protokol z marwelbyte

Zpráva

dada21 · #1 Příspěvek od **dada21** » 30 črc 2011 17:45

Prosim o kontrolu protokolu pre vymazanie infikovanych suborov

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verzia databázy: 7326

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

30. 7. 2011 17:47:04
mbam-log-2011-07-30 (17-46-45).txt

Typ kontroly: Úplná kontrola (C:\|D:\|)
Objektov kontrolovaných: 243467
Uplynutý čas: 30 min, 40 sek

Infikované služby pamäte: 9
Infikované moduly pamäte: 0
Infikované registračné kľúče: 14
Infikované registračné hodnoty: 9
Infikované položky registračných dát: 4
Infikované priečinky: 1
Infikované súbory: 48

Infikované služby pamäte:
c:\Users\dada\AppData\Roaming\dwm.exe (Trojan.Agent) -> 1524 -> No action taken.
c:\Users\dada\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> 1664 -> No action taken.
c:\Users\dada\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> 2032 -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> 992 -> No action taken.
c:\Windows\update.tray-2-0\svchost.exe (Trojan.Dropper) -> 860 -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 812 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 1948 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2024 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1476 -> No action taken.

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{55CDE9E7-696C-47C4-8E21-7210B8AEB103} (PUP.Adware.FunWeb) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{55CDE9E7-696C-47C4-8E21-7210B8AEB103} (PUP.Adware.FunWeb) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{5ED22E89-62FA-47EC-BD8D-374D849D436C} (PUP.Adware.FunWeb) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{5ED22E89-62FA-47EC-BD8D-374D849D436C} (PUP.Adware.FunWeb) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{D3CA5551-FC2E-4D09-8ECE-263607ACF9FC} (PUP.Adware.FunWeb) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{D3CA5551-FC2E-4D09-8ECE-263607ACF9FC} (PUP.Adware.FunWeb) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.

Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico2 (Trojan.Dropper) -> Value: tray_ico2 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Value: Load -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell.Gen) -> Value: Shell -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované položky registračných dát:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\dada\AppData\Local\Temp\csrss.exe) Good: () -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované priečinky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované súbory:
c:\Users\dada\AppData\Roaming\dwm.exe (Trojan.Agent) -> No action taken.
c:\Users\dada\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\Users\dada\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-15-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-2-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Users\dada\AppData\Local\Google\Chrome\user data\Default\Cache\f_007a93 (Trojan.Dropper) -> No action taken.
c:\Users\dada\AppData\Local\Temp\flash32.exe (Trojan.Agent) -> No action taken.
c:\Users\dada\AppData\Local\Temp\40370847.exe (Trojan.Downloader) -> No action taken.
c:\Users\dada\AppData\Roaming\dwmu.exe (Trojan.Agent) -> No action taken.
c:\Users\dada\downloads\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\Windows\gbot111.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Trojan.Agent) -> No action taken.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\13528_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\28704801.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\3721888.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\Temp\4981255.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\4999738.exe (Trojan.Downloader) -> No action taken.
c:\Windows\Temp\6129_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\66323_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\csrss.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.tray-15-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-2-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\2860669.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3128693.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\3691665.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4880666.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\5630944.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\8540553.exe (Trojan.Agent) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.

#2 Příspěvek od **Rudy** » 30 črc 2011 18:22

Smažte vše, co MBAM nalezl. Nepočítejte však s tím, že jste se tímto definitivně zbavil viru z FB. Bude třeba provést další kroky.

dada21 · #3 Příspěvek od **dada21** » 01 srp 2011 05:41

velmi pekne dakujem za pomoc, je to v poriadku, prebehla som aj cez windows scan a nenaslo nic.
je mozne, ze mi to mohlo mierne zmiatnut eset nod32?
marwelbyte som idinstalovala, je to v poriadku?
Zatial este raz velmi pekne dakujem!

Danstahr · #4 Příspěvek od **Danstahr** » 01 srp 2011 05:52

A pročpak zakládáte nové téma se stejným logem

?

http://www.viry.cz/forum/viewtopic.php?f=13&t=113953

#5 Příspěvek od **cernohous13** » 01 srp 2011 06:27

to dada21

Rudy píše Bude třeba provést další kroky
pokračuj v původním tématu s Danstahr
do vyřešení případu používej "Odpovědět" nikoli "Nové téma"
Děkuji a zamykám

VIRY.CZ

protokol z marwelbyte

protokol z marwelbyte

Re: protokol z marwelbyte

Re: protokol z marwelbyte

Re: protokol z marwelbyte

Re: protokol z marwelbyte