Usunięcie Antivirusa Protection 2012 pomocy!

Judytka31 · 7 Kwiecień 2012 13:11

Witam:) Zadomowił się w moim komputerze program Antivirus Protection 2012. Podjęłam pewne kroki w pozbyciu się natręta. Zainstalowałam program OTL i skanowałam komputer w wyniku czego powstały mi 2 raporty.

Extras: http://wklej.to/u1Cy0

OTL: http://wklej.to/qrDFB

Proszę o szybką odpowiedź w rozwiązaniu problemu. Bardzo dziękuję

Leon1 · 7 Kwiecień 2012 13:59

odinstaluj

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

:OTL PRC - [2012-04-03 12:46:45 | 003,897,859 | ---- | M] (Joirefers secusoft) – C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection\securityhelper.exe PRC - [2012-04-03 06:02:44 | 002,324,480 | ---- | M] (Joirefers secusoft) – C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection\AntivirusProtection2012.exe PRC - [2012-04-03 06:02:44 | 000,102,400 | ---- | M] (Joirefers secusoft) – C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection\securitymanager.exe PRC - [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\winlogon.exe PRC - [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\services.exe PRC - [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\lsass.exe PRC - [2011-05-19 14:29:03 | 000,438,784 | ---- | M] ( ) – c:\0000.exe PRC - [2011-05-04 20:11:50 | 001,022,976 | ---- | M] () – C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\lua6.exe PRC - [2010-12-22 10:23:54 | 000,489,223 | ---- | M] () – C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\windate.exe PRC - [2010-07-05 02:06:23 | 000,741,579 | ---- | M] () – C:\WINDOWS\svchost.exe PRC - [2006-10-25 10:32:36 | 000,036,864 | RHS- | M] (Microsoft Corporation) – C:\WINDOWS\System32\Explorer.exe MOD - [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\winlogon.exe MOD - [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\services.exe MOD - [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\lsass.exe MOD - [2011-05-04 20:11:50 | 001,022,976 | ---- | M] () – C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\lua6.exe MOD - [2010-12-22 10:23:54 | 000,489,223 | ---- | M] () – C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\windate.exe MOD - [2010-09-11 17:05:23 | 000,269,824 | ---- | M] () – C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\WinSvc.exe MOD - [2010-07-05 02:06:23 | 000,741,579 | ---- | M] () – C:\WINDOWS\svchost.exe FF - prefs.js…browser.search.defaultenginename: “Search the web (Babylon)” FF - prefs.js…browser.search.order.1: “Search the web (Babylon)” FF - prefs.js…browser.search.selectedEngine: “Search the web (Babylon)” FF - prefs.js…keyword.URL: “http://search.babylon.com/?babsrc=adbartrp&affID=101241&mntrId=340ecd20000000000000002624a1458f&q=” [2011-11-21 14:37:38 | 000,002,288 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\babylon.xml O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O2 - BHO: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\prxtbPHP0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarTlbr.dll (Babylon Ltd.) O3 - HKLM…\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (PHPNukeEN Toolbar) - {dd02a4eb-4afd-4d60-99d8-e67f964ca813} - C:\Program Files\PHPNukeEN\prxtbPHP0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Toolbar\WebBrowser: (PHPNukeEN Toolbar) - {DD02A4EB-4AFD-4D60-99D8-E67F964CA813} - C:\Program Files\PHPNukeEN\prxtbPHP0.dll (Conduit Ltd.) O4 - HKLM…\Run: [babylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.15.10\BabylonToolbarsrv.exe (Babylon Ltd.) PRC - [2010-12-21 20:59:09 | 000,280,064 | ---- | M] () – C:\WINDOWS\infektor.exe MOD - [2010-12-21 20:59:09 | 000,280,064 | ---- | M] () – C:\WINDOWS\infektor.exe O4 - HKLM…\Run: [bron-Spizaetus] C:\WINDOWS\ShellNew\RakyatKelaparan.exe () O4 - HKLM…\Run: [CRACK] C:\WINDOWS\CRACK.exe () O4 - HKLM…\Run: [crack.exe] C:\WINDOWS\crack.exe () O4 - HKLM…\Run: [NBKeyScan] “C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe” File not found O4 - HKLM…\Run: [NWEReboot] File not found O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [Antivirus Protection] C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection\AntivirusProtection2012.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [Antivirus Protection 2012 SH] C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection\securityhelper.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [Antivirus Protection 2012 SM] C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection\securitymanager.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [EA Core] “C:\Program Files\Electronic Arts\EADM\Core.exe” -silent File not found O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [EADM] “C:\Program Files\Origin\Origin.exe” -AutoStart File not found O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [EXPLORER.EXE] C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [grust.exe] C:\WINDOWS\grust.exe () O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [infektor.exe] C:\WINDOWS\infektor.exe () O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [pgwqk7usfvfv] C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection\securityhelper.exe (Joirefers secusoft) O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [PKTray] C:\Program Files\Przyspiesz Komputer\PKTray.exe File not found O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [skype] “C:\Program Files\Skype\Phone\Skype.exe” /nosplash /minimized File not found O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [sony PC Companion] “C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCompanion.exe” /Background File not found O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [Tok-Cirrhatus] File not found O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [Tok-Cirrhatus-2058] C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\br5139on.exe () O4 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003…\Run: [wsctf.exe] wsctf.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Menu Start\Programy\Autostart\setup.lnk = C:\0000.exe ( ) O4 - Startup: C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\Empty.pif () O4 - Startup: C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\lua6.exe () O4 - Startup: C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\windate.exe () O4 - Startup: C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\WinSvc.exe () F3 - HKU\S-1-5-21-1390067357-1004336348-1417001333-1003 WinNT: Load - (C:\WINDOWS\svchost.exe) - C:\WINDOWS\svchost.exe () O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (“C:\WINDOWS\KesenjanganSosial.exe”) - C:\WINDOWS\KesenjanganSosial.exe () O20 - HKLM Winlogon: UserInit - (EXPLORER.EXE) - C:\WINDOWS\System32\EXPLORER.EXE (Microsoft Corporation) O20 - Winlogon\Notify\mdhcp32: DllName - (mdhcp32.dll) - C:\WINDOWS\System32\mdhcp32.dll () [2012-04-06 14:50:11 | 000,000,000 | —D | C] – C:\Documents and Settings\XXX\Menu Start\Programy\Antivirus Protection [2012-04-03 12:46:55 | 000,000,000 | —D | C] – C:\Documents and Settings\XXX\Dane aplikacji\Antivirus Protection [2012-03-10 10:04:51 | 000,000,000 | —D | C] – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\Bron.tok-16-10 [2012-04-07 13:40:51 | 000,012,393 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\Bron.tok.A16.em.bin [2012-04-07 13:55:06 | 000,001,030 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job [2012-04-07 13:30:41 | 000,001,026 | ---- | M] () – C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job [2012-04-07 13:30:27 | 000,000,312 | -HS- | M] () – C:\WINDOWS\tasks\sgxgb.job [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\winlogon.exe [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\smss.exe [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\services.exe [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\lsass.exe [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\inetinfo.exe [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Menu Start\Programy\Autostart\Empty.pif [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\csrss.exe [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\WINDOWS\System32\cmd-brontok.exe [2012-03-30 05:46:44 | 000,044,420 | ---- | M] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\br5139on.exe [2012-03-29 11:19:06 | 000,050,688 | ---- | M] () – C:\WINDOWS\System32\mdhcp32.dll [2012-04-06 14:50:11 | 000,001,927 | ---- | C] () – C:\Documents and Settings\XXX\Menu Start\Programy\Antivirus Protection.lnk [2011-07-01 18:25:26 | 000,095,744 | RHS- | C] () – C:\WINDOWS\System32\vssadmini.dll [2011-02-10 08:59:43 | 000,129,536 | RHS- | C] () – C:\WINDOWS\System32\arking2.dll [2011-01-11 20:20:19 | 000,201,728 | ---- | C] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\opwudtkqc.exe [2011-01-11 20:20:12 | 000,201,728 | ---- | C] () – C:\Documents and Settings\XXX\Ustawienia lokalne\Dane aplikacji\zuqauqlomk.exe [2011-01-11 12:31:49 | 000,741,579 | ---- | C] () – C:\WINDOWS\svchost.exe [2011-01-05 22:09:31 | 000,489,472 | ---- | C] () – C:\WINDOWS\crack.exe [2010-12-27 16:32:24 | 000,131,072 | RHS- | C] () – C:\WINDOWS\System32\arking1.dll [2010-12-27 14:56:20 | 000,131,072 | RHS- | C] () – C:\WINDOWS\System32\arking0.dll [2010-12-22 10:23:54 | 000,489,223 | ---- | C] () – C:\WINDOWS\windate.exe [2010-12-22 10:23:53 | 000,105,760 | ---- | C] () – C:\WINDOWS\os4.exe [2010-12-22 10:23:53 | 000,059,904 | ---- | C] () – C:\WINDOWS\zlib1.dll [2010-12-22 10:23:53 | 000,000,322 | ---- | C] () – C:\WINDOWS\Last.dat [2010-12-22 10:23:53 | 000,000,031 | ---- | C] () – C:\WINDOWS\memlist.dat [2010-12-22 10:23:53 | 000,000,009 | ---- | C] () – C:\WINDOWS\Language.dat [2010-12-22 10:23:53 | 000,000,004 | ---- | C] () – C:\WINDOWS\test.dat [2010-12-22 09:05:14 | 000,280,064 | ---- | C] () – C:\WINDOWS\infektor.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [RESETHOSTS] [emptytemp]

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

Acorus · 7 Kwiecień 2012 14:01

Przeskanuj progr.Malwarebytes Anti-Malware

http://www.malwarebytes.org/products/malwarebytes_free

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY SYGNATUR WIRUSÓW

Użyj AdwCleaner http://general-changelog-team.fr/outils/289-adwcleaner z funkcji Delete.

Pokaż z niego log i nowe logi z OTL .