x-kom hosting

wirus z fb pomocy

dorotaa
utworzono
utworzono

hey! mam problem, kliknęłam na link z you tube'a i złapałam tego popularnego ostatnio wirusa. Postępuję wg kroków podanych na str http://pcprograms.eu/wirus-facebooka-hi-jak-sie-go-pozbyc. Bo nie mam zbytnio pojęcia o takich sprawach. Skanowałam tymi programami Malwarebytes' Anti-Malware i OTL. Oto linki do logów: http://wklej.org/id/585651/

http://wklej.org/id/585652/

Teraz nie działa mi tylko strona fb.

Będę wdzięczna za pomoc i wszelkie wskazówki.

Gość
komentarz
komentarz (edytowane)

[b]1.[/b] Uruchom OTL i w oknie [b]Własne opcje skanowania/Skrypt[/b] wklej następujący tekst:

[code]:Files
C:\Windows\update*
C:\windows\ufa
C:\windows\phoenix
C:\windows\av_ico
C:\windows\info1
C:\windows\phoenix.rar
C:\windows\rpcminer.rar
C:\windows\unrar.exe
C:\windows\ufa.rar
C:\windows\geoiplist.rar
C:\windows\loader2.exe_ok

:Services
ddservice
srvsysdriver32

:OTL
O2 - BHO: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - File not found
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O2 - BHO: (IEPluginBHO Class) - {F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D} - File not found
O3 - HKLM\..\Toolbar: (MediaBar) - {0974BA1E-64EC-11DE-B2A5-E43756D89593} - File not found
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [avast] File not found
O4 - HKLM..\Run: [BearShare] File not found
O4 - HKLM..\Run: [MSC] File not found
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe

:Commands
[resethosts]
[emptyflash]
[emptytemp][/code]


Kliknij w [b]Wykonaj skrypt[/b]. Zatwierdź restart komputera.

[b]2.[/b] Następnie uruchamiasz OTL ponownie, tym razem wywołujesz opcję [b]Skanuj[/b]. Pokazujesz nowe logi z OTL.

dorotaa
komentarz
komentarz

ok, zrobiłam to co mi napisałeś; oto nowy log, nie wiem dlaczego ale teraz pojawił mi się tylko jeden
[url="http://wklej.org/id/587270/"][u][size="3"][color="#0000ff"][size="3"][color="#0000ff"]http://wklej.org/id/587270/[/color][/size][/color][/size][/u][/url] ; po wykonaniu skryptu pojawiła mi się taka informacja:

All processes killed
========== FILES ==========
C:\Windows\update.1 folder moved successfully.
C:\Windows\update.2 folder moved successfully.
C:\Windows\update.5.0 folder moved successfully.
C:\Windows\update.7.1 folder moved successfully.
C:\Windows\update.tray-12-0 folder moved successfully.
C:\Windows\update.tray-12-0-lnk folder moved successfully.
C:\Windows\update.tray-14-0 folder moved successfully.
C:\Windows\update.tray-14-0-lnk folder moved successfully.
C:\Windows\update.tray-7-0 folder moved successfully.
C:\Windows\update.tray-7-0-lnk folder moved successfully.
C:\windows\ufa folder moved successfully.
C:\windows\phoenix\kernels\poclbm folder moved successfully.
C:\windows\phoenix\kernels\phatk folder moved successfully.
C:\windows\phoenix\kernels folder moved successfully.
C:\windows\phoenix folder moved successfully.
C:\windows\av_ico folder moved successfully.
C:\windows\info1 moved successfully.
C:\windows\phoenix.rar moved successfully.
C:\windows\rpcminer.rar moved successfully.
C:\windows\unrar.exe moved successfully.
C:\windows\ufa.rar moved successfully.
C:\windows\geoiplist.rar moved successfully.
C:\windows\loader2.exe_ok moved successfully.
========== SERVICES/DRIVERS ==========
Service ddservice stopped successfully!
Service ddservice deleted successfully!
Error: No service named srvsysdriver32 was found to stop!
Service\Driver key srvsysdriver32 not found.
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5CC7F02-6F4E-4462-B5B1-394A57FD3E0D}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{0974BA1E-64EC-11DE-B2A5-E43756D89593} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0974BA1E-64EC-11DE-B2A5-E43756D89593}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\avast deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BearShare deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MSC deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\NWEReboot deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: DorKis
->Flash cache emptied: 68033 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: DorKis
->Temp folder emptied: 928438418 bytes
->Temporary Internet Files folder emptied: 1144542818 bytes
->Java cache emptied: 481076345 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 47007067 bytes
RecycleBin emptied: 721 bytes

Total Files Cleaned = 2,481.00 mb


OTL by OldTimer - Version 3.2.26.5 log created on 08302011_194119
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...

Gość
komentarz
komentarz

[quote]nie wiem dlaczego ale teraz pojawił mi się tylko jeden[/quote]

Tak ma byc. Teraz wykonaj nowe logi z OTL i wstaw do nich linki. Przejdziemy do czynności końcowych.

dorotaa
komentarz
komentarz

oto logi ze skanu dzisiejszego [url="http://wklej.org/id/587691/"]http://wklej.org/id/587691/[/url]. strona z fb już mi działa, zainstalowałam antywirusa i też jest poprawnie wszystko :)

Gość
komentarz
komentarz

Wszystko wygląda dobrze.....poza tym że system jest w stanie SP1
[php]Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation[/php]

Zaktualizuj system do statusu [b]SP2[/b] [url="http://www.microsoft.com/downloads/pl-pl/details.aspx?FamilyID=891ab806-2431-4d00-afa3-99ff6f22448d"]http://www.microsoft...a3-99ff6f22448d[/url]

Z panelu Dodaj/Usuń programu odinstaluj WinampToolbar.
[php]Java(TM) 6 Update 26[/php]Odinstaluj Jave i pobierz najnowszą wersje [b]Java7[/b]

Ale zanim to zrobisz. Uruchom OTL i kliknij opcje [b]Sprzątanie. [/b]To usunie program i kwarantannę z dysku.
Następnie opróżnij foldery Przywracania sytemu. Instrukcja [url="http://www.fixitpc.pl/topic/5-dezynfekcja-metody-usuwania-czesc-1/#1"]http://www.fixitpc.pl/topic/5-dezynfekcja-metody-usuwania-czesc-1/#1[/url]

dorotaa
komentarz
komentarz

ok dzięki wielkie za pomoc! :)

Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!

Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.

×
×
  • Dodaj nową pozycję...

Powiadomienie o plikach cookie

Strona wykorzystuje pliki cookies w celu prawidłowego świadczenia usług i wygody użytkowników. Warunki przechowywania i dostępu do plików cookies możesz zmienić w ustawieniach przeglądarki.