lukasz1982 Opublikowano 1 Marca 2012 Zgłoś Udostępnij Opublikowano 1 Marca 2012 Hej, Mam problem z dyskiem USB, gdyż pojawiły mi się na nim skróty i folder RECYCLER. Pojawiają się na każdym podpiętym dysku zewnętrznym. Czy powodem tego może być wirus na laptopie ???? Nawet po formacie dysku zewnętrznego natychmiast się znowu pojawiają te skróty i folder RECYCLER. Proszę o pomoc bo jestem bezradny i z góry dziękuje. W załączeniu logi z otl, gmer i usbfix. Pozdrawiam, lukasz1982 Extras.Txt gmer.txt OTL.Txt UsbFix.txt Odnośnik do komentarza
Landuss Opublikowano 1 Marca 2012 Zgłoś Udostępnij Opublikowano 1 Marca 2012 Folder RECYCLER to folder systemowego kosza więc być powinien na dyskach i jego zostaw w spokoju zaś infekcja tutaj też jest. 1. Uruchom OTL i w oknie Własne opcje skanowania/Skrypt wklej następujący tekst: :Files Recycled /alldrives RECYCLER /alldrives C:\Program Files\TZABjukd C:\WINDOWS\System32\aaaamons.exe C:\Program Files\mozilla firefox\searchplugins\fcmdSrch.xml C:\Documents and Settings\lukasz.mokrzynski\Menu Start\Programy\Autostart\bbhlkfih.exe :Services RSVPJavaQuickStarterService :OTL O4 - HKU\S-1-5-21-4203109118-277277986-2428271543-500..\Run: [] File not found :Reg [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Search] "SearchAssistant"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] "Userinit"="C:\\WINDOWS\\system32\\userinit.exe," [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\a2service.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ArcaCheck.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\arcavir.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashDisp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashEnhcd.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashServ.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ashUpd.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\aswUpdSv.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcls.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz4.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avz_se.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdinit.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caav.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\caavguiscan.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\casecuritycenter.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ccupdate.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cfpupdat.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\cmdagent.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\DRWEB32.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FAMEH32.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPAVServer.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fpscan.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FPWin.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsav32.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\fsgk32st.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\FSMA32.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxservice.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardxup.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\navigator.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVSTUB.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Nvcc.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\outpost.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\preupd.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\pskdr.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\SfFnUp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Vba32arkit.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vba32ldr.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\vsserv.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zanda.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zapro.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Zlh.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zoneband.dll] :Commands [emptytemp] Kliknij w Wykonaj skrypt. Zatwierdź restart komputera. 2. Z panelu usuwania programó odinstaluj niepotrzebny Facemoods Toolbar 3. Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję Skanuj. Pokazujesz nowe logi z OTL oraz z AdwCleaner z opcji Search. Odnośnik do komentarza
lukasz1982 Opublikowano 1 Marca 2012 Autor Zgłoś Udostępnij Opublikowano 1 Marca 2012 Zrobiłem wszystko wg instrukcji. w załączeniu nowe logi AdwCleaner.txt Extras.Txt OTL.Txt Odnośnik do komentarza
Landuss Opublikowano 2 Marca 2012 Zgłoś Udostępnij Opublikowano 2 Marca 2012 Trzeba zrobić tutaj jeszcze poprawkę. Wykonaj kolejny skrypt o takiej zawartości: :Files C:\Documents and Settings\Administrator\Dane aplikacji\facemoods.com :Reg [-HKEY_LOCAL_MACHINE\SOFTWARE\Software] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.facemoodsHlpr] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\facemoods.facemoodsHlpr.1] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\escort.DLL] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\AppID\{5B1881D1-D9C7-46df-B041-1E593282C7D0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64182481-4F71-486b-A045-B233BD0DA8FC}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DDE2C74F-58CC-4d71-8CE1-09DEBB8CFB78}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{A9379648-F6EB-4F65-A624-1C10411A15D0}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{F16AB1DB-15C0-4456-A29E-4DF24FB9E3D2}] [-HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC}] [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4DFD-9C7C-78B52103CAB9}] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\autoruns.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avadmin.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avcenter.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconfig.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avconsol.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgnt.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avgrssvc.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avguard.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AvMonitor.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.com] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\AVP32.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\avscan.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\bdagent.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\CCenter.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwadins.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\drwebupw.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\ekrn.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\filemon.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\GFRing3.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\guardgui.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\HijackThis.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASMain.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KASTask.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAV32.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVDX.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPF.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVPFW.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KAVStart.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\KPFW32X.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapsvc.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\Navapw32.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVNT.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVW32.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\NAVWNT.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\niu.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\nod32krn.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\OllyDBG.EXE] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\procexp.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regedit.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\regmon.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegTool.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\scan32.exe] [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\zonealarm.exe] :Commands [reboot] Do oceny nowy log z OTL (bez ekstras) oraz z AdwCleaner. Odnośnik do komentarza
lukasz1982 Opublikowano 2 Marca 2012 Autor Zgłoś Udostępnij Opublikowano 2 Marca 2012 Nowe logi (po wykonaniu skryptu) w załączeniu OTL.Txt AdwCleaner.txt Odnośnik do komentarza
Landuss Opublikowano 4 Marca 2012 Zgłoś Udostępnij Opublikowano 4 Marca 2012 To by było na tyle i można przejść do kroków końcowych. 1. Użyj opcji Sprzątanie z OTL oraz opcji Uninstall z AdwCleaner 2. Wklej do ntoatnika systemowego ten tekst: Windows Registry Editor Version 5.00 [-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\image file execution options\RegTool.exe] Z menu Notatnika >>> Plik >>> Zapisz jako >>> Ustaw rozszerzenie na Wszystkie pliki >>> Zapisz jako FIX.REG >>> uruchom ten plik 3. Zaktualizuj Jave oraz Firefoxa do najnowszych wersji - KLIK 4. Opróżnij folder przywracania systemu: KLIK Odnośnik do komentarza
lukasz1982 Opublikowano 6 Marca 2012 Autor Zgłoś Udostępnij Opublikowano 6 Marca 2012 Dziekuje bardzo za pomoc. Teraz jest wszystko OK. Jeszcze raz dzięki Odnośnik do komentarza
Rekomendowane odpowiedzi