Kuba14
(Kuba14)
23 Sierpień 2011 13:34
#1
Witam,Malwarebyte’s niby poradził sobie z tym wirusem ale na FB dalej nie mogę wejść ponieważ nie ładuje strony.
Proszę o pomoc!
Link z OTL:
http://wklej.to/JcZL8
Acorus
(Acorus)
23 Sierpień 2011 13:44
#2
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL MOD - [2011-08-21 11:58:32 | 000,382,464 | ---- | M] () – C:\WINDOWS\update.7.1\svchostdriver.exe SRV - File not found [Auto | Stopped] – -- (sdCoreService) SRV - File not found [Auto | Stopped] – -- (sdAuxService) SRV - File not found [Auto | Stopped] – -- (NOD32krn) SRV - [2011-08-21 11:58:32 | 000,382,464 | ---- | M] () [Auto | Running] – C:\WINDOWS\update.7.1\svchostdriver.exe – (ddservice) O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found [2011-08-21 12:05:04 | 000,000,000 | —D | C] – C:\WINDOWS\ufa [2011-08-21 12:05:04 | 000,000,000 | —D | C] – C:\WINDOWS\phoenix [2011-08-21 12:01:32 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.5.0 [2011-08-21 11:59:09 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.2 [2011-08-21 11:58:34 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.7.1 [2011-08-21 11:57:28 | 000,000,000 | —D | C] – C:\WINDOWS\av_ico [2011-08-21 11:55:03 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.1 [2011-08-21 11:55:00 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-3-0-lnk [2011-08-21 11:55:00 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-3-0 [2011-08-21 11:55:00 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-2-0-lnk [2011-08-21 11:55:00 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-2-0 [2011-08-23 14:34:28 | 000,000,314 | -HS- | M] () – C:\WINDOWS\tasks\lqfettjgwi.job [2011-08-23 14:34:28 | 000,000,302 | -HS- | M] () – C:\WINDOWS\tasks\Qzmbst.job [2011-08-23 14:18:11 | 000,000,202 | ---- | M] () – C:\WINDOWS\info1 [2011-08-23 13:37:57 | 000,202,984 | -H-- | M] () – C:\WINDOWS\System32\drivers\etc\hosts [2011-08-23 13:37:57 | 000,000,734 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hîsts [2011-08-21 12:05:03 | 005,589,370 | ---- | M] () – C:\WINDOWS\phoenix.rar [2011-08-21 12:05:03 | 000,246,272 | ---- | M] () – C:\WINDOWS\unrar.exe [2011-08-21 12:05:03 | 000,182,617 | ---- | M] () – C:\WINDOWS\ufa.rar [2011-08-21 12:05:00 | 001,075,284 | ---- | M] () – C:\WINDOWS\rpcminer.rar [2011-08-21 12:00:50 | 000,000,000 | ---- | M] () – C:\WINDOWS\loader2.exe_ok [2011-08-21 11:59:20 | 000,904,792 | ---- | M] () – C:\WINDOWS\geoiplist.rar :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [emptytemp] resethosts]
Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
Kuba14
(Kuba14)
23 Sierpień 2011 14:02
#3
Acorus
(Acorus)
23 Sierpień 2011 14:51
#4
Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com?o=15003&l=dis FF - prefs.js…browser.search.defaultengine: “Ask.com ” FF - prefs.js…browser.search.defaultenginename: “Ask.com ” FF - prefs.js…browser.search.defaulturl: “http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&invocationType=tb50ffwinampie7&query= ” FF - prefs.js…browser.search.order.1: “Ask.com ” FF - prefs.js…extensions.enabledItems: vshare@toolbar:1.0.0 [2011-02-13 21:46:47 | 000,000,000 | —D | M] (vShare) – C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\7gtndxkh.default\extensions\vshare@toolbar [2011-05-15 22:11:01 | 000,002,568 | ---- | M] () – C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\7gtndxkh.default\searchplugins\askcom.xml [2010-08-06 15:08:24 | 000,002,059 | ---- | M] () – C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\7gtndxkh.default\searchplugins\daemon-search.xml [2011-02-14 16:11:53 | 000,001,583 | ---- | M] () – C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\7gtndxkh.default\searchplugins\web-search.xml [2010-05-24 16:24:14 | 000,001,196 | ---- | M] () – C:\Documents and Settings\DOM\Dane aplikacji\Mozilla\Firefox\Profiles\7gtndxkh.default\searchplugins\winamp-search.xml O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM…\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O3 - HKLM…\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found. O3 - HKCU…\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files\vShare\vshare_toolbar.dll () O4 - HKLM…\Run: [KernelFaultCheck] File not found O4 - HKLM…\Run: [nod32kui] File not found O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files\vShare\vshare_toolbar.dll () [2011-08-21 11:59:21 | 004,636,907 | ---- | C] () – C:\WINDOWS\geoiplist :Commands emptytemp]
Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.