Minion0
(Michal Weg98)
22 Sierpień 2011 15:21
#1
Witam, tak jak wielu, mam problem z facebookowym wirusem. Użyłem dwóch antywirusów Malwarebytes Anti- Malware i AVG, usunąłem nimi trojany ale ten główny wirus dalej u mnie siedzi. Komputer działa prawidłowo, ale nie mogę się zalogować do Facebooka. Proszę o pomoc.
OTL: http://wklej.to/KLsHA
Extras: http://wklej.to/EE3Gh
Leon1
(Leon$)
22 Sierpień 2011 15:45
#2
OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:
:OTL FF - prefs.js…browser.search.defaultengine: “Ask.com ” FF - prefs.js…browser.search.defaultenginename: “Ask.com ” FF - prefs.js…browser.search.order.1: “Ask.com ” [2010-09-12 10:40:20 | 000,002,565 | ---- | M] () – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\x1k5dj6e.default\searchplugins\askcom.xml O3 - HKLM…\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3 - HKU\S-1-5-21-854245398-583907252-725345543-1004…\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM…\Run: [AVP] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] File not found O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [WinampAgent] File not found O4 - HKU\S-1-5-21-854245398-583907252-725345543-1004…\Run: [MsgCenterExe] File not found O4 - HKLM…\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation) O9 - Extra Button: Statystyki dla ochrony WWW - {1F460357-8A94-4D71-9CA3-AA4ACF32ED8E} - File not found O33 - MountPoints2{2b279ca4-4d27-11dd-8d94-001dd92c60e9}\Shell\AutoRun\command - “” = F:\t8vlw.exe O33 - MountPoints2{2b279ca4-4d27-11dd-8d94-001dd92c60e9}\Shell\explore\Command - “” = F:\t8vlw.exe O33 - MountPoints2{2b279ca4-4d27-11dd-8d94-001dd92c60e9}\Shell\open\Command - “” = F:\t8vlw.exe O33 - MountPoints2{894e6ede-b77c-11dc-9a90-001dd92c60e9}\Shell\AutoRun\command - “” = ps.bat O33 - MountPoints2{894e6ede-b77c-11dc-9a90-001dd92c60e9}\Shell\explore\Command - “” = ps.bat O33 - MountPoints2{894e6ede-b77c-11dc-9a90-001dd92c60e9}\Shell\open\Command - “” = ps.bat O33 - MountPoints2{98d059fa-c521-11dc-8cc7-001dd92c60e9}\Shell\AutoRun\command - “” = 1weicxa.com O33 - MountPoints2{98d059fa-c521-11dc-8cc7-001dd92c60e9}\Shell\explore\Command - “” = 1weicxa.com O33 - MountPoints2{98d059fa-c521-11dc-8cc7-001dd92c60e9}\Shell\open\Command - “” = 1weicxa.com [2011-08-19 17:43:51 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.7.1 [2011-08-19 11:43:26 | 000,000,000 | —D | C] – C:\WINDOWS\ufa [2011-08-19 11:43:26 | 000,000,000 | —D | C] – C:\WINDOWS\phoenix [2011-08-19 11:39:58 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.5.0 [2011-08-19 11:37:41 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.2 [2011-08-19 11:33:58 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.1 [2011-08-19 21:07:09 | 000,000,734 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hîsts [2011-08-19 17:46:20 | 000,000,179 | ---- | M] () – C:\WINDOWS\info1 [2011-08-19 11:43:25 | 005,589,370 | ---- | M] () – C:\WINDOWS\phoenix.rar [2011-08-19 11:43:25 | 000,246,272 | ---- | M] () – C:\WINDOWS\unrar.exe [2011-08-19 11:43:25 | 000,182,617 | ---- | M] () – C:\WINDOWS\ufa.rar [2011-08-19 11:43:24 | 001,075,284 | ---- | M] () – C:\WINDOWS\rpcminer.rar [2011-08-19 11:39:00 | 000,904,792 | ---- | M] () – C:\WINDOWS\geoiplist.rar [2011-08-19 11:37:55 | 000,000,000 | ---- | M] () – C:\WINDOWS\loader2.exe_ok [2011-08-19 11:38:40 | 004,636,907 | ---- | C] () – C:\WINDOWS\geoiplist :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “C:\WINDOWS\update.1\svchost.exe”=- “C:\WINDOWS\services32.exe”=- “C:\WINDOWS\update.2\svchost.exe”=- :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]
Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.
Pokaż log z usuwania.
potem nowy log OTL robiony opcją Run Scan (Skanuj)