Witam, mam problem podobny do wielu ludzi, którzy mieli do czynienia z wirusem “Hi” czy “Enhanced protection”, po usunięciu wirusa facebook nie działa, a dokładniej dostaję komunikat "Firefox nie może nawiązać połączenia z serwerem www.facebook.com . Podaję logi:
OTL:
http://wklej.org/id/583799/
Extras:
http://wklej.org/id/583800/
Proszę o możliwie szybką pomoc.
Leon1
(Leon$)
24 Sierpień 2011 21:11
#2
OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:
:OTL IE - HKLM…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) IE - HKCU…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) [2011-07-01 20:38:21 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\w9vmn1w6.default\extensions\engine@conduit.com O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O3:64bit: - HKLM…\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - File not found O3 - HKLM…\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O3 - HKLM…\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files (x86)\uTorrentBar\prxtbuTor.dll (Conduit Ltd.) O4 - HKLM…\Run: [4974225.exe] File not found O4 - HKLM…\Run: [6758009.exe] File not found O4 - HKLM…\Run: [78877496-loader2.exe] File not found O4 - HKLM…\Run: [8319244.exe] File not found O4 - HKLM…\Run: [9747755.exe] File not found O4 - HKLM…\Run: [avast] File not found O4 - HKLM…\Run: [sessionLogon] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKCU…\Run: [EA Core] File not found O4 - HKCU…\Run: [Windows] File not found O9:64bit: - Extra ‘Tools’ menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found [2011-08-23 08:57:14 | 000,000,000 | -HSD | C] – C:\found.000 [2011-08-21 09:23:13 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-2-0 [2011-08-20 16:16:15 | 000,000,000 | —D | C] – C:\Windows\ufa [2011-08-20 16:16:15 | 000,000,000 | —D | C] – C:\Windows\rpcminer [2011-08-20 16:16:15 | 000,000,000 | —D | C] – C:\Windows\phoenix [2011-08-20 16:13:21 | 000,000,000 | -H-D | C] – C:\Windows\update.5.0 [2011-08-20 16:12:01 | 000,000,000 | -H-D | C] – C:\Windows\update.2 [2011-08-20 16:11:23 | 000,000,000 | -H-D | C] – C:\Windows\update.7.1 [2011-08-20 16:09:25 | 000,000,000 | —D | C] – C:\Windows\av_ico [2011-08-20 16:08:12 | 000,000,000 | -H-D | C] – C:\Windows\update.1 [2011-08-20 16:08:10 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-7-0-lnk [2011-08-20 16:08:10 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-7-0 [2011-08-20 16:16:33 | 000,000,178 | ---- | M] () – C:\Windows\info1 [2011-08-20 16:16:14 | 005,589,370 | ---- | M] () – C:\Windows\phoenix.rar [2011-08-20 16:16:14 | 001,075,284 | ---- | M] () – C:\Windows\rpcminer.rar [2011-08-20 16:16:14 | 000,246,272 | ---- | M] () – C:\Windows\unrar.exe [2011-08-20 16:12:26 | 000,000,734 | ---- | M] () – C:\Windows\SysNative\drivers\etc\hîsts [2011-08-20 16:12:09 | 000,904,792 | ---- | M] () – C:\Windows\geoiplist.rar [2011-08-20 16:10:32 | 000,000,000 | ---- | M] () – C:\Windows\loader2.exe_ok [2011-08-20 16:12:11 | 004,636,907 | ---- | C] () – C:\Windows\geoiplist :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]
Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.
Pokaż log z usuwania.
potem nowy log OTL robiony opcją Run Scan (Skanuj)
Wielkie dzięki jednak są jeszcze normalni i dobrzy ludzie
Log z usuwania:
http://wklej.org/id/584079/
OTL po usunięciu:
http://wklej.org/id/584083/
Jeszcze raz dziękuję
Leon1
(Leon$)
25 Sierpień 2011 12:42
#4
Log wygląda na czysty
Pobierz CCleaner http://www.filehippo.com/download_ccleaner/
przeskanuj nim i wyczyść rejestr.
W OTL kilknij CleanUp (Sprzątanie)
przeskanuj
Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI … 12976.html