Pozostałości po facebookowym wirusie ,hi"

akarwanek · 26 Sierpień 2011 17:40

Witam moja prośba polega na tym że niestety po odczytaniu i wejściu na link od nieznajomej osoby dostał się do mojego komputera wirus . Pobrałem program ,Malwarebytes’ przeskanowałem pc i wyszukał 40 zagrożeń skasowałem wszystko lecz nadal nie mogę wejść na facebooka ;/ nie chce formatować dysku bo mam na nim ważne rzeczy a nie posiadam dysku przenośnego czy wie ktoś może co mam teraz zrobić ?? Proszę o pomoc bd wdzięczny.

drobok · 26 Sierpień 2011 17:44

Log z OTL’a wg otl-gmer-rsit-dss-inne-instrukcje-t370405.html#p1170959

akarwanek · 26 Sierpień 2011 18:33

http://wklej.to/WueEJ

http://wklej.to/yGJIB

Leon1 · 26 Sierpień 2011 19:06

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

:OTL PRC - [2011-08-22 08:51:19 | 000,382,464 | ---- | M] () – C:\Windows\update.7.1\svchostdriver.exe SRV - [2011-08-22 08:51:19 | 000,382,464 | ---- | M] () [Auto | Running] – C:\Windows\update.7.1\svchostdriver.exe – (ddservice) IE - HKLM…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.) IE - HKU.DEFAULT…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKU\S-1-5-18…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\URLSearchHook: {48405d3d-2674-4cd8-b1ef-9a719443bd3f} - Reg Error: Key error. File not found IE - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found IE - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.) FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.2.5.2 FF - HKLM\Software\MozillaPlugins@adobe.com/FlashPlayer: File not found FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found [2011-04-12 19:31:15 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – C:\Users\Karwan\AppData\Roaming\mozilla\Firefox\Profiles\9k8141lf.default\extensions\DTToolbar@toolbarnet.com [2010-12-08 17:13:11 | 000,000,000 | —D | M] (Conduit Engine) – C:\Users\Karwan\AppData\Roaming\mozilla\Firefox\Profiles\9k8141lf.default\extensions\engine@conduit.com [2010-09-06 10:19:06 | 000,000,927 | ---- | M] () – C:\Users\Karwan\AppData\Roaming\Mozilla\Firefox\Profiles\9k8141lf.default\searchplugins\conduit.xml O2 - BHO: (PCCBHO.CPCCBHO) - {22FC6CE8-7D47-479F-B74A-BFBB04ADB9AF} - File not found O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - File not found O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - File not found O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - File not found O2 - BHO: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (uTorrentBar Toolbar) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found O3 - HKU.DEFAULT…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.) O3 - HKU\S-1-5-18…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\Toolbar\WebBrowser: (uTorrentBar Toolbar) - {BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - C:\Program Files\uTorrentBar\tbuTo1.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - File not found O4 - HKLM…\Run: [5655.exe] C:\ [2011-08-26 20:17:03 | 000,000,000 | R–D | M] O4 - HKLM…\Run: [Adobe Photo Downloader] File not found O4 - HKLM…\Run: [AVG_TRAY] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKU.DEFAULT…\Run: [sSS5] File not found O4 - HKU.DEFAULT…\Run: [sSS5SAFE] File not found O4 - HKU.DEFAULT…\Run: [sSS5SPM] File not found O4 - HKU\S-1-5-18…\Run: [sSS5] File not found O4 - HKU\S-1-5-18…\Run: [sSS5SAFE] File not found O4 - HKU\S-1-5-18…\Run: [sSS5SPM] File not found O4 - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\Run: [FlashGet 3] File not found O4 - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\Run: [RegistryBooster] File not found O4 - HKU\S-1-5-21-2940293867-578583823-1431221202-1003…\Run: [RGSC] File not found O9 - Extra ‘Tools’ menuitem : PC Confidential - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - File not found O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found O9 - Extra ‘Tools’ menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - File not found O9 - Extra Button: PC Confidential - {925DAB62-F9AC-4221-806A-057BFB1014AA} - File not found O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.) O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - File not found O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - File not found [2011-08-22 17:20:09 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-7-0-lnk [2011-08-22 17:20:09 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-7-0 [2011-08-22 09:45:07 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-15-0-lnk [2011-08-22 09:45:07 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-15-0 [2011-08-22 08:56:15 | 000,000,000 | —D | C] – C:\Windows\ufa [2011-08-22 08:56:15 | 000,000,000 | —D | C] – C:\Windows\phoenix [2011-08-22 08:51:20 | 000,000,000 | -H-D | C] – C:\Windows\update.7.1 [2011-08-22 08:51:16 | 000,000,000 | -H-D | C] – C:\Windows\update.2 [2011-08-22 08:51:10 | 000,000,000 | -H-D | C] – C:\Windows\update.5.0 [2011-08-22 08:48:27 | 000,000,000 | —D | C] – C:\Windows\av_ico [2011-08-22 08:45:41 | 000,000,000 | -H-D | C] – C:\Windows\update.1 [2011-08-22 08:45:19 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-12-0-lnk [2011-08-22 08:45:19 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-12-0 [2011-08-22 17:22:06 | 000,000,734 | ---- | M] () – C:\Windows\System32\drivers\etc\hîsts [2011-08-22 15:33:00 | 000,000,200 | ---- | M] () – C:\Windows\info1 [2011-08-22 08:56:14 | 005,589,370 | ---- | M] () – C:\Windows\phoenix.rar [2011-08-22 08:56:14 | 001,075,284 | ---- | M] () – C:\Windows\rpcminer.rar [2011-08-22 08:56:14 | 000,246,272 | ---- | M] () – C:\Windows\unrar.exe [2011-08-22 08:56:14 | 000,182,617 | ---- | M] () – C:\Windows\ufa.rar [2011-08-22 08:51:03 | 000,000,000 | ---- | M] () – C:\Windows\loader2.exe_ok [2011-08-22 08:51:01 | 000,904,792 | ---- | M] () – C:\Windows\geoiplist.rar [2011-08-22 08:51:02 | 004,636,907 | ---- | C] () – C:\Windows\geoiplist :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “C:\Users\Karwan\AppData\Local\Temp\1.exe”=- “C:\Users\Karwan\AppData\Local\Temp\5655.exe”=- “C:\Users\Karwan\Desktop\Flash-Player.exe”=- “C:\Windows\update.tray-12-0\svchost.exe”=- :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)