Polska Policja- Wirus - Kto pomoże?

zwierzak78 · 1 Grudzień 2012 13:58

Witam,

Mam zainfekowany komputer, po podłączeniu do sieci blokuje się i chcą 300 za odblokowanie.

Extras i OTL:

http://www.wklej.org/id/885062/

Atis · 1 Grudzień 2012 15:23

Odinstaluj Browsers Protector, Contextual Tool Extrafind i wszystkie programy o nazwie Toolbar.

Do okna Własne opcje skanowania / skrypt wklej:

:OTL DRV:64bit: - File not found [Kernel | On_Demand | Stopped] – c:\program files\dell support center\pcdsrvc_x64.pkms – (PCDSRVC{1E208CE0-FB7451FF-06020101}_0) O4:64bit: - HKLM…\Run: [intelTBRunOnce] wscript.exe //b //nologo “C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs” File not found O4 - HKLM…\Run: [] File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-179318897-2554526510-476485894-1000…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found [2012-12-01 01:08:36 | 000,245,760 | ---- | C] (Microsoft Corporation) – C:\Users\Piotr\wgsdgsdgdsgsd.exe [2012-12-01 01:08:40 | 000,001,047 | ---- | M] () – C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2012-12-01 01:08:37 | 095,023,320 | ---- | C] () – C:\ProgramData\dsgsdgdsgdsgw.pad :Commands [emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pokaż raport z usuwania i nowy log Skanuj.

zwierzak78 · 1 Grudzień 2012 16:08

OTL:

http://www.wklej.org/id/885191/

Raport z usuwania:

All processes killed

========== OTL ==========

Service PCDSRVC{1E208CE0-FB7451FF-06020101}_0 stopped successfully!

Service PCDSRVC{1E208CE0-FB7451FF-06020101}_0 deleted successfully!

File c:\program files\dell support center\pcdsrvc_x64.pkms not found.

64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\IntelTBRunOnce not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\ deleted successfully.

Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\mctadmin deleted successfully.

Registry value HKEY_USERS\S-1-5-21-179318897-2554526510-476485894-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\mctadmin deleted successfully.

File move failed. C:\Users\Piotr\wgsdgsdgdsgsd.exe scheduled to be moved on reboot.

C:\Users\Piotr\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.

C:\ProgramData\dsgsdgdsgdsgw.pad moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56478 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 0 bytes

User: Piotr

->Temp folder emptied: 994720173 bytes

->Temporary Internet Files folder emptied: 307954621 bytes

->Java cache emptied: 12451 bytes

->Google Chrome cache emptied: 146822174 bytes

->Flash cache emptied: 57006 bytes

User: Public

User: UpdatusUser

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 0 bytes

->Flash cache emptied: 56466 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32 (64bit) .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 77915755 bytes

%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50534 bytes

RecycleBin emptied: 209519142 bytes

Total Files Cleaned = 1 657,00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 12012012_164144

Files\Folders moved on Reboot…

C:\Users\Piotr\wgsdgsdgdsgsd.exe moved successfully.

C:\Users\Piotr\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files…

Registry entries deleted on Reboot…

Agaton · 1 Grudzień 2012 16:09

zwierzak78 ,

Proszę poprawić pisownię w tytule tematu. W celu dokonania zaleconej korekty proszę skorzystać z przycisku Edytuj przy poście otwierającym temat.

Zignorowanie zalecenia będzie skutkowało przeniesieniem tematu do Kosza.

zwierzak78 · 1 Grudzień 2012 16:13

Sorki!

Atis · 1 Grudzień 2012 16:17

Wklej i kliknij Wykonaj skrypt:

Odinstaluj:

Java 6 Update 24

JavaFX 2.1.0

Java 7 Update 7

Zainstaluj Java 7 Update 9

Uruchom OTL i kliknij Sprzątanie.

Usuń stare punkty przywracania:

Aby usunąć wszystkie punkty przywracania

Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date

zwierzak78 · 1 Grudzień 2012 16:44

Czy coś mam jeszcze zrobić?

Results of screen317’s Security Check version 0.99.56

Windows 7 Service Pack 1 x64 (UAC is enabled)

Internet Explorer 9

Antivirus/Firewall Check:

McAfee Anti-Virus i Anti-Spyware

WMI entry may not exist for antivirus; attempting automatic update.

Anti-malware/Other Utilities Check:

Java 7 Update 9

Adobe Flash Player 11.4.402.287 Flash Player out of Date!

Adobe Reader 10.1.4 Adobe Reader out of Date!

Google Chrome 21.0.1180.83

Google Chrome 21.0.1180.89

Google Chrome 22.0.1229.79

Google Chrome 22.0.1229.92

Google Chrome 22.0.1229.94

Google Chrome 23.0.1271.64

Google Chrome 23.0.1271.91

Google Chrome 23.0.1271.95

Process Check: objlist.exe by Laurent

System Health check

Total Fragmentation on Drive C:

````````````````````End of Log``````````````````````

Atis · 1 Grudzień 2012 16:52

Odinstaluj:

Adobe Flash Player 11.4.402.287

Adobe Reader 10.1.4

Zainstaluj Adobe Reader i Flash Player

zwierzak78 · 1 Grudzień 2012 17:04

Jeśli to wszystko, to jeszcze raz dzięki za pomoc.