Wirus z facebook'a

Dla specjalistów Bezpieczeństwo
#1

Witam, niestety też jestem ofiarą tego wirusa i proszę o sprawdzenie logów, a także pomoc.

Skan OTL: http://wklej.to/ReVOy

A tu extras: http://wklej.to/qEtVm

#2

Uruchom OTL i w okno (Własne opcje skanowania/Script) wklej:

OTL:

O4 - HKLM..\Run: [] File not found

O4 - HKLM..\Run: [tray_ico] File not found

O4 - HKLM..\Run: [tray_ico1] File not found

O4 - HKLM..\Run: [tray_ico2] File not found

O4 - HKLM..\Run: [tray_ico3] File not found

O4 - HKLM..\Run: [tray_ico4] File not found

[2011-08-21 09:04:10 | 000,000,000 | ---D | C] -- D:\WINXP\ufa

[2011-08-21 09:04:10 | 000,000,000 | ---D | C] -- D:\WINXP\rpcminer

[2011-08-21 09:04:10 | 000,000,000 | ---D | C] -- D:\WINXP\phoenix

[2011-08-21 08:48:06 | 000,000,000 | -H-D | C] -- D:\WINXP\update.5.0

[2011-08-21 08:46:43 | 000,000,000 | -H-D | C] -- D:\WINXP\update.2

[2011-08-21 08:45:39 | 000,000,000 | -H-D | C] -- D:\WINXP\update.7.1

[2011-08-21 08:42:52 | 000,000,000 | ---D | C] -- D:\WINXP\av_ico

[2011-08-21 08:41:00 | 000,000,000 | -H-D | C] -- D:\WINXP\update.1

[2011-08-21 08:40:52 | 000,000,000 | -H-D | C] -- D:\WINXP\update.tray-8-0-lnk

[2011-08-21 08:40:52 | 000,000,000 | -H-D | C] -- D:\WINXP\update.tray-8-0

[2011-08-21 09:04:09 | 005,589,370 | ---- | M] () -- D:\WINXP\phoenix.rar

[2011-08-21 09:04:09 | 000,246,272 | ---- | M] () -- D:\WINXP\unrar.exe

[2011-08-21 09:04:09 | 000,182,617 | ---- | M] () -- D:\WINXP\ufa.rar

[2011-08-21 09:04:08 | 001,075,284 | ---- | M] () -- D:\WINXP\rpcminer.rar

[2011-08-21 08:50:03 | 000,000,179 | ---- | M] () -- D:\WINXP\info1

[2011-08-21 08:46:20 | 000,904,792 | ---- | M] () -- D:\WINXP\geoiplist.rar

[2011-08-21 08:44:18 | 000,000,000 | ---- | M] () -- D:\WINXP\loader2.exe_ok

[2011-08-21 08:46:21 | 004,636,907 | ---- | C] () -- D:\WINXP\geoiplist


:Reg

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot]

"AlternateShell"="cmd.exe"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"D:\WINXP\services32.exe"=-

"D:\WINXP\update.1\svchost.exe"=-

"D:\WINXP\update.2\svchost.exe"=-

"D:\WINXP\update.tray-8-0\svchost.exe"=-


:Commands

[emptytemp]

[resethosts]

Kliknij Wykonaj skrypt. Zatwierdź restart komputera. Zapisz raport, który pokaże się po restarcie. Następnie uruchom OTL ponownie, tym razem kliknij (Skanuj).

Pokaż nowy log OTL.txt oraz raport z usuwania.