xyzyx
(Aguncia)
1 Kwiecień 2012 23:13
#1
Witam!
Też dopadł mnie ten wirus i nie wiem co robić!
OTL http://wklej.org/id/722692/
EXTRAS http://wklej.org/id/722694/
Bardzo proszę o pomoc i jasne wyjaśnienie co robić - nie znam się na takich rzeczach!
Acorus
(Acorus)
2 Kwiecień 2012 06:35
#2
Odinstaluj DAEMON Tools Toolbar,vShare Plugin,vShare.tv plugin 1.3.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=a0411810- … e6ba7b07fe IE - HKLM…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=a0 … a7b07fe&q={searchTerms} IE - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - No CLSID value found IE - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\SearchScopes{043C5167-00BB-4324-AF7E-62013FAEDACF}: “URL” = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\SearchScopes{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=a0 … a7b07fe&q={searchTerms} IE - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\SearchScopes{870E07F7-78CD-4215-8787-6296FBCE9E11}: “URL” = http://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: “URL” = http://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\SearchScopes{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: “URL” = http://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92541790995514895 FF - prefs.js…browser.search.defaultengine: “Web Search” FF - prefs.js…browser.search.defaultenginename: “Web Search” FF - prefs.js…browser.search.order.1: “Web Search” FF - prefs.js…extensions.enabledItems: DTToolbar@toolbarnet.com:1.1.8.0191 FF - prefs.js…keyword.URL: “http://startsear.ch/?aff=1&src=sp&cf=a0411810-c91d-11e0-9a32-90e6ba7b07fe&q= ” [2011/06/23 23:46:34 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – C:\Users\magda\AppData\Roaming\mozilla\Firefox\Profiles\sjgyx9ek.default\extensions\DTToolbar@toolbarnet.com [2011/03/18 21:05:56 | 000,000,000 | —D | M] (vShare) – C:\Users\magda\AppData\Roaming\mozilla\Firefox\Profiles\sjgyx9ek.default\extensions\vshare@toolbar [2010/07/30 17:16:52 | 000,002,055 | ---- | M] () – C:\Users\magda\AppData\Roaming\Mozilla\Firefox\Profiles\sjgyx9ek.default\searchplugins\daemon-search.xml [2011/11/03 17:15:50 | 000,002,207 | ---- | M] () – C:\Users\magda\AppData\Roaming\Mozilla\Firefox\Profiles\sjgyx9ek.default\searchplugins\MyStart Search.xml [2012/01/15 19:08:44 | 000,000,792 | ---- | M] () – C:\Users\magda\AppData\Roaming\Mozilla\Firefox\Profiles\sjgyx9ek.default\searchplugins\startsear.xml [2011/03/18 21:06:09 | 000,001,592 | ---- | M] () – C:\Users\magda\AppData\Roaming\Mozilla\Firefox\Profiles\sjgyx9ek.default\searchplugins\web-search.xml O2 - BHO: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3:64bit: - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3:64bit: - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKU\S-1-5-21-3839307370-3677912175-121665804-501…\Toolbar\WebBrowser: (vShare Toolbar) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKU\S-1-5-21-3839307370-3677912175-121665804-501…\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4 - HKLM…\Run: [setwallpaper] c:\programdata\SetWallpaper.cmd File not found O4 - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\Run: [AdobeBridge] File not found O4 - HKU\S-1-5-21-3839307370-3677912175-121665804-1000…\Run: [ALLUpdate] “C:\Program Files (x86)\ALLPlayer\ALLUpdate.exe” “sleep” File not found [2012/03/21 14:51:21 | 000,000,000 | -HSD | C] – C:\found.000 [2010/04/08 20:18:06 | 000,000,000 | -HSD | M] – C:\Users\Gość\AppData\Roaming.# :Commands [emptytemp]
Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete.
Pokaż z niego log.
xyzyx
(Aguncia)
2 Kwiecień 2012 08:08
#3
Wirus dopadł 2 użytkownika mojego kompa itam nie mam zainstalowanych tych niektórych pluginów