Witam.
Mam problem z wirusem “Koobface” (Hi wanna laugh; wowwwww!! you look so sexy; itd.). Nie będę się rozpisywać na jego temat bo widzę że wiele osób ma z nim problem…
Jak się go pozbyć?
Proszę o pomoc.
Extras: http://wklej.to/DBjdf
Witam.
Mam problem z wirusem “Koobface” (Hi wanna laugh; wowwwww!! you look so sexy; itd.). Nie będę się rozpisywać na jego temat bo widzę że wiele osób ma z nim problem…
Jak się go pozbyć?
Proszę o pomoc.
Extras: http://wklej.to/DBjdf
Podłącz wszystkie pamięci usb, po czym zastosuj:
http://www.searchengines.pl/index.php?s … ntry369724
http://www.instalki.pl/programy/downloa … sbFix.html
W otl, własne opcje skanowania wklej:
:OTL
MOD - [2011-08-28 16:13:07 | 000,117,760 | RHS- | M] () -- C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\apiqq0.dll
MOD - [2011-08-28 15:57:46 | 000,130,560 | ---- | M] () -- C:\WINDOWS\systemup.exe
MOD - [2011-08-28 15:42:20 | 000,636,416 | ---- | M] () -- C:\WINDOWS\update.2\svchost.exe
MOD - [2011-08-22 15:20:20 | 000,382,464 | ---- | M] () -- C:\WINDOWS\update.7.1\svchostdriver.exe
MOD - [2011-08-22 15:19:21 | 000,355,840 | ---- | M] () -- C:\WINDOWS\update.5.0\svchost.exe
MOD - [2011-08-22 14:55:01 | 000,258,048 | ---- | M] () -- C:\WINDOWS\sysdriver32.exe
MOD - [2011-08-22 14:52:16 | 001,213,440 | -H-- | M] () -- C:\WINDOWS\update.1\svchost.exe
SRV - File not found [Auto | Stopped] -- -- (Lavasoft Ad-Aware Service)
SRV - [2011-08-28 15:42:20 | 000,636,416 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.2\svchost.exe -- (srviecheck)
SRV - [2011-08-22 15:20:20 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011-08-22 15:19:21 | 000,355,840 | ---- | M] () [Auto | Running] -- C:\WINDOWS\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011-08-22 14:55:01 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\WINDOWS\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011-08-22 14:52:16 | 001,213,440 | -H-- | M] () [Auto | Running] -- C:\WINDOWS\update.1\svchost.exe -- (wxpdrivers)
IE - HKCU\..\URLSearchHook: {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\UTZ711J5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)
O2 - BHO: (no name) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Softonic-Polska Toolbar) - {c86eb8a9-ccc2-4b6c-b75d-73576ed591bf} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Softonic-Polska Toolbar) - {C86EB8A9-CCC2-4B6C-B75D-73576ED591BF} - C:\Program Files\Softonic-Polska\tbSof2.dll (Conduit Ltd.)
O4 - HKLM..\Run: [6398993.exe] C:\WINDOWS\TEMP\6398993.exe ()
O4 - HKLM..\Run: [systemup] C:\WINDOWS\systemup.exe ()
O4 - HKCU..\Run: [api32] C:\Documents and Settings\Administrator\Ustawienia lokalne\Temp\apiqq.exe ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O31 - SafeBoot: AlternateShell - services32.exe
[2011-08-28 16:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011-08-28 16:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011-08-28 16:00:06 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011-08-28 15:12:10 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.8.1
[2011-08-28 16:12:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011-08-28 16:00:05 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011-08-28 16:00:05 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011-08-28 16:00:05 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011-08-28 15:59:54 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011-08-28 15:57:47 | 000,000,222 | ---- | M] () -- C:\WINDOWS\info1
[2011-08-28 15:57:46 | 000,130,560 | ---- | M] () -- C:\WINDOWS\systemup.exe
[2011-08-28 16:00:05 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011-08-28 16:00:05 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011-08-28 15:59:53 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011-08-22 15:24:50 | 000,232,960 | ---- | C] () -- C:\WINDOWS\l1rezerv.exe
[2011-08-22 15:21:53 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011-08-22 15:19:15 | 000,130,560 | ---- | C] () -- C:\WINDOWS\systemup.exe
[2011-08-22 14:55:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
[2011-08-22 14:55:15 | 000,258,048 | ---- | C] () -- C:\WINDOWS\sysdriver32.exe
[2004-01-02 00:05:12 | 000,092,400 | ---- | C] () -- C:\WINDOWS\ktkm7.dll
[2004-01-02 00:05:12 | 000,058,192 | ---- | C] () -- C:\WINDOWS\ktkm6.dll
[2004-01-02 00:05:12 | 000,055,186 | ---- | C] () -- C:\WINDOWS\ktkm5.dll
[2004-01-02 00:05:12 | 000,030,166 | ---- | C] () -- C:\WINDOWS\ktkm9.dll
[2004-01-02 00:05:12 | 000,023,364 | ---- | C] () -- C:\WINDOWS\ktkm8.dll
[2004-01-02 00:05:12 | 000,022,926 | ---- | C] () -- C:\WINDOWS\ktkm4.dll
[2004-01-02 00:05:11 | 000,268,621 | ---- | C] () -- C:\WINDOWS\ktkm33.dll
[2004-01-02 00:05:11 | 000,098,442 | ---- | C] () -- C:\WINDOWS\ktkm35.dll
[2004-01-02 00:05:11 | 000,082,542 | ---- | C] () -- C:\WINDOWS\ktkm37.dll
[2004-01-02 00:05:11 | 000,020,926 | ---- | C] () -- C:\WINDOWS\ktkm36.dll
[2004-01-02 00:05:11 | 000,010,240 | ---- | C] () -- C:\WINDOWS\ktkm34.dll
[2004-01-02 00:05:10 | 000,326,441 | ---- | C] () -- C:\WINDOWS\ktkm32.dll
[2004-01-02 00:05:10 | 000,197,408 | ---- | C] () -- C:\WINDOWS\ktkm29.dll
[2004-01-02 00:05:10 | 000,128,042 | ---- | C] () -- C:\WINDOWS\ktkm30.dll
[2004-01-02 00:05:10 | 000,116,841 | ---- | C] () -- C:\WINDOWS\ktkm26.dll
[2004-01-02 00:05:10 | 000,100,786 | ---- | C] () -- C:\WINDOWS\ktkm28.dll
[2004-01-02 00:05:10 | 000,081,427 | ---- | C] () -- C:\WINDOWS\ktkm31.dll
[2004-01-02 00:05:10 | 000,065,092 | ---- | C] () -- C:\WINDOWS\ktkm27.dll
[2004-01-02 00:05:10 | 000,022,657 | ---- | C] () -- C:\WINDOWS\ktkm3.dll
[2004-01-02 00:05:09 | 000,538,410 | ---- | C] () -- C:\WINDOWS\ktkm20.dll
[2004-01-02 00:05:09 | 000,524,537 | ---- | C] () -- C:\WINDOWS\ktkm18.dll
[2004-01-02 00:05:09 | 000,370,880 | ---- | C] () -- C:\WINDOWS\ktkm22.dll
[2004-01-02 00:05:09 | 000,126,720 | ---- | C] () -- C:\WINDOWS\ktkm23.dll
[2004-01-02 00:05:09 | 000,070,888 | ---- | C] () -- C:\WINDOWS\ktkm19.dll
[2004-01-02 00:05:09 | 000,066,908 | ---- | C] () -- C:\WINDOWS\ktkm17.dll
[2004-01-02 00:05:09 | 000,064,070 | ---- | C] () -- C:\WINDOWS\ktkm21.dll
[2004-01-02 00:05:09 | 000,056,992 | ---- | C] () -- C:\WINDOWS\ktkm24.dll
[2004-01-02 00:05:09 | 000,049,094 | ---- | C] () -- C:\WINDOWS\ktkm25.dll
[2004-01-02 00:05:09 | 000,020,974 | ---- | C] () -- C:\WINDOWS\ktkm2.dll
[2004-01-02 00:05:08 | 000,803,601 | ---- | C] () -- C:\WINDOWS\ktkm16.dll
[2004-01-02 00:05:08 | 000,524,164 | ---- | C] () -- C:\WINDOWS\ktkm12.dll
[2004-01-02 00:05:08 | 000,307,617 | ---- | C] () -- C:\WINDOWS\ktkm15.dll
[2004-01-02 00:05:08 | 000,209,936 | ---- | C] () -- C:\WINDOWS\ktkm14.dll
[2004-01-02 00:05:08 | 000,099,867 | ---- | C] () -- C:\WINDOWS\ktkm13.dll
[2004-01-02 00:05:08 | 000,096,166 | ---- | C] () -- C:\WINDOWS\ktkm1.dll
[2004-01-02 00:05:08 | 000,062,631 | ---- | C] () -- C:\WINDOWS\ktkm11.dll
[2004-01-02 00:05:08 | 000,058,015 | ---- | C] () -- C:\WINDOWS\ktkm10.dll
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]
:Commands
[emptytemp]
[resethosts]
Po czym kliknij wykonaj skrypt. Po zrestartowaniu komputera zrób nowy log za pomocą opcji skan i daj go na forum.
W własne opcje skanowania wklej:
:OTL
MOD - [2011-08-28 16:45:35 | 000,273,920 | ---- | M] () -- C:\WINDOWS\update.3\svchost.exe
[2011-06-22 16:32:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Extensions
[2011-07-03 10:20:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Dane aplikacji\Mozilla\Firefox\Profiles\utz711j5.default\extensions
[2011-06-22 16:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\UTZ711J5.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
O4 - HKLM..\Run: [w_distrib.exe] C:\WINDOWS\update.3\svchost.exe ()
[2011-08-28 16:45:36 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.3
:Commands
[emptytemp]
[resethosts]
Po czym kliknij wykonaj skrypt. Później użyj opcji sprzątanie. Powinno być ok.
Niestety, nadal nie mogę się zalogować na FB. ;/
Pokaż nowy log OTL.txt
Daj log otl.
W opcje skanowania OTl’a wklej:
:Reg
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
:Commands
[emptytemp]
[resethosts]
Następnie kliknij wykonaj skrypt, daj nowego loga.
Prawdopodobnie wcześniej źle skopiowałaś instrukcję (pomijając ostatnią linijkę / znak). A akurat to ona resetuje zawartość pliku hosts w której to wirus blokuje dostęp do fb. Teraz jest ok.
Dziękuję za pomoc