Help, facebook...wirus...wanna laugh

chewingum · 22 Sierpień 2011 10:14

dziekuje z gory za pomoc

Leon1 · 22 Sierpień 2011 14:35

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

:OTL PRC - [2011/08/20 10:52:20 | 000,386,560 | ---- | M] () – C:\Windows\update.7.1\svchostdriver.exe PRC - [2011/08/20 10:33:48 | 001,182,208 | -H-- | M] () – C:\Windows\update.tray-7-0-lnk\svchost.exe MOD - [2011/08/20 10:33:48 | 001,182,208 | -H-- | M] () – C:\Windows\update.tray-7-0-lnk\svchost.exe SRV - [2011/08/20 10:52:20 | 000,386,560 | ---- | M] () [Auto | Running] – C:\windows\update.7.1\svchostdriver.exe – (ddservice) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O3 - HKLM…\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU.DEFAULT…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKU.DEFAULT…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-18…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-18…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-2071869296-2185399040-3217962726-1000…\Toolbar\WebBrowser: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2071869296-2185399040-3217962726-1000…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTor.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2071869296-2185399040-3217962726-1000…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM…\Run: [avast] File not found O4 - HKLM…\Run: [COMODO] File not found O4 - HKLM…\Run: [CPA] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKU\S-1-5-21-2071869296-2185399040-3217962726-1000…\Run: [iSUSPM] File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2011/08/20 14:04:07 | 000,000,000 | -H-D | C] – C:\windows\update.tray-7-0-lnk [2011/08/20 14:04:07 | 000,000,000 | -H-D | C] – C:\windows\update.tray-7-0 [2011/08/20 11:01:36 | 000,000,000 | —D | C] – C:\windows\ufa [2011/08/20 11:01:36 | 000,000,000 | —D | C] – C:\windows\phoenix [2011/08/20 10:59:03 | 000,000,000 | -H-D | C] – C:\windows\update.5.0 [2011/08/20 10:57:42 | 000,000,000 | -H-D | C] – C:\windows\update.2 [2011/08/20 10:52:46 | 000,000,000 | —D | C] – C:\windows\av_ico [2011/08/20 10:52:21 | 000,000,000 | -H-D | C] – C:\windows\update.7.1 [2011/08/20 10:49:56 | 000,000,000 | -H-D | C] – C:\windows\update.1 [2011/08/20 10:49:51 | 000,000,000 | -H-D | C] – C:\windows\update.tray-5-0-lnk [2011/08/20 10:49:51 | 000,000,000 | -H-D | C] – C:\windows\update.tray-5-0 [2011/08/20 10:49:51 | 000,000,000 | -H-D | C] – C:\windows\update.tray-2-0-lnk [2011/08/20 10:49:51 | 000,000,000 | -H-D | C] – C:\windows\update.tray-2-0 [2011/08/20 11:02:23 | 000,000,178 | ---- | M] () – C:\windows\info1 [2011/08/20 11:01:35 | 005,589,370 | ---- | M] () – C:\windows\phoenix.rar [2011/08/20 11:01:35 | 001,075,284 | ---- | M] () – C:\windows\rpcminer.rar [2011/08/20 11:01:35 | 000,246,272 | ---- | M] () – C:\windows\unrar.exe [2011/08/20 11:01:35 | 000,182,617 | ---- | M] () – C:\windows\ufa.rar [2011/08/20 10:57:36 | 000,904,792 | ---- | M] () – C:\windows\geoiplist.rar [2011/08/20 10:52:03 | 000,000,000 | ---- | M] () – C:\windows\loader2.exe_ok [2011/08/20 10:57:38 | 004,636,907 | ---- | C] () – C:\windows\geoiplist [2011/04/17 01:11:41 | 000,010,112 | -HS- | C] () – C:\Users\Kasia\AppData\Local\fnai4q15sdnfexykmam5q2dl86l [2011/04/17 01:11:41 | 000,009,516 | -HS- | C] () – C:\ProgramData\fnai4q15sdnfexykmam5q2dl86l :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)