Wirus z facebook'a

Infernois · 21 Sierpień 2011 16:14

Witam, możecie mi pomóc z wirusem z facebook’a? Wiem, że teraz dużo osób ma z tym problem, więc proszę was o pomoc…

Logi:

Acorus · 21 Sierpień 2011 17:01

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL MOD - [2011-08-21 14:49:23 | 000,634,880 | ---- | M] () – D:\WINDOWS\update.2\svchost.exe MOD - [2011-08-21 10:34:24 | 000,273,920 | ---- | M] () – D:\WINDOWS\update.3\svchost.exe MOD - [2011-08-21 00:43:04 | 000,232,960 | ---- | M] () – D:\WINDOWS\l1rezerv.exe MOD - [2011-08-21 00:42:11 | 000,348,672 | ---- | M] () – D:\WINDOWS\update.5.0\svchost.exe MOD - [2011-08-21 00:39:28 | 000,382,464 | ---- | M] () – D:\WINDOWS\update.7.1\svchostdriver.exe MOD - [2011-08-21 00:38:08 | 000,258,048 | ---- | M] () – D:\WINDOWS\sysdriver32.exe MOD - [2011-08-21 00:37:41 | 001,216,000 | -H-- | M] () – D:\WINDOWS\update.tray-2-0\svchost.exe MOD - [2011-08-21 00:37:41 | 001,216,000 | -H-- | M] () – D:\WINDOWS\update.1\svchost.exe O2 - BHO: (Nightclub City Toolbar Powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM…\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - D:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM…\Toolbar: (Nightclub City Toolbar Powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKCU…\Toolbar\WebBrowser: (Nightclub City Toolbar Powered by Ask.com) - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM…\Run: [1797546.exe] D:\WINDOWS\TEMP\1797546.exe () O4 - HKLM…\Run: [2009981.exe] D:\Documents and Settings\Top\Ustawienia lokalne\Temp\2009981.exe () O4 - HKLM…\Run: [2468566.exe] D:\Documents and Settings\Top\Ustawienia lokalne\Temp\2468566.exe () O4 - HKLM…\Run: [4081097.exe] D:\WINDOWS\TEMP\4081097.exe () O4 - HKLM…\Run: [54496991-loader2.exe] D:\WINDOWS\TEMP\54496991-loader2.exe () O4 - HKLM…\Run: [7203625.exe] D:\WINDOWS\TEMP\7203625.exe () O4 - HKLM…\Run: [egui] File not found O4 - HKLM…\Run: [l1rezerv.exe] D:\WINDOWS\l1rezerv.exe () O4 - HKLM…\Run: [sysdriver32.exe] D:\WINDOWS\sysdriver32.exe () O4 - HKLM…\Run: [sysdriver32_.exe] D:\WINDOWS\sysdriver32_.exe () O4 - HKLM…\Run: [tray_ico] File not found O4 - HKLM…\Run: [tray_ico0] D:\WINDOWS\update.tray-2-0\svchost.exe () O4 - HKLM…\Run: [tray_ico1] File not found O4 - HKLM…\Run: [tray_ico2] File not found O4 - HKLM…\Run: [tray_ico3] File not found O4 - HKLM…\Run: [tray_ico4] File not found O4 - HKLM…\Run: [w_distrib.exe] D:\WINDOWS\update.3\svchost.exe () O4 - HKLM…\Run: [wxpdrv] D:\WINDOWS\services32.exe () O4 - HKCU…\Run: [xiabu] D:\Documents and Settings\Top\xiabu.exe () [2011-08-21 10:34:26 | 000,000,000 | -H-D | C] – D:\WINDOWS\update.3 [2011-08-21 01:19:52 | 000,000,000 | —D | C] – D:\WINDOWS\av_ico [2011-08-21 01:13:14 | 000,000,000 | -H-D | C] – D:\WINDOWS\update.tray-2-0-lnk [2011-08-21 01:13:14 | 000,000,000 | -H-D | C] – D:\WINDOWS\update.tray-2-0 [2011-08-21 00:50:44 | 000,000,000 | —D | C] – D:\WINDOWS\ufa [2011-08-21 00:50:44 | 000,000,000 | —D | C] – D:\WINDOWS\rpcminer [2011-08-21 00:50:44 | 000,000,000 | —D | C] – D:\WINDOWS\phoenix [2011-08-21 00:42:12 | 000,000,000 | -H-D | C] – D:\WINDOWS\update.5.0 [2011-08-21 00:40:11 | 000,000,000 | -H-D | C] – D:\WINDOWS\update.2 [2011-08-21 00:39:29 | 000,000,000 | -H-D | C] – D:\WINDOWS\update.7.1 [2011-08-21 00:37:52 | 000,000,000 | -H-D | C] – D:\WINDOWS\update.1 [2011-08-21 15:43:58 | 000,000,201 | ---- | M] () – D:\WINDOWS\info1 [2011-08-21 00:50:43 | 000,246,272 | ---- | M] () – D:\WINDOWS\unrar.exe [2011-08-21 00:50:42 | 005,589,370 | ---- | M] () – D:\WINDOWS\phoenix.rar [2011-08-21 00:50:42 | 000,182,617 | ---- | M] () – D:\WINDOWS\ufa.rar [2011-08-21 00:50:40 | 001,075,284 | ---- | M] () – D:\WINDOWS\rpcminer.rar [2011-08-21 00:43:04 | 000,232,960 | ---- | M] () – D:\WINDOWS\l1rezerv.exe [2011-08-21 00:41:56 | 000,904,792 | ---- | M] () – D:\WINDOWS\geoiplist.rar [2011-08-21 00:38:39 | 000,000,000 | ---- | M] () – D:\WINDOWS\loader2.exe_ok [2011-08-21 00:38:08 | 000,258,048 | ---- | M] () – D:\WINDOWS\sysdriver32_.exe [2011-08-21 00:38:08 | 000,258,048 | ---- | M] () – D:\WINDOWS\sysdriver32.exe [2011-08-21 00:37:41 | 001,216,000 | ---- | M] () – D:\WINDOWS\services32.exe :Services srviecheck srvbtcclient ddservice srvsysdriver32 wxpdrivers :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot] “AlternateShell”=“cmd.exe” [-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2] :Commands [emptytemp] [resethosts]

Kliknij Wykonaj skrypt…Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.

Infernois · 22 Sierpień 2011 11:54

Pomogłeś mi nieco z wirusem, ale przeglądarka nie wyświetla odpowiednio stron, nie działają flash’e i zwykłe skrypty php.

Tutaj kill proces: http://wklej.org/id/581790/

I logi:

OTL: http://wklej.org/id/581794/

Extras: http://wklej.org/id/581795/

Z góry dzięki za pomoc!

Acorus · 22 Sierpień 2011 12:22

Uruchom OTL i w okno (Własne opcje skanowania/Script)wklej:

:OTL IE - HKCU…\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - File not found FF - prefs.js…browser.search.defaultengine: “Ask.com” FF - prefs.js…browser.search.defaultenginename: “Ask.com” FF - prefs.js…browser.search.order.1: “Ask.com” FF - prefs.js…keyword.URL: “http://websearch.ask.com/redirect?client=ff&src=kw&tb=BOO2&o=99999990&locale=en_US&apn_uid=F7260800-0952-4524-83D1-34A292B448E1&apn_ptnrs=1U&apn_sauid=38AAD493-97F8-4FE2-BAF2-D72CAD16143B&apn_dtid=YYYYYYYYPL&q=” FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\ShopperReports@ShopperReports.com: D:\Program Files\ShopperReports3\bin\3.1.71.0\firefox\firefoxtoolbar\extensions [2011-07-29 18:12:18 | 000,000,000 | —D | M] [2011-05-04 11:58:49 | 000,000,000 | —D | M] (“DAEMON Tools Toolbar”) – D:\Documents and Settings\Top\Dane aplikacji\Mozilla\Firefox\Profiles\u6ozive7.default\extensions\DTToolbar@toolbarnet.com [2011-08-09 08:06:10 | 000,000,000 | —D | M] (“Nightclub City Toolbar Powered by Ask.com”) – D:\Documents and Settings\Top\Dane aplikacji\Mozilla\Firefox\Profiles\u6ozive7.default\extensions\toolbar@ask.com [2011-08-22 13:21:20 | 000,002,574 | ---- | M] () – D:\Documents and Settings\Top\Dane aplikacji\Mozilla\Firefox\Profiles\u6ozive7.default\searchplugins\askcom.xml O2 - BHO: (ShopperReports) - {100EB1FD-D03E-47fd-81F3-EE91287F9465} - D:\Program Files\ShopperReports3\bin\3.1.71.0\ShopperReports.dll (SmartShopper Inc.) O4 - HKCU…\Run: [xiabu] File not found [2011-08-21 14:50:03 | 000,000,734 | ---- | M] () – D:\WINDOWS\System32\drivers\etc\hîsts [2011-08-21 00:41:44 | 004,636,907 | ---- | C] () – D:\WINDOWS\geoiplist :Reg [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] “1081:TCP” =- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] “1634:TCP” =- :Commands [emptytemp]

Kliknij Wykonaj skrypt.W OTL użyj opcji Sprzątanie.Odinstaluj DAEMON Tools Toolbar,ShopperReports.Przeskanuj progr.Malwarebytes Anti-Malware

http://www.dobreprogramy.pl/Malwarebyte … 13117.html

Przed skanowaniem wykonaj RĘCZNĄ AKTUALIZACJĘ BAZY WIRUSÓW

Zainstaluj aktualizacje do programow wskazanych przez: http://screen317.spywareinfoforum.org/SecurityCheck.exe jako out of date.