raczejtak
(Bezim666)
22 Czerwiec 2012 22:09
#1
Jak w tytule- moja dziewczyna otworzyła złośliwy plik na facebooku, wysłany przez jej przyjaciółkę. Wirus blokuje jej przeglądanie stron a i pewnie sypie linkami na lewo i prawo.
http://wklej.org/id/778081/
Atis
(Atis)
22 Czerwiec 2012 22:45
#2
Odinstaluj jeden program antywirusowy.
Do okna Własne opcje skanowania / skrypt wklej:
:OTL DRV - File not found [Kernel | On_Demand | Stopped] – system32\DRIVERS\hamachi.sys – (hamachi) DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\EagleXNt.sys – (EagleXNt) DRV - File not found [Kernel | On_Demand | Stopped] – C:\WINDOWS\system32\drivers\EagleNT.sys – (EagleNT) FF - prefs.js…browser.search.defaultthis.engineName: “Stardoll Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2836015&SearchSource=3&q={searchTerms} ” FF - prefs.js…browser.startup.homepage: “http://domredi.com/1/ ” FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.3.3.2 FF - prefs.js…extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.2 FF - prefs.js…extensions.enabledItems: 1vffxtbr@SmileyCentral_1v.com:1.2 FF - prefs.js…extensions.enabledItems: ffxtlbr@Facemoods.com:1.2.1 FF - prefs.js…keyword.URL: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2836015&SearchSource=2&q= ” [2012-05-31 20:51:57 | 000,000,000 | —D | M] (Stardoll Community Toolbar) – C:\Documents and Settings\Robert\Application Data\mozilla\Firefox\Profiles\78i2ghoh.default\extensions{192a6019-26d2-4611-aead-07cd7733b146} [2012-05-31 20:51:58 | 000,000,000 | —D | M] (Zynga Community Toolbar) – C:\Documents and Settings\Robert\Application Data\mozilla\Firefox\Profiles\78i2ghoh.default\extensions{7b13ec3e-999a-4b70-b9cb-2617b8323822} [2011-11-03 14:44:18 | 000,000,919 | ---- | M] () – C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\78i2ghoh.default\searchplugins\conduit.xml [2011-03-27 23:02:37 | 000,009,932 | ---- | M] () – C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\78i2ghoh.default\searchplugins\mywebsearch.xml [2011-01-17 20:37:35 | 000,010,055 | ---- | M] () – C:\Documents and Settings\Robert\Application Data\Mozilla\Firefox\Profiles\78i2ghoh.default\searchplugins\SmileyCentral_1v.xml [2011-04-10 13:59:20 | 000,002,049 | ---- | M] () – C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (no name) - {30CEEEA2-3742-40E4-85DD-812BF1CBB83D} - No CLSID value found. O4 - HKCU…\Run: [lwdlkat] C:\Documents and Settings\Robert\Local Settings\Application Data\jlocrj.exe () O4 - Startup: C:\Documents and Settings\Robert\Start Menu\Programs\Startup\iyftf.exe () @Alternate Data Stream - 48 bytes -> C:\WINDOWS:1144FCC4FFD19931 :Commands [emptytemp]
Kliknij Wykonaj skrypt i zatwierdź restart.
Pokaż raport z usuwania i nowy log Skanuj.