Logi - Fałszywy antyvirus

Witam. W jaki sposób usunąć Xp Internet Security 2011 ?

Logi:
http://wklej.to/WkjmS

http://wklej.to/iMQIb

1) Użyj USBFix >/USBFix-t42061/
Kliknij w nim na DELETION.
Daj raport.

2) Uruchom OTL i w oknie Własne opcje skanowania/Script wklej to:

:OTL
O33 - MountPoints2\{0e6dbc62-d4c9-11de-88f6-00163609ecbb}\Shell\1\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{0e6dbc62-d4c9-11de-88f6-00163609ecbb}\Shell\2\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{0e6dbc62-d4c9-11de-88f6-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
O33 - MountPoints2\{0f2ed841-0728-11df-895e-00163609ecbb}\Shell\AutoRun\command - "" = e9naq.exe
O33 - MountPoints2\{0f2ed841-0728-11df-895e-00163609ecbb}\Shell\open\Command - "" = e9naq.exe
O33 - MountPoints2\{1a0e878d-b88f-11de-88a2-00163609ecbb}\Shell\AutoRun\command - "" = ctu8r.exe
O33 - MountPoints2\{1a0e878d-b88f-11de-88a2-00163609ecbb}\Shell\open\Command - "" = ctu8r.exe
O33 - MountPoints2\{29910846-b976-11de-88a9-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{29910846-b976-11de-88a9-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL NioupO.Exe
O33 - MountPoints2\{2c3e5393-0259-11df-8950-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL rIUom.exE
O33 - MountPoints2\{3c35da9a-c0a0-11de-88c0-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{3c35da9a-c0a0-11de-88c0-00163609ecbb}\Shell\1\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{3c35da9a-c0a0-11de-88c0-00163609ecbb}\Shell\2\Command - "" = F:\Recycled.exe
O33 - MountPoints2\{3c35da9a-c0a0-11de-88c0-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL Recycled.exe
O33 - MountPoints2\{3d0e62d4-ff84-11de-8949-00163609ecbb}\Shell\AutoRun\command - "" = F:\e9naq.exe
O33 - MountPoints2\{3d0e62d4-ff84-11de-8949-00163609ecbb}\Shell\open\Command - "" = F:\e9naq.exe
O33 - MountPoints2\{4667fc6e-c235-11de-88c4-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{4667fc6e-c235-11de-88c4-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL zOAZu.ExE
O33 - MountPoints2\{4d9f3445-07f7-11df-8960-00163609ecbb}\Shell\AutoRun\command - "" = e9naq.exe
O33 - MountPoints2\{4d9f3445-07f7-11df-8960-00163609ecbb}\Shell\open\Command - "" = e9naq.exe
O33 - MountPoints2\{53429e27-ff93-11de-894a-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL cOelUW.exe
O33 - MountPoints2\{553a6ba7-406f-11df-89f8-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{553a6ba7-406f-11df-89f8-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL vAzIG.exE
O33 - MountPoints2\{56a1b364-0370-11df-8953-00163609ecbb}\Shell\AutoRun\command - "" = F:\e9naq.exe
O33 - MountPoints2\{56a1b364-0370-11df-8953-00163609ecbb}\Shell\open\Command - "" = F:\e9naq.exe
O33 - MountPoints2\{6ec4e352-fd08-11de-8948-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{6ec4e352-fd08-11de-8948-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SaOuT.eXe
O33 - MountPoints2\{73c5a2f8-3358-11df-89d7-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{73c5a2f8-3358-11df-89d7-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL XOaUSUf.EXE
O33 - MountPoints2\{73f50704-2b7c-11df-89be-00163609ecbb}\Shell\AutoRun\command - "" = Zolander\Polanda\box.exe
O33 - MountPoints2\{73f50704-2b7c-11df-89be-00163609ecbb}\Shell\open\command - "" = Zolander\Polanda\box.exe
O33 - MountPoints2\{78e7e6b4-ec00-11de-892d-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{78e7e6b4-ec00-11de-892d-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL lAQEg.ExE
O33 - MountPoints2\{78e7e6b4-ec00-11de-892d-00163609ecbb}\Shell\open\command - "" = ROM\P-43553JIYW-8374322329-0909090987-120\sys32s.exe
O33 - MountPoints2\{7df37612-3d92-11df-89f4-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{7df37612-3d92-11df-89f4-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL KaPef.exe
O33 - MountPoints2\{811274c3-ba7c-11de-88ae-00163609ecbb}\Shell\AutoRun\command - "" = ctu8r.exe
O33 - MountPoints2\{811274c3-ba7c-11de-88ae-00163609ecbb}\Shell\open\Command - "" = ctu8r.exe
O33 - MountPoints2\{843afe9f-34b1-11df-89da-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{843afe9f-34b1-11df-89da-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL XqkER.exe
O33 - MountPoints2\{89a2a6fa-4f89-11df-8a26-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{89a2a6fa-4f89-11df-8a26-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SioUV.exe
O33 - MountPoints2\{9b219228-0c1e-11df-8970-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{9b219228-0c1e-11df-8970-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL SaOuT.eXe
O33 - MountPoints2\{9b219229-0c1e-11df-8970-00163609ecbb}\Shell\AutoRun\command - "" = F:\e9naq.exe
O33 - MountPoints2\{9b219229-0c1e-11df-8970-00163609ecbb}\Shell\open\Command - "" = F:\e9naq.exe
O33 - MountPoints2\{9fb47272-f9f1-11de-8945-00163609ecbb}\Shell\AutoRun\command - "" = e9naq.exe
O33 - MountPoints2\{9fb47272-f9f1-11de-8945-00163609ecbb}\Shell\open\Command - "" = e9naq.exe
O33 - MountPoints2\{ae5dcc6c-4201-11df-89fb-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{ae5dcc6c-4201-11df-89fb-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL kAieZ.exE
O33 - MountPoints2\{ae5dcc6d-4201-11df-89fb-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{ae5dcc6d-4201-11df-89fb-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL COElUW.Exe
O33 - MountPoints2\{baab0c48-f768-11de-893f-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{baab0c48-f768-11de-893f-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL zOiEL.exE
O33 - MountPoints2\{bc8fdff1-149a-11df-898a-00163609ecbb}\Shell\AutoRun\command - "" = e9naq.exe
O33 - MountPoints2\{bc8fdff1-149a-11df-898a-00163609ecbb}\Shell\open\Command - "" = e9naq.exe
O33 - MountPoints2\{d2719f50-040a-11df-8954-00163609ecbb}\Shell\AutoRun\command - "" = F:\e9naq.exe
O33 - MountPoints2\{d2719f50-040a-11df-8954-00163609ecbb}\Shell\open\Command - "" = F:\e9naq.exe
O33 - MountPoints2\{d468ccc0-05bd-11df-895b-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{d468ccc0-05bd-11df-895b-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL WOuuRUd.eXE
O33 - MountPoints2\{ec4fb7d6-000e-11df-894b-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{ec4fb7d6-000e-11df-894b-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL qKtIeR.exe
O33 - MountPoints2\{f269183a-ea59-11de-8929-00163609ecbb}\Shell - "" = AutoRun
O33 - MountPoints2\{f269183a-ea59-11de-8929-00163609ecbb}\Shell\AutoRun\command - "" = C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL riuOm.Exe
O33 - MountPoints2\{fa59f83e-043a-11df-8955-00163609ecbb}\Shell\AutoRun\command - "" = F:\e9naq.exe
O33 - MountPoints2\{fa59f83e-043a-11df-8955-00163609ecbb}\Shell\open\Command - "" = F:\e9naq.exe
O35 - HKCU\..exefile [open] -- "C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\xap.exe" -a "%1" %* (Valve Corporation)
O37 - HKCU\...exe [@ = exefile] -- "C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\xap.exe" -a "%1" %* (Valve Corporation)
[2011-02-19 07:10:07 | 000,344,064 | -HS- | M] (Valve Corporation) -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\trw.exe
[2011-02-19 07:10:06 | 000,344,064 | -HS- | M] (Valve Corporation) -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\xap.exe
[2011-02-19 07:10:23 | 000,011,870 | -HS- | C] () -- C:\Documents and Settings\Piotr\Ustawienia lokalne\Dane aplikacji\1y6p453646exnf5s31f73u2i843
[2011-02-19 07:10:23 | 000,011,870 | -HS- | C] () -- C:\Documents and Settings\All Users\Dane aplikacji\1y6p453646exnf5s31f73u2i843

:Files
ctu8r.exe /alldrives
e9naq.exe /alldrives
RECYCLER /alldrives
Recycled.exe /alldrives

:Reg
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands
[emptytemp]

Kliknij w Wykonaj Script. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie.
Następnie uruchom OTL ponownie, tym razem kliknij Skanuj.
Pokaż nowy log OTL.txt oraz raport z usuwania.
.

Użytkownik ordynat edytował ten post 19 02 2011 - 18:20

Pozdrawiam!Mam ten sam problem z tym wirusem.Czy mogę zastosować to samo zadanie u mnie w komputerze?Czy mam dorzucić jakieś screeny??Niestety nie znam się za bardzo na kompach.Prosze o pomoc!