Live security platinium - proŚba o pomoc

[lucassone]

Witam,
niestety zafundowałem sobie to cholerstwo i nie mogę sobie poradzić z jego usunięciem.
Załączam aktualny log z programu OTL. Byłbym wdzięczny za pomoc w usunięciu tego dziadostwa.

[sab999]

Tutaj masz poradnik jak usunąć to "cholerstwo":
http://malwaretips.com/blogs/live-security-platinum-virus/

[lucassone]

Czyli za pomocą samego OTL'A nie dam rady ?

[defacto19]

Uruchom OTL i w sekcji (Własne opcje skanowania/Skrypt) wklej:

:OTL
DRV - File not found [Kernel | Auto | Stopped] -- -- (Nsynas32)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\motufwa.sys -- (MotuFWA)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfwawave.sys -- (mfwawave)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\mfwamidi.sys -- (mfwamidi)
DRV - File not found [Kernel | Auto | Stopped] -- -- (adfs)
O4 - HKLM..\Run: [WTLXPan] C:\WINDOWS\System32\WTLXPan.exe ()
O4 - HKCU..\Run: [Ybsuonwoex] C:\Documents and Settings\luxon\Application Data\Hooqi\sywua.exe ()
O4 - HKCU..\RunOnce: [036DFF85006E82960008A8307B07D287] C:\Documents and Settings\All Users\Application Data\036DFF85006E82960008A8307B07D287\036DFF85006E82960008A8307B07D287.exe ()
O8 - Extra context menu item: &Save Flash In This Page by Flash Saver - C:\Program Files\Flash Saver\save.htm ()
O8 - Extra context menu item: Append Link Target to Existing PDF - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash Saver\save.htm ()
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
[2012-08-25 00:33:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\luxon\Start Menu\Programs\Live Security Platinum
[2012-08-25 00:32:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\036DFF85006E82960008A8307B07D287
[2012-08-04 20:11:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
@Alternate Data Stream - 1246 bytes -> C:\Documents and Settings\luxon\Cookies:MX3GFc0ygSHeFi7hlHF2firOMlQ7
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C8B8CEBD
@Alternate Data Stream - 1115 bytes -> C:\Documents and Settings\luxon\Local Settings\Application Data\3tVrIIWiLQhL:2h9itdNct7bYAf6dHIgSKNBhZ
@Alternate Data Stream - 1100 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:dQKTc02Ik18wW38iI8nxd8aSf
@Alternate Data Stream - 1099 bytes -> C:\Documents and Settings\All Users\Application Data\Microsoft:rFkJHcllRSjk8ZcnKJe9Ru7iB

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\luxon\Local Settings\temp\705.exe"=-
"C:\Documents and Settings\luxon\Local Settings\temp\609.exe"=-
"C:\Documents and Settings\luxon\Local Settings\temp\625.exe"=-
"C:\Documents and Settings\luxon\Local Settings\temp\184.exe"=-
"C:\Documents and Settings\luxon\Local Settings\temp\505.exe"=-
"C:\Documents and Settings\luxon\Local Settings\temp\116.exe"=-

:Commands
[emptytemp]

Kliknij wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który wyświetli się po restarcie. Następnie uruchom OTL ponownie, i kliknij skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.

[lucassone]

Tak to wygląda.

[defacto19]

Uruchom Avenger i w oknie wklej:

Folders to delete:
C:\Documents and Settings\All Users\Application Data\036DFF85006E82960008A8307B07D287
C:\Documents and Settings\luxon\Application Data\Ziutko
C:\Documents and Settings\luxon\Application Data\Xoif
C:\Documents and Settings\luxon\Application Data\Hooqi

Kliknij Execute i zatwierdź restart komputera.

Przedstaw log, który automatycznie utworzy Avenger w trakcie usuwania.