autumnn
(Autumnn)
9 Lipiec 2012 19:09
#1
Witam, ja również potrzebuję pomocy, bo i mnie zaatakował ten wirus;/ Wszystko nie działa tak samo jak u wszystkich, odpalam go tylko w trybie awaryjnym z dostępem do sieci. Bardzo proszę o pomoc.
Logi:
OTL.txt - http://www.sendspace.pl/file/87fefa86ac8c06915a86ab2
Extras.txt - http://www.sendspace.pl/file/9e1b7b1f80ad37a67607cd2
Atis
(Atis)
10 Lipiec 2012 20:47
#2
Do okna Własne opcje skanowania / skrypt wklej:
:OTL IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://startsear.ch/?aff=1&cf=9bbe616c- … 266c602726 IE - HKLM…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=9b … c602726&q={searchTerms} IE - HKU\S-1-5-21-4182704109-1263451599-715956983-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.babylon.com/?babsrc=HP_Prot IE - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\SearchScopes{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: “URL” = http://startsear.ch/?aff=1&src=sp&cf=9b … c602726&q={searchTerms} IE - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\SearchScopes{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: “URL” = http://websearch.ask.com/redirect?clien … src=crm&q={searchTerms}&locale=en_US&apn_ptnrs=VX&apn_dtid=YYYYYYYYPL&apn_uid=8FAB4BC9-FF72-47A1-B7AA-4697A90FE28A&apn_sauid=4E11E281-AFA7-4379-ADA0-185D0055F6C9 IE - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\SearchScopes{5F970FDE-702B-4ef9-920C-5F2848A5AF26}: “URL” = http://www.astroburn-search.com/search/web?q={searchTerms} IE - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\SearchScopes{8899D6C0-077E-4AFC-A05C-0EB42498B8E9}: “URL” = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=6c9c1d09000000000000001644617fee IE - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\SearchScopes{CEBE190C-5FD3-48C7-9CC0-2AD690BB864D}: “URL” = http://startsear.ch/?aff=2&src=sp&cf=9b … c602726&q={searchTerms} [2012-04-17 18:11:44 | 000,000,792 | ---- | M] () – C:\Users\Julia\AppData\Roaming\Mozilla\Firefox\Profiles\nv79au5n.default\searchplugins\startsear.xml [2012-01-07 01:22:56 | 000,002,310 | ---- | M] () – C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml O3:64bit: - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\Toolbar\WebBrowser: (no name) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - No CLSID value found. O3 - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKU\S-1-5-21-4182704109-1263451599-715956983-1000…\Run: [WcsPlugInService] C:\Users\Julia\AppData\Local\Microsoft\Windows\4037\WcsPlugInService.exe () O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found [2012-07-09 16:21:35 | 000,000,000 | —D | C] – C:\Users\Julia\AppData\Roaming\hellomoto :Files C:\Users\Julia\AppData\Local\Microsoft\Windows\4037 :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.