Facebook Wirus POMOCY

szalen · 21 Sierpień 2011 21:18

Mam taki sam problem z facebookowym wirusem.

Bardzo proszę o pomoc!

Acorus · 22 Sierpień 2011 09:03

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL MOD - [2011-08-21 21:05:29 | 000,355,840 | ---- | M] () – C:\WINDOWS\update.5.0\svchost.exe MOD - [2011-08-21 20:51:31 | 000,232,960 | ---- | M] () – C:\WINDOWS\l1rezerv.exe MOD - [2011-08-21 20:38:33 | 000,634,880 | ---- | M] () – C:\WINDOWS\update.2\svchost.exe MOD - [2011-08-21 20:36:49 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32.exe MOD - [2011-08-21 20:17:44 | 001,213,440 | -H-- | M] () – C:\WINDOWS\update.1\svchost.exe O4 - HKLM…\Run: [3602538.exe] C:\WINDOWS\TEMP\3602538.exe () O4 - HKLM…\Run: [67152713-loader2.exe] C:\WINDOWS\TEMP\67152713-loader2.exe () O4 - HKLM…\Run: [7597419.exe] C:\WINDOWS\TEMP\7597419.exe () O4 - HKLM…\Run: [9863098.exe] C:\WINDOWS\TEMP\9863098.exe () O4 - HKLM…\Run: [AVG_TRAY] File not found O4 - HKLM…\Run: [iSUSPM Startup] File not found O4 - HKLM…\Run: [iSUSScheduler] File not found O4 - HKLM…\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe () O4 - HKLM…\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] File not found O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [wxpdrv] C:\WINDOWS\services32.exe () [2011-08-21 21:07:31 | 000,000,000 | —D | C] – C:\WINDOWS\ufa [2011-08-21 21:07:31 | 000,000,000 | —D | C] – C:\WINDOWS\rpcminer [2011-08-21 21:07:31 | 000,000,000 | —D | C] – C:\WINDOWS\phoenix [2011-08-21 21:05:31 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.5.0 [2011-08-21 20:48:29 | 000,000,000 | —D | C] – C:\WINDOWS\av_ico [2011-08-21 20:38:34 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.2 [2011-08-21 20:33:22 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.1 [2011-08-21 21:07:30 | 005,589,370 | ---- | M] () – C:\WINDOWS\phoenix.rar [2011-08-21 21:07:30 | 000,246,272 | ---- | M] () – C:\WINDOWS\unrar.exe [2011-08-21 21:07:30 | 000,182,617 | ---- | M] () – C:\WINDOWS\ufa.rar [2011-08-21 21:07:25 | 001,075,284 | ---- | M] () – C:\WINDOWS\rpcminer.rar [2011-08-21 21:05:30 | 000,000,177 | ---- | M] () – C:\WINDOWS\info1 [2011-08-21 20:51:31 | 000,232,960 | ---- | M] () – C:\WINDOWS\l1rezerv.exe [2011-08-21 20:38:54 | 000,904,792 | ---- | M] () – C:\WINDOWS\geoiplist.rar [2011-08-21 20:37:20 | 000,000,000 | ---- | M] () – C:\WINDOWS\loader2.exe_ok [2011-08-21 20:36:49 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32_.exe [2011-08-21 20:36:49 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32.exe [2011-08-21 20:17:44 | 001,213,440 | ---- | M] () – C:\WINDOWS\services32.exe :Services ddservice srvbtcclient srviecheck srvsysdriver32 wxpdrivers :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [emptytemp] [resethosts]

Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.