Wirus z Fb

Dante1992 · 22 Sierpień 2011 14:32

Witam , potrzebuję pomocy odnośnie wirusa z Fb . Pomógł Malware ale wciąż nie mam dostępu do samego Fb ta strona po prostu nie istnieje dla mojej wyszukiwarki i zauważyłem że powoli staje się tak z innymi stronami . Serdecznie proszę o pomoc.

OTL - http://www.wklej.org/id/581960/

Extras - http://www.wklej.org/id/581967/

Leon1 · 22 Sierpień 2011 14:48

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

:OTL IE - HKU\S-1-5-21-507921405-861567501-725345543-1004…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultenginename: “Ask.com” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…browser.search.selectedEngine: “Ask.com” FF - prefs.js…extensions.enabledItems: toolbar@ask.com:3.12.2.100006 FF - prefs.js…keyword.URL: “http://websearch.ask.com/redirect?client=ff&src=kw&tb=BT5&o=15443&locale=en_US&apn_uid=C19238EA-0F3F-4C98-90C5-E46063129830&apn_ptnrs=GX&apn_sauid=CDDCA5E1-2E54-456F-B5FE-BFD08124F159&apn_dtid=YYYYYYB3PL&q=” FF - HKLM\Software\MozillaPlugins@mywebsearch.com/Plugin: C:\Program Files\MyWebSearch\bar\1.bin\NPMyWebS.dll File not found FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\1.bin [2011-08-02 10:34:16 | 000,000,000 | —D | M] (“Ask Toolbar”) – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\0r0fp910.default\extensions\toolbar@ask.com [2011-08-22 14:47:33 | 000,002,567 | ---- | M] () – C:\Documents and Settings\user\Dane aplikacji\Mozilla\Firefox\Profiles\0r0fp910.default\searchplugins\askcom.xml O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-507921405-861567501-725345543-1004…\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM…\Run: [] File not found O4 - HKLM…\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM…\Run: [pdfSaver3] File not found O31 - SafeBoot: AlternateShell - services32.exe O33 - MountPoints2{83b9bec2-85b4-11df-b260-0014223b982e}\Shell\AutoRun\command - “” = E:\mk28sp.exe O33 - MountPoints2{83b9bec2-85b4-11df-b260-0014223b982e}\Shell\open\Command - “” = E:\mk28sp.exe O33 - MountPoints2{c6f2ed14-c5b3-11df-b327-0014223b982e}\Shell\AutoRun\command - “” = F:\ysyjq1bs.exe O33 - MountPoints2{c6f2ed14-c5b3-11df-b327-0014223b982e}\Shell\open\Command - “” = F:\ysyjq1bs.exe [2011-08-20 16:16:47 | 000,000,000 | —D | C] – C:\WINDOWS\ufa [2011-08-20 16:16:47 | 000,000,000 | —D | C] – C:\WINDOWS\phoenix [2011-08-20 16:11:10 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.5.0 [2011-08-20 16:10:34 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.2 [2011-08-20 16:10:00 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.7.1 [2011-08-19 18:15:12 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.1 [2011-08-22 16:01:01 | 000,000,232 | ---- | M] () – C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job [2011-08-22 15:09:18 | 000,000,486 | ---- | M] () – C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job [2011-08-22 15:09:13 | 000,000,298 | -HS- | M] () – C:\WINDOWS\tasks\Gwgcbvuclf.job [2011-08-20 21:32:04 | 000,000,734 | ---- | M] () – C:\WINDOWS\System32\drivers\etc\hîsts [2011-08-20 16:20:43 | 000,246,272 | ---- | M] () – C:\WINDOWS\unrar.exe [2011-08-20 16:20:42 | 005,589,370 | ---- | M] () – C:\WINDOWS\phoenix.rar [2011-08-20 16:20:31 | 001,075,284 | ---- | M] () – C:\WINDOWS\rpcminer.rar [2011-08-20 16:12:36 | 000,000,177 | ---- | M] () – C:\WINDOWS\info1 [2011-08-20 16:09:22 | 000,904,792 | ---- | M] () – C:\WINDOWS\geoiplist.rar [2011-08-20 16:09:01 | 000,000,000 | ---- | M] () – C:\WINDOWS\loader2.exe_ok [2011-08-20 16:09:34 | 004,636,907 | ---- | C] () – C:\WINDOWS\geoiplist :Reg [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] “C:\WINDOWS\update.1\svchost.exe”=- “C:\WINDOWS\update.2\svchost.exe”=- :Commands [CLEARALLRESTOREPOINTS] [RESETHOSTS] [emptytemp]

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)