Wirus z facebooka

Ahmadabadar · 23 Sierpień 2011 21:20

Jak w poprzednich postach użytkowników chodzi o ("Hi, wanna laugh?). Proszę o pomoc. Poniżej logi

Marco89 · 23 Sierpień 2011 21:54

Uruchom OTL i w okno (Własne opcje skanowania/Skrypt) wklej:

:OTL PRC - [2011-08-21 23:52:48 | 000,382,464 | ---- | M] () – C:\WINDOWS\update.7.1\svchostdriver.exe MOD - [2011-08-21 23:52:48 | 000,382,464 | ---- | M] () – C:\WINDOWS\update.7.1\svchostdriver.exe SRV - File not found [Auto | Stopped] – -- (StarWindServiceAE) SRV - File not found [On_Demand | Stopped] – -- (gupdatem) Usługa Google Update (gupdatem) SRV - File not found [Auto | Stopped] – -- (gupdate) Google Update Service (gupdate) SRV - [2011-08-21 23:52:48 | 000,382,464 | ---- | M] () [Auto | Running] – C:\WINDOWS\update.7.1\svchostdriver.exe – (ddservice) O3 - HKLM…\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (Expressivo) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - C:\Program Files\ivo\Expressivo\integr\ih-iexplorer\IH_iexplorer.dll (IVO Software Sp. z o.o.) O3 - HKLM…\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM…\Toolbar: (free-downloads.net Toolbar) - {ecdee021-0d17-467f-a1ff-c7a115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-484763869-1417001333-990218096-1003…\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKU\S-1-5-21-484763869-1417001333-990218096-1003…\Toolbar\WebBrowser: (free-downloads.net Toolbar) - {ECDEE021-0D17-467F-A1FF-C7A115230949} - C:\Program Files\free-downloads.net\prxtbfre2.dll (Conduit Ltd.) O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKU.DEFAULT…\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-18…\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-19…\RunOnce: [nltide_2] File not found O4 - HKU\S-1-5-20…\RunOnce: [nltide_2] File not found O31 - SafeBoot: AlternateShell - services32.exe MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: PrzyspieszKomputer - hkey= - key= - File not found [2011-08-22 00:07:25 | 000,000,000 | —D | C] – C:\windows\ufa [2011-08-22 00:07:25 | 000,000,000 | —D | C] – C:\windows\phoenix [2011-08-21 23:52:49 | 000,000,000 | -H-D | C] – C:\windows\update.7.1 [2011-08-21 23:50:50 | 000,000,000 | -H-D | C] – C:\windows\update.2 [2011-08-21 23:49:57 | 000,000,000 | -H-D | C] – C:\windows\update.5.0 [2011-08-21 23:47:52 | 000,000,000 | —D | C] – C:\windows\av_ico [2011-08-21 23:45:26 | 000,000,000 | -H-D | C] – C:\windows\update.1 [2011-08-21 23:45:10 | 000,000,000 | -H-D | C] – C:\windows\update.tray-7-0-lnk [2011-08-21 23:45:10 | 000,000,000 | -H-D | C] – C:\windows\update.tray-7-0 [2011-08-22 08:52:06 | 000,000,201 | ---- | M] () – C:\windows\info1 [2011-08-22 00:07:24 | 005,589,370 | ---- | M] () – C:\windows\phoenix.rar [2011-08-22 00:07:24 | 000,246,272 | ---- | M] () – C:\windows\unrar.exe [2011-08-22 00:07:24 | 000,182,617 | ---- | M] () – C:\windows\ufa.rar [2011-08-22 00:07:23 | 001,075,284 | ---- | M] () – C:\windows\rpcminer.rar [2011-08-21 23:52:55 | 000,904,792 | ---- | M] () – C:\windows\geoiplist.rar [2011-08-21 23:52:20 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) – C:\windows\System32\FlashPlayerCPLApp.cpl [2011-08-21 23:49:16 | 000,000,000 | ---- | M] () – C:\windows\loader2.exe_ok [2011-08-22 00:07:24 | 005,589,370 | ---- | C] () – C:\windows\phoenix.rar [2011-08-22 00:07:24 | 000,182,617 | ---- | C] () – C:\windows\ufa.rar [2011-08-22 00:07:23 | 001,075,284 | ---- | C] () – C:\windows\rpcminer.rar [2011-08-21 23:52:56 | 004,636,907 | ---- | C] () – C:\windows\geoiplist [2011-08-21 23:52:55 | 000,904,792 | ---- | C] () – C:\windows\geoiplist.rar [2011-08-21 23:52:55 | 000,246,272 | ---- | C] () – C:\windows\unrar.exe [2011-08-21 23:49:57 | 000,000,201 | ---- | C] () – C:\windows\info1 [2011-08-21 23:49:12 | 000,000,000 | ---- | C] () – C:\windows\loader2.exe_ok :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [EMPTYTEMP]

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

Pokaż log z usuwania + nowy log OTL.

Ahmadabadar · 23 Sierpień 2011 22:34

log z usuwania:

http://wklej.to/TXEcE

nowy log

otl:

http://wklej.to/QRKGn

extras:

http://wklej.to/sxkpE

Marco89 · 24 Sierpień 2011 08:02

Uruchom OTL i w okno (Własne opcje skanowania/Skrypt) wklej:

:OTL FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultenginename: “Ask.com” FF - prefs.js…browser.search.defaultthis.engineName: “Veoh Web Player Customized Web Search” FF - prefs.js…browser.search.defaulturl: "http://search.conduit.com/ FF - prefs.js…browser.search.order.1: “Ask.com” O2 - BHO: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O2 - BHO: (no name) - {85F685C3-20D9-4943-95E4-EB4224056C3F} - No CLSID value found. O2 - BHO: (no name) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - No CLSID value found. O2 - BHO: (no name) - {ecdee021-0d17-467f-a1ff-c7a115230949} - No CLSID value found. :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [EMPTYTEMP]

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

Pokaż log z usuwania + nowy log OTL.

Odinstaluj Ask Toolbar.