Witam. Mam problem z Metropolitan uk police wirus. Wczoraj załapałem ten syf na kompa i blokuje mi cały system. Próbowałem to już usunąć Trojan killerem, ale nic to nie dało. Miał już ktoś podobny problem i go rozwiązał??
Uruchom system w trybie awaryjnym i utwórz logi z OTL.
Po uruchomieniu komputera naciskaj klawisz F8 i wybierz tryb awaryjny.
Odinstaluj w panelu sterowania oraz usuń na liście rozszerzeń Firefoxa i Chrome:
Facemoods Toolbar, Ask Toolbar, Babylon toolbar on IE, DealPly
Do okna Własne opcje skanowania / skrypt wklej:
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=2&cf=cd6cec39-1dbc-11e1-aff2-001d7de931de
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=dpgppc&s={searchTerms}&f=4
IE - HKLM\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=cd6cec39-1dbc-11e1-aff2-001d7de931de&q={searchTerms}
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource=10&ctid=CT2790392
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\..\URLSearchHook: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - No CLSID value found
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = http://startsear.ch/?aff=2&src=sp&cf=cd6cec39-1dbc-11e1-aff2-001d7de931de&q={searchTerms}
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=101067&mntrId=9a3e0c39000000000000001d7de931de
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\..\SearchScopes\{2BC9DB79-8950-4DB2-ADD0-9DF04D7B1C19}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=MGX&o=15355&src=kw&q={searchTerms}&locale=&apn_ptnrs=JP&apn_dtid=YYYYYYYYPL&apn_uid=595AE8C4-8C49-4B5C-BCE5-00F61C1A6D89&apn_sauid=3E6ED9B0-23E8-496C-B070-FDAC500BEB5C
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\..\SearchScopes\{A00402D4-BC32-4CCB-8C5E-F1D3737581A1}: "URL" = http://start.facemoods.com/?a=dpgppc&s={searchTerms}&f=4
IE - HKU\S-1-5-21-1329705234-3223601161-640188403-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredimail.com/mb59/?search={searchTerms}&loc=search_box&u=92541883134906904
FF - prefs.js..browser.search.defaultengine: "Web Search"
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "BitTorrentBar Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2790392&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://search.conduit.com/?ctid=CT2790392&SearchSource=13"
FF - prefs.js..keyword.URL: "http://search.babylon.com/?AF=100482&babsrc=adbartrp&mntrId=9a3e0c39000000000000001d7de931de&q="
O4 - HKLM..\Run: [] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html File not found
[2012-03-16 17:41:38 | 000,001,027 | ---- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fsa299872.exe.lnk
[2012-03-16 17:41:37 | 000,001,027 | ---- | M] () -- C:\Users\x\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\arg396013.exe.lnk
:Commands
[emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.
http://wklej.to/IwOeT -raport
i teraz mam ponownie wykonać skan z tymi linijkami w OTL ??:
netsvcs
msconfig
safebootminimal
safebootnetwork
%systemdrive%*.*
/md5start
agp440.sys
atapi.sys
beep.sys
cdrom.sys
ndis.sys
winlogon.exe
userinit.exe
/md5stop
Po prostu uruchom OTL i kliknij Skanuj.
Sterowniki Avasta datowane na 2009 rok, więc aktualizuj program antywirusowy.
Wklej do OTL i kliknij Wykonaj skrypt:
:OTL
[2012-03-08 23:15:36 | 000,000,000 | ---D | M] (BitTorrentBar Community Toolbar) -- C:\Users\x\AppData\Roaming\mozilla\Firefox\Profiles\pmt9jfgz.default\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
[2012-02-15 14:06:52 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\x\AppData\Roaming\mozilla\Firefox\Profiles\pmt9jfgz.default\extensions\ffxtlbr@babylon.com
[2011-05-17 13:12:44 | 000,002,333 | ---- | M] () -- C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\pmt9jfgz.default\searchplugins\askcom.xml
[2012-01-11 12:44:22 | 000,000,929 | ---- | M] () -- C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\pmt9jfgz.default\searchplugins\conduit.xml
[2011-11-19 22:47:44 | 000,002,207 | ---- | M] () -- C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\pmt9jfgz.default\searchplugins\MyStart Search.xml
[2011-07-11 19:04:02 | 000,000,633 | ---- | M] () -- C:\Users\x\AppData\Roaming\Mozilla\Firefox\Profiles\pmt9jfgz.default\searchplugins\startsear.xml
[2012-02-15 14:01:21 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2011-11-28 20:42:42 | 000,002,049 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O4 - HKCU..\Run: [ares] "D:\Ares\Ares.exe" -h File not found
O4 - HKCU..\Run: [BitTorrent] "C:\Program Files (x86)\BitTorrent\BitTorrent.exe" /MINIMIZED File not found
O4 - HKCU..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\MF.exe" /opentotray File not found
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKLM\..\Toolbar: (StartSearchToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\StartSearch plugin\ssBarLcher.dll (StartSearch Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
Później kliknij Sprzątanie.
Usuń stare punkty przywracania.
Aby usunąć wszystkie punkty przywracania oprócz najnowszego:
http://windows.microsoft.com/pl-PL/wind … tore-point
Dysk przeskanuj Malwarebytes-AntiMalware.
Podczas instalacji kliknij Odrzuć żeby zainstalować tylko darmowy skaner.
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date