Wirus ZeroAccess

[painkiller57]

Witam, na innym forum napisano mi, że mam wirusa ZeroAccess, a ponadto mam problem z wirusem UKASH. Co mam zrobić?

 

OTL: http://wklej.org/id/799199/

Extras: http://wklej.org/id/799201/

Raport SystemLook http://wklej.org/id/799409/

[Landuss]

1. Start > w polu szukania wpisz cmd > z prawokliku Uruchom jako Administrator > wklej komendę:

 

sfc /scanfile=C:\Windows\System32\services.exe

 

Zresetuj system.

 

2. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst:

 

:OTL
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfevtps.exe -- (mfevtp)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire)
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\mcafee\VirusScan\mcods.exe -- (McODS)
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=hp&babsrc=lnkry_nt"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}"
IE - HKCU\..\SearchScopes\{0D7562AE-8EF6-416d-A838-AB665251703A}: "URL" = "http://start.facemoods.com/?a=make&s={searchTerms}&f=4"
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = "http://search.babylon.com/?q={searchTerms}&AF=119999&tt=090212_noffx&babsrc=SP_ss&mntrId=be6bcf19000000000000ccaf7808f58e"
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = "http://www.daemon-search.com/search?q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://feed.helperbar.com/?publisher=OPENCANDY&dpid=OPENCANDYAPRIL&co=PL&userid=b4e3b2ec-d257-4bf8-83f4-c76ff9c9f890&affid=111583&searchtype=hp&babsrc=lnkry"
[2012/02/17 18:29:21 | 000,002,352 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/01/16 20:57:01 | 000,002,047 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrch.xml
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll File not found
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll File not found
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - C:\Users\windows7\AppData\Roaming\Nowe Gadu-Gadu\_userdata\ggbho.1.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msilmw32.dll,mjQdeBPD File not found
O4 - HKCU..\Run: [nzsriqcwnbaitea] C:\ProgramData\nzsriqcw.exe ()
O4 - Startup: C:\Users\windows7\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\DesktopVideoPlayer.LNK = C:\Users\windows7\Desktop\vghd\vghd.exe (Totem Entertainment)
 
:Files
C:\ProgramData\peiqjmijfnymvbd
C:\ProgramData\mmmvqhkenwplaev
C:\Users\windows7\0.4686249066220226.exe
C:\Windows\Installer\{4ad8c036-3316-7b1e-29b2-ace428debfe5}
C:\Users\windows7\AppData\Local\{4ad8c036-3316-7b1e-29b2-ace428debfe5}
 
:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
 
:Commands
[emptytemp]

 

Adnotacja dla innych czytających: skrypt unikatowy - dopasowany tylko i wyłącznie pod ten system, proszę nie stosować na swoich systemach.

 

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

 

2. Przez Panel sterowania odinstaluj: DealPly / FreeRIP Toolbar

 

Otwórz Firefox i w Dodatkach odmontuj: Complitly / uTorrentBar Community Toolbar / Yontoo / FreeRIP Toolbar

 

Otwórz Google Chrome i wejdź do Opcji, w Rozszerzeniach odmontuj Yontoo / DealPLy / uTorrentBar

 

3. Uruchom AdwCleaner z opcji Delete

 

4. Uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowy log z OTL (bez extras), nowy z SystemLook oraz z Farbar Service Scanner (zaznacz wszystko do skanowania)

Edytowane 28 Sierpnia 2012 przez picasso
28.08.2012 - Temat zostaje zamknięty z powodu braku odpowiedzi. //picasso