live security platinum

złapałem wirusy i na ekranie wyświetla się live security platinum i nic nie mogę zrobić wszystko prawie zablokowane otl nie mogę uruchomić czym mogę zrobić logi
Dziękuje

Zrób OTL, tylko w trybie awaryjnym.

http://wklej.eu/index.php?id=2d89dec8c1

http://www.wklej.eu/index.php?id=f2b621a1b4

Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

Kod:

:OTL
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\PCAMPR5.SYS -- (PCAMPR5)
IE - HKCU\..\URLSearchHook: {51a86bb3-6602-4c85-92a5-130ee4864f13} - No CLSID value found
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://search.babylon.com/?q={searchTerms}&AF=100482&babsrc=SP_ss&mntrId=945f54b900000000000000148584c07b
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaultthis.engineName: "BrotherSoft Extreme Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..keyword.URL: "http://search.conduit.com/ResultsExt.aspx?ctid=CT2776682&SearchSource=2&q="
[2012-01-10 08:27:26 | 000,000,941 | ---- | M] () -- C:\Documents and Settings\Donia\Dane aplikacji\Mozilla\Firefox\Profiles\lo31rrwh.default\searchplugins\conduit.xml
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {51A86BB3-6602-4C85-92A5-130EE4864F13} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
[2012-08-21 14:22:57 | 000,000,000 | ---D | M] (BrotherSoft Extreme Community Toolbar) -- C:\Documents and Settings\Donia\Dane aplikacji\Mozilla\Firefox\Profiles\lo31rrwh.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}
[2010-03-27 16:29:50 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Donia\Dane aplikacji\Mozilla\Firefox\Profiles\lo31rrwh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O4 - HKLM..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u File not found
O4 - HKLM..\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found
O4 - HKCU..\RunOnce: [6F63A5880049BF938369ED1781CB3EF3] C:\Documents and Settings\All Users\Dane aplikacji\6F63A5880049BF938369ED1781CB3EF3\6F63A5880049BF938369ED1781CB3EF3.exe ()
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
[2012-09-05 13:55:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Donia\Menu Start\Programy\Live Security Platinum
[2012-09-05 13:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Dane aplikacji\6F63A5880049BF938369ED1781CB3EF3
[2012-09-05 13:55:27 | 000,002,242 | ---- | M] () -- C:\Documents and Settings\Donia\Pulpit\Live Security Platinum.lnk

:Reg
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nForce Tray Options"=-
"NVRaidService"=-
"PowerDVD12Agent"=-
"PowerDVD12DMREngine"=-
"SoundMan"=-
"WinampAgent"=-

:Commands
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania + nowe logi z OTL.

otl usuwanie:
http://wklej.eu/index.php?id=641d34841a

otl nowe pliki:
http://www.wklej.eu/index.php?id=89628d1814

live security platinum już nie ma, nie wyświetla się już, ino mam przeczucie że komp wolniej chodzi i myśli dłużej.

"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"Live Security Platinum" = Live Security Platinum

Odinstaluj to oprogramowanie, oraz inne ewentualnie zbędne Ci.

O33 - MountPoints2\{ba0b92c1-44dc-11df-b3a2-00148584c07b}\Shell\AutoRun\command - "" = F:\s1.exe
O33 - MountPoints2\{ba0b92c1-44dc-11df-b3a2-00148584c07b}\Shell\open\Command - "" = F:\s1.exe

Z podłączonymi pamięciami przenosnymi użyj USBFix z opcji Deletion, oraz zaprezentuj z niego logi otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p117012.

Logi.

Uruchom OTL w oknie Własne opcje skanowania/skrypt wklej:

Kod:

:OTL

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\..\URLSearchHook: {08C06D61-F1F3-4799-86F8-BE1A89362C85} - C:\Program Files\neostrada tp\SearchPageURL.dll ()
IE - HKCU\..\SearchScopes,DefaultScope = {9508DEA5-D584-463C-99A2-DCA8B091268B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{9508DEA5-D584-463C-99A2-DCA8B091268B}: "URL" = http://www.google.pl/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}&rlz=
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Donia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Donia\Ustawienia lokalne\Dane aplikacji\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
[2010-07-06 08:57:08 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Donia\Dane aplikacji\Mozilla\Firefox\Profiles\lo31rrwh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010-03-13 17:02:46 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\Donia\Dane aplikacji\Mozilla\Firefox\Profiles\lo31rrwh.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2012-01-10 18:12:28 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
O16 - DPF: {1ABA5FAC-1417-422B-BA82-45C35E2C908B} http://kitchenplanner.ikea.com/PL/Core/Player/2020PlayerAX_IKEA_Win32.cab (20-20 3D Viewer for IKEA)
O16 - DPF: {CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-1_4_0_03-win.cab (Java Plug-in 1.4.0_03)

:Files
C:\Program Files\Yahoo!
C:\Documents and Settings\Donia\Ustawienia lokalne\Dane aplikacji\Google\Update
C:\Documents and Settings\All Users\Dane aplikacji\6F63A5880049BF938369ED1781CB3EF3
C:\WINDOWS\tasks\*.*
C:\Program Files\Spybot - Search & Destroy

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

:Commands
[emptyflash]
[clearallrestorepoints]
[emptytemp]

Klikasz Wykonaj skrypt. Dajesz log z usuwania. Następnie podajlog z ADWCleaner (z opcji Delete) otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p139531 + log z TDSSKiller otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p120292 + nowe logi z OTL + log z Autoruns otl-gmer-silent-runners-sdfix-i-inne-poradnik-t13967-15.html#p138589.