Witam
Ten wirus mi się wkradł, a potrzebuję pilnie sprawnego laptopa do pisania pracy. Mam włączony tryb awaryjny. Wklejam skany, będę wdzięczna za szybką pomoc.
OTL http://www.wklej.org/id/983875/
Extras http://www.wklej.org/id/983877/
Atis
16 Marzec 2013 21:34
#2
Do okna Własne opcje skanowania / skrypt wklej:
:OTL FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{E63605FC-D583-4C81-867F-9457BDB3EA1B}: C:\Program Files\Web Search Operator\3.1.0.1840\FF [2009-12-01 20:45:39 | 000,000,000 | —D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{8141440E-08F0-4339-9959-5C31C6A69F23}: C:\Program Files\Automated Content Enhancer\4.1.0.5190\FF [2009-12-01 20:45:55 | 000,000,000 | —D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\{E889F097-B0BE-471B-89AD-B86B6F04B506}: C:\Program Files\Customized Platform Advancer\3.1.0.1630\FF [2009-12-01 20:46:12 | 000,000,000 | —D | M] [2010-01-16 02:11:20 | 000,000,000 | —D | M] (QuestService) – C:\Program Files\Mozilla Firefox\extensions{F2DDDB92-1605-4260-9B25-45A4DAE87B50} FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\{0F827075-B026-42F3-885D-98981EE7B1AE}: C:\ProgramData\Browser Manager\2.6.1125.80{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2013-03-10 13:48:33 | 000,000,000 | —D | M] O2 - BHO: (BHO_Startup Class) - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files\Hewlett-Packard\File Sanitizer\IEBHO.dll (Hewlett-Packard) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Content Management Wizard) - {B72681C0-A222-4b21-A0E2-53A5A5CA3D41} - Reg Error: Value error. File not found O3 - HKLM…\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKU\S-1-5-21-1439400078-3029545020-3697053392-1004…\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found. O3 - HKU\S-1-5-21-1439400078-3029545020-3697053392-1004…\Toolbar\WebBrowser: (no name) - {D45817B8-3EAD-4D1D-8FCA-EC63A8E35DE2} - No CLSID value found. O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [AnySend Updater] C:\Program Files\AnySend\AnySendUpdater.exe File not found O4 - HKLM…\Run: [McAfee Managed Services Tray] C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyAgtTry.Exe File not found O4 - HKU\S-1-5-21-1439400078-3029545020-3697053392-1004…\RunOnce: [A635C68D46B44E2C0000A635205C5258] C:\ProgramData\A635C68D46B44E2C0000A635205C5258\A635C68D46B44E2C0000A635205C5258.exe () O33 - MountPoints2{3157f773-7331-11df-8cd1-002186b407ab}\Shell - “” = AutoRun :Files C:\ProgramData\A635C68D46B44E2C0000A635205C5258 C:\Users\Ewka\Desktop\Disk Antivirus Professional.lnk :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania.
Uruchom system w normalnym trybie i odinstaluj:
Browser Manager
Ask Toolbar
AVG Security Toolbar
Babylon toolbar on IE
McAfee Security Scan Plus
Przyspiesz Komputer
QuestService 1.0 build 137
Pobierz AdwCleaner
Zamknij przeglądarkę internetową.
Uruchom AdwCleaner i kliknij Usuń (Delete).
Kliknij Skanuj i pokaż nowy log z OTL.
Pierwszy raport http://wklej.org/id/983925/
OTL http://wklej.org/id/983992/
Wirus nie włącza się w trybie normalnym więc chyba mam spokój. Dzięki za pomoc
Atis
16 Marzec 2013 23:24
#4
Wklej i kliknij Wykonaj skrypt:
:OTL SRV - File not found [Auto | Stopped] – C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart – (myAgtSvc) IE - HKU\S-1-5-21-1439400078-3029545020-3697053392-1004…\SearchScopes{5E8EF17A-28DE-45A2-B378-C0C1C9A423E5}: “URL” = http://websearch.ask.com/redirect?clien … &src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=B350B4E1-4D23-47AD-BAFB-853B4EDDF741&apn_sauid=9AA07EB5-47D8-4172-93BB-FDA8C73138AB IE - HKU\S-1-5-21-1439400078-3029545020-3697053392-1004…\SearchScopes{C9333C23-6DCA-4787-B128-AA28C303B7C9}: “URL” = http://slirsredirect.search.aol.com/sli … 602&query={searchTerms}&invocationType=tb50hpcmnbie7-pl-pl O4 - HKLM…\Run: [MVS Splash] C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe File not found O4 - HKU\S-1-5-21-1439400078-3029545020-3697053392-1004…\Run: [VoipCheapCom] “C:\Program Files\VoipCheapCom.com \VoipCheapCom\VoipCheapCom.exe” -nosplash -minimized File not found O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta … s-i586.cab (Reg Error: Value error.) O18 - Protocol\Handler\empbook {F4673987-2C36-49e4-B23C-29DF753D84A5} - C:\eMPendium\eMPendiumHandler.dll File not found O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - C:\Program Files\McAfee\Managed VirusScan\Agent\myRmProt4.9.0.295.dll File not found [2013-03-13 00:23:13 | 000,000,000 | —D | C] – C:\windows\System32\Extensions [2013-03-13 00:22:56 | 000,000,000 | —D | C] – C:\windows\System32\searchplugins [2012-11-23 23:07:35 | 000,412,072 | ---- | C] (OpenInstall ) – C:\Users\Ewka\JavaSE.exe [2012-11-23 22:59:54 | 000,473,432 | ---- | C] (SweetIM Technologies Ltd.) – C:\Users\Ewka\sweetimsetup.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
Odinstaluj Java 6 Update 31, Java 7 Update 9, Java 6 Update 6.
Zainstaluj Java 7 Update 17
Uruchom OTL i kliknij Sprzątanie.
Usuń stare punkty przywracania:
http://windows.microsoft.com/pl-PL/wind … tore-point
Uruchom SecurityCheck i aktualizuj programy oznaczone jako Out of date
Dysk przeskanuj Malwarebytes Anti-Malware
Podczas instalacji usuń zaznaczenie przy Uruchom okres testowy Malwarebytes Anti-Malware PRO.
http://wstaw.org/m/2012/12/29/2012-12-29_005346.png
