Wirus z fb itp

sasquaczovsky · 10 Czerwiec 2014 23:08

Oto log z otl

http://www.wklej.org/id/1388872/

extras http://www.wklej.org/id/1388874/

po wpisaniu skryptu jak w poradniku komputer uruchomił sie ponownie a na pulpicie miałem to

http://www.wklej.org/id/1388877/

http://www.wklej.org/id/1388878/

nie za bardzo się orientuje w tym więc proszę o pomoc z góry dziękuje

Atis · 10 Czerwiec 2014 23:25

Nie ma żadnych uniwersalnych skryptów.

W panelu sterowania odinstaluj McAfee Security Scan Plus, Ask Toolbar, Ad-Aware.

Pobierz i uruchom AdwCleaner Kliknij Szukaj i później Usuń.

Do okna Własne opcje skanowania / skrypt wklej:

:OTL
O4:64bit: - HKLM..\Run: [SoundDriver] C:\Users\Rafał\AppData\Roaming\Microsoft\Windows\Templates\divserv.exe File not found
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] %windir%\WindowsMobile\wmdc.exe File not found
O4 - HKU\S-1-5-21-2280040058-3934393189-1803782811-1004..\Run: [AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA] 1 File not found
O4 - HKU\S-1-5-21-2280040058-3934393189-1803782811-1004..\Run: [svchost] C:\Temp [2014-06-11 00:22:30 | 000,000,000 | ---D | M]
O4 - HKU\S-1-5-21-2280040058-3934393189-1803782811-1004..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found
@Alternate Data Stream - 3974118 bytes -> C:\Temp:02DE4FF2.dat
@Alternate Data Stream - 2711 bytes -> C:\Temp:list3
:Files
C:\Temp
:Commands
[emptytemp]

Kliknij Wykonaj skrypt i zatwierdź restart.

Pobierz Farbar Recovery Scan Tool 64-Bit Version

Uruchom FRST i kliknij Scan. Pokaż raport FRST i Addition.

sasquaczovsky · 12 Czerwiec 2014 16:27

log z adwcleaner http://wklej.org/id/1390371/

log z otl po restarcie http://wklej.org/id/1390387/

log z farbara FRST http://wklej.org/id/1390392/

addition http://wklej.org/id/1390396/

Atis · 12 Czerwiec 2014 16:50

Wklej do systemowego notatnika i zapisz jako plik tekstowy o nazwie fixlist :

HKU\S-1-5-21-2280040058-3934393189-1803782811-1001\...\Run: [OscarEditor] => "C:\Program Files (x86)\OSCAR Editor\\OscarEditor.exe" Minimum
HKU\S-1-5-21-2280040058-3934393189-1803782811-1001\...\Run: [SoundDriver] => C:\Users\Rafał\AppData\Roaming\Microsoft\Windows\Templates\divserv.exe
GroupPolicyUsers\S-1-5-21-2280040058-3934393189-1803782811-1004\User: Group Policy restriction detected <======= ATTENTION
SearchScopes: HKLM-x32 - DefaultScope value is missing.
SearchScopes: HKCU - {7C315F57-AFAC-4D7F-9782-EBB246DB95EE} URL = http://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYPL&apn_uid=4CF6B945-B583-45E3-8D6C-86D563FFE9BD&apn_sauid=60DA8ABF-3C88-4491-9A64-CF04222D3099
Toolbar: HKCU - No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU - No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
Toolbar: HKCU - No Name - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - No File
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - No File
S2 .EsetTrialReset; C:\Windows\reset.exe /s [X]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [X]
S3 tsusbhub; system32\drivers\tsusbhub.sys [X]
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
C:\AdwCleaner
C:\Users\SasQuacZ\Downloads\CCleaner(13061).exe
C:\Users\SasQuacZ\Downloads\Dr.WEB-CureIt(12976).exe
C:\Users\SasQuacZ\Downloads\Malwarebytes-AntiMalware(13117).exe
C:\aaw7boot.log
Task: {1F309CD6-4D3C-475D-A91B-F736CF1864A8} - System32\Tasks\Ad-Aware Update (Weekly) => C:\Program Files (x86)\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe
Task: {3050F621-96C0-4878-BEC5-6CE454C7DF53} - System32\Tasks\{D3325BF1-0A9F-435F-8DFE-4920A3128C86} => C:\Program Files\NAPI-PROJEKT\napisy.exe [2010-02-01] ()
Task: {35014CF1-9814-4C40-952E-56395B1B4B18} - System32\Tasks\{85605327-8745-46E6-8660-21118E12DD10} => Firefox.exe 
Task: {406A588E-14B1-413A-B571-91637FC392AC} - System32\Tasks\{F5221256-D0DD-4109-A526-6A06C1929ADE} => C:\Users\Rafał\Downloads\Ygoow\Ygoow.exe
Task: {42A1F89C-FE74-4CED-AC8D-4143545F3425} - System32\Tasks\{6E030713-E2FA-4E07-A05A-DC389E2202E3} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.104/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:offered-installed;madedefault
Task: {52F946CD-6713-473D-890B-68B4BC173F6B} - System32\Tasks\{2BDC8A18-4FA4-46FC-8837-5F34D5F3E089} => C:\Users\Rafał\Desktop\Windows 7 Aktywator - by karololkusz.exe
Task: {6549872F-D8AA-4C90-AD18-A53A68BFDB42} - System32\Tasks\{F7D00BEE-177F-42B5-9093-CA5F01189DE3} => C:\Users\Rafał\Desktop\install_flash_player.exe
Task: {68F3C0A3-B04C-4FE2-8C9A-0687FD88C253} - System32\Tasks\{FDE00D87-324E-4677-ABAE-01BA4A134975} => Iexplore.exe http://ui.skype.com/ui/0/6.9.0.106/pl/abandoninstall?page=tsProgressBar
Task: {87EC689D-DEBA-439C-B9E6-A784A38BFCDC} - System32\Tasks\{B7EE60EE-466B-4AA1-91AD-E03FD06C8C88} => C:\Users\Rafał\Downloads\Ygoow\Ygoow.exe
Task: {AC2E53E5-7569-4480-B6F6-A0DD86E9FD72} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14] (Adobe Systems Incorporated)
Task: {DC81AEC2-3C0D-4CE4-A925-75F2A6B8369F} - System32\Tasks\{884B987B-A209-4CB4-A3D5-FDEE8BDECBEC} => Firefox.exe http://ui.skype.com/ui/0/5.1.0.112/en/abandoninstall?page=tsMain&amp;installinfo=google-toolbar:notoffered;ienotdefaultbrowser2,google-chrome:notoffered;alreadyoffered

Uruchom FRST i kliknij Fix. Pokaż raport z usuwania Fixlog.

Kliknij Scan i pokaż nowy raport z FRST bez Addition.