Facebook-vírus

Zpráva

hardman · #1 Příspěvek od **hardman** » 27 črc 2011 14:28

Dobry den.Mam problem dostal som virus z fb.Bola to aklualizacia adobe flash playeru.Po stiahnuti a spusteni suboru flash.exe ma eset upozornil,dal som remove a PC sa restartol,presiel do save modu,cakal som co PC spravi a po chvilke sa znova resetol a normalne zapol.PC pracoval niekedy spomalene napr pri otvarani okien a pri starte vypisovalo chybu: netsh.exe-Vstupný bod nebol nájdený-Vstupný bod procedúry MigrateWinsockConfiguration sa nepodarilo nájsť v dynamicky prepojovanej knižnici MSWSOCK.dll. ale stahoval som nejake programy napr. WinsockxpFix a tak a teraz mi pri starte chybu nepise PC pracuje normalne,internet ide a niekedy vobec nechce nacitat ziadnu stranku a dostal som sa aj na FB ale Eset nejde spustit a pri tejto snahe sa objavi cervena tabulka s nadpisom ENCHANCED PROTECTION MODE tak ako pred tim.

hardman · #2 Příspěvek od **hardman** » 27 črc 2011 14:46

tu je log
Logfile of random's system information tool 1.09 (written by random/random)
Run by HARDMAN at 2011-07-27 15:36:50
WIN_XP Service Pack 3
System drive C: has 7 GB (22%) free of 29 GB
Total RAM: 1022 MB (28% free)

======Scheduled tasks folder======

C:\WINDOWS\tasks\1-Click Maintenance.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore1cb0d9d335d472e.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}:1.5.0.850, {2224E955-00E9-4613-A844-CE69FCCAAE91}:3.4.0.4340, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://search.sweetim.com/search.asp?src=2&q="

"{2224E955-00E9-4613-A844-CE69FCCAAE91}"=C:\Program Files\Internet Saving Optimizer\3.4.0.4340\FF
"{0BA0192D-94A5-45e3-B2B8-3EC5A1A0B5EC}"=C:\Program Files\Media Access Startup\1.5.0.850\FF
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}"=C:\Program Files\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=C:\Program Files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
AskHPRFF.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
npCouponPrinter.xpt
nppl3260.xpt
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsJSRealPlayerPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
npCouponPrinter.dll
npDivxPlayerPlugin.dll
npMozCouponPrinter.dll
npnul32.dll
NPOFF12.DLL
nppdf32.dll
nppl3260.dll
nprpjplug.dll
nsIDivxPlayerPlugin.xpt
ShockwavePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Documents and Settings\HARDMAN\Application Data\Mozilla\Firefox\Profiles\2xv5asca.default\extensions\
DTToolbar@toolbarnet.com
{20a82645-c095-46ed-80e3-08825760534b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
Media Access Startup

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{984A9162-8891-4D19-8CFE-17648BB4E1EC}]
GamePlayLabsBHO Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
VDownloader Toolbar

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22 517688]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-11-21 1054520]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2009-04-23 937416]
{D4027C7F-154A-4066-A1AD-4243D8127440} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"High Definition Audio Property Page Shortcut"=C:\WINDOWS\system32\HDAShCut.exe [2004-10-27 61952]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2005-05-20 925696]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\Smax4.exe [2005-09-07 716800]
"PAC207_Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"Monitor"=C:\WINDOWS\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2006-10-27 31016]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2007-03-01 153136]
"SecurDisc"=C:\Program Files\Nero\Nero 7\InCD\NBHGui.exe [2007-06-25 1629480]
"InCD"=C:\Program Files\Nero\Nero 7\InCD\InCD.exe [2007-06-25 1057064]
"ASUS Update Checker"=C:\Program Files\ASUS\ASUSUpdate\UpdateChecker\UpdateChecker.exe [2008-12-11 114688]
"Ai Nap"=C:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe [2007-12-10 1412608]
"CPU Power Monitor"=C:\Program Files\ASUS\AI Suite\AiGear3\CpuPowerMonitor.exe [2007-10-16 626176]
"Cpu Level Up help"=C:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe [2007-11-30 881152]
"NokiaMServer"=C:\Program Files\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles startup []
"nwiz"=C:\Program Files\NVIDIA Corporation\nView\nwiz.exe [2010-06-03 1753192]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2010-06-07 110696]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2010-06-07 13902440]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2009-11-18 54576]
""= []
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-07-20 1147392]
"tray_ico0"=C:\WINDOWS\update.tray-2-0\svchost.exe [2011-07-20 1147392]
"tray_ico1"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-07-20 1147392]
"8119627.exe"=C:\DOCUME~1\HARDMAN\LOCALS~1\Temp\8119627.exe [2011-07-20 232960]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-07-25 261632]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-07-25 256000]
"2281941.exe"=C:\DOCUME~1\HARDMAN\LOCALS~1\Temp\2281941.exe [2011-07-20 232960]
"9283901.exe"=C:\WINDOWS\TEMP\9283901.exe [2011-07-20 232960]
"6115264.exe"=C:\WINDOWS\TEMP\6115264.exe [2011-07-20 232960]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-07-25 235520]
"systemup"=C:\WINDOWS\systemup.exe [2011-07-20 114176]
"8026904.exe"=C:\WINDOWS\TEMP\8026904.exe [2011-07-25 256000]
"5911628.exe"=C:\WINDOWS\TEMP\5911628.exe [2011-07-27 502272]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2007-06-27 152872]
"STYLEXP"=C:\Program Files\TGTSoft\StyleXP\StyleXP.exe [2006-05-24 1372160]
""= []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2009-04-24 203928]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

C:\Documents and Settings\HARDMAN\Start Menu\Programs\Startup
Kalendár.lnk - C:\WINDOWS\MENINY.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-04-16 190464]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"Z:\Hry\Rise Of Nations\rise.exe"="Z:\Hry\Rise Of Nations\rise.exe:*:Enabled:Rise of Nations"
"Z:\Hry\Rise of Nations\nations.exe"="Z:\Hry\Rise of Nations\nations.exe:*:Enabled:Rise of Nations"
"Z:\Hry\Codemasters\GRID\GRID.exe"="Z:\Hry\Codemasters\GRID\GRID.exe:*:Enabled:GRID"
"Z:\Hry\EA Sports\NHL 09\nhl2009.exe"="Z:\Hry\EA Sports\NHL 09\nhl2009.exe:*:Enabled:nhl2009"
"Z:\Hry\Far Cry\Bin32\FarCry.exe"="Z:\Hry\Far Cry\Bin32\FarCry.exe:*:Enabled:Far Cry"
"Z:\Hry\EA GAMES\Need for Speed Most Wanted\speed.exe"="Z:\Hry\EA GAMES\Need for Speed Most Wanted\speed.exe:*:Enabled:speed"
"Z:\Hry\Rise of Nations Gold\thrones.exe"="Z:\Hry\Rise of Nations Gold\thrones.exe:*:Enabled:Rise of Nations"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"Z:\ANAL\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="Z:\ANAL\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"Z:\ANAL\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="Z:\ANAL\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"Z:\ANAL\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="Z:\ANAL\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"Z:\Hry\Command & Conquer 3\RetailExe\1.9\cnc3game.dat"="Z:\Hry\Command & Conquer 3\RetailExe\1.9\cnc3game.dat:*:Enabled:Command & Conquer 3 Tiberium Wars"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"Z:\Hry\Rise of Nations Gold\patriots.exe"="Z:\Hry\Rise of Nations Gold\patriots.exe:*:Enabled:Rise of Nations"
"C:\Program Files\TeamViewer\Version4\TeamViewer.exe"="C:\Program Files\TeamViewer\Version4\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\WINDOWS\system32\dplaysvr.exe"="C:\WINDOWS\system32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\HARDMAN\Desktop\bulanci.exe"="C:\Documents and Settings\HARDMAN\Desktop\bulanci.exe:*:Enabled:bulanci"
"Z:\Hry\Sniper Elite\SniperElite.exe"="Z:\Hry\Sniper Elite\SniperElite.exe:*:Enabled:SniperElite"
"Z:\Hry\Valve\hl.exe"="Z:\Hry\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"Z:\Hry\Valve\cstrike.exe"="Z:\Hry\Valve\cstrike.exe:*:Enabled:Counter-Strike Launcher"
"Z:\Hry\Worms.4.Mayhem.Multi.part1\Worms.4.Mayhem.Multi\WORMS 4 MAYHEM.EXE"="Z:\Hry\Worms.4.Mayhem.Multi.part1\Worms.4.Mayhem.Multi\WORMS 4 MAYHEM.EXE:*:Enabled:Worms 4 Mayhem"
"C:\Documents and Settings\HARDMAN\Local Settings\Temp\TeamViewer\Version5\TeamViewer.exe"="C:\Documents and Settings\HARDMAN\Local Settings\Temp\TeamViewer\Version5\TeamViewer.exe:*:Enabled:TeamViewer Remote Control Application"
"Z:\Hry\CS1.6 kopia\hlds.exe"="Z:\Hry\CS1.6 kopia\hlds.exe:*:Enabled:HLDS Launcher"
"Z:\Hry\CS1.6 kopia\hltv.exe"="Z:\Hry\CS1.6 kopia\hltv.exe:*:Enabled:HLTV Launcher"
"D:\setup\hpznui01.exe"="D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"Z:\downloads\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Program Files\Garena\Garena.exe"="C:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype "
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\WINDOWS\update.tray-2-0\svchost.exe"="C:\WINDOWS\update.tray-2-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-2-0\svchost.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\WINDOWS\update.tray-3-0-lnk\svchost.exe"="C:\WINDOWS\update.tray-3-0-lnk\svchost.exe:*:Disabled:svchost"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"C:\WINDOWS\systemup.exe"="C:\WINDOWS\systemup.exe:*:Disabled:systemup"
"C:\WINDOWS\l1rezerv.exe"="C:\WINDOWS\l1rezerv.exe:*:Disabled:l1rezerv"
"C:\Program Files\DivX\DivX Update\DivXUpdate.exe"="C:\Program Files\DivX\DivX Update\DivXUpdate.exe:*:Disabled:DivX Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"D:\setup\hpznui01.exe"="D:\setup\hpznui01.exe:*:Enabled:hpznui01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfcCopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe:*:Enabled:hpqgplgtupl.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe:*:Enabled:hpqgpc01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe:*:Enabled:hpqusgm.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe:*:Enabled:hpqusgh.exe"
"C:\Program Files\HP\HP Software Update\hpwucli.exe"="C:\Program Files\HP\HP Software Update\hpwucli.exe:*:Enabled:hpwucli.exe"
"C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe"="C:\Program Files\HP\Digital Imaging\smart web printing\SmartWebPrintExe.exe:*:Enabled:smartwebprintexe.exe"
"C:\Program Files\ICQ7.5\ICQ.exe"="C:\Program Files\ICQ7.5\ICQ.exe:*:Enabled:ICQ7.5"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\System32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VP60"=vp6vfw.dll
"VIDC.VP61"=vp6vfw.dll
"VIDC.VP62"=vp6vfw.dll
"VIDC.VP70"=vp7vfw.dll
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.HFYU"=huffyuv.dll
"vidc.i263"=i263_32.drv
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll

======File associations======

.reg - open - "regedit.exe" "%1"

======List of files/folders created in the last 1 month======

2011-07-27 15:36:50 ----D---- C:\rsit
2011-07-27 15:36:50 ----D---- C:\Program Files\trend micro
2011-07-22 18:20:34 ----D---- C:\Documents and Settings\HARDMAN\Application Data\Malwarebytes
2011-07-22 18:20:18 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2011-07-22 17:59:32 ----A---- C:\WINDOWS\UPGRADE.TXT
2011-07-22 17:44:40 ----D---- C:\ERDNT
2011-07-20 14:43:39 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-20 14:43:30 ----A---- C:\WINDOWS\systemup.exe
2011-07-20 14:43:30 ----A---- C:\WINDOWS\l1rezerv.exe
2011-07-20 14:43:28 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-20 14:43:09 ----D---- C:\WINDOWS\ufa
2011-07-20 14:43:09 ----D---- C:\WINDOWS\rpcminer
2011-07-20 14:43:09 ----D---- C:\WINDOWS\phoenix
2011-07-20 14:43:08 ----HD---- C:\WINDOWS\update.2
2011-07-20 14:42:41 ----A---- C:\WINDOWS\unrar.exe
2011-07-20 14:42:08 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-20 14:41:47 ----HD---- C:\WINDOWS\update.5.0
2011-07-20 14:41:47 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-07-20 14:41:40 ----A---- C:\WINDOWS\iplist.txt
2011-07-20 14:41:29 ----A---- C:\WINDOWS\sysdriver32.exe
2011-07-20 14:40:56 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-20 14:40:45 ----D---- C:\WINDOWS\av_ico
2011-07-20 14:38:29 ----HD---- C:\WINDOWS\update.1
2011-07-20 14:38:15 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-07-20 14:38:15 ----HD---- C:\WINDOWS\update.tray-3-0
2011-07-20 14:38:14 ----HD---- C:\WINDOWS\update.tray-2-0-lnk
2011-07-20 14:38:14 ----HD---- C:\WINDOWS\update.tray-2-0
2011-07-20 14:27:12 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-20 14:27:12 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-07-20 14:27:06 ----A---- C:\WINDOWS\services32.exe
2011-07-17 01:21:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2507938$
2011-07-17 01:13:45 ----HDC---- C:\WINDOWS\$NtUninstallKB2555917$
2011-07-06 21:14:38 ----D---- C:\Documents and Settings\HARDMAN\Application Data\go
2011-07-06 21:14:30 ----D---- C:\Documents and Settings\All Users\Application Data\Easybits GO
2011-06-28 23:31:38 ----HDC---- C:\WINDOWS\$NtUninstallKB2541763$

======List of files/folders modified in the last 1 month======

2011-07-27 15:36:50 ----D---- C:\Program Files
2011-07-27 14:58:01 ----D---- C:\WINDOWS\Temp
2011-07-27 14:57:40 ----A---- C:\WINDOWS\win.ini
2011-07-27 14:56:28 ----D---- C:\WINDOWS\system32\drivers
2011-07-25 22:56:35 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-07-25 22:36:24 ----A---- C:\WINDOWS\NeroDigital.ini
2011-07-25 20:54:47 ----D---- C:\WINDOWS
2011-07-22 18:27:36 ----SHD---- C:\WINDOWS\Installer
2011-07-22 18:27:35 ----HD---- C:\Config.Msi
2011-07-22 18:08:26 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-22 17:36:18 ----RSHDC---- C:\WINDOWS\system32\dllcache
2011-07-22 17:36:13 ----D---- C:\WINDOWS\system32
2011-07-22 17:35:52 ----D---- C:\WINDOWS\system32\CatRoot2
2011-07-22 16:57:27 ----D---- C:\Program Files\ICQ6Toolbar
2011-07-22 16:56:27 ----D---- C:\WINDOWS\system32\config
2011-07-22 16:55:47 ----D---- C:\WINDOWS\Registration
2011-07-21 21:21:38 ----D---- C:\WINDOWS\Prefetch
2011-07-20 16:39:04 ----SD---- C:\WINDOWS\Tasks
2011-07-20 14:44:09 ----SHD---- C:\System Volume Information
2011-07-20 14:44:09 ----D---- C:\WINDOWS\system32\Restore
2011-07-20 14:43:29 ----D---- C:\WINDOWS\system32\drivers\etc
2011-07-20 14:38:39 ----A---- C:\boot.ini
2011-07-20 14:33:48 ----D---- C:\Documents and Settings\HARDMAN\Application Data\Skype
2011-07-19 12:56:54 ----RD---- C:\Program Files\Skype
2011-07-19 12:56:45 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-07-19 12:56:19 ----D---- C:\Program Files\Common Files
2011-07-19 12:54:17 ----D---- C:\Documents and Settings\All Users\Application Data\Skype Extras
2011-07-17 01:21:54 ----HD---- C:\WINDOWS\inf
2011-07-17 01:14:02 ----A---- C:\WINDOWS\system32\MRT.exe
2011-07-17 01:13:56 ----A---- C:\WINDOWS\imsins.BAK
2011-07-16 23:27:57 ----HD---- C:\WINDOWS\$hf_mig$
2011-07-06 22:05:39 ----D---- C:\Documents and Settings\All Users\Application Data\2DBoy
2011-07-06 21:13:25 ----D---- C:\Documents and Settings\HARDMAN\Application Data\skypePM
2011-07-03 20:34:53 ----D---- C:\Documents and Settings\HARDMAN\Application Data\HPAppData
2011-07-01 01:23:53 ----D---- C:\Documents and Settings\All Users\Application Data\Norton
2011-06-30 20:14:29 ----D---- C:\WINDOWS\Microsoft.NET
2011-06-30 20:14:24 ----RSD---- C:\WINDOWS\assembly
2011-06-28 23:39:59 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-06-28 23:39:30 ----D---- C:\WINDOWS\WinSxS

Dajusas · #3 Příspěvek od **Dajusas** » 27 črc 2011 14:54

smazáno

#4 Příspěvek od **motji** » 27 črc 2011 22:16

Dobrý večer

Stáhněte Roguekiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
-ukončete všechny spuštěné programy
-spusťte program, pro visty/win 7 spustte pravým tlačítkem myši - jako správce
-použijte volbu 2 - enter
-pak použijte postupně i volby 3,4,5
-vložte zde logy

Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com

hardman · #5 Příspěvek od **hardman** » 28 črc 2011 15:51

Dobry den.Dakujem za ochotu.Jedna sa o to ze us mi poradil moderator p.Jenan v dalsom mojom prispevku protoze som si myslel ze tento prvy nikto nevidi.Poradil mi aby som stiahol mBam a dal mu log ale nefungovalo to,tak som stiahol Combofix spravil log a cakam co dalej.PC aj internet us ide normalne,nezamrrza ale bojim sa otvarat eset.Neviem teda ci mam instalovat ten Roguekiller.

#6 Příspěvek od **motji** » 28 črc 2011 16:41

Tak pokračujte tam, je ptořeba ještě něco domazat.
Ne, nemusíte ho spouštět, ale zkuste znovu ten mbam.

VIRY.CZ

Facebook-vírus

Facebook-vírus

Re: Facebook-vírus

Re: Facebook-vírus

Re: Facebook-vírus

Re: Facebook-vírus