kili95
2 Kwiecień 2012 12:32
#1
Witam jak można pozbyć się antivirus protection 2012.
mój system to windows 7.
Z góry dziękuje.
logi:
http://wklej.org/id/722926/
Acorus
2 Kwiecień 2012 13:27
#2
Odinstaluj DAEMON Tools Toolbar,VShareToolBar,Babylon Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL SRV - File not found [Auto | Stopped] – D:\Program Files\RelevantKnowledge\rlservice.exe /service – (RelevantKnowledge) SRV - File not found [On_Demand | Stopped] – D:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe – (McComponentHostService) SRV - File not found [On_Demand | Stopped] – D:\Program Files\Futuremark\Futuremark SystemInfo\FMSISvc.exe – (Futuremark SystemInfo Service) O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [2vfanpurutkj] D:\Users\dom\AppData\Local\Temp\9441008.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [Antivirus Protection] D:\Users\dom\AppData\Roaming\Antivirus Protection\AntivirusProtection2012.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [Antivirus Protection 2012 SH] D:\Users\dom\AppData\Roaming\Antivirus Protection\securityhelper.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [Antivirus Protection 2012 SM] D:\Users\dom\AppData\Roaming\Antivirus Protection\securitymanager.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [KiesTrayAgent] D:\Program Files\Samsung\Kies\KiesTrayAgent.exe File not found O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [saqhuro] D:\Users\dom\AppData\Roaming\KBDUK0.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [skype] “D:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized File not found O4 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Run: [Wisdom-soft ScreenHunter 5.1 Free] 0 File not found O37 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…exe [@ = exefile] – Reg Error: Key error. File not found [2012-04-02 13:51:06 | 000,000,000 | —D | C] – D:\Users\dom\AppData\Roaming\Antivirus Protection [2012-04-02 13:51:07 | 000,001,936 | ---- | C] () – D:\Users\dom\Desktop\Antivirus Protection.lnk [2012-04-02 13:51:07 | 000,001,922 | ---- | C] () – D:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection.lnk [2012-04-02 11:14:17 | 000,000,384 | ---- | C] () – D:\Windows\tasks\Ad-Aware Update (Weekly).job :Files D:\Users\dom\AppData\Local\Temp*.html :Commands [emptytemp]
Kliknij Wykonaj skrypt.Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete.
Pokaż z niego log.
kili95
2 Kwiecień 2012 15:03
#3
Acorus
2 Kwiecień 2012 15:24
#4
Pokaż nowy log OTL.txt z funkcji Skanuj.
kili95
2 Kwiecień 2012 15:44
#5
Acorus
2 Kwiecień 2012 16:07
#6
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKLM…\SearchScopes{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: “URL” = http://startsear.ch/?q={searchTerms} IE - HKLM…\SearchScopes{DFC9ED8D-D5CF-4DC4-A8BB-85ECD6537F62}: “URL” = http://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - No CLSID value found IE - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\SearchScopes{043C5167-00BB-4324-AF7E-62013FAEDACF}: “URL” = http://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\SearchScopes{6BD63EF5-F376-4104-B390-F6E1E3BEDAAC}: “URL” = http://startsear.ch/?q={searchTerms} IE - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\SearchScopes{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: “URL” = http://www.daemon-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\SearchScopes{DFC9ED8D-D5CF-4DC4-A8BB-85ECD6537F62}: “URL” = http://startsear.ch/?aff=1&q={searchTerms} IE - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\SearchScopes{FB51B90F-5DFD-4C20-A5E5-393506FCD13A}: “URL” = http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch&AF=18790 O2 - BHO: (BitComet Helper) - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - D:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll File not found O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found O3 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Toolbar\WebBrowser: (no name) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - No CLSID value found. O3 - HKU\S-1-5-21-3565090558-2603871048-1584104532-1001…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - Reg Error: Value error. File not found O8 - Extra context menu item: Funkcja Google Sidewiki - res://D:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html File not found O8 - Extra context menu item: Pobierz wszystko za pomocą BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddAllLink.htm File not found O8 - Extra context menu item: Pobierz za pomocą BitComet - res://D:\Program Files\BitComet\BitComet.exe/AddLink.htm File not found O9 - Extra Button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - res://D:\Program Files\BitComet\tools\BitCometBHO_1.4.8.11.dll/206 File not found O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - D:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found [2012-04-02 13:51:07 | 000,000,000 | —D | C] – D:\Users\dom\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Antivirus Protection [2012-04-02 17:07:25 | 000,000,384 | ---- | M] () – D:\Windows\tasks\Ad-Aware Update (Weekly).job :Services x3640001 ntk_PowerDVD lmimirr LGVMODEM lgbusenum LgBttPort EverestDriver EagleXNt cpuz135 :Commands [emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.W AdwCleaner użyj opcji Uninstall.
kili95
2 Kwiecień 2012 16:16
#7
OK wielkie dzięki za pomoc