Facebook virus,Pomocy

Dla specjalistów Bezpieczeństwo
#1

witam

jestem kolejna osoba miejacą problem z virem z fejsa.

kompletnie sie na tym nei znam,poniżej wklejam logi z Otl

bardzo prosze o pomoc.

OTL: http://wklej.to/0s0CX

Extras: http://wklej.to/pSbWP

bardzo prosze o pomoc,juz wczesniej pisalem ale nie dostalem odp.

Pozdrawiam

#2

W własne opcje skanowania wklej:

:OTL

MOD - [2011-08-24 22:26:02 | 000,002,048 | ---- | M] () -- C:\USERS\TEST\APPDATA\LOCAL\TEMP\MBX@175C@791A08.###

MOD - [2011-08-24 22:26:01 | 000,002,048 | ---- | M] () -- C:\USERS\TEST\APPDATA\LOCAL\TEMP\MBX@175C@7919F8.###

MOD - [2011-08-22 19:19:17 | 001,213,440 | -H-- | M] () -- C:\Windows\update.tray-12-0\svchost.exe

SRV - [2011-08-22 19:34:21 | 000,634,880 | ---- | M] () [Auto | Running] -- C:\Windows\update.2\svchost.exe -- (srviecheck)

SRV - [2011-08-22 19:34:06 | 000,355,840 | ---- | M] () [Auto | Running] -- C:\Windows\update.5.0\svchost.exe -- (srvbtcclient)

SRV - [2011-08-22 19:19:17 | 001,213,440 | -H-- | M] () [Auto | Running] -- C:\Windows\update.1\svchost.exe -- (wxpdrivers)

O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.

O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found

O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - File not found

O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found

O4 - HKLM..\Run: [8633963.exe] C:\Windows\Temp\8633963.exe ()

O4 - HKLM..\Run: [avast] File not found

O4 - HKLM..\Run: [systemup] C:\Windows\systemup.exe ()

O4 - HKLM..\Run: [tray_ico] File not found

O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-12-0\svchost.exe ()

O4 - HKLM..\Run: [tray_ico1] File not found

O4 - HKLM..\Run: [tray_ico2] File not found

O4 - HKLM..\Run: [tray_ico3] File not found

O4 - HKLM..\Run: [tray_ico4] File not found

O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()

O4 - HKU\S-1-5-21-1680455669-1974253834-3192417123-1000..\Run: [EA Core] File not found

O31 - SafeBoot: AlternateShell - services32.exe

[2011-08-23 16:38:58 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0-lnk

[2011-08-23 16:38:58 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-12-0

[2011-08-22 19:59:54 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0-lnk

[2011-08-22 19:59:54 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-7-0

[2011-08-22 19:35:11 | 000,000,000 | ---D | C] -- C:\Windows\ufa

[2011-08-22 19:35:11 | 000,000,000 | ---D | C] -- C:\Windows\rpcminer

[2011-08-22 19:35:11 | 000,000,000 | ---D | C] -- C:\Windows\phoenix

[2011-08-22 19:34:39 | 000,000,000 | -H-D | C] -- C:\Windows\update.7.1

[2011-08-22 19:34:22 | 000,000,000 | -H-D | C] -- C:\Windows\update.2

[2011-08-22 19:34:07 | 000,000,000 | -H-D | C] -- C:\Windows\update.5.0

[2011-08-22 19:31:06 | 000,000,000 | ---D | C] -- C:\Windows\av_ico

[2011-08-22 19:29:52 | 000,000,000 | -H-D | C] -- C:\Windows\update.1

[2011-08-22 19:29:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0-lnk

[2011-08-22 19:29:51 | 000,000,000 | -H-D | C] -- C:\Windows\update.tray-2-0

[2011-08-24 22:01:20 | 000,000,734 | ---- | M] () -- C:\Windows\System32\drivers\etc\hîsts

[2011-08-22 19:35:49 | 000,000,202 | ---- | M] () -- C:\Windows\info1

[2011-08-22 19:35:10 | 005,589,370 | ---- | M] () -- C:\Windows\phoenix.rar

[2011-08-22 19:35:10 | 001,075,284 | ---- | M] () -- C:\Windows\rpcminer.rar

[2011-08-22 19:35:10 | 000,246,272 | ---- | M] () -- C:\Windows\unrar.exe

[2011-08-22 19:35:10 | 000,182,617 | ---- | M] () -- C:\Windows\ufa.rar

[2011-08-22 19:33:53 | 000,137,728 | ---- | M] () -- C:\Windows\systemup.exe

[2011-08-22 19:32:41 | 000,904,792 | ---- | M] () -- C:\Windows\geoiplist.rar

[2011-08-22 19:32:26 | 000,000,000 | ---- | M] () -- C:\Windows\loader2.exe_ok

[2011-08-22 19:19:17 | 001,213,440 | ---- | M] () -- C:\Windows\services32.exe

[2011-08-22 19:35:10 | 005,589,370 | ---- | C] () -- C:\Windows\phoenix.rar

[2011-08-22 19:35:10 | 001,075,284 | ---- | C] () -- C:\Windows\rpcminer.rar

[2011-08-22 19:35:10 | 000,182,617 | ---- | C] () -- C:\Windows\ufa.rar

[2011-08-22 19:34:01 | 000,137,728 | ---- | C] () -- C:\Windows\systemup.exe

[2011-08-22 19:33:54 | 000,000,202 | ---- | C] () -- C:\Windows\info1

[2011-08-22 19:32:42 | 004,636,907 | ---- | C] () -- C:\Windows\geoiplist

[2011-08-22 19:32:41 | 000,904,792 | ---- | C] () -- C:\Windows\geoiplist.rar

[2011-08-22 19:32:41 | 000,246,272 | ---- | C] () -- C:\Windows\unrar.exe

[2011-08-22 19:31:48 | 000,000,000 | ---- | C] () -- C:\Windows\loader2.exe_ok

[2011-08-22 19:20:03 | 001,213,440 | ---- | C] () -- C:\Windows\services32.exe

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C39E55C5

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:88050731

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:364682BC


:Reg

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]


[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]

"AlternateShell"="cmd.exe"


:Commands

[RESETHOSTS] 

[emptytemp]
#3

oraz ?sorry ale jestem w tym naprawdę zielony,proszę o wyrozumiałość,wkleić to w opcje skanowania i wcisnać?skanuj?

Dodane 24.08.2011 (Śr) 23:23

log z usuwania : http://wklej.to/UByRb

co dalej?

#4

deejaay , na forum używamy polskich znaków (ż, ł, ć, ś, ą itp.). Proszę wyedytować swoje posty i poprawić co trzeba. Niezastosowanie się do prośby będzie skutkowało przeniesieniem tematu do śmietnika.

#5

ok poprawiłem,proszę o kolejną wskazówkę?

teraz ponownie zeskanować w OTL?

jeśli tak to kolejne logi ze skanowania:

OTL: http://wklej.to/fLJl6

Extras: http://wklej.to/1ahAx

bardzo proszę o kolejne instrukcje.

#6

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

#7

Jak możesz prosić o następne instrukcje jeśli do jednej z nich się nie zastosowałeś ?

:OTL

MOD - [2011-08-22 19:33:53 | 000,137,728 | ---- | M] () – C:\Windows\systemup.exe

MOD - [2011-08-22 19:19:17 | 001,213,440 | -H-- | M] () – C:\Windows\update.tray-12-0\svchost.exe

O4 - HKLM…\Run: [systemup] C:\Windows\systemup.exe ()

O4 - HKLM…\Run: [tray_ico] File not found

O4 - HKLM…\Run: [tray_ico0] C:\Windows\update.tray-12-0\svchost.exe ()

O4 - HKLM…\Run: [tray_ico1] File not found

O4 - HKLM…\Run: [tray_ico2] File not found

O4 - HKLM…\Run: [tray_ico3] File not found

O4 - HKLM…\Run: [tray_ico4] File not found

O4 - HKLM…\Run: [wxpdrv] C:\Windows\services32.exe ()

O4 - HKCU…\Run: [EA Core] File not found

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O31 - SafeBoot: AlternateShell - services32.exe

[2011-08-23 16:38:58 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-12-0-lnk

[2011-08-23 16:38:58 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-12-0

[2011-08-22 19:59:54 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-7-0-lnk

[2011-08-22 19:59:54 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-7-0

[2011-08-22 19:35:11 | 000,000,000 | —D | C] – C:\Windows\ufa

[2011-08-22 19:35:11 | 000,000,000 | —D | C] – C:\Windows\rpcminer

[2011-08-22 19:35:11 | 000,000,000 | —D | C] – C:\Windows\phoenix

[2011-08-22 19:34:39 | 000,000,000 | -H-D | C] – C:\Windows\update.7.1

[2011-08-22 19:34:22 | 000,000,000 | -H-D | C] – C:\Windows\update.2

[2011-08-22 19:34:07 | 000,000,000 | -H-D | C] – C:\Windows\update.5.0

[2011-08-22 19:31:06 | 000,000,000 | —D | C] – C:\Windows\av_ico

[2011-08-22 19:29:52 | 000,000,000 | -H-D | C] – C:\Windows\update.1

[2011-08-22 19:29:51 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-2-0-lnk

[2011-08-22 19:29:51 | 000,000,000 | -H-D | C] – C:\Windows\update.tray-2-0

[2011-08-24 23:26:16 | 000,017,360 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2011-08-24 23:26:16 | 000,017,360 | -H-- | M] () – C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2011-08-24 22:01:20 | 000,000,734 | ---- | M] () – C:\Windows\System32\drivers\etc\hîsts

[2011-08-22 19:35:49 | 000,000,202 | ---- | M] () – C:\Windows\info1

[2011-08-22 19:35:10 | 005,589,370 | ---- | M] () – C:\Windows\phoenix.rar

[2011-08-22 19:35:10 | 001,075,284 | ---- | M] () – C:\Windows\rpcminer.rar

[2011-08-22 19:35:10 | 000,246,272 | ---- | M] () – C:\Windows\unrar.exe

[2011-08-22 19:35:10 | 000,182,617 | ---- | M] () – C:\Windows\ufa.rar

[2011-08-22 19:33:53 | 000,137,728 | ---- | M] () – C:\Windows\systemup.exe

[2011-08-22 19:32:41 | 000,904,792 | ---- | M] () – C:\Windows\geoiplist.rar

[2011-08-22 19:32:26 | 000,000,000 | ---- | M] () – C:\Windows\loader2.exe_ok

[2011-08-22 19:31:56 | 000,000,936 | ---- | M] () – C:\Users\Public\Desktop\ESL Wire.lnk

[2011-08-22 19:19:17 | 001,213,440 | ---- | M] () – C:\Windows\services32.exe

[2011-08-22 19:32:42 | 004,636,907 | ---- | C] () – C:\Windows\geoiplist

[2011-08-22 19:32:41 | 000,246,272 | ---- | C] () – C:\Windows\unrar.exe

[2011-08-22 19:20:03 | 001,213,440 | ---- | C] () – C:\Windows\services32.exe

@Alternate Data Stream - 124 bytes -> C:\ProgramData\TEMP:C39E55C5

@Alternate Data Stream - 122 bytes -> C:\ProgramData\TEMP:88050731

@Alternate Data Stream - 111 bytes -> C:\ProgramData\TEMP:364682BC

:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]

“AlternateShell”=“cmd.exe”

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2]

:Commands

[emptytemp]

[resethosts]

#8

witam ponownie.

o to logi : http://wklej.to/Wxm8K

OTL: http://wklej.to/wJSMr

Extras: http://wklej.to/UKSyF

#9

OTL w oknie Custom Scans-Fixes (własne opcje skanowania/skrypt)wklej następujący skrypt:

Kliknij w Run Fix (Wykonaj scrypt). Zatwierdź restart komputera.

Pokaż log z usuwania.

potem nowy log OTL robiony opcją Run Scan (Skanuj)

:slight_smile: