Uprzejmie proszę o pomoc. Mniej/więcej wiem które wpisy są dowodem na istnienie wirusa ale nie mając wprawy nie chce nic popsuć. Oto pliki;
Extras: http://wklej.to/7B3Xl
Udało mi się go częściowo usunąć ale wciąż nie można wejść na Facebooka.
Proszę o pomoc.
W własne opcje skanowania wklej:
:OTL
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (ALG)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
[2011-04-14 19:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marta\Dane aplikacji\Mozilla\Extensions
[2011-08-22 13:24:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Marta\Dane aplikacji\Mozilla\Firefox\Profiles\etl8tkav.default\extensions
[2011-08-22 22:21:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\MARTA\DANE APLIKACJI\MOZILLA\FIREFOX\PROFILES\ETL8TKAV.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
O2 - BHO: (no name) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - No CLSID value found.
O2 - BHO: (no name) - {E33CF602-D945-461A-83F0-819F76A199F8} - No CLSID value found.
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O20 - Winlogon\Notify\klogon: DllName - C:\WINDOWS\system32\klogon.dll - File not found
O31 - SafeBoot: AlternateShell - services32.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
[2011-08-22 14:13:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-1-0-lnk
[2011-08-22 14:13:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-1-0
[2011-08-22 11:39:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ufa
[2011-08-22 11:39:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\rpcminer
[2011-08-22 11:39:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\phoenix
[2011-08-22 11:28:06 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.7.1
[2011-08-22 11:27:13 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.2
[2011-08-22 11:23:22 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.5.0
[2011-08-22 11:21:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\av_ico
[2011-08-22 11:20:18 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.1
[2011-08-22 11:20:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-12-0-lnk
[2011-08-22 11:20:04 | 000,000,000 | -H-D | C] -- C:\WINDOWS\update.tray-12-0
[2011-08-22 11:39:32 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011-08-22 11:39:32 | 000,246,272 | ---- | M] () -- C:\WINDOWS\unrar.exe
[2011-08-22 11:39:32 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011-08-22 11:39:30 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011-08-22 11:30:42 | 000,000,200 | ---- | M] () -- C:\WINDOWS\info1
[2011-08-22 11:23:21 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011-08-22 11:23:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011-08-22 11:39:32 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011-08-22 11:39:31 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011-08-22 11:39:30 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011-08-22 11:23:23 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011-08-22 11:23:21 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011-08-22 11:23:21 | 000,246,272 | ---- | C] () -- C:\WINDOWS\unrar.exe
[2011-08-22 11:22:48 | 000,000,200 | ---- | C] () -- C:\WINDOWS\info1
[2011-08-22 11:22:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]
"AlternateShell"="cmd.exe"
:Commands
[RESETHOSTS]
[emptytemp]
Kliknij wykonaj skrypt i daj nowy log.
Owszem, źle skopiowałaś treść. Należy skopiować całość z okienka code, z :OTL również (czego tobie akurat brakuje)