Vir z FB na WinXP + log

Zpráva

Scooby.. · #1 Příspěvek od **Scooby..** » 21 črc 2011 10:28

Nebudu zde popisovat co se stalo to všichni víme. Moje baba chatovala a podařilo se jí to taky.
Tak jsem si projel PC programem superantispywarem naslo to pár trojanů a pod. cca 25 kusů. Ty jsem odstranil použil cCleaner.
PC se zdá že funguje normálně, ale řekl bych že tam ještě něco mám jen to nemohu najít. Vše mi funguje, ale na FB se ne a ne připojit.
Poradíte co s tím?
Log:

Kód: Vybrat vše

http://www.uloz.to/9742349/log-vir-facebook-txt

Heslo:
viry.cz

#2 Příspěvek od **stell** » 21 črc 2011 10:38

Zdravim
Sprav postupne vsetko tak ako mam napisane v blogu
logy vkladaj sem
AVPTOOL zatial nemusis robit,

Scooby.. · #3 Příspěvek od **Scooby..** » 21 črc 2011 10:44

Kam mám toto vložit? Oprava núdzového režimu pre xp
Jsem amatér

#4 Příspěvek od **stell** » 21 črc 2011 10:48

nikde, pokracuj v normalnom windowse, tento krok vynechaj,Oprava núdzového režimu pre xp a pokracuj dalej, citaj pozorne navod, kazdy program ti da log, obsah postupne vloz sem do fora.

Scooby.. · #5 Příspěvek od **Scooby..** » 21 črc 2011 11:21

Stala se mi taková nepříjemná věc, když program vyhodil log tak jsem ho nestihl ulozit a restartoval jsem PC. Jistě to je moje chyba ale uvědomil jsem si to až po odkliklnutí restartu.
Je to někde uložené? Byl to ten maleare softík

#6 Příspěvek od **stell** » 21 črc 2011 11:24

Byl to ten maleare softík

Ktory?/
RogueKiller.??

Scooby.. · #7 Příspěvek od **Scooby..** » 21 črc 2011 11:27

Špatně jsem to napsal tenhle
Anti-Malware Malwarebytes

#8 Příspěvek od **stell** » 21 črc 2011 11:29

ano spust znova malwarebytes, klikni na protokoly , a z najnovsim datumom otvor, a obsah skopiruj sem

Scooby.. · #9 Příspěvek od **Scooby..** » 21 črc 2011 11:31

Tak teď jsem se zastyděl jak to bylo jednoduché

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 7219

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21.7.2011 12:15:41
mbam-log-2011-07-21 (12-15-41).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 178342
Uplynulý čas: 17 minut, 54 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 28

Infikované procesy v paměti:
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 1532 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2866302.exe (Trojan.Agent) -> Value: 2866302.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5117829.exe (Trojan.Agent) -> Value: 5117829.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4408643.exe (Trojan.Downloader.H) -> Value: 4408643.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3564184.exe (Trojan.Agent) -> Value: 3564184.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\WINDOWS\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Scooby\local settings\Temp\2866302.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\5117829.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4408643.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3564184.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Scooby\dokumenty\stažené soubory\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3cc2ebe3-5a22-4030-858e-63d02afa6a1a}\RP26\A0007524.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3cc2ebe3-5a22-4030-858e-63d02afa6a1a}\RP26\A0007527.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1059213.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1793092.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3899440.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4634675.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\643752.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\517848246.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

#10 Příspěvek od **stell** » 21 črc 2011 11:34

Ok, teraz spust este raz program ROGUEKILLER>>stlac na klavesnic 2 a stlac enter>.otvori sa log vloz sem obsah.

Scooby.. · #11 Příspěvek od **Scooby..** » 21 črc 2011 11:34

RogueKiller

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: Remove -- Date : 07/21/2011 12:33:36

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Finished : << RKreport[1].txt >>
RKreport[1].txt

Scooby.. · #12 Příspěvek od **Scooby..** » 21 črc 2011 11:36

To je pod 3.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: HOSTSFix -- Date : 07/21/2011 12:35:17

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

#13 Příspěvek od **stell** » 21 črc 2011 11:37

ok, este raz spust Rogue Killer a teraz stlac 3=enter
log vloz sem

Scooby.. · #14 Příspěvek od **Scooby..** » 21 črc 2011 11:37

pod 4.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: ProxyFix -- Date : 07/21/2011 12:36:58

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Scooby.. · #15 Příspěvek od **Scooby..** » 21 črc 2011 11:37

Pod 5.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: DNSFix -- Date : 07/21/2011 12:37:33

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

VIRY.CZ

Vir z FB na WinXP + log

Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log

Re: Vir z FB na WinXP + log