar) – C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. :Files C:\Documents and Settings\All Users\Dane aplikacji\036E18DF0000FFF0000003134A174311 :Reg [-HKEY_USERS\S-1-5-21-842925246-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum] [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

wykret997 · 16 Sierpień 2012 21:32

Dziękuje Atis za informacje . usunąłem już programy WinZipBar Tolbar MyAshampoo Toolbar Akamai NetSession Interface, wkleiłem do okna w otl Własne opcje skanowania

załączam raport, który wyskoczył mi automatycznie po restarcie komputera :

All processes killed

========== OTL ==========

Service SASDIFSV stopped successfully!

Service SASDIFSV deleted successfully!

File C:\Documents and Settings\PPP\Moje dokumenty\SASDIFSV.SYS not found.

Service VNic stopped successfully!

Service VNic deleted successfully!

Service USBSNXSTOR stopped successfully!

Service USBSNXSTOR deleted successfully!

Service ntportio stopped successfully!

Service ntportio deleted successfully!

File C:\Documents and Settings\PPP\Pulpit\ntportio.sys not found.

Service Nokia USB Phone Parent stopped successfully!

Service Nokia USB Phone Parent deleted successfully!

Service Nokia USB Modem stopped successfully!

Service Nokia USB Modem deleted successfully!

Service Nokia USB Generic stopped successfully!

Service Nokia USB Generic deleted successfully!

HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\SearchAssistant| /E : value set successfully!

Registry key HKEY_USERS\S-1-5-21-842925246-1592454029-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes{0D7562AE-8EF6-416d-A838-AB665251703A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{0D7562AE-8EF6-416d-A838-AB665251703A}\ not found.

Registry key HKEY_USERS\S-1-5-21-842925246-1592454029-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}\ not found.

Registry key HKEY_USERS\S-1-5-21-842925246-1592454029-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes{71B6ACF7-4F0F-4fd8-BB69-6D1A4D271CB7}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{71B6ACF7-4F0F-4fd8-BB69-6D1A4D271CB7}\ not found.

Registry key HKEY_USERS\S-1-5-21-842925246-1592454029-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.

Registry key HKEY_USERS\S-1-5-21-842925246-1592454029-725345543-1003\Software\Microsoft\Internet Explorer\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.

Prefs.js: “Ask.com” removed from browser.search.defaultengine

Prefs.js: “Ask.com” removed from browser.search.defaultenginename

Prefs.js: “gry Customized Web Search” removed from browser.search.defaultthis.engineName

Prefs.js: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2417076&SearchSource=3&q={searchTerms}” removed from browser.search.defaulturl

Prefs.js: “Ask.com” removed from browser.search.order.1

Prefs.js: “http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=f89982cd0000000000000016e6851991&tlver=1.4.35.10&affID=100489” removed from keyword.URL

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\searchplugin folder moved successfully.

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\Plugins folder moved successfully.

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\modules folder moved successfully.

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\META-INF folder moved successfully.

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\defaults folder moved successfully.

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\components folder moved successfully.

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37}\chrome folder moved successfully.

C:\Documents and Settings\PPP\Dane aplikacji\Mozilla\Firefox\Profiles\8qlatcci.default\extensions{50fafaf0-70a9-419d-a109-fa4b4ffd4e37} folder moved successfully.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\Locked deleted successfully.

File KEY_USERS\S-1-5-21-842925246-1592454029-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum] not found.

File KEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] not found.

File ptytemp] not found.

OTL by OldTimer - Version 3.2.57.0 log created on 08162012_232156

Files\Folders moved on Reboot…

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

– Dodane 16.08.2012 (Cz) 23:47 –

witam ponownie. wykonałem zgodnie z poleceniem Atis nowy skan , oto wyniki z otl

:

http://wklej.org/id/812553/

Atis · 16 Sierpień 2012 23:21

Wklej i kliknij Wykonaj skrypt:

Odinstaluj starą wersję programu:

Java 6 Update 31

Adobe Reader X (10.1.3)

Adobe Flash Player 9 ActiveX

Później zainstaluj:

Adobe Reader

Flash Player

Java

Uruchom OTL i kliknij Sprzątanie.

Wyłącz i ponownie włącz przywracanie systemu:

http://support.microsoft.com/kb/310405/pl

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

Dysk przeskanuj Malwarebytes-AntiMalware.

Podczas instalacji odznacz Uruchom okres testowy Malwarebytes Anti-Malware PRO.

http://www.dobreprogramy.pl/Malwarebyte … 13117.html

wykret997 · 17 Sierpień 2012 13:24

ok zrobiłem wszystko. Nie wiem czy dobrze poszło z SecurityCheck bo po kliknięciu w dowolny przycisk po uruchomieniu tego programu na chwilę pojawił sie napis na czarnym tle i wszystko znikło i nie wiem czy doszło do uruchomienia tego programu. Komputer wrócił do normy a nawet przyspieszył działanie i logowanie się w internecie bo działał wolniej przed wirusem. Wydaje się ok Wielkie Dzięki Atis . Jęsli mam coś wkleić np. z otl daj znać.