dorotaa utworzono 28 sierpnia 2011 utworzono 28 sierpnia 2011 hey! mam problem, kliknęłam na link z you tube'a i złapałam tego popularnego ostatnio wirusa. Postępuję wg kroków podanych na str http://pcprograms.eu/wirus-facebooka-hi-jak-sie-go-pozbyc. Bo nie mam zbytnio pojęcia o takich sprawach. Skanowałam tymi programami Malwarebytes' Anti-Malware i OTL. Oto linki do logów: http://wklej.org/id/585651/ http://wklej.org/id/585652/ Teraz nie działa mi tylko strona fb. Będę wdzięczna za pomoc i wszelkie wskazówki.
Gość komentarz 28 sierpnia 2011 komentarz 28 sierpnia 2011 (edytowane) [b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst: [code]:Files C:\Windows\update* C:\windows\ufa C:\windows\phoenix C:\windows\av_ico C:\windows\info1 C:\windows\phoenix.rar C:\windows\rpcminer.rar C:\windows\unrar.exe C:\windows\ufa.rar C:\windows\geoiplist.rar C:\windows\loader2.exe_ok :Services ddservice srvsysdriver32 :OTL O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - File not found O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - File not found O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avast] File not found O4 - HKLM..\Run: [BearShare] File not found O4 - HKLM..\Run: [MSC] File not found O4 - HKLM..\Run: [NWEReboot] File not found O4 - HKLM..\Run: [tray_ico] File not found O4 - HKLM..\Run: [tray_ico3] File not found O4 - HKLM..\Run: [tray_ico4] File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O31 - SafeBoot: AlternateShell - services32.exe :Commands [resethosts] [emptyflash] [emptytemp][/code] Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera. [b]2.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL.
dorotaa komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 ok, zrobiłam to co mi napisałeś; oto nowy log, nie wiem dlaczego ale teraz pojawił mi się tylko jeden [url="http://wklej.org/id/587270/"][u][size="3"][color="#0000ff"][size="3"][color="#0000ff"]http://wklej.org/id/587270/[/color][/size][/color][/size][/u][/url] ; po wykonaniu skryptu pojawiła mi się taka informacja: All processes killed ========== FILES ========== C:\Windows\update.1 folder moved successfully. C:\Windows\update.2 folder moved successfully. C:\Windows\update.5.0 folder moved successfully. C:\Windows\update.7.1 folder moved successfully. C:\Windows\update.tray-12-0 folder moved successfully. C:\Windows\update.tray-12-0-lnk folder moved successfully. C:\Windows\update.tray-14-0 folder moved successfully. C:\Windows\update.tray-14-0-lnk folder moved successfully. C:\Windows\update.tray-7-0 folder moved successfully. C:\Windows\update.tray-7-0-lnk folder moved successfully. C:\windows\ufa folder moved successfully. C:\windows\phoenix\kernels\poclbm folder moved successfully. C:\windows\phoenix\kernels\phatk folder moved successfully. C:\windows\phoenix\kernels folder moved successfully. C:\windows\phoenix folder moved successfully. C:\windows\av_ico folder moved successfully. C:\windows\info1 moved successfully. C:\windows\phoenix.rar moved successfully. C:\windows\rpcminer.rar moved successfully. C:\windows\unrar.exe moved successfully. C:\windows\ufa.rar moved successfully. C:\windows\geoiplist.rar moved successfully. C:\windows\loader2.exe_ok moved successfully. ========== SERVICES/DRIVERS ========== Service ddservice stopped successfully! Service ddservice deleted successfully! Error: No service named srvsysdriver32 was found to stop! Service\Driver key srvsysdriver32 not found. ========== OTL ========== Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found. Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully. ========== COMMANDS ========== C:\windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully [EMPTYFLASH] User: All Users User: Default User: Default User User: DorKis ->Flash cache emptied: 68033 bytes User: Public Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: DorKis ->Temp folder emptied: 928438418 bytes ->Temporary Internet Files folder emptied: 1144542818 bytes ->Java cache emptied: 481076345 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 47007067 bytes RecycleBin emptied: 721 bytes Total Files Cleaned = 2,481.00 mb OTL by OldTimer - Version 3.2.26.5 log created on 08302011_194119 Files\Folders moved on Reboot... Registry entries deleted on Reboot...
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 [quote]nie wiem dlaczego ale teraz pojawił mi się tylko jeden[/quote] Tak ma byc. Teraz wykonaj nowe logi z OTL i wstaw do nich linki. Przejdziemy do czynności końcowych.
dorotaa komentarz 31 sierpnia 2011 Autor komentarz 31 sierpnia 2011 oto logi ze skanu dzisiejszego [url="http://wklej.org/id/587691/"]http://wklej.org/id/587691/[/url]. strona z fb już mi działa, zainstalowałam antywirusa i też jest poprawnie wszystko
Gość komentarz 31 sierpnia 2011 komentarz 31 sierpnia 2011 Wszystko wygląda dobrze.....poza tym że system jest w stanie SP1 [php]Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation[/php] Zaktualizuj system do statusu [b]SP2[/b] [url="http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d"]http://www.microsoft...a3-99ff6f22448d[/url] Z panelu Dodaj/Usuń programu odinstaluj WinampToolbar. [php]Java(TM) 6 Update 26[/php]Odinstaluj Jave i pobierz najnowszą wersje [b]Java7[/b] Ale zanim to zrobisz. Uruchom OTL i kliknij opcje [b]Sprzątanie. [/b]To usunie program i kwarantannę z dysku. Następnie opróżnij foldery Przywracania sytemu. Instrukcja [url="http://www.fixitpc.pl/topic/5-dezynfekcja-metody-usuwania-czesc-1/#1"]http://www.fixitpc.pl/topic/5-dezynfekcja-metody-usuwania-czesc-1/#1[/url]
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.