Wirus z facebook. PILNE!

natalia2097 · 23 Sierpień 2011 08:38

Hej .

No więc wirusa usunęłam za pomocą Malwarebytes Anti-Malware oczywiście były to konie trojańskie i na moim komputerze było ich 97. Po usunięciu wirusów wszystko ładnie, pięknie ale facebook dalej nie chcę chodzić a jak próbuję się zalogować przez telefon to wyskakuje , że konto zablokowane i aby zrobić to przez komputer. Bardzo proszę o szybką pomoc

Marco89 · 23 Sierpień 2011 08:42

Przeczytaj najpierw ten temat:

zasady-wklejania-logow-forum-tytulowania-tematow-t253052.html

natalia2097 · 23 Sierpień 2011 09:17

Przepraszam bardzo ale jestem jak widać nowa : ))

http://wklej.to/8QVRZ

Co dalej ?

arapo · 23 Sierpień 2011 09:24

Pobrać OTL i podać logi na forum instrukcja otl-gmer-rsit-dss-inne-instrukcje-t370405.html

– Dodane 23.08.2011 (Wt) 11:30 –

Powinny być dwa logi po skanie OTL-a > wkleić link z drugiego logu i czekać na instrukcje

natalia2097 · 23 Sierpień 2011 09:33

http://wklej.to/viy9w

co dalej ?

Marco89 · 23 Sierpień 2011 09:56

Uruchom OTL i w okno (Własne opcje skanowania/Skrypt) wklej:

:OTL PRC - [2011/08/19 13:09:08 | 000,382,464 | ---- | M] () – C:\Windows\update.7.1\svchostdriver.exe [2010/12/25 00:00:15 | 000,000,000 | —D | M] (No name found) – C:\Users\Natalka\AppData\Roaming\mozilla\Extensions [2011/08/22 09:00:54 | 000,000,000 | —D | M] (No name found) – C:\Users\Natalka\AppData\Roaming\mozilla\Firefox\Profiles\hrc00ouo.default\extensions [2011/03/27 20:41:28 | 000,000,000 | —D | M] (No name found) – C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) – () (No name found) – C:\USERS\NATALKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HRC00OUO.DEFAULT\EXTENSIONS{C0C9A2C7-2E5C-4447-BC53-97718BC91E1B}.XPI () (No name found) – C:\USERS\NATALKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HRC00OUO.DEFAULT\EXTENSIONS\IPLEXTOALL@ALLPLAYER.ORG.XPI O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - File not found O2 - BHO: (CescrtHlpr Object) - {64182481-4F71-486b-A045-B233BD0DA8FC} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\bh\facemoods.dll (facemoods.com BHO) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found O3 - HKLM…\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found O3 - HKLM…\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found O3 - HKLM…\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com) O4 - HKLM…\Run: [DataCardMonitor] File not found O4 - HKLM…\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe (facemoods.com) O4 - HKLM…\Run: [McAfee Managed Services Tray] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] File not found O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - File not found O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O31 - SafeBoot: AlternateShell - services32.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found [2011/08/22 12:43:17 | 000,000,000 | -H-D | C] – C:\windows\update.tray-10-0-lnk [2011/08/22 12:43:17 | 000,000,000 | -H-D | C] – C:\windows\update.tray-10-0 [2011/08/19 13:09:10 | 000,000,000 | -H-D | C] – C:\windows\update.7.1 [2011/07/26 23:07:24 | 000,000,000 | —D | C] – C:\windows\ufa [2011/07/26 23:07:24 | 000,000,000 | —D | C] – C:\windows\phoenix [2011/07/26 23:07:23 | 000,000,000 | -H-D | C] – C:\windows\update.2 [2011/07/26 22:55:23 | 000,000,000 | -H-D | C] – C:\windows\update.5.0 [2011/07/26 22:42:42 | 000,000,000 | —D | C] – C:\windows\av_ico [2011/07/26 22:40:26 | 000,000,000 | -H-D | C] – C:\windows\update.1 [2011/07/26 22:40:15 | 000,000,000 | -H-D | C] – C:\windows\update.tray-9-0-lnk [2011/07/26 22:40:15 | 000,000,000 | -H-D | C] – C:\windows\update.tray-9-0 [2011/08/22 12:45:08 | 000,000,734 | ---- | M] () – C:\windows\SysNative\drivers\etc\hîsts [2011/08/22 09:13:20 | 000,000,202 | ---- | M] () – C:\windows\info1 [2011/08/15 16:41:33 | 005,589,370 | ---- | M] () – C:\windows\phoenix.rar [2011/08/15 16:41:33 | 000,246,272 | ---- | M] () – C:\windows\unrar.exe [2011/08/15 16:41:33 | 000,182,617 | ---- | M] () – C:\windows\ufa.rar [2011/08/15 16:41:32 | 001,075,284 | ---- | M] () – C:\windows\rpcminer.rar [2011/07/26 23:01:21 | 000,904,792 | ---- | M] () – C:\windows\geoiplist.rar [2011/07/26 22:44:14 | 000,000,000 | ---- | M] () – C:\windows\loader2.exe_ok [2011/07/26 23:07:23 | 005,589,370 | ---- | C] () – C:\windows\phoenix.rar [2011/07/26 23:07:23 | 001,075,284 | ---- | C] () – C:\windows\rpcminer.rar [2011/07/26 23:07:23 | 000,182,617 | ---- | C] () – C:\windows\ufa.rar [2011/07/26 22:59:14 | 004,636,907 | ---- | C] () – C:\windows\geoiplist [2011/07/26 22:59:12 | 000,904,792 | ---- | C] () – C:\windows\geoiplist.rar [2011/07/26 22:59:12 | 000,246,272 | ---- | C] () – C:\windows\unrar.exe [2011/07/26 22:55:22 | 000,000,202 | ---- | C] () – C:\windows\info1 [2011/07/26 22:44:14 | 000,000,000 | ---- | C] () – C:\windows\loader2.exe_ok :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” :Commands [resethosts] [emptytemp]

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

Pokaż log z usuwania + nowy log OTL.

//postawiłem : w złym miejscu, już jest ok

_______________________________________________________________

Podajesz w skrypcie prawidłowe wpisy do usunięcia :? np.

O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

Dlaczego ?

odbierz PW

Agaton

natalia2097 · 23 Sierpień 2011 12:02

http://wklej.org/id/582832/

– Dodane 23.08.2011 (Wt) 14:20 –

Wreszcie mogę wejść na facebooka ale to nie koniec koszmaru xd jestem na 3 etapie przywracania konta, ściągnęłam ten program (McAfee Scan and Repair) ale nie mogę go uruchomić na komputerze ani ominąć tego kroku .

Marco89 · 23 Sierpień 2011 12:51

Widzę że chyba źle wkleiłaś skrypt.Wykonaj to jeszcze raz, skopiuj cały skrypt z cytatu (mojego poprzedniego posta) włącznie z :OTL(dwukropek też) aż do samego końca, poza tym nie wkleiłaś kolejnego loga z OTL, miał być zrobiony nowy po usuwaniu.

Mówiąc jeszcze jaśniej, raport z usuwania (wkleiłaś) + nowy log OTL (tego nie zrobiłaś).

natalia2097 · 23 Sierpień 2011 13:36

http://wklej.to/UtZaq

trudno w takim razie próbuje to jeszcze raz ale to to co zrobiłam teraz : )))

– Dodane 23.08.2011 (Wt) 15:51 –

http://wklej.to/IDXkL

zrobiłam to jeszcze raz :))

Marco89 · 23 Sierpień 2011 14:15

Uruchom OTL i w okno (Własne opcje skanowania/Skrypt) wklej:

:OTL PRC - [2011/08/19 13:09:08 | 000,382,464 | ---- | M] () – C:\Windows\update.7.1\svchostdriver.exe SRV - [2011/08/19 13:09:08 | 000,382,464 | ---- | M] () [Auto | Running] – C:\windows\update.7.1\svchostdriver.exe – (ddservice) FF - HKLM\Software\MozillaPlugins@real.com/nsJSRealPlayerPlugin;version=: File not found O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - File not found O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - File not found O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - File not found O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - File not found O3 - HKLM…\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - File not found O3 - HKLM…\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - File not found O3 - HKLM…\Toolbar: (facemoods Toolbar) - {DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodsTlbr.dll (facemoods.com) O4 - HKLM…\Run: [DataCardMonitor] File not found O4 - HKLM…\Run: [facemoods] C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.4\facemoodssrv.exe (facemoods.com) O4 - HKLM…\Run: [McAfee Managed Services Tray] File not found O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKU\S-1-5-19…\RunOnce: [mctadmin] File not found O4 - HKU\S-1-5-20…\RunOnce: [mctadmin] File not found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O18 - Protocol\Handler\myrm {4D034FC3-013F-4b95-B544-44D49ABE3E76} - File not found O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - File not found O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O34 - HKLM BootExecute: (autocheck autochk *) - File not found [2011/08/22 12:43:17 | 000,000,000 | -H-D | C] – C:\windows\update.tray-10-0-lnk [2011/08/22 12:43:17 | 000,000,000 | -H-D | C] – C:\windows\update.tray-10-0 [2011/08/19 13:09:10 | 000,000,000 | -H-D | C] – C:\windows\update.7.1 [2011/07/26 23:07:24 | 000,000,000 | —D | C] – C:\windows\ufa [2011/07/26 23:07:24 | 000,000,000 | —D | C] – C:\windows\phoenix [2011/07/26 23:07:23 | 000,000,000 | -H-D | C] – C:\windows\update.2 [2011/07/26 22:55:23 | 000,000,000 | -H-D | C] – C:\windows\update.5.0 [2011/07/26 22:42:42 | 000,000,000 | —D | C] – C:\windows\av_ico [2011/07/26 22:40:26 | 000,000,000 | -H-D | C] – C:\windows\update.1 [2011/07/26 22:40:15 | 000,000,000 | -H-D | C] – C:\windows\update.tray-9-0-lnk [2011/07/26 22:40:15 | 000,000,000 | -H-D | C] – C:\windows\update.tray-9-0 [2011/08/22 09:13:20 | 000,000,202 | ---- | M] () – C:\windows\info1 [2011/08/15 16:41:33 | 005,589,370 | ---- | M] () – C:\windows\phoenix.rar [2011/08/15 16:41:33 | 000,246,272 | ---- | M] () – C:\windows\unrar.exe [2011/08/15 16:41:33 | 000,182,617 | ---- | M] () – C:\windows\ufa.rar [2011/08/15 16:41:32 | 001,075,284 | ---- | M] () – C:\windows\rpcminer.rar [2011/07/26 23:01:21 | 000,904,792 | ---- | M] () – C:\windows\geoiplist.rar [2011/07/26 22:44:14 | 000,000,000 | ---- | M] () – C:\windows\loader2.exe_ok [2011/07/26 23:07:23 | 005,589,370 | ---- | C] () – C:\windows\phoenix.rar [2011/07/26 23:07:23 | 001,075,284 | ---- | C] () – C:\windows\rpcminer.rar [2011/07/26 23:07:23 | 000,182,617 | ---- | C] () – C:\windows\ufa.rar [2011/07/26 22:59:14 | 004,636,907 | ---- | C] () – C:\windows\geoiplist [2011/07/26 22:59:12 | 000,904,792 | ---- | C] () – C:\windows\geoiplist.rar [2011/07/26 22:59:12 | 000,246,272 | ---- | C] () – C:\windows\unrar.exe [2011/07/26 22:55:22 | 000,000,202 | ---- | C] () – C:\windows\info1 [2011/07/26 22:44:14 | 000,000,000 | ---- | C] () – C:\windows\loader2.exe_ok :Reg [-HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2] :Commands [CLEARALLRESTOREPOINTS] [resethosts] [emptytemp]

Kliknij w Wykonaj skrypt. Zatwierdź restart komputera.

Pokaż log z usuwania + nowy log OTL. Log z usuwania pojawi Ci się po restarcie, zapisz go i wstaw na forum razem z nowym logiem OTL wykonanym już po restarcie(Uruchom OTL i kliknij Skanuj ). Oba logi wstawiasz tutaj na forum.