Problem z "koobface"


(Plomien81) #1

Witam.

Mam problem z wirusem "Koobface" (Hi wanna laugh; wowwwww!! you look so sexy; itd.). Nie będę się rozpisywać na jego temat bo widzę że wiele osób ma z nim problem... :confused:

Jak się go pozbyć?

Proszę o pomoc. :slight_smile:

OTL: http://wklej.to/wGjDv

Extras: http://wklej.to/DBjdf


(Drobok) #2

Podłącz wszystkie pamięci usb, po czym zastosuj:

http://www.searchengines.pl/index.php?s ... ntry369724

http://www.instalki.pl/programy/downloa ... sbFix.html

W otl, własne opcje skanowania wklej:

:OTL


MOD - [2011-08-28 16:13:07 | 000,117,760 | RHS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\apiqq0.dll

MOD - [2011-08-28 15:57:46 | 000,130,560 | ---- | M] () -- C:\WINDOWS\systemup.exe

MOD - [2011-08-28 15:42:20 | 000,636,416 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe

MOD - [2011-08-22 15:20:20 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe

MOD - [2011-08-22 15:19:21 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe

MOD - [2011-08-22 14:55:01 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe

MOD - [2011-08-22 14:52:16 | 001,213,440 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe

SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service)

SRV - [2011-08-28 15:42:20 | 000,636,416 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)

SRV - [2011-08-22 15:20:20 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.7.1\svchostdriver.exe -- (ddservice)

SRV - [2011-08-22 15:19:21 | 000,355,840 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)

SRV - [2011-08-22 14:55:01 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)

SRV - [2011-08-22 14:52:16 | 001,213,440 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)

IE - HKCU\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)

() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\UTZ711J5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)

O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)

O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.

O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)

O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)

O4 - HKLM..\Run: [6398993.exe] C:\WINDOWS\TEMP\6398993.exe ()

O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()

O4 - HKCU..\Run: [api32] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\apiqq.exe ()

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O31 - SafeBoot: AlternateShell - services32.exe

[2011-08-28 16:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa

[2011-08-28 16:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer

[2011-08-28 16:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix

[2011-08-28 15:12:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.8.1

[2011-08-28 16:12:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2011-08-28 16:00:05 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar

[2011-08-28 16:00:05 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe

[2011-08-28 16:00:05 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar

[2011-08-28 15:59:54 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar

[2011-08-28 15:57:47 | 000,000,222 | ---- | M] () -- C:\WINDOWS\info1

[2011-08-28 15:57:46 | 000,130,560 | ---- | M] () -- C:\WINDOWS\systemup.exe

[2011-08-28 16:00:05 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar

[2011-08-28 16:00:05 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar

[2011-08-28 15:59:53 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar

[2011-08-22 15:24:50 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe

[2011-08-22 15:21:53 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe

[2011-08-22 15:19:15 | 000,130,560 | ---- | C] () -- C:\WINDOWS\systemup.exe

[2011-08-22 14:55:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok

[2011-08-22 14:55:15 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe

[2004-01-02 00:05:12 | 000,092,400 | ---- | C] () -- C:\WINDOWS\ktkm7.dll

[2004-01-02 00:05:12 | 000,058,192 | ---- | C] () -- C:\WINDOWS\ktkm6.dll

[2004-01-02 00:05:12 | 000,055,186 | ---- | C] () -- C:\WINDOWS\ktkm5.dll

[2004-01-02 00:05:12 | 000,030,166 | ---- | C] () -- C:\WINDOWS\ktkm9.dll

[2004-01-02 00:05:12 | 000,023,364 | ---- | C] () -- C:\WINDOWS\ktkm8.dll

[2004-01-02 00:05:12 | 000,022,926 | ---- | C] () -- C:\WINDOWS\ktkm4.dll

[2004-01-02 00:05:11 | 000,268,621 | ---- | C] () -- C:\WINDOWS\ktkm33.dll

[2004-01-02 00:05:11 | 000,098,442 | ---- | C] () -- C:\WINDOWS\ktkm35.dll

[2004-01-02 00:05:11 | 000,082,542 | ---- | C] () -- C:\WINDOWS\ktkm37.dll

[2004-01-02 00:05:11 | 000,020,926 | ---- | C] () -- C:\WINDOWS\ktkm36.dll

[2004-01-02 00:05:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\ktkm34.dll

[2004-01-02 00:05:10 | 000,326,441 | ---- | C] () -- C:\WINDOWS\ktkm32.dll

[2004-01-02 00:05:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\ktkm29.dll

[2004-01-02 00:05:10 | 000,128,042 | ---- | C] () -- C:\WINDOWS\ktkm30.dll

[2004-01-02 00:05:10 | 000,116,841 | ---- | C] () -- C:\WINDOWS\ktkm26.dll

[2004-01-02 00:05:10 | 000,100,786 | ---- | C] () -- C:\WINDOWS\ktkm28.dll

[2004-01-02 00:05:10 | 000,081,427 | ---- | C] () -- C:\WINDOWS\ktkm31.dll

[2004-01-02 00:05:10 | 000,065,092 | ---- | C] () -- C:\WINDOWS\ktkm27.dll

[2004-01-02 00:05:10 | 000,022,657 | ---- | C] () -- C:\WINDOWS\ktkm3.dll

[2004-01-02 00:05:09 | 000,538,410 | ---- | C] () -- C:\WINDOWS\ktkm20.dll

[2004-01-02 00:05:09 | 000,524,537 | ---- | C] () -- C:\WINDOWS\ktkm18.dll

[2004-01-02 00:05:09 | 000,370,880 | ---- | C] () -- C:\WINDOWS\ktkm22.dll

[2004-01-02 00:05:09 | 000,126,720 | ---- | C] () -- C:\WINDOWS\ktkm23.dll

[2004-01-02 00:05:09 | 000,070,888 | ---- | C] () -- C:\WINDOWS\ktkm19.dll

[2004-01-02 00:05:09 | 000,066,908 | ---- | C] () -- C:\WINDOWS\ktkm17.dll

[2004-01-02 00:05:09 | 000,064,070 | ---- | C] () -- C:\WINDOWS\ktkm21.dll

[2004-01-02 00:05:09 | 000,056,992 | ---- | C] () -- C:\WINDOWS\ktkm24.dll

[2004-01-02 00:05:09 | 000,049,094 | ---- | C] () -- C:\WINDOWS\ktkm25.dll

[2004-01-02 00:05:09 | 000,020,974 | ---- | C] () -- C:\WINDOWS\ktkm2.dll

[2004-01-02 00:05:08 | 000,803,601 | ---- | C] () -- C:\WINDOWS\ktkm16.dll

[2004-01-02 00:05:08 | 000,524,164 | ---- | C] () -- C:\WINDOWS\ktkm12.dll

[2004-01-02 00:05:08 | 000,307,617 | ---- | C] () -- C:\WINDOWS\ktkm15.dll

[2004-01-02 00:05:08 | 000,209,936 | ---- | C] () -- C:\WINDOWS\ktkm14.dll

[2004-01-02 00:05:08 | 000,099,867 | ---- | C] () -- C:\WINDOWS\ktkm13.dll

[2004-01-02 00:05:08 | 000,096,166 | ---- | C] () -- C:\WINDOWS\ktkm1.dll

[2004-01-02 00:05:08 | 000,062,631 | ---- | C] () -- C:\WINDOWS\ktkm11.dll

[2004-01-02 00:05:08 | 000,058,015 | ---- | C] () -- C:\WINDOWS\ktkm10.dll


:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]

"AlternateShell"="cmd.exe"

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


:Commands

[emptytemp]

[resethosts]

Po czym kliknij wykonaj skrypt. Po zrestartowaniu komputera zrób nowy log za pomocą opcji skan i daj go na forum.


(Plomien81) #3

Zrobione;)

OTL: http://wklej.to/YrTxk

Extras: http://wklej.to/Mv5xq

(Log z usuwania: http://wklej.to/5Flxj)


(Drobok) #4

W własne opcje skanowania wklej:

:OTL


MOD - [2011-08-28 16:45:35 | 000,273,920 | ---- | M] () -- C:\WINDOWS\update.3\svchost.exe

[2011-06-22 16:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions

[2011-07-03 10:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\utz711j5.default\extensions

[2011-06-22 16:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions

() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\UTZ711J5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI

O4 - HKLM..\Run: [w_distrib.exe] C:\WINDOWS\update.3\svchost.exe ()

[2011-08-28 16:45:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.3


:Commands

[emptytemp]

[resethosts]

Po czym kliknij wykonaj skrypt. Później użyj opcji sprzątanie. Powinno być ok.


(Plomien81) #5

Niestety, nadal nie mogę się zalogować na FB. ;/


(Acorus) #6

Pokaż nowy log OTL.txt


(Drobok) #7

Daj log otl.


(Plomien81) #8

OTL: http://wklej.to/61rla

:slight_smile:


(Drobok) #9

W opcje skanowania OTl'a wklej:

:Reg

[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]


:Commands

[emptytemp]

[resethosts]

Następnie kliknij wykonaj skrypt, daj nowego loga.


(Plomien81) #10

http://wklej.to/1u1q9


(Drobok) #11

Prawdopodobnie wcześniej źle skopiowałaś instrukcję (pomijając ostatnią linijkę / znak). A akurat to ona resetuje zawartość pliku hosts w której to wirus blokuje dostęp do fb. Teraz jest ok.


(Plomien81) #12

Dziękuję za pomoc :slight_smile: