VIRY.CZ

Jejda, ale proč používáte Combofix a RogueKiller, když jsem po vás chtěl OTL se scriptem?


V logu to vypadá, že safe boot nefunguje, ale píšete, že jede.. pokud jede, tak v nouzovém řežimu udělejte sken s Malwarebytes, AVPTool a nakonec udělejte log z OTL, jak jsem posledně chtěl..

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8221

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

22/11/2011 22:51:02
mbam-log-2011-11-22 (22-51-02).txt

Scan type: Quick scan
Objects scanned: 149596
Time elapsed: 21 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 10
Registry Values Infected: 4
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
c:\program files\Java\jre6\bin\fontmanager.dll (Virus.Ramnit) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B58926D6-CFB0-45d2-9C28-4B5A0F0368AE} (Adware.ClickPotato) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B2} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{C5428486-50A0-4a02-9D20-520B59A9F9B3} (Adware.ShopperReports) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A078F691-9C07-4AF2-BF43-35E79EECF8B7} (Adware.Softomate) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{A4A1A128-768F-41E0-BF75-E4FDDD701CBA} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{0AA02E8D-F851-4CB0-9F64-BBA9BE7A983D} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{C58F1580-0DF3-401C-93B1-2D9DDA61CF04} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{9A85D909-C64A-4608-8DC4-76254D869553} (Virus.Ramnit) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_MICORSOFT_WINDOWS_SERVICE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Micorsoft Windows Service (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{46897C77-E7A6-4c33-BFFB-E9C2E2718942} (Adware.Mp3Tube) -> Value: {46897C77-E7A6-4c33-BFFB-E9C2E2718942} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\ShopperReports 3.0.517.0 (Adware.HotBar) -> Value: ShopperReports 3.0.517.0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform\SRS_IT_E8790475B7765B5B31A093 (Malware.Trace) -> Value: SRS_IT_E8790475B7765B5B31A093 -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\Java\jre6\bin\fontmanager.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\documents and settings\jan\Desktop\roguekiller.exe (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\internet explorer\ieproxy.dll (Virus.Ramnit) -> Quarantined and deleted successfully.
c:\program files\windows media player\mpvis.dll (Virus.Ramnit) -> Quarantined and deleted successfully.

Pokračujte AVPTool v nouzovém režimu... poté http://www.viry.cz/forum/viewtopic.php? ... 5#p1050325

tak pocitac se kompletne slozil takze nuceny reinstal prosim o lock

Tak to me moc mrzi,mohu pro vas neco udelat? =)