zlotek
4 Listopad 2011 22:19
#1
Wirus z filmiku z e-maila. Proszę o wskazówki jak usunąć.
http://wklej.to/xCJE1
Acorus
5 Listopad 2011 08:43
#2
Odinstaluj Hero Fighter Toolbar.Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:
:OTL MOD - [2011-10-29 19:33:40 | 000,344,576 | ---- | M] () – C:\WINDOWS\update.5.0\svchost.exe MOD - [2011-10-29 19:33:09 | 001,942,528 | ---- | M] () – C:\WINDOWS\update.2\svchost.exe SRV - File not found [Auto | Stopped] – -- (srvsysdriver32) SRV - [2011-10-29 19:33:40 | 000,344,576 | ---- | M] () [Auto | Running] – C:\WINDOWS\update.5.0\svchost.exe – (srvbtcclient) SRV - [2011-10-29 19:33:09 | 001,942,528 | ---- | M] () [Auto | Running] – C:\WINDOWS\update.2\svchost.exe – (srviecheck) SRV - [2011-10-29 19:10:03 | 001,109,504 | -H-- | M] (Cronosoft) [Auto | Running] – C:\WINDOWS\update.1\svchost.exe – (wxpdrivers) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O2 - BHO: (Hero Fighter Toolbar) - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - C:\Program Files\Hero_Fighter\prxtbHer0.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.) O3 - HKLM…\Toolbar: (Hero Fighter Toolbar) - {b12785f5-d8d0-4530-a3ea-5c4263b85bef} - C:\Program Files\Hero_Fighter\prxtbHer0.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-606747145-1637723038-839522115-1003…\Toolbar\WebBrowser: (Hero Fighter Toolbar) - {B12785F5-D8D0-4530-A3EA-5C4263B85BEF} - C:\Program Files\Hero_Fighter\prxtbHer0.dll (Conduit Ltd.) O4 - HKLM…\Run: [3799473.exe] C:\WINDOWS\TEMP\3799473.exe () O4 - HKLM…\Run: [4342207.exe] C:\Documents and Settings\Właściciel\Ustawienia lokalne\Temp\4342207.exe () O4 - HKLM…\Run: [avast5] C:\PROGRA~1\ALWILS~1\Avast5\avastUI.exe /nogui File not found O4 - HKLM…\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found O4 - HKLM…\Run: [sysdriver32.exe] “C:\WINDOWS\sysdriver32.exe” rezerv File not found O4 - HKLM…\Run: [sysdriver32_.exe] C:\WINDOWS\sysdriver32_.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [WOOTASKBARICON] C:\PROGRA~1\NEOSTR~1\GestMaj.exe TaskBarIcon.exe File not found O4 - HKLM…\Run: [WOOWATCH] C:\PROGRA~1\NEOSTR~1\Watch.exe File not found O4 - HKLM…\Run: [wxpdrv] C:\WINDOWS\services32.exe (Cronosoft) O4 - Startup: C:\Documents and Settings\Kostek\Menu Start\Programy\Autostart\Wilq - Kalendarz 2010.lnk = File not found O16 - DPF: {CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinsta … s-i586.cab (Reg Error: Key error.) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) [2011-10-29 21:24:03 | 000,000,000 | —D | C] – C:\WINDOWS\av_ico [2011-10-29 19:40:03 | 000,000,000 | —D | C] – C:\WINDOWS\ufa [2011-10-29 19:40:03 | 000,000,000 | —D | C] – C:\WINDOWS\rpcminer [2011-10-29 19:40:03 | 000,000,000 | —D | C] – C:\WINDOWS\phoenix [2011-10-29 19:33:41 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.5.0 [2011-10-29 19:33:11 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.2 [2011-10-29 19:23:04 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.1 [2011-10-29 19:22:57 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-7-0-lnk [2011-10-29 19:22:57 | 000,000,000 | -H-D | C] – C:\WINDOWS\update.tray-7-0 [2011-10-29 19:10:52 | 001,109,504 | ---- | C] (Cronosoft) – C:\WINDOWS\services32.exe [2011-10-30 14:52:30 | 000,000,113 | ---- | M] () – C:\WINDOWS\info1 [2011-10-29 21:25:41 | 000,000,000 | ---- | M] () – C:\WINDOWS\loader2.exe_ok [2011-10-29 19:40:02 | 005,589,370 | ---- | M] () – C:\WINDOWS\phoenix.rar [2011-10-29 19:40:02 | 000,246,272 | ---- | M] () – C:\WINDOWS\unrar.exe [2011-10-29 19:40:02 | 000,182,617 | ---- | M] () – C:\WINDOWS\ufa.rar [2011-10-29 19:40:00 | 001,075,284 | ---- | M] () – C:\WINDOWS\rpcminer.rar [2011-10-29 19:28:22 | 000,904,792 | ---- | M] () – C:\WINDOWS\geoiplist.rar [2011-10-29 19:25:29 | 000,258,048 | ---- | M] () – C:\WINDOWS\sysdriver32_.exe [2011-10-29 19:10:03 | 001,109,504 | ---- | M] (Cronosoft) – C:\WINDOWS\services32.exe :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [emptytemp] [resethosts]
Kliknij Wykonaj skrypt .Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).
Pokaż nowy log OTL.txt oraz raport z usuwania.
zlotek
6 Listopad 2011 16:04
#3
Acorus
6 Listopad 2011 16:16
#4
Odinstaluj Przyspiesz Komputer.W OTL użyj opcji Sprzątanie.Wyłącz i włącz przywracanie systemu.
http://www.searchengines.pl/Czyszczenie … 41981.html
Przeskanuj progr.Malwarebytes Anti-Malware
http://www.dobreprogramy.pl/Malwarebyte … 13117.html
Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY WIRUSÓW