Wirus z facebooka

marekb90 · 20 Sierpień 2011 13:52

Kolejny przypadek niestety. Antywirusy się nie uruchamiają, zalogowanie na konto z fejsa niemożliwe. Koledzy pomóżcie!

Moje logi z OTL:

kevin1908 · 20 Sierpień 2011 14:00

A gdzie log extras.txt? Zrób skan podług tej instrukcji: http://forum.dobreprogramy.pl/otl-gmer-rsit-dss-inne-instrukcje-t370405.html

Leon1 · 20 Sierpień 2011 14:08

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

:OTL PRC - [2011-08-19 10:38:19 | 000,232,960 | ---- | M] () – C:\WINDOWS\l1rezerv.exe PRC - [2011-08-19 10:38:10 | 000,348,672 | ---- | M] () – C:\WINDOWS\update.5.0\svchost.exe PRC - [2011-08-19 10:38:10 | 000,348,672 | ---- | M] () – C:\WINDOWS\update.5.0\svchost.exe PRC - [2011-08-19 10:37:33 | 000,632,832 | ---- | M] () – C:\WINDOWS\update.2\svchost.exe PRC - [2011-08-19 10:37:33 | 000,632,832 | ---- | M] () – C:\WINDOWS\update.2\svchost.exe PRC - [2011-08-19 10:36:23 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32.exe PRC - [2011-08-19 10:18:22 | 001,215,488 | -H-- | M] () – C:\WINDOWS\update.tray-8-0-lnk\svchost.exe PRC - [2011-08-19 10:18:22 | 001,215,488 | -H-- | M] () – C:\WINDOWS\update.tray-8-0\svchost.exe PRC - [2011-08-19 10:18:22 | 001,215,488 | -H-- | M] () – C:\WINDOWS\update.1\svchost.exe PRC - [2011-08-12 17:18:34 | 000,048,640 | RHS- | M] (Driver-Soft Inc. ) – C:\Documents and Settings\Mare\Dane aplikacji\HEX-5823-6893-6818\jusched.exe MOD - [2011-08-19 10:38:19 | 000,232,960 | ---- | M] () – C:\WINDOWS\l1rezerv.exe MOD - [2011-08-19 10:38:10 | 000,348,672 | ---- | M] () – C:\WINDOWS\update.5.0\svchost.exe MOD - [2011-08-19 10:37:33 | 000,632,832 | ---- | M] () – C:\WINDOWS\update.2\svchost.exe MOD - [2011-08-19 10:36:23 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32.exe MOD - [2011-08-19 10:18:22 | 001,215,488 | -H-- | M] () – C:\WINDOWS\update.tray-8-0-lnk\svchost.exe MOD - [2011-08-19 10:18:22 | 001,215,488 | -H-- | M] () – C:\WINDOWS\update.tray-8-0\svchost.exe MOD - [2011-08-19 10:18:22 | 001,215,488 | -H-- | M] () – C:\WINDOWS\update.1\svchost.exe SRV - [2011-08-19 10:38:10 | 000,348,672 | ---- | M] () [Auto | Running] – C:\WINDOWS\update.5.0\svchost.exe – (srvbtcclient) SRV - [2011-08-19 10:37:33 | 000,632,832 | ---- | M] () [Auto | Running] – C:\WINDOWS\update.2\svchost.exe – (srviecheck) SRV - [2011-08-19 10:36:23 | 000,258,048 | ---- | M] () [Auto | Running] – C:\WINDOWS\sysdriver32.exe – (srvsysdriver32) SRV - [2011-08-19 10:18:22 | 001,215,488 | -H-- | M] () [Auto | Running] – C:\WINDOWS\update.1\svchost.exe – (wxpdrivers) IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= … =CT2405280 IE - HKCU…\URLSearchHook: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.) FF - prefs.js…browser.search.defaultthis.engineName: “Softonic-Eng7 Customized Web Search” FF - prefs.js…browser.search.defaulturl: “http://search.conduit.com/ResultsExt.aspx?ctid=CT2405280&SearchSource=3&q={searchTerms}” FF - prefs.js…extensions.enabledItems: engine@conduit.com:3.2.5.2 [2011-02-27 21:46:58 | 000,000,000 | —D | M] (Conduit Engine) – C:\Documents and Settings\Mare\Dane aplikacji\Mozilla\Firefox\Profiles\wc9pzktw.default\extensions\engine@conduit.com [2010-12-08 16:46:22 | 000,000,929 | ---- | M] () – C:\Documents and Settings\Mare\Dane aplikacji\Mozilla\Firefox\Profiles\wc9pzktw.default\searchplugins\conduit.xml O2 - BHO: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Softonic-Eng7 Toolbar) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.) O3 - HKCU…\Toolbar\WebBrowser: (Softonic-Eng7 Toolbar) - {414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - C:\Program Files\Softonic-Eng7\prxtbSof2.dll (Conduit Ltd.) O4 - HKLM…\Run: [245148.exe] C:\Documents and Settings\Mare\Ustawienia lokalne\Temp\245148.exe () O4 - HKLM…\Run: [4702755.exe] C:\WINDOWS\TEMP\4702755.exe () O4 - HKLM…\Run: [4766422.exe] C:\WINDOWS\TEMP\4766422.exe () O4 - HKLM…\Run: [681969.exe] C:\WINDOWS\TEMP\681969.exe () O4 - HKLM…\Run: [82542794-loader2.exe] C:\WINDOWS\TEMP\82542794-loader2.exe () O4 - HKLM…\Run: [avgnt] File not found O4 - HKLM…\Run: [l1rezerv.exe] C:\WINDOWS\l1rezerv.exe () O4 - HKLM…\Run: [sysdriver32.exe] C:\WINDOWS\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] C:\WINDOWS\update.tray-8-0\svchost.exe () O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [wxpdrv] C:\WINDOWS\services32.exe () O4 - HKCU…\Run: [Java Update Manager] C:\Documents and Settings\Mare\Dane aplikacji\HEX-5823-6893-6818\jusched.exe (Driver-Soft Inc. ) O4 - HKCU…\Run: [Rubin] File not found SafeBootMin: wxpdrivers - C:\WINDOWS\update.1\svchost.exe () SafeBootNet: wxpdrivers - C:\WINDOWS\update.1\svchost.exe () [2011-08-19 16:27:40 | 000,000,000 | —D | C] – C:\WINDOWS\update.7.1 [2011-08-19 10:43:10 | 000,000,000 | —D | C] – C:\WINDOWS\rpcminer [2011-08-19 10:43:10 | 000,000,000 | —D | C] – C:\WINDOWS\phoenix [2011-08-19 10:38:11 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.5.0 [2011-08-19 10:37:34 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.2 [2011-08-19 10:32:37 | 000,000,000 | —D | C] – C:\WINDOWS\av_ico [2011-08-19 10:30:55 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.1 [2011-08-19 10:30:45 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-8-0-lnk [2011-08-19 10:30:45 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-8-0 [2011-08-20 13:46:30 | 005,589,370 | ---- | M] () – C:\WINDOWS\phoenix.rar [2011-08-20 13:46:30 | 000,246,272 | ---- | M] () – C:\WINDOWS\unrar.exe [2011-08-20 13:46:30 | 000,182,617 | ---- | M] () – C:\WINDOWS\ufa.rar [2011-08-20 13:46:28 | 001,075,284 | ---- | M] () – C:\WINDOWS\rpcminer.rar [2011-08-20 13:46:31 | 000,000,000 | —D | C] – C:\WINDOWS\ufa [2011-08-20 13:44:48 | 000,000,734 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hîsts [2011-08-19 19:02:12 | 000,000,252 | ---- | M] () – C:\WINDOWS\tasks\RMSchedule.job [2011-08-19 16:27:39 | 000,000,177 | ---- | M] () – C:\WINDOWS\info1 [2011-08-19 10:38:19 | 000,232,960 | ---- | M] () – C:\WINDOWS\l1rezerv.exe [2011-08-19 10:38:16 | 000,904,792 | ---- | M] () – C:\WINDOWS\geoiplist.rar [2011-08-19 10:37:14 | 000,000,000 | ---- | M] () – C:\WINDOWS\loader2.exe_ok [2011-08-19 10:36:23 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32_.exe [2011-08-19 10:36:23 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32.exe :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

marekb90 · 20 Sierpień 2011 16:30

log przed: http://wklej.to/lnDxT

log po: http://wklej.to/g2yUq

Leon1 · 20 Sierpień 2011 17:59

Log wygląda na czysty

Pobierz CCleaner http://www.filehippo.com/download_ccleaner/

przeskanuj nim i wyczyść rejestr.

W OTL kilknij CleanUp (Sprzątanie)

przeskanuj

Dr.WEB CureIt! http://www.dobreprogramy.pl/DrWEB-CureI … 12976.html

marekb90 · 20 Sierpień 2011 21:24

Wielkie dzięki “Leon$” ! Walka wygrana forum to jednak mega pozytywna sprawa