Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Vírus z Facebooku :(

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Vírus z Facebooku :(

#1 Příspěvek od mafcool »

Dobrý den prajem všetkým :)
Dostal som vírus z facebooku z toho videa ktoré sa šíri... =/ potreboval by som pomoc.. Ďakujem :)


Logfile of random's system information tool 1.09 (written by random/random)
Run by katka at 2011-07-22 14:26:32
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 889 MB (3%) free of 30 GB
Total RAM: 1535 MB (58% free)


======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1659004503-839522115-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1659004503-839522115-1003UA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\katka\Data aplikací\Mozilla\Firefox\Profiles\w1g0p13y.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{6236BA26-C117-4007-928C-DE0716C7FA82}:1.0.2, {DDABDBA1-2377-4A30-A027-25697B99E254}:3.1, {6236BA26-C117-4007-928C-DE0716C7FA99}:1.0.1, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {63414328-3ab4-2c84-6c41-5a473c4b2ff7}:1.0, {6236BA26-C117-4007-928C-DE0716C7FA80}:1.0.24, {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.6, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655, {8675f4b3-2f19-11ed-2d6b-0800600c0a16}:1.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.9, {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}:6.0.25, {8675f4b3-2f19-11ed-2d6b-0800600c0a17}:1.0, {c8f71e5b-88f8-42a7-98bb-e4c506161de9}:0.4, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.10, nasanightlaunch@example.com:0.6.20100805"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.1.9&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6]
"Description"=Yahoo Messenger State Plugin
"Path"=C:\Program Files\Yahoo!\Shared\npYState.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.0.3]
"Description"=VLC Multimedia Plugin
"Path"=D:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc;version=0.8.6d]
"Description"=VLC Multimedia Plugin
"Path"=D:\Program Files\VideoLAN\VLC\npvlc.dll

c:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}

c:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat

c:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll

c:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\katka\Data aplikací\Mozilla\Firefox\Profiles\w1g0p13y.default\extensions\
nasanightlaunch@example.com
{6236BA26-C117-4007-928C-DE0716C7FA80}
{6236BA26-C117-4007-928C-DE0716C7FA82}
{6236BA26-C117-4007-928C-DE0716C7FA96}
{6236BA26-C117-4007-928C-DE0716C7FA99}
{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
{635abd67-4fe9-1b23-4f01-e679fa7484c1}
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{800b5000-a755-47e1-992b-48a1c1357f07}
{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
{DDABDBA1-2377-4A30-A027-25697B99E254}
{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}

C:\Documents and Settings\katka\Data aplikací\Mozilla\Firefox\Profiles\w1g0p13y.default\searchplugins\
icqplugin.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}]
&Yahoo! Toolbar Helper - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-04-14 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-04-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}]
SingleInstance Class - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2010-10-15 163128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - D:\PROGRA~1\PCTRAN~1\webie.dll [2004-05-13 319488]
{EF99BD32-C1FB-11D2-892F-0090271D4F88} - Yahoo! Toolbar - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll [2010-10-15 1372472]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-09-06 1048888]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-04-04 16120832]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2006-08-11 7630848]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2006-08-11 86016]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-01-07 253672]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-21 1178112]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-9-0\svchost.exe [2011-07-21 1178112]
"tray_ico1"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-21 1178112]
"tray_ico2"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-07-21 1178112]
"tray_ico3"= []
"tray_ico4"= []
"7825190.exe"=C:\DOCUME~1\katka\LOCALS~1\Temp\7825190.exe [2011-07-21 245760]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-22 249344]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-22 249344]
"w_distrib.exe"=C:\WINDOWS\update.3\svchost.exe [2011-07-21 278528]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-21 115200]
"38886836-loader2.exe"=C:\DOCUME~1\katka\LOCALS~1\Temp\38886836-loader2.exe [2011-07-21 245760]
"86747674-loader2.exe"=C:\DOCUME~1\katka\LOCALS~1\Temp\86747674-loader2.exe [2011-07-22 249344]
"5682606.exe"=C:\WINDOWS\TEMP\5682606.exe [2011-07-22 249344]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"=C:\WINDOWS\system32\sti_ci.dll [2004-08-17 136704]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-11-16 139264]
"Google Update"=C:\Documents and Settings\katka\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe [2010-02-09 135664]
"Messenger (Yahoo!)"=C:\PROGRA~1\Yahoo!\Messenger\YahooMessenger.exe [2010-06-01 5252408]
"ICQ"=C:\Program Files\ICQ7.4\ICQ.exe [2011-04-15 119608]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"=C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe [2010-10-18 232912]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe
Adobe Reader Synchronizer.lnk - D:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe

C:\Documents and Settings\katka\Nabídka Start\Programy\Po spuštění
CurseClientStartup.ccip
Výřezy obrazovky a spuštění aplikace OneNote 2007.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\{1a3e09be-1e45-494b-9174-d7385b45bbf5}]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Internet Explorer\IEXPLORE.EXE"="C:\Program Files\Internet Explorer\IEXPLORE.EXE:*:Enabled:Internet Explorer"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\totalcmd\TOTALCMD.EXE"="D:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\Program Files\Opera\opera.exe"="D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\Program Files\Counter-Strike 1.6\hl.exe"="D:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Counter-Strike Source\hl2.exe"="D:\Program Files\Counter-Strike Source\hl2.exe:*:Enabled:hl2"
"D:\Tibor\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"="D:\Tibor\World of Warcraft\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe:*:Enabled:Blizzard Downloader"
"D:\Tibor\World of Warcraft\Launcher.exe"="D:\Tibor\World of Warcraft\Launcher.exe:*:Enabled:Blizzard Launcher"
"C:\Program Files\Java\jre6\bin\java.exe"="C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Documents and Settings\katka\Local Settings\Apps\2.0\BVORTGJY.BR5\61V3VLHV.6G1\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe"="C:\Documents and Settings\katka\Local Settings\Apps\2.0\BVORTGJY.BR5\61V3VLHV.6G1\curs..tion_eee711038731a406_0004.0000_1430d97334050788\CurseClient.exe:*:Enabled:Curse Client 4.0"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Steam\Steam.exe"="C:\Program Files\Steam\Steam.exe:*:Enabled:Steam"
"C:\Documents and Settings\katka\Local Settings\Temp\Rar$EX00.906\teamspeak3-server_win32\ts3server_win32.exe"="C:\Documents and Settings\katka\Local Settings\Temp\Rar$EX00.906\teamspeak3-server_win32\ts3server_win32.exe:*:Enabled:TeamSpeak 3 Server"
"C:\Program Files\Xfire\Xfire.exe"="C:\Program Files\Xfire\Xfire.exe:*:Enabled:Xfire"
"D:\World of Warcraft\Launcher.exe"="D:\World of Warcraft\Launcher.exe:*:Enabled:Launcher.exe"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\Documents and Settings\katka\Plocha\Left 4 Dead 2\left4dead2.exe"="C:\Documents and Settings\katka\Plocha\Left 4 Dead 2\left4dead2.exe:*:Enabled:left4dead2"
"C:\Documents and Settings\katka\Plocha\Left 4 Dead 2\srcds.exe"="C:\Documents and Settings\katka\Plocha\Left 4 Dead 2\srcds.exe:*:Enabled:srcds"
"C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe"="C:\Program Files\DsNET Corp\aTube Catcher 2.0\yct.exe:*:Enabled:aTube Catcher to download and convert videos."
"D:\Program Files\Left 4 Dead\left4dead.exe"="D:\Program Files\Left 4 Dead\left4dead.exe:*:Enabled:left4dead"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"D:\Program Files\Warcraft III\Warcraft III.exe"="D:\Program Files\Warcraft III\Warcraft III.exe:*:Enabled:Warcraft III"
"D:\Program Files\Warcraft III\War3.exe"="D:\Program Files\Warcraft III\War3.exe:*:Enabled:Warcraft III"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"D:\Program Files\EA Games\Need For Speed Underground\Speed.exe"="D:\Program Files\EA Games\Need For Speed Underground\Speed.exe:*:Enabled:Speed"
"C:\Program Files\Steam\steamapps\mafcool\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\mafcool\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe"="C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\Steam\steamapps\dome370\counter-strike\hl.exe"="C:\Program Files\Steam\steamapps\dome370\counter-strike\hl.exe:*:Enabled:Counter-Strike"
"C:\Documents and Settings\katka\Dokumenty\Downloads\Flash-Player.exe"="C:\Documents and Settings\katka\Dokumenty\Downloads\Flash-Player.exe:*:Enabled:C:\Documents and Settings\katka\Dokumenty\Downloads\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.tray-9-0\svchost.exe"="C:\WINDOWS\update.tray-9-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-9-0\svchost.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
"C:\WINDOWS\update.3\svchost.exe"="C:\WINDOWS\update.3\svchost.exe:*:Enabled:C:\WINDOWS\update.3\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Pando Networks\Media Booster\PMB.exe"="C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"msacm.lhacm"=lhacm.acm
"VIDC.FMVC"=fmcodec.dll
"MSVideo8"=VfWWDM32.dll

======List of files/folders created in the last 1 month======

2011-07-22 14:26:32 ----D---- C:\rsit
2011-07-22 14:26:32 ----D---- C:\Program Files\trend micro
2011-07-22 14:21:46 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-22 14:21:32 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-21 18:45:00 ----D---- C:\WINDOWS\ufa
2011-07-21 18:45:00 ----D---- C:\WINDOWS\rpcminer
2011-07-21 18:45:00 ----D---- C:\WINDOWS\phoenix
2011-07-21 16:40:54 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-21 16:40:49 ----A---- C:\WINDOWS\bitcoind.exe
2011-07-21 16:40:43 ----A---- C:\WINDOWS\btc_iplist.txt
2011-07-21 16:39:43 ----HD---- C:\WINDOWS\update.4.1
2011-07-21 16:38:35 ----A---- C:\WINDOWS\w_distrib_iplist.txt
2011-07-21 16:38:07 ----HD---- C:\WINDOWS\update.3
2011-07-21 16:38:06 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-21 16:37:34 ----A---- C:\WINDOWS\unrar.exe
2011-07-21 16:37:26 ----HD---- C:\WINDOWS\update.5.0
2011-07-21 16:37:16 ----A---- C:\WINDOWS\iplist.txt
2011-07-21 15:51:08 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-21 15:24:40 ----D---- C:\WINDOWS\av_ico
2011-07-21 15:23:41 ----HD---- C:\WINDOWS\update.1
2011-07-21 15:23:40 ----HD---- C:\WINDOWS\update.tray-9-0-lnk
2011-07-21 15:23:40 ----HD---- C:\WINDOWS\update.tray-9-0
2011-07-21 15:23:40 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-21 15:23:40 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-21 15:23:39 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-21 15:23:39 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-21 15:13:35 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-21 15:13:34 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-21 15:13:30 ----A---- C:\WINDOWS\services32.exe
2011-07-04 10:54:28 ----D---- C:\Program Files\3GPplayer2011
2011-07-04 10:37:35 ----D---- C:\WINDOWS\system32\madll
2011-07-04 10:37:30 ----D---- C:\Program Files\Abdio

======List of files/folders modified in the last 1 month======

2011-07-22 14:26:32 ----RD---- C:\Program Files
2011-07-22 14:23:05 ----D---- C:\WINDOWS\Temp
2011-07-22 14:21:46 ----D---- C:\WINDOWS
2011-07-22 14:19:21 ----D---- C:\WINDOWS\system32\drivers
2011-07-21 18:59:17 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-21 17:05:49 ----D---- C:\WINDOWS\ime
2011-07-21 16:45:11 ----D---- C:\WINDOWS\system32
2011-07-21 16:41:35 ----SHD---- C:\System Volume Information
2011-07-21 16:41:35 ----D---- C:\WINDOWS\system32\Restore
2011-07-21 15:42:57 ----D---- C:\WINDOWS\Prefetch
2011-07-21 15:40:38 ----D---- C:\WINDOWS\pchealth
2011-07-21 15:37:31 ----A---- C:\boot.ini
2011-07-21 15:36:16 ----D---- C:\Program Files\McAfee Security Scan
2011-07-19 11:01:44 ----D---- C:\WINDOWS\Minidump
2011-07-18 19:50:00 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-17 19:58:07 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-16 07:34:13 ----D---- C:\Documents and Settings\katka\Data aplikací\ICQ
2011-07-15 19:16:32 ----D---- C:\WINDOWS\system32\DirectX
2011-07-15 19:16:31 ----RSD---- C:\WINDOWS\assembly
2011-07-15 07:56:55 ----D---- C:\Documents and Settings\katka\Data aplikací\Skype
2011-07-15 06:59:18 ----D---- C:\Documents and Settings\katka\Data aplikací\skypePM
2011-07-11 10:43:32 ----D---- C:\Program Files\Steam
2011-07-06 19:40:42 ----D---- C:\Program Files\Common Files\Adobe
2011-07-04 10:58:27 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2011-07-04 10:52:18 ----D---- C:\Program Files\3GPplayer2010
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus z Facebooku :(

#2 Příspěvek od vyosek »

Zdravim, pekne odpoledne preji a vitam vas u nas na foru :welcome:

:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com :arrow: Aplikujte exeHelper by Raktor :arrow: Aplikujte RogueKiller
stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205
:arrow: Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

:arrow: RKill, eXeHelper i RogueKiller by mely udelat logy, vlozte mi je sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Re: Vírus z Facebooku :(

#3 Příspěvek od mafcool »

Takže spravil som všetko :) tu su logy :

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on . 07. 2011 at 15:17:02.
Operating System: Microsoft Windows XP


Processes terminated by Rkill or while it was running:

\\.\globalroot\Device\svchost.exe\svchost.exe
C:\Documents and Settings\katka\Local Settings\Data aplikací\Google\Update\1.3.21.57\GoogleCrashHandler.exe


Rkill completed on . 07. 2011 at 15:17:13.


exeHelper by Raktor
Build 20100414
Run at 15:23:02 on 07/22/11
Now searching...
Checking for numerical processes...
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7825190.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\38886836-loader2.exe
Removing HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5682606.exe
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: katka [Admin rights]
Mode: Remove -- Date : 07/22/2011 15:25:28

Bad processes: 9
[SVCHOST] svchost.exe -- c:\windows\update.tray-9-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-3-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.3\svchost.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SUSP PATH] ATKKBService.exe -- c:\windows\atkkbservice.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.4.1\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED

Registry Entries: 10
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 86747674-loader2.exe ("C:\DOCUME~1\katka\LOCALS~1\Temp\86747674-loader2.exe") -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: katka [Admin rights]
Mode: HOSTSFix -- Date : 07/22/2011 15:28:15

Bad processes: 0

HOSTS File:


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 2) 32 bits version
Started in : Normal mode
User: katka [Admin rights]
Mode: ProxyFix -- Date : 07/22/2011 15:28:35

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus z Facebooku :(

#4 Příspěvek od vyosek »

:arrow: Vyborne, jdeme dale :James008:

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Re: Vírus z Facebooku :(

#5 Příspěvek od mafcool »

ComboFix 11-07-22.01 - katka . 07. 2011 16:28:24.1.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1093 [GMT 2:00]
Spuštěný z: c:\documents and settings\katka\Plocha\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Thumbs.db
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.3
c:\windows\update.3\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\update.tray-9-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVSYSDRIVER32
-------\Legacy_WXPDRIVERS
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Legacy_srvbtcclient
-------\Legacy_srvbtcclient
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 12:26 . 2011-07-22 12:26 -------- d-----w- c:\program files\trend micro
2011-07-22 12:26 . 2011-07-22 12:26 -------- d-----w- C:\rsit
2011-07-21 16:45 . 2011-07-21 16:45 -------- d-----w- c:\windows\ufa
2011-07-21 16:45 . 2011-07-21 16:45 -------- d-----w- c:\windows\rpcminer
2011-07-21 16:45 . 2011-07-21 16:45 -------- d-----w- c:\windows\phoenix
2011-07-21 14:40 . 2011-07-21 14:42 1510400 ----a-w- c:\windows\bitcoind.exe
2011-07-21 14:40 . 2011-07-22 14:08 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Bitcoin
2011-07-21 14:39 . 2011-07-21 14:39 -------- d--h--w- c:\windows\update.4.1
2011-07-21 14:37 . 2011-07-21 16:44 246272 ----a-w- c:\windows\unrar.exe
2011-07-21 13:24 . 2011-07-21 13:24 -------- d-----w- c:\windows\av_ico
2011-07-21 13:23 . 2011-07-22 14:30 -------- d--h--w- c:\windows\update.tray-9-0
2011-07-21 13:23 . 2011-07-22 14:30 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-21 13:23 . 2011-07-21 13:23 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-07-21 13:23 . 2011-07-21 13:23 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-07-21 13:23 . 2011-07-22 14:30 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-21 13:23 . 2011-07-21 13:23 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-21 13:13 . 2011-07-21 13:13 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-04 08:54 . 2011-07-06 17:41 -------- d-----w- c:\program files\3GPplayer2011
2011-07-04 08:37 . 2011-07-04 08:37 -------- d-----w- c:\windows\system32\madll
2011-07-04 08:37 . 2011-07-04 08:37 -------- d-----w- c:\program files\Abdio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2006-12-26 . 0BF7BA22374236895D2601B212A6E76A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\drivers\beep.sys ... chybí !!
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-11-16 139264]
"Messenger (Yahoo!)"="c:\progra~1\Yahoo!\Messenger\YahooMessenger.exe" [2010-06-01 5252408]
"ICQ"="c:\program files\ICQ7.4\ICQ.exe" [2011-04-15 119608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-01-07 253672]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-17 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\katka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-2-6 0]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - d:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Tibor\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"d:\\Tibor\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Documents and Settings\\katka\\Local Settings\\Apps\\2.0\\BVORTGJY.BR5\\61V3VLHV.6G1\\curs..tion_eee711038731a406_0004.0000_1430d97334050788\\CurseClient.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\mafcool\\counter-strike\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Steam\\steamapps\\dome370\\counter-strike\\hl.exe"=
"c:\\Documents and Settings\\katka\\Dokumenty\\Downloads\\Flash-Player.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56410:TCP"= 56410:TCP:Pando Media Booster
"56410:UDP"= 56410:UDP:Pando Media Booster
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5. 7. 2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9. 12. 2009 14:28 685816]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21. 12. 2007 8:21 33800]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15. 4. 2011 19:46 247096]
R2 srvbtc1;srvbtc1;c:\windows\update.4.1\svchost.exe srv --> c:\windows\update.4.1\svchost.exe srv [?]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\f:\ntglm7x.sys --> f:\NTGLM7X.sys [?]
.
Obsah adresáře 'Naplánované úlohy'
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uDefault_Search_URL = hxxp://www.Google.com
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\progra~1\PCTRAN~1\webie.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\documents and settings\katka\Data aplikací\Mozilla\Firefox\Profiles\w1g0p13y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.1.9&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Ext: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - %profile%\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico0 - c:\windows\update.tray-9-0\svchost.exe
HKLM-Run-tray_ico1 - c:\windows\update.tray-3-0\svchost.exe
HKLM-Run-tray_ico2 - c:\windows\update.tray-2-0\svchost.exe
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
HKLM-Run-w_distrib.exe - c:\windows\update.3\svchost.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-NOD32 v3.x FiX 1.1 by TemDono_is1 - c:\program files\ESET\ESET NOD32 Antivirus\unins000.exe
AddRemove-{AE84E7FF-4DEC-48EC-BBA9-9A808E48DF8E}_is1 - d:\lucka\MP3Recorder\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 16:33
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\$NtUninstallKB22579$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\\.\globalroot\Device\svchost.exe\svchost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\windows\update.4.1\svchost.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\update.4.1\svchost.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 16:36:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 14:36
.
Před spuštěním: 788 885 504
Po spuštění: 8 269 746 176
.
WindowsXP-KB310994-SP2-Pro-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect
.
- - End Of File - - 5560A15E40FF65C54F67466CECCF780F
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus z Facebooku :(

#6 Příspěvek od vyosek »

:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\update.4.1
c:\windows\av_ico
c:\windows\update.tray-9-0
c:\windows\update.tray-2-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
c:\program files\ICQ6Toolbar

File::
c:\windows\unrar.exe

Collect::
c:\Documents and Settings\katka\\Dokumenty\Downloads\Flash-Player.exe
c:\windows\update.4.1\svchost.exe
c:\\.\globalroot\Device\svchost.exe\svchost.exe

Restore::
c:\windows\System32\drivers\beep.sys

Mia::
c:\windows\System32\drivers\beep.sys

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=-
"Messenger (Yahoo!)"=-
"ICQ"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"=-
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Documents and Settings\\katka\\Local Settings\\Apps\\2.0\\BVORTGJY.BR5\\61V3VLHV.6G1\\curs..tion_eee711038731a406_0004.0000_1430d97334050788\\CurseClient.exe"=-
"c:\\Documents and Settings\\katka\\Dokumenty\\Downloads\\Flash-Player.exe"=-
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\WINDOWS\update.1\svchost.exe"=-
"C:\WINDOWS\services32.exe"=-
"C:\WINDOWS\update.tray-3-0\svchost.exe"=-
"C:\WINDOWS\update.tray-9-0\svchost.exe"=-
"C:\WINDOWS\update.tray-2-0\svchost.exe"=-
"C:\WINDOWS\update.3\svchost.exe"=-

Driver::
ICQ Service
srvbtc1
SetupNTGLM7X

DDS::
uStart Page = hxxp://start.icq.com/

Firefox::
FF - ProfilePath - c:\documents and settings\katka\Data aplikací\Mozilla\Firefox\Profiles\w1g0p13y.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search13.net/search.php?clid=486&q=
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.1.9&q=
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Re: Vírus z Facebooku :(

#7 Příspěvek od mafcool »

ComboFix 11-07-22.01 - katka . 07. 2011 17:08:34.2.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1003 [GMT 2:00]
Spuštěný z: c:\documents and settings\katka\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\katka\Plocha\CFScript.txt
AV: ESET NOD32 Antivirus 3.0 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
FILE ::
"c:\windows\unrar.exe"
.
file zipped: c:\documents and settings\katka\\Dokumenty\Downloads\Flash-Player.exe
file zipped: c:\windows\update.4.1\svchost.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\katka\Dokumenty\Downloads\Flash-Player.exe
c:\program files\ICQ6Toolbar
c:\program files\ICQ6Toolbar\config.xml
c:\program files\ICQ6Toolbar\Icons.bmp
c:\program files\ICQ6Toolbar\ICQ Service.exe
c:\program files\ICQ6Toolbar\icq6Toolbar.ico
c:\program files\ICQ6Toolbar\ICQToolBar.dll
c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files\ICQ6Toolbar\logo_small.gif
c:\program files\ICQ6Toolbar\ServiceStarter.exe
c:\program files\ICQ6Toolbar\short.wav
c:\program files\ICQ6Toolbar\Thumbs.db
c:\program files\ICQ6Toolbar\Version.txt
c:\program files\ICQ6Toolbar\voucher.bmp
c:\program files\ICQ6Toolbar\voucher2.bmp
c:\windows\assembly\GAC_MSIL\desktop.ini
c:\windows\av_ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SS_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\phoenix
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\rpcminer
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\ufa
c:\windows\ufa\ufa.exe
c:\windows\unrar.exe
c:\windows\update.4.1
c:\windows\update.4.1\svchost.exe
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-3-0-lnk\svchost.exe
c:\windows\update.tray-3-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-9-0-lnk\svchost.exe
c:\windows\update.tray-9-0
.
c:\windows\System32\drivers\beep.sys . . . je infikován!!
.
c:\windows\System32\drivers\beep.sys . . . chybí !!
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_ICQ_SERVICE
-------\Legacy_SETUPNTGLM7X
-------\Legacy_SRVBTC1
-------\Service_ICQ Service
-------\Service_SetupNTGLM7X
-------\Service_srvbtc1
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-22 do 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 12:26 . 2011-07-22 12:26 -------- d-----w- c:\program files\trend micro
2011-07-22 12:26 . 2011-07-22 12:26 -------- d-----w- C:\rsit
2011-07-21 14:40 . 2011-07-21 14:42 1510400 ----a-w- c:\windows\bitcoind.exe
2011-07-21 14:40 . 2011-07-22 14:08 -------- d-----w- c:\documents and settings\LocalService\Data aplikací\Bitcoin
2011-07-21 13:13 . 2011-07-21 13:13 -------- d-----w- c:\documents and settings\LocalService\Nabídka Start
2011-07-04 08:54 . 2011-07-06 17:41 -------- d-----w- c:\program files\3GPplayer2011
2011-07-04 08:37 . 2011-07-04 08:37 -------- d-----w- c:\windows\system32\madll
2011-07-04 08:37 . 2011-07-04 08:37 -------- d-----w- c:\program files\Abdio
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2006-12-26 . 0BF7BA22374236895D2601B212A6E76A . 1548288 . . [5.1.2600.2180] . . c:\windows\system32\sfcfiles.dll
.
c:\windows\System32\drivers\beep.sys ... chybí !!
.
((((((((((((((((((((((((((((( SnapShot@2011-07-22_14.33.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-07-22 15:01 . 2011-07-22 15:01 16384 c:\windows\Temp\Perflib_Perfdata_6fc.dat
+ 2011-07-22 15:15 . 2011-07-22 15:15 16384 c:\windows\Temp\Perflib_Perfdata_4fc.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-04-04 16120832]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-08-11 7630848]
"nwiz"="nwiz.exe" [2006-08-11 1519616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2006-08-11 86016]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"WIAWizardMenu"="c:\windows\system32\sti_ci.dll" [2004-08-17 136704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\katka\Nabˇdka Start\Programy\Po spuçtŘnˇ\
CurseClientStartup.ccip [2010-2-6 0]
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Reader Speed Launch.lnk - d:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe [2006-10-23 40048]
Adobe Reader Synchronizer.lnk - d:\program files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe [2006-10-23 734872]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"d:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\Tibor\\World of Warcraft\\WoW-3.1.3.9947-to-3.2.0.10192-enUS-downloader.exe"=
"d:\\Tibor\\World of Warcraft\\Launcher.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\Steam\\Steam.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\DsNET Corp\\aTube Catcher 2.0\\yct.exe"=
"c:\\Program Files\\Pando Networks\\Media Booster\\PMB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Steam\\steamapps\\mafcool\\counter-strike\\hl.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\Steam\\steamapps\\dome370\\counter-strike\\hl.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56410:TCP"= 56410:TCP:Pando Media Booster
"56410:UDP"= 56410:UDP:Pando Media Booster
.
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\system32\drivers\sfdrv01a.sys [5. 7. 2006 14:46 63352]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [9. 12. 2009 14:28 685816]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [21. 12. 2007 8:21 33800]
S2 ekrn;Eset Service;"c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe" --> c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [?]
.
.
------- Doplňkový sken -------
.
uDefault_Search_URL = hxxp://www.Google.com
uSearchAssistant = hxxp://www.Google.com/
uCustomizeSearch = hxxp://www.Google.com/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - d:\progra~1\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - d:\progra~1\PCTRAN~1\webie.dll
LSP: mswsock.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\documents and settings\katka\Data aplikací\Mozilla\Firefox\Profiles\w1g0p13y.default\
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA}
FF - Ext: NASA Night Launch: nasanightlaunch@example.com - %profile%\extensions\nasanightlaunch@example.com
FF - Ext: Stylish Profile: {6236BA26-C117-4007-928C-DE0716C7FA80} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA80}
FF - Ext: Express Tab: {6236BA26-C117-4007-928C-DE0716C7FA82} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA82}
FF - Ext: Usage Stat: {6236BA26-C117-4007-928C-DE0716C7FA96} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA96}
FF - Ext: FBFan: {6236BA26-C117-4007-928C-DE0716C7FA99} - %profile%\extensions\{6236BA26-C117-4007-928C-DE0716C7FA99}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: QAssistant: {63414328-3ab4-2c84-6c41-5a473c4b2ff7} - %profile%\extensions\{63414328-3ab4-2c84-6c41-5a473c4b2ff7}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: AmbientFox: {c8f71e5b-88f8-42a7-98bb-e4c506161de9} - %profile%\extensions\{c8f71e5b-88f8-42a7-98bb-e4c506161de9}
FF - Ext: Facicons: {DDABDBA1-2377-4A30-A027-25697B99E254} - %profile%\extensions\{DDABDBA1-2377-4A30-A027-25697B99E254}
FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
FF - Ext: KFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a16}: {8675f4b3-2f19-11ed-2d6b-0800600c0a16} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a16}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: VFD Flv: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: {8675f4b3-2f19-11ed-2d6b-0800600c0a17}: {8675f4b3-2f19-11ed-2d6b-0800600c0a17} - %profile%\extensions\{8675f4b3-2f19-11ed-2d6b-0800600c0a17}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-ICQToolbar - c:\program files\ICQ6Toolbar\ICQUnToolbar.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 17:15
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
.
c:\windows\$NtUninstallKB22579$:SummaryInformation 0 bytes hidden from API
.
.
**************************************************************************
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\\.\globalroot\Device\svchost.exe\svchost.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\windows\Microsoft.NET\Framework\v2.0.50727\dfsvc.exe
c:\windows\ATKKBService.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2011-07-22 17:17:47 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-22 15:17
ComboFix2.txt 2011-07-22 14:36
.
Před spuštěním: 8 264 192 000
Po spuštění: 8 235 880 448
.
- - End Of File - - 6D5A45E432AA3CBD4D111E289F338291
Nahr nˇ probŘhlo ŁspŘçnŘ
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus z Facebooku :(

#8 Příspěvek od vyosek »

:arrow: Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
  • Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
  • Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
  • Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
  • Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
  • Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
  • Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte
:arrow: Stahnete SytemLook (viz muj podpis) a ulozte jej na plochu
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    :filefind
svchost.exe
beep.sys
  • Kliknete na Look
  • Tlacitko Look se zmeni na Scanning a zsedne
  • Pockejte pokud se tlacitko Scanning opet nezmeni na Look - tak poznate ze SystemLook dokoncil svou praci
  • Vyskoci na Vas log s nazvem SystemLook (pripadne bude ulozen na plose), jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Re: Vírus z Facebooku :(

#9 Příspěvek od mafcool »

2011/07/22 17:28:29.0140 1360 TDSS rootkit removing tool 2.5.11.0 Jul 11 2011 16:56:56
2011/07/22 17:28:31.0140 1360 ================================================================================
2011/07/22 17:28:31.0140 1360 SystemInfo:
2011/07/22 17:28:31.0140 1360
2011/07/22 17:28:31.0140 1360 OS Version: 5.1.2600 ServicePack: 2.0
2011/07/22 17:28:31.0140 1360 Product type: Workstation
2011/07/22 17:28:31.0140 1360 ComputerName: KATKA-32C3C3998
2011/07/22 17:28:31.0140 1360 UserName: katka
2011/07/22 17:28:31.0140 1360 Windows directory: C:\WINDOWS
2011/07/22 17:28:31.0140 1360 System windows directory: C:\WINDOWS
2011/07/22 17:28:31.0140 1360 Processor architecture: Intel x86
2011/07/22 17:28:31.0140 1360 Number of processors: 1
2011/07/22 17:28:31.0140 1360 Page size: 0x1000
2011/07/22 17:28:31.0140 1360 Boot type: Normal boot
2011/07/22 17:28:31.0140 1360 ================================================================================
2011/07/22 17:28:31.0593 1360 Initialize success
2011/07/22 17:28:41.0187 3004 ================================================================================
2011/07/22 17:28:41.0187 3004 Scan started
2011/07/22 17:28:41.0187 3004 Mode: Manual;
2011/07/22 17:28:41.0187 3004 ================================================================================
2011/07/22 17:28:41.0546 3004 ACPI (fa2fbcda96d2385f773b059fe5a125a6) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/07/22 17:28:41.0593 3004 ACPIEC (afdff022a01f0b11c776f0860c3b282f) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/07/22 17:28:41.0671 3004 aec (1ee7b434ba961ef845de136224c30fec) C:\WINDOWS\system32\drivers\aec.sys
2011/07/22 17:28:41.0750 3004 AFD (5ac495f4cb807b2b98ad2ad591e6d92e) C:\WINDOWS\System32\drivers\afd.sys
2011/07/22 17:28:41.0875 3004 AmdK8 (59301936898ae62245a6f09c0aba9475) C:\WINDOWS\system32\DRIVERS\AmdK8.sys
2011/07/22 17:28:42.0015 3004 asuskbnt (f5c2ccdb273a546e9c3a15250f1d9165) C:\WINDOWS\system32\drivers\atkkbnt.sys
2011/07/22 17:28:42.0078 3004 AsyncMac (02000abf34af4c218c35d257024807d6) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/07/22 17:28:42.0109 3004 atapi (cdfe4411a69c224bd1d11b2da92dac51) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/07/22 17:28:42.0203 3004 Atmarpc (ec88da854ab7d7752ec8be11a741bb7f) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/07/22 17:28:42.0281 3004 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/07/22 17:28:42.0625 3004 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/07/22 17:28:42.0687 3004 CCDECODE (6163ed60b684bab19d3352ab22fc48b2) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/07/22 17:28:42.0750 3004 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/07/22 17:28:42.0812 3004 Cdfs (cd7d5152df32b47f4e36f710b35aae02) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/07/22 17:28:42.0843 3004 Cdrom (af9c19b3100fe010496b1a27181fbf72) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/07/22 17:28:43.0062 3004 Disk (00ca44e4534865f8a3b64f7c0984bff0) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/07/22 17:28:43.0140 3004 dmboot (e1968edec81c430108feb23ab07bdb14) C:\WINDOWS\system32\drivers\dmboot.sys
2011/07/22 17:28:43.0187 3004 dmio (1b1520a82e396e46b9ae9fa6b03ff6c6) C:\WINDOWS\system32\drivers\dmio.sys
2011/07/22 17:28:43.0218 3004 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/07/22 17:28:43.0265 3004 DMusic (a6f881284ac1150e37d9ae47ff601267) C:\WINDOWS\system32\drivers\DMusic.sys
2011/07/22 17:28:43.0343 3004 drmkaud (1ed4dbbae9f5d558dbba4cc450e3eb2e) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/07/22 17:28:43.0406 3004 eamon (7a25ad652a3003b8854e873a3324e672) C:\WINDOWS\system32\DRIVERS\eamon.sys
2011/07/22 17:28:43.0468 3004 easdrv (c7c17bc80b7264322207abc31f20ea84) C:\WINDOWS\system32\DRIVERS\easdrv.sys
2011/07/22 17:28:43.0500 3004 EIO (0daf3544804650526751c478aeccce63) C:\WINDOWS\system32\drivers\EIO.sys
2011/07/22 17:28:43.0562 3004 epfwtdir (74051da749e5e89a14ddab5ba4a03a7f) C:\WINDOWS\system32\DRIVERS\epfwtdir.sys
2011/07/22 17:28:43.0656 3004 Fastfat (3117f595e9615e04f05a54fc15a03b20) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/07/22 17:28:43.0687 3004 Fdc (ced2e8396a8838e59d8fd529c680e02c) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/07/22 17:28:43.0765 3004 Fips (266dab58619b17bdf37fabbd48d875ca) C:\WINDOWS\system32\drivers\Fips.sys
2011/07/22 17:28:43.0812 3004 Flpydisk (0dd1de43115b93f4d85e889d7a86f548) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/07/22 17:28:43.0875 3004 FltMgr (5a85cd3d07273e3f6fe72ee9c6431632) C:\WINDOWS\system32\DRIVERS\fltMgr.sys
2011/07/22 17:28:43.0921 3004 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/07/22 17:28:43.0968 3004 Ftdisk (4e664d8541db4a66b73a24257e322e1f) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/07/22 17:28:44.0078 3004 Gpc (c0f1d4a21de5a415df8170616703debf) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/07/22 17:28:44.0125 3004 hamachi (7929a161f9951d173ca9900fe7067391) C:\WINDOWS\system32\DRIVERS\hamachi.sys
2011/07/22 17:28:44.0171 3004 HDAudBus (3fcc124b6e08ee0e9351f717dd136939) C:\WINDOWS\system32\DRIVERS\HDAudBus.sys
2011/07/22 17:28:44.0265 3004 hidusb (1de6783b918f540149aa69943bdfeba8) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/07/22 17:28:44.0375 3004 HTTP (909d110c9634b0f1487eaaea837317d9) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/07/22 17:28:44.0484 3004 i8042prt (0f42de9909b5dbf2c48dd1a79d491af5) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/07/22 17:28:44.0546 3004 Imapi (f8aa320c6a0409c0380e5d8a99d76ec6) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/07/22 17:28:44.0765 3004 IntcAzAudAddService (2389f12f0ed506176b7c29c8144cea09) C:\WINDOWS\system32\drivers\RtkHDAud.sys
2011/07/22 17:28:44.0937 3004 Ip6Fw (4448006b6bc60e6c027932cfc38d6855) C:\WINDOWS\system32\DRIVERS\Ip6Fw.sys
2011/07/22 17:28:45.0000 3004 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/07/22 17:28:45.0046 3004 IpInIp (e1ec7f5da720b640cd8fb8424f1b14bb) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/07/22 17:28:45.0093 3004 IpNat (b5a8e215ac29d24d60b4d1250ef05ace) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/07/22 17:28:45.0156 3004 IPSec (64537aa5c003a6afeee1df819062d0d1) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/07/22 17:28:45.0218 3004 irda (86c204836feec22510d434982d4221b8) C:\WINDOWS\system32\DRIVERS\irda.sys
2011/07/22 17:28:45.0281 3004 IRENUM (50708daa1b1cbb7d6ac1cf8f56a24410) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/07/22 17:28:45.0328 3004 irsir (0501f0b9ab08425f8c0eacbdcc04aa32) C:\WINDOWS\system32\DRIVERS\irsir.sys
2011/07/22 17:28:45.0390 3004 isapnp (1091528512e4dd7ed5fddcc4df1c53d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/07/22 17:28:45.0437 3004 Kbdclass (6f877bf8dc01a550cd666f3bedb2213c) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/07/22 17:28:45.0500 3004 kbdhid (065b5a83aa78c0c7047bf22e0ab5c821) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/07/22 17:28:45.0562 3004 kmixer (8531438246ce9474e41ee1599904c0c7) C:\WINDOWS\system32\drivers\kmixer.sys
2011/07/22 17:28:45.0625 3004 KSecDD (eb7ffe87fd367ea8fca0506f74a87fbb) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/07/22 17:28:45.0781 3004 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/07/22 17:28:45.0843 3004 Modem (60210deb037846afe521ebf349964f6b) C:\WINDOWS\system32\drivers\Modem.sys
2011/07/22 17:28:45.0906 3004 Mouclass (b160ec94114715675509115986400fd9) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/07/22 17:28:46.0000 3004 mouhid (bb269eba740737ab749b214d568b6812) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/07/22 17:28:46.0046 3004 MountMgr (65653f3b4477f3c63e68a9659f85ee2e) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/07/22 17:28:46.0109 3004 MRxDAV (46edcc8f2db2f322c24f48785cb46366) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/07/22 17:28:46.0187 3004 MRxSmb (7412ce77c6fd823f8889b4df420c680b) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/07/22 17:28:46.0234 3004 Msfs (561b3a4333ca2dbdba28b5b956822519) C:\WINDOWS\system32\drivers\Msfs.sys
2011/07/22 17:28:46.0312 3004 MSKSSRV (ae431a8dd3c1d0d0610cdbac16057ad0) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/07/22 17:28:46.0343 3004 MSPCLOCK (13e75fef9dfeb08eeded9d0246e1f448) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/07/22 17:28:46.0390 3004 MSPQM (1988a33ff19242576c3d0ef9ce785da7) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/07/22 17:28:46.0453 3004 mssmbios (469541f8bfd2b32659d5d463a6714bce) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/07/22 17:28:46.0500 3004 MSTEE (bf13612142995096ab084f2db7f40f77) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/07/22 17:28:46.0531 3004 Mup (82035e0f41c2dd05ae41d27fe6cf7de1) C:\WINDOWS\system32\drivers\Mup.sys
2011/07/22 17:28:46.0578 3004 NABTSFEC (5c8dc6429c43dc6177c1fa5b76290d1a) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/07/22 17:28:46.0625 3004 NDIS (558635d3af1c7546d26067d5d9b6959e) C:\WINDOWS\system32\drivers\NDIS.sys
2011/07/22 17:28:46.0671 3004 NdisIP (520ce427a8b298f54112857bcf6bde15) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/07/22 17:28:46.0718 3004 NdisTapi (08d43bbdacdf23f34d79e44ed35c1b4c) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/07/22 17:28:46.0796 3004 Ndisuio (34d6cd56409da9a7ed573e1c90a308bf) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/07/22 17:28:46.0843 3004 NdisWan (0b90e255a9490166ab368cd55a529893) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/07/22 17:28:46.0906 3004 NDProxy (59fc3fb44d2669bc144fd87826bb571f) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/07/22 17:28:46.0937 3004 NetBIOS (3a2aca8fc1d7786902ca434998d7ceb4) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/07/22 17:28:46.0984 3004 NetBT (0c80e410cd2f47134407ee7dd19cc86b) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/07/22 17:28:47.0062 3004 Npfs (4f601bcb8f64ea3ac0994f98fed03f8e) C:\WINDOWS\system32\drivers\Npfs.sys
2011/07/22 17:28:47.0125 3004 Ntfs (b78be402c3f63dd55521f73876951cdd) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/07/22 17:28:47.0265 3004 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/07/22 17:28:47.0421 3004 nv (5645072033c2e51386e91bc137c0beb5) C:\WINDOWS\system32\DRIVERS\nv4_mini.sys
2011/07/22 17:28:47.0562 3004 nvata (c03e15101f6d9e82cd9b0e7d715f5de3) C:\WINDOWS\system32\DRIVERS\nvata.sys
2011/07/22 17:28:47.0593 3004 NVENETFD (cc34564bca235ebad8b308d871efa2df) C:\WINDOWS\system32\DRIVERS\NVENETFD.sys
2011/07/22 17:28:47.0640 3004 nvnetbus (46fdb8d07dd4fc81093b0acb243a525d) C:\WINDOWS\system32\DRIVERS\nvnetbus.sys
2011/07/22 17:28:47.0703 3004 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/07/22 17:28:47.0734 3004 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/07/22 17:28:47.0828 3004 Parport (76a18caa2fefb28a4ced38d76837e86e) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/07/22 17:28:47.0890 3004 PartMgr (3334430c29dc338092f79c38ef7b4cd0) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/07/22 17:28:47.0953 3004 ParVdm (1fae19d0457176318bba4a8795656ebc) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/07/22 17:28:48.0000 3004 PCI (b7979f37bb7b9df2230046134955e6e7) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/07/22 17:28:48.0093 3004 PCIIde (2da4ec85e0ea7a45c6b2a05820492d5a) C:\WINDOWS\system32\DRIVERS\pciide.sys
2011/07/22 17:28:48.0156 3004 Pcmcia (90505755634407d4ef4c6dea60fc1df9) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/07/22 17:28:48.0406 3004 PptpMiniport (1c5cc65aac0783c344f16353e60b72ac) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/07/22 17:28:48.0453 3004 Processor (9a10e4fd13824823da50d4758bd0a645) C:\WINDOWS\system32\DRIVERS\processr.sys
2011/07/22 17:28:48.0515 3004 PSched (48671f327553dcf1d27f6197f622a668) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/07/22 17:28:48.0578 3004 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/07/22 17:28:48.0781 3004 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/07/22 17:28:48.0843 3004 Rasirda (0207d26ddf796a193ccd9f83047bb5fc) C:\WINDOWS\system32\DRIVERS\rasirda.sys
2011/07/22 17:28:48.0859 3004 Rasl2tp (98faeb4a4dcf812ba1c6fca4aa3e115c) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/07/22 17:28:48.0906 3004 RasPppoe (7306eeed8895454cbed4669be9f79faa) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/07/22 17:28:48.0937 3004 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/07/22 17:28:48.0984 3004 Rdbss (ed375ce745c42a14f10753f7022ecd6a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/07/22 17:28:49.0093 3004 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/07/22 17:28:49.0156 3004 rdpdr (a2cae2c60bc37e0751ef9dda7ceaf4ad) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/07/22 17:28:49.0203 3004 RDPWD (047bea21274c8a4a233674a76c958c2c) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/07/22 17:28:49.0250 3004 redbook (aba13d33e1f888c9a68599a48a8840d6) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/07/22 17:28:49.0359 3004 Secdrv (07f7f501ad50de2ba2d5842d9b6d6155) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/07/22 17:28:49.0421 3004 serenum (a2d868aeeff612e70e213c451a70cafb) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/07/22 17:28:49.0484 3004 Serial (883d0d6970bc19d36abef469f8a67fb1) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/07/22 17:28:49.0484 3004 Suspicious file (Forged): C:\WINDOWS\system32\DRIVERS\serial.sys. Real md5: 883d0d6970bc19d36abef469f8a67fb1, Fake md5: c1ddbc85251551a840212999da3d95f3
2011/07/22 17:28:49.0484 3004 Serial - detected ForgedFile.Multi.Generic (1)
2011/07/22 17:28:49.0578 3004 sfdrv01a (4d0ce0fadca29e7da68ce597ac9010bd) C:\WINDOWS\system32\drivers\sfdrv01a.sys
2011/07/22 17:28:49.0609 3004 sfhlp02 (daad4c099ebf5094d32c373ac1ac0f3c) C:\WINDOWS\system32\drivers\sfhlp02.sys
2011/07/22 17:28:49.0671 3004 Sfloppy (0d13b6df6e9e101013a7afb0ce629fe0) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/07/22 17:28:49.0750 3004 sfsync04 (c526ad307ff1900bc4c864f74553f762) C:\WINDOWS\system32\drivers\sfsync04.sys
2011/07/22 17:28:49.0843 3004 SLIP (5caeed86821fa2c6139e32e9e05ccdc9) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/07/22 17:28:49.0921 3004 splitter (9bb1dd670cb7505a90fc4e61d4aa8227) C:\WINDOWS\system32\drivers\splitter.sys
2011/07/22 17:28:50.0015 3004 sptd (d390675b8ce45e5fb359338e5e649329) C:\WINDOWS\system32\Drivers\sptd.sys
2011/07/22 17:28:50.0015 3004 Suspicious file (NoAccess): C:\WINDOWS\system32\Drivers\sptd.sys. md5: d390675b8ce45e5fb359338e5e649329
2011/07/22 17:28:50.0015 3004 sptd - detected LockedFile.Multi.Generic (1)
2011/07/22 17:28:50.0062 3004 sr (a74035ea526db97d9d50d2143a55f5cf) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/07/22 17:28:50.0140 3004 Srv (5230953c21c811b5fc1ff31ae2b48097) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/07/22 17:28:50.0203 3004 streamip (284c57df5dc7abca656bc2b96a667afb) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/07/22 17:28:50.0250 3004 swenum (03c1bae4766e2450219d20b993d6e046) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/07/22 17:28:50.0296 3004 swmidi (94abc808fc4b6d7d2bbf42b85e25bb4d) C:\WINDOWS\system32\drivers\swmidi.sys
2011/07/22 17:28:50.0453 3004 sysaudio (650ad082d46bac0e64c9c0e0928492fd) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/07/22 17:28:50.0515 3004 Tcpip (b2220c618b42a2212a59d91ebd6fc4b4) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/07/22 17:28:50.0578 3004 TDPIPE (38d437cf2d98965f239b0abcd66dcb0f) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/07/22 17:28:50.0625 3004 TDTCP (ed0580af02502d00ad8c4c066b156be9) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/07/22 17:28:50.0687 3004 TermDD (a540a99c281d933f3d69d55e48727f47) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/07/22 17:28:50.0812 3004 Udfs (12f70256f140cd7d52c58c7048fde657) C:\WINDOWS\system32\drivers\Udfs.sys
2011/07/22 17:28:50.0921 3004 Update (aff2e5045961bbc0a602bb6f95eb1345) C:\WINDOWS\system32\DRIVERS\update.sys
2011/07/22 17:28:51.0015 3004 usbccgp (bffd9f120cc63bcbaa3d840f3eef9f79) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/07/22 17:28:51.0078 3004 usbehci (15e993ba2f6946b2bfbbfcd30398621e) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/07/22 17:28:51.0125 3004 usbhub (c72f40947f92cea56a8fb532edf025f1) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/07/22 17:28:51.0171 3004 usbohci (bdfe799a8531bad8a5a985821fe78760) C:\WINDOWS\system32\DRIVERS\usbohci.sys
2011/07/22 17:28:51.0218 3004 usbscan (a6bc71402f4f7dd5b77fd7f4a8ddba85) C:\WINDOWS\system32\DRIVERS\usbscan.sys
2011/07/22 17:28:51.0265 3004 USBSTOR (6cd7b22193718f1d17a47a1cd6d37e75) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/07/22 17:28:51.0328 3004 usbvideo (8968ff3973a883c49e8b564200f565b9) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/07/22 17:28:51.0421 3004 VgaSave (8a60edd72b4ea5aea8202daf0e427925) C:\WINDOWS\System32\drivers\vga.sys
2011/07/22 17:28:51.0500 3004 VolSnap (cd8cce067f7e9cbd762c00bdddecaa34) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/07/22 17:28:51.0578 3004 Wanarp (984ef0b9788abf89974cfed4bfbaacbc) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/07/22 17:28:51.0687 3004 wdmaud (0bfa8203b8148fb4e54bc212c41ce497) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/07/22 17:28:51.0812 3004 WS2IFSL (6abe6e225adb5a751622a9cc3bc19ce8) C:\WINDOWS\System32\drivers\ws2ifsl.sys
2011/07/22 17:28:51.0875 3004 WSTCODEC (d5842484f05e12121c511aa93f6439ec) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/07/22 17:28:51.0937 3004 MBR (0x1B8) (413fc2a0c716421b3158746d63736515) \Device\Harddisk0\DR0
2011/07/22 17:28:52.0031 3004 Boot (0x1200) (d072aa5114f25f493ec2047c53786e8c) \Device\Harddisk0\DR0\Partition0
2011/07/22 17:28:52.0046 3004 Boot (0x1200) (9272e96ce3106e416b91e507f5d72781) \Device\Harddisk0\DR0\Partition1
2011/07/22 17:28:52.0093 3004 Boot (0x1200) (b43608fb68016084c0faf621ab27e1b3) \Device\Harddisk0\DR0\Partition2
2011/07/22 17:28:52.0093 3004 ================================================================================
2011/07/22 17:28:52.0093 3004 Scan finished
2011/07/22 17:28:52.0093 3004 ================================================================================
2011/07/22 17:28:52.0109 0592 Detected object count: 2
2011/07/22 17:28:52.0109 0592 Actual detected object count: 2
2011/07/22 17:28:57.0296 0592 ForgedFile.Multi.Generic(Serial) - User select action: Skip
2011/07/22 17:28:57.0296 0592 LockedFile.Multi.Generic(sptd) - User select action: Skip



SystemLook 04.09.10 by jpshortstuff
Log created at 17:31 on 22/07/2011 by katka
Administrator - Elevation successful

========== filefind ==========

Searching for "svchost.exe"
C:\WINDOWS\ERDNT\cache\svchost.exe --a---- 14336 bytes [14:35 22/07/2011] [14:49 17/08/2004] DFBA2915B0BF58ABB288CD4C9318CB3F
C:\WINDOWS\system32\svchost.exe --a---- 14336 bytes [14:49 17/08/2004] [14:49 17/08/2004] DFBA2915B0BF58ABB288CD4C9318CB3F
C:\WINDOWS\system32\dllcache\svchost.exe --a--c- 14336 bytes [14:49 17/08/2004] [14:49 17/08/2004] DFBA2915B0BF58ABB288CD4C9318CB3F

Searching for "beep.sys"
No files found.

-= EOF =-
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus z Facebooku :(

#10 Příspěvek od vyosek »

Jeste jeden skript pro SystemLook - log opet sem

Kód: Vybrat vše

:filefind
serial.sys

:dir
c:\\.\globalroot /sub
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Re: Vírus z Facebooku :(

#11 Příspěvek od mafcool »

SystemLook 04.09.10 by jpshortstuff
Log created at 17:41 on 22/07/2011 by katka
Administrator - Elevation successful

========== filefind ==========

Searching for "serial.sys"
C:\WINDOWS\system32\drivers\serial.sys --a---- 64640 bytes [14:44 17/08/2004] [14:44 17/08/2004] C1DDBC85251551A840212999DA3D95F3

========== dir ==========

c:\\.\globalroot - Unable to find folder.

-= EOF =-
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus z Facebooku :(

#12 Příspěvek od vyosek »

Nainstalujte ServicePack 3 a pak napiste
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Re: Vírus z Facebooku :(

#13 Příspěvek od mafcool »

a to mam najst kde? :D
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: Vírus z Facebooku :(

#14 Příspěvek od vyosek »

Windows update nebo zde http://www.microsoft.com/downloads/cs-c ... laylang=cs
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
mafcool
Návštěvník
Návštěvník
Příspěvky: 18
Registrován: 22 črc 2011 13:22

Re: Vírus z Facebooku :(

#15 Příspěvek od mafcool »

okej mam :)
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“