facebook vir

[misel111]

jsem amatér a na facebooku jsem chytl nejaký vir ze zprávy který mi poslala kamarádka anglickou zprávou, od té doby mi nejde načíst facebook a nejspis mi nefunguje ani antivirus, ostatní stránky na internetu mi fungují. Prosím o vysvětlení jak to odstraním abych mohl na facebook
Děkuji za vztřícné jednání !!!

[Caroprd111]

Zdravím

Můžete sem vložit log z RSIT? http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

[misel111]

Logfile of random's system information tool 1.09 (written by random/random)
Run by deda at 2011-07-19 19:14:09
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 3 GB (28%) free of 10 GB
Total RAM: 255 MB (30% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:16:28, on 19.7.2011
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\WINDOWS\update.tray-7-0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\System32\wuauclt.exe
C:\WINDOWS\ufa\ufa.exe
C:\WINDOWS\update.tray-7-0-lnk\svchost.exe
C:\Program Files\Opera\opera.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
C:\Documents and Settings\deda\Plocha\RSIT.exe
C:\Program Files\trend micro\deda.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss ... ffID=17981
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - - (no file)
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,C:\WINDOWS\System32\ldr.exe
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\Program Files\ICQToolbar\tbu58F\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll
O2 - BHO: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\System32\winload.dll (file missing)
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Yahoo Toolbar - {54C7D1DD-4296-451e-B756-1E94F665B4FF} - C:\WINDOWS\System32\yatool.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Documents and Settings\deda\Dokumenty\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [BabylonToolbar] "C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe" /md I
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [5562990.exe] "C:\DOCUME~1\deda\LOCALS~1\Temp\5562990.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [7863913.exe] "C:\WINDOWS\TEMP\7863913.exe"
O4 - HKLM\..\Run: [8554308.exe] "C:\WINDOWS\TEMP\8554308.exe"
O4 - HKLM\..\Run: [7498102.exe] "C:\WINDOWS\TEMP\7498102.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [ICQ] ~"C:\Program Files\ICQ6.5\ICQ.exe" silent
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - C:\Program Files\ICQLite\ICQLite.exe (file missing)
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Win32 Classes -
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} - http://download.divx.com/webplayer/stag ... taller.cab
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\System32\winload.dll (file missing)
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe

--
End of file - 8449 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Optimalizovat spouštění aplikace.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\Program Files\ICQToolbar\tbu58F\toolbaru.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
CescrtHlpr Object - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\bh\BabylonToolbar.dll [2010-11-07 225720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C}]
COM+ Service - C:\WINDOWS\System32\winload.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
Yahoo Toolbar - C:\WINDOWS\System32\yatool.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2005-06-20 844828]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]
{98889811-442D-49dd-99D7-DC866BE87DBC} - Babylon Toolbar - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarTlbr.dll [2010-11-07 184760]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]
"QuickTime Task"=C:\Documents and Settings\deda\Dokumenty\QuickTime\qttask.exe -atboottime []
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-03-05 111928]
"avast!"=C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe []
"BabylonToolbar"=C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.19\BabylonToolbarsrv.exe [2010-11-07 286720]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-18 1150976]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-7-0\svchost.exe [2011-07-18 1150976]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5562990.exe"=C:\DOCUME~1\deda\LOCALS~1\Temp\5562990.exe [2011-07-18 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-18 232960]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-18 232960]
"7863913.exe"=C:\WINDOWS\TEMP\7863913.exe [2011-07-18 232960]
"8554308.exe"=C:\WINDOWS\TEMP\8554308.exe [2011-07-18 232960]
"7498102.exe"=C:\WINDOWS\TEMP\7498102.exe [2011-07-18 483328]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-18 114176]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-18 110592]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2005-06-20 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]
"ICQ"=~C:\Program Files\ICQ6.5\ICQ.exe silent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
internat.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
C:\WINDOWS\system32\SysTray.Exe [2005-06-20 3072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^deda^Nabídka Start^Programy^Po spuštění^Deer Hunter 2005 Registration.lnk]
C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE /remind /language=CSY /PRNM=Deer Hunter 2005/PRMP=DH05/SKUN=PCXX/GTYP=OUTD []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^deda^Nabídka Start^Programy^Po spuštění^Product Registration.lnk]
C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE /remind /language=CSY /PRNM=Product []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe

C:\Documents and Settings\deda\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
COM+ Service - {3C49DDAC-3DA4-4743-AF6C-5974FEAF875C} - C:\WINDOWS\System32\winload.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"midi1"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"VIDC.VDOM"=vdowave.drv
"VIDC.IV50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\SYSTEM32\IAC25_32.AX
"msacm.lhacm"=lhacm.acm
"VIDC.WMV3"=wmv9vcm.dll

======List of files/folders created in the last 1 month======

2011-07-19 19:14:11 ----D---- C:\Program Files\trend micro
2011-07-19 19:14:09 ----D---- C:\rsit
2011-07-19 19:03:54 ----D---- C:\ComboFix
2011-07-19 19:03:53 ----A---- C:\WINDOWS\System32\CF17799.exe
2011-07-19 19:03:19 ----D---- C:\WINDOWS\ERDNT
2011-07-19 19:03:14 ----A---- C:\WINDOWS\System32\CF17705.exe
2011-07-19 19:02:23 ----D---- C:\Qoobox
2011-07-19 19:01:58 ----D---- C:\32788R22FWJFW.0.tmp
2011-07-19 18:51:16 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-19 18:50:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-19 17:45:19 ----A---- C:\WINDOWS\System32\javaws.exe
2011-07-19 17:45:19 ----A---- C:\WINDOWS\System32\javaw.exe
2011-07-19 17:45:19 ----A---- C:\WINDOWS\System32\java.exe
2011-07-18 21:59:28 ----SHD---- C:\FOUND.050
2011-07-18 20:04:49 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-18 20:04:23 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-18 20:04:17 ----A---- C:\WINDOWS\systemup.exe
2011-07-18 19:50:17 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-18 19:49:52 ----HD---- C:\WINDOWS\update.2
2011-07-18 19:48:53 ----D---- C:\WINDOWS\ufa
2011-07-18 19:48:53 ----D---- C:\WINDOWS\rpcminer
2011-07-18 19:48:53 ----D---- C:\WINDOWS\phoenix
2011-07-18 19:48:52 ----A---- C:\WINDOWS\unrar.exe
2011-07-18 19:47:33 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-18 19:47:08 ----HD---- C:\WINDOWS\update.5.0
2011-07-18 19:46:59 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-18 19:46:52 ----A---- C:\WINDOWS\iplist.txt
2011-07-18 19:46:44 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-18 19:45:52 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-18 19:44:47 ----D---- C:\WINDOWS\av_ico
2011-07-18 19:44:20 ----ASH---- C:\hiberfil.sys
2011-07-18 19:43:04 ----HD---- C:\WINDOWS\update.1
2011-07-18 19:42:43 ----HD---- C:\WINDOWS\update.tray-7-0-lnk
2011-07-18 19:42:43 ----HD---- C:\WINDOWS\update.tray-7-0
2011-07-18 19:26:22 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-18 19:26:22 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-18 19:24:57 ----A---- C:\WINDOWS\services32.exe
2011-06-22 18:30:51 ----D---- C:\WINDOWS\Application Data\Opera
2011-06-22 18:28:54 ----D---- C:\Program Files\Opera

======List of files/folders modified in the last 1 month======

2011-07-19 17:14:10 ----N---- C:\WINDOWS\SchedLog.Txt
2011-07-18 19:43:16 ----A---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2001-08-17 25472]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2005-06-20 39936]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-12-20 20747]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296]
R3 atimpab;atimpab; C:\WINDOWS\System32\DRIVERS\atimpab.sys [2001-10-24 289664]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2002-09-20 607104]
R3 Maestro;ESS Maestro2E Audio Driver (WDM); C:\WINDOWS\system32\drivers\essm2e.sys [2002-08-28 137088]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT61;Belkin RT2500 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT61.sys [2005-08-26 352768]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2005-06-20 19328]
S3 aswRdr;aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [2009-02-05 23152]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2005-06-20 68864]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2005-06-20 68864]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\System32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 ntosnh.sys;ntosnh.sys; \??\C:\WINDOWS\system32\drivers\ntosnh.sys []
S3 ntoss.sys;ntoss.sys; \??\C:\WINDOWS\system32\drivers\ntoss.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\atievxx.exe [2001-10-24 37376]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2005-06-20 12800]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-07-18 340480]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-07-18 483328]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-07-18 232960]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-07-18 1150976]

-----------------EOF-----------------


omlouvám se ale nevím jestli jsem poslal to co jste chtěl ....

[Caroprd111]

Poslal.


Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu.

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

:Commands
[purity]
[emptytemp]
[clearallrestorepoints]
[resethosts]

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3C49DDAC-3DA4-4743-AF6C-5974FEAF875C}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{54C7D1DD-4296-451e-B756-1E94F665B4FF}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{98889811-442D-49dd-99D7-DC866BE87DBC}"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\internat.exe]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
"COM+ Service"=-
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=-
"BabylonToolbar"=-
"wxpdrv"=-
"tray_ico"=-
"tray_ico0"=-
"tray_ico1"=-
"tray_ico2"=-
"tray_ico3"=-
"tray_ico4"=-
"5562990.exe"=-
"sysdriver32.exe"=-
"sysdriver32_.exe"=-
"7863913.exe"=-
"8554308.exe"=-
"7498102.exe"=-
"systemup"=-
"l1rezerv.exe"=-

:files
C:\Program Files\ICQToolbar
C:\Program Files\BabylonToolbar
C:\WINDOWS\services32.exe
C:\WINDOWS\update.tray-7-0
C:\WINDOWS\sysdriver32.exe
C:\WINDOWS\sysdriver32_.exe 
C:\WINDOWS\systemup.exe 
C:\WINDOWS\l1rezerv.exe 
C:\WINDOWS\TEMP\
C:\WINDOWS\update.2
C:\WINDOWS\update.5.0
C:\WINDOWS\ufa
C:\WINDOWS\rpcminer
C:\WINDOWS\phoenix
C:\WINDOWS\unrar.exe
C:\WINDOWS\update.1
C:\WINDOWS\update.tray-7-0-lnk

:services
srvbtcclient
srviecheck
srvsysdriver32
wxpdrivers
ntosnh.sys
ntoss.sys

Klikněte na "Opravit". Případné hlášky programu potvrďte, po dokončení a restartu na Vás vyskočí log, ten sem vložte.


Kdo Vám poradil použít ComboFix? Vy s ním umíte pracovat? Máte jeho log?

[misel111]

combofix......... no používat ho neumím ale zde na foru jsem četl at to vyzkouším

zkusím udělat co jste mi poradil !!!

[Caroprd111]

ComboFix se nedoporučuje používat bez dozoru zkušené osoby a většinou kontroly logu z jiného detekčního programu, případně spuštění CF s příslušným parametrem. Rádce ví, jak případné legitimní smazané soubory obnovit, zná příkazy, dokáže se orientovat v logu atp. Nejde jen o problém restartování PC v případě, když vir smaže knihovnu hal.dll, ale o nespočet dalších věcí, které často nelze ani předpovídat.

Máte z něj log?

[misel111]

Log zněj nemám

ztáhl jsem to OTL jak jste říkal, vložil jsem to tam . Počítač se mi zpustil ale ten program OTL mi uplně zmizel z plochy a žádnej log na mě nevyskočil tak tedka nevím co vám mam poslat, nevím kde ten log najdu

[Caroprd111]

Znovu stáhněte OTL a klikněte na tl. Prohledat. Logy vložte sem.

[misel111]

promiňte asi jsem hlupák ale, znova jsem stáhl ten OTL
dolu jsem opět vložil to co jste mi posílal a mam mačknout na ????? RUN SCAN ???? RUN FIX ???
CLEANUP ????
omlouvám se ale abych to zase nepodělal

[Caroprd111]

Uděláme to úplně jinak, asi nemáte český systém.

Spusťte OTL, vložte skript a klikněte na tl. Run fix. Po restarttu by měl vyskočit log, ten sem vložte.

[misel111]

po restartování na mě vyskočilo pouze toto okno


Files\Folders moved on Reboot...

Registry entries deleted on Reboot...


to asi nebude zprávně


a ještě na C: ve složce OTL jsem našel todle , ale to vám asi taky moc nepomůže

[misel111]

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

127.0.0.1 localhost

[Caroprd111]

Zkuste nabootovat do nouzového režimu a znovu aplikovat skript.

[misel111]

omlouvám jsem ale jsem amatér na počítače , a jaksi jsem uplně nepochopil co tedka po mě chcete omlouvám se že se mnou takhle ztrácíte čas, velmi vám děkuji !!!!
se mnou je to hodně těžké

[Caroprd111]

Neztrácím čas, je to zákeřný vir a kde kdo by s tím měl problémy.

Restartujte počítač a mačkejte F8, potom vyberte Nouzový režim s prací v síti a aplikujte OTL s výše uvedeným skriptem (po zadání skriptu kliknout na Run fix).