Facebook wirus -|1rezerv.exe,sysdrive32.exe,ufa.ex - pomocy

rysik007 · 23 Sierpień 2011 09:45

Prosze o pomoc, log z OLT:

drobok · 23 Sierpień 2011 10:27

Własne opcje skanowania(potem kliknij wykonaj skrypt*):

:OTL


PRC - [2011/08/22 08:35:06 | 000,634,880 | ---- | M] () -- C:\Windows\update.2\svchost.exe

PRC - [2011/08/22 08:35:06 | 000,634,880 | ---- | M] () -- C:\Windows\update.2\svchost.exe

PRC - [2011/08/22 08:35:06 | 000,634,880 | ---- | M] () -- C:\Windows\update.2\svchost.exe

PRC - [2011/08/22 08:34:00 | 000,355,840 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe

PRC - [2011/08/22 08:34:00 | 000,355,840 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe

PRC - [2011/08/22 08:34:00 | 000,355,840 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe

PRC - [2011/08/22 08:34:00 | 000,355,840 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe

PRC - [2011/08/22 08:34:00 | 000,355,840 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe

PRC - [2011/08/19 13:13:24 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe

PRC - [2011/08/19 10:38:18 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe

PRC - [2011/08/19 10:36:48 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-3-0-lnk\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-3-0-lnk\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-3-0\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-3-0\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-3-0\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe

PRC - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe

MOD - [2011/08/19 10:38:18 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe

MOD - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-3-0-lnk\svchost.exe

MOD - [2011/08/19 10:23:56 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-3-0\svchost.exe

SRV - [2011/08/19 13:13:24 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\Windows\update.7.1\svchostdriver.exe -- (ddservice)

SRV - [2011/08/19 10:36:48 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\Windows\sysdriver32.exe -- (srvsysdriver32)

FF:[b]64bit:[/b] - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found

[2010/11/18 09:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariusz\AppData\Roaming\mozilla\Extensions

[2010/11/18 09:16:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\mariusz\AppData\Roaming\mozilla\Firefox\Profiles\55on28z9.default\extensions

[2011/08/22 08:30:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions

O4 - HKLM..\Run: [2746180.exe] C:\Windows\Temp\2746180.exe ()

O4 - HKLM..\Run: [6482227.exe] C:\Windows\Temp\6482227.exe ()

O4 - HKLM..\Run: [7117453.exe] C:\Users\mariusz\AppData\Local\Temp\7117453.exe ()

O4 - HKLM..\Run: [89583812-loader2.exe] C:\Windows\Temp\89583812-loader2.exe ()

O4 - HKLM..\Run: [9514176.exe] C:\Windows\Temp\9514176.exe ()

O4 - HKLM..\Run: [sysdriver32.exe] C:\Windows\sysdriver32.exe ()

O4 - HKLM..\Run: [sysdriver32_.exe] C:\Windows\sysdriver32_.exe ()

O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()

O4 - HKLM..\Run: [tray_ico] File not found

O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe ()

O4 - HKLM..\Run: [tray_ico1] File not found

O4 - HKLM..\Run: [tray_ico2] File not found

O4 - HKLM..\Run: [tray_ico3] File not found

O4 - HKLM..\Run: [tray_ico4] File not found

O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] File not found

O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] File not found

O13 - gopher Prefix: missing

O13 - gopher Prefix: missing

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.14.10.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = i.gkanalytics.eu

O20:[b]64bit:[/b] - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:[b]64bit:[/b] - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O31 - SafeBoot: AlternateShell - services32.exe

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

[2011/08/19 13:13:25 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1

[2011/08/19 11:26:36 | 000,000,000 | ---D | C] -- C:\Windows\Sun

[2011/08/19 10:40:13 | 000,000,000 | ---D | C] -- C:\Windows\ufa

[2011/08/19 10:40:13 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer

[2011/08/19 10:40:13 | 000,000,000 | ---D | C] -- C:\Windows\phoenix

[2011/08/19 10:38:03 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0

[2011/08/19 10:37:46 | 000,000,000 | -H-D | C] -- C:\Windows\update.2

[2011/08/19 10:36:53 | 000,000,000 | ---D | C] -- C:\Windows\av_ico

[2011/08/19 10:35:28 | 000,000,000 | -H-D | C] -- C:\Windows\update.1

[2011/08/19 10:35:25 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-3-0-lnk

[2011/08/19 10:35:25 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-3-0

[2011/08/23 11:02:31 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar

[2011/08/23 11:02:31 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar

[2011/08/23 11:02:31 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe

[2011/08/23 11:02:31 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar

[2011/08/19 10:38:18 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe

[2011/08/19 10:38:05 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok

[2011/08/19 10:38:04 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar

[2011/08/19 10:36:48 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32_.exe

[2011/08/19 10:36:48 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32.exe

[2011/08/19 10:23:56 | 001,215,488 | ---- | M] () -- C:\Windows\services32.exe

[2011/08/22 08:31:16 | 000,137,728 | ---- | C] () -- C:\Windows\systemup.exe

[2011/08/19 10:40:12 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar

[2011/08/19 10:40:12 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar

[2011/08/19 10:40:12 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar

[2011/08/19 10:38:23 | 000,232,960 | ---- | C] () -- C:\Windows\l1rezerv.exe

[2011/08/19 10:38:05 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist

[2011/08/19 10:38:04 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar

[2011/08/19 10:38:04 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe

[2011/08/19 10:37:46 | 000,000,202 | ---- | C] () -- C:\Windows\info1

[2011/08/19 10:37:19 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok

[2011/08/19 10:37:16 | 000,258,048 | ---- | C] () -- C:\Windows\sysdriver32_.exe

[2011/08/19 10:37:02 | 000,258,048 | ---- | C] () -- C:\Windows\sysdriver32.exe

[2011/08/19 10:24:03 | 001,215,488 | ---- | C] () -- C:\Windows\services32.exe


:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]

"AlternateShell"="cmd.exe"


:Commands

[emptytemp]

[resethosts]

Potem reset i jeszcze jeden skan, btw otl podaje 2pliki oba należy wklejać ;]

rysik007 · 23 Sierpień 2011 10:55

http://wklej.to/7bSsK -> z usuwanie

http://wklej.to/JXOyg -> drugi OTL

Ale zadnego pytanie o restart tym razem nie mialem wiec nie zrestartowalem kompa.

Te pliki wyrzcuilem recznie ktorych nie znalazl, ale co z ufa.exe ??

drobok · 23 Sierpień 2011 11:19

Miało być wykonaj skrypt a nie skan :x [rzez moje nierozgarnięcie otl nic nie usunął), wybacz. Wykonaj skrypt a następnie jeszcze raz daj log ;]

W logu nie ma ufa.exe, przeskanuj malwarebytes (wcześniej aktualizacja)