VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

FB VIRUS

https://forum.viry.cz:443/viewtopic.php?t=113400

Stránka 2 z 2

Re: FB VIRUS

Napsal: 22 črc 2011 11:33
od stevo7
ComboFix 11-07-22.01 - Administrator . 07. 2011 12:19:47.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1022.361 [GMT 2:00]
Running from: c:\documents and settings\Administrator.PCDLO\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.PCDLO\Application Data\Dealio
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Janculka.PCDLO\WINDOWS
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Stevo.PCDLO\Application Data\hJCd8i8H8I.txt
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Stevo.PCDLO\WINDOWS
C:\Microsoft
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.1\config.ini
c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 09:37 . 2011-07-22 09:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-07-22 09:37 . 2011-07-22 09:37 -------- d-----w- c:\program files\AVAST Software
2011-07-21 15:54 . 2011-07-21 15:54 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Local Settings\Application Data\ESET
2011-07-21 15:15 . 2011-07-21 15:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ESET
2011-07-21 13:11 . 2011-07-21 13:11 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Application Data\Malwarebytes
2011-07-21 13:11 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 13:11 . 2011-07-21 13:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-07-21 13:11 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 13:11 . 2011-07-21 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 14:51 . 2011-07-20 14:51 -------- d-----w- c:\program files\trend micro
2011-07-20 14:51 . 2011-07-20 14:51 -------- d-----w- C:\rsit
2011-07-20 12:02 . 2011-07-20 12:02 -------- d-----w- c:\windows\ufa
2011-07-19 18:34 . 2011-07-19 18:35 246272 ----a-w- c:\windows\unrar.exe
2011-07-19 18:25 . 2011-07-19 18:25 -------- d-----w- c:\windows\av_ico
2011-07-19 18:25 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-19 18:23 . 2011-07-21 14:36 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-19 18:23 . 2011-07-21 14:33 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-06 08:04 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-07-06 08:04 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-07-06 08:04 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-07-06 08:04 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-07-06 08:04 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-07-06 08:04 . 2011-07-06 08:04 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-07-06 08:04 . 2011-07-06 08:04 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-07-01 08:03 . 2011-07-01 08:03 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Local Settings\Application Data\Opera
2011-07-01 08:03 . 2011-07-01 08:03 -------- d-----w- c:\program files\Opera
2011-06-25 06:42 . 2011-06-25 06:42 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Application Data\Ascaron Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 16:42 . 2011-06-05 16:42 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Stevo.PCDLO\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\Administrator.PCDLO\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.

Re: FB VIRUS

Napsal: 22 črc 2011 11:42
od stell
Log combofixu nie je komplet, otvor znova C:\combofix.txt
a znova to skopiruj sem, ale cely log.

Re: FB VIRUS

Napsal: 22 črc 2011 11:45
od stevo7
prepac,

ComboFix 11-07-22.01 - Administrator . 07. 2011 12:19:47.1.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.1022.361 [GMT 2:00]
Running from: c:\documents and settings\Administrator.PCDLO\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Enabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.PCDLO\Application Data\Dealio
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Janculka.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Janculka.PCDLO\WINDOWS
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio\res\widgets.xml
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_dotd_.xml
c:\documents and settings\Stevo.PCDLO\Application Data\Dealio\temp\http___www_dealio_com_rss_coupons-deals_top_7days__cnid=[CHANNEL_ID]&ccv=[CODE_VER]&ISN=[ISN].xml
c:\documents and settings\Stevo.PCDLO\Application Data\hJCd8i8H8I.txt
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\1.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\a.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\b.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\c.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\d.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\e.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\f.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\g.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\h.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\i.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\J.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\k.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\l.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\m.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\mru.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\n.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\o.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\p.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\q.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\r.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\s.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\t.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\u.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\v.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\w.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\x.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\y.xml
c:\documents and settings\Stevo.PCDLO\Application Data\PriceGong\Data\z.xml
c:\documents and settings\Stevo.PCDLO\WINDOWS
C:\Microsoft
c:\program files\AskSearch\bin\DefaultSearch.dll
c:\program files\DaemonTools_WhenUSave_Installer
c:\program files\DaemonTools_WhenUSave_Installer\vvsn.cfg
c:\program files\Dealio Toolbar
c:\program files\Dealio Toolbar\FF\chrome.manifest
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\chevron.xul
c:\program files\Dealio Toolbar\FF\chrome\content\login.js
c:\program files\Dealio Toolbar\FF\chrome\content\login.xul
c:\program files\Dealio Toolbar\FF\chrome\content\parser.js
c:\program files\Dealio Toolbar\FF\chrome\content\RssTickerWidget.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.js
c:\program files\Dealio Toolbar\FF\chrome\content\searchbox.xul
c:\program files\Dealio Toolbar\FF\chrome\content\utils.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgicomm.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgihandling.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgichevron.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgilisteners.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.js
c:\program files\Dealio Toolbar\FF\chrome\content\widgitoolbarplugin.xul
c:\program files\Dealio Toolbar\FF\chrome\content\widgiui.js
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\searchbox.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.dtd
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\widgitoolbarplugin.properties
c:\program files\Dealio Toolbar\FF\chrome\locale\EN-US\yahoo-search.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\apple.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\barnes.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\bestbuy.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\icon_settings.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\macys.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\newegg.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\overstock.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-button.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron-hover.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search-chevron.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_amazon.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_dealio.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_ebay.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\search_yahoo.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\searchbox.css
c:\program files\Dealio Toolbar\FF\chrome\skin\splitter.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\target.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\walmart.gif
c:\program files\Dealio Toolbar\FF\chrome\skin\widgitoolbarplugin.css
c:\program files\Dealio Toolbar\FF\install.rdf
c:\program files\Dealio Toolbar\IE\4.1\config.ini
c:\program files\Dealio Toolbar\IE\4.1\dealioToolbarIE.dll
c:\program files\Dealio Toolbar\Res\amazon.gif
c:\program files\Dealio Toolbar\Res\apple.gif
c:\program files\Dealio Toolbar\Res\barnes.gif
c:\program files\Dealio Toolbar\Res\bestbuy.gif
c:\program files\Dealio Toolbar\Res\dealio_logo.gif
c:\program files\Dealio Toolbar\Res\dealio_logo_hover.gif
c:\program files\Dealio Toolbar\Res\ebay.gif
c:\program files\Dealio Toolbar\Res\icon_settings.gif
c:\program files\Dealio Toolbar\Res\macys.gif
c:\program files\Dealio Toolbar\Res\newegg.gif
c:\program files\Dealio Toolbar\Res\overstock.gif
c:\program files\Dealio Toolbar\Res\search-button-hover.gif
c:\program files\Dealio Toolbar\Res\search-button.gif
c:\program files\Dealio Toolbar\Res\search-chevron-hover.gif
c:\program files\Dealio Toolbar\Res\search-chevron.gif
c:\program files\Dealio Toolbar\Res\search_amazon.gif
c:\program files\Dealio Toolbar\Res\search_dealio.gif
c:\program files\Dealio Toolbar\Res\search_ebay.gif
c:\program files\Dealio Toolbar\Res\search_yahoo.gif
c:\program files\Dealio Toolbar\Res\target.gif
c:\program files\Dealio Toolbar\Res\walmart.gif
c:\program files\Dealio Toolbar\Res\widgets.xml
c:\program files\Dealio Toolbar\WidgiHelper.exe
c:\program files\Mozilla Firefox\extensions\dealio@mybrowserbar.com
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
.
.
((((((((((((((((((((((((( Files Created from 2011-06-22 to 2011-07-22 )))))))))))))))))))))))))))))))
.
.
2011-07-22 09:37 . 2011-07-22 09:50 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\AVAST Software
2011-07-22 09:37 . 2011-07-22 09:37 -------- d-----w- c:\program files\AVAST Software
2011-07-21 15:54 . 2011-07-21 15:54 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Local Settings\Application Data\ESET
2011-07-21 15:15 . 2011-07-21 15:15 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\ESET
2011-07-21 13:11 . 2011-07-21 13:11 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Application Data\Malwarebytes
2011-07-21 13:11 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 13:11 . 2011-07-21 13:11 -------- d-----w- c:\documents and settings\All Users.WINDOWS\Application Data\Malwarebytes
2011-07-21 13:11 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-21 13:11 . 2011-07-21 13:16 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-20 14:51 . 2011-07-20 14:51 -------- d-----w- c:\program files\trend micro
2011-07-20 14:51 . 2011-07-20 14:51 -------- d-----w- C:\rsit
2011-07-20 12:02 . 2011-07-20 12:02 -------- d-----w- c:\windows\ufa
2011-07-19 18:34 . 2011-07-19 18:35 246272 ----a-w- c:\windows\unrar.exe
2011-07-19 18:25 . 2011-07-19 18:25 -------- d-----w- c:\windows\av_ico
2011-07-19 18:25 . 2008-04-14 03:42 221184 ----a-w- c:\windows\system32\wmpns.dll
2011-07-19 18:23 . 2011-07-21 14:36 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-19 18:23 . 2011-07-21 14:33 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-06 08:04 . 2004-10-22 00:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-07-06 08:04 . 2004-10-22 00:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-07-06 08:04 . 2004-10-22 00:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-07-06 08:04 . 2004-10-22 00:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-07-06 08:04 . 2004-10-22 00:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-07-06 08:04 . 2011-07-06 08:04 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-07-06 08:04 . 2011-07-06 08:04 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-07-01 08:03 . 2011-07-01 08:03 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Local Settings\Application Data\Opera
2011-07-01 08:03 . 2011-07-01 08:03 -------- d-----w- c:\program files\Opera
2011-06-25 06:42 . 2011-06-25 06:42 -------- d-----w- c:\documents and settings\Administrator.PCDLO\Application Data\Ascaron Entertainment
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-05 16:42 . 2011-06-05 16:42 98304 ----a-w- c:\windows\system32\CmdLineExt.dll
2009-05-13 21:55 . 2009-05-13 21:55 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-13 21:55 . 2009-05-13 21:55 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-10-15 375000]
"RTHDCPL"="RTHDCPL.EXE" [2010-04-30 19523616]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2011-01-07 111208]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2011-01-07 13880424]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-11-04 1753192]
"NeroCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-12-10 49152]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-10-07 1461080]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Stevo.PCDLO\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\Administrator.PCDLO\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-2-16 384512]
.
c:\documents and settings\All Users.WINDOWS\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-1-2 210520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Documents and Settings\\Administrator.PCDLO\\Application Data\\PowerChallenge\\PowerSoccer\\PowerSoccer.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
.
R1 AppleCharger;AppleCharger;c:\windows\system32\drivers\AppleCharger.sys [27. 1. 2011 14:16 19496]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [13. 3. 2008 16:52 35168]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [31. 1. 2011 12:05 15424]
R2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [15. 10. 2009 15:06 223464]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [13. 3. 2008 16:49 472280]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [21. 7. 2011 15:11 366640]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [21. 7. 2011 15:11 22712]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [27. 1. 2011 14:11 1691480]
S3 AppleChargerSrv;AppleChargerSrv;system32\AppleChargerSrv.exe --> system32\AppleChargerSrv.exe [?]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
mStart Page = hxxp://www.bigseekpro.com/hypercam/{A9BFD235-B ... F432A6C487}
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
LSP: c:\windows\system32\imon.dll
TCP: Interfaces\{CAAAFA9E-82A3-4D39-AC99-7D3E88C48DAB}: NameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe
HKLM-Run-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Cheat Engine 6.1_is1 - d:\ce\unins000.exe
AddRemove-HyperCam Toolbar - c:\program files\HyperCam Toolbar\UninstallToolbar.exe
AddRemove-NOD32 - c:\program files\Eset\Setup\setup.exe
AddRemove-ScreenshotCaptor_is1 - c:\program files\ScreenshotCaptor\unins000.exe
AddRemove-Totalcmd - c:\totalcmd\tcuninst.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-07-22 12:28
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(788)
c:\windows\system32\imon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\RUNDLL32.EXE
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\wscntfy.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
.
**************************************************************************
.
Completion time: 2011-07-22 12:31:56 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-22 10:31
.
Pre-Run: 21 697 421 312 bytes free
Post-Run: 26 248 695 808 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=AlwaysOff /fastdetect /usepmtimer
.
- - End Of File - - 5964DD744935F8CC9208ECFA5BD8F640[/code]

Re: FB VIRUS

Napsal: 22 črc 2011 11:52
od stell
ok, zmaz zlozky
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk

Ak uz nie su problemy s pc to je vsetko
Vypnut obnovu systemu, restsrt a zapnut spat.
Odinstaluj combofix, ikonu combofixu premenuj na uninstall
a spust.

Re: FB VIRUS

Napsal: 22 črc 2011 11:57
od stevo7
tie zlozky mam zmazat normalne SHIFT+DELETE ?

Re: FB VIRUS

Napsal: 22 črc 2011 12:00
od stell
ano, modrym napisane,oznac myskou a mozes SHIFT+DELETE

Re: FB VIRUS

Napsal: 22 črc 2011 12:03
od stevo7
update.tray tam vazne nikde nevidim nech hladam ako chcem.. nezmazal to uz nahodou combofix?

Re: FB VIRUS

Napsal: 22 črc 2011 12:05
od stell
je to skryta zlozka, zapni zobrazovanie skrytych zloziek a suborov.

Re: FB VIRUS

Napsal: 22 črc 2011 12:06
od stevo7
prepac, som amater ani toto neviem.. Kde to urobim?

Re: FB VIRUS

Napsal: 22 črc 2011 12:11
od stell
http://virusstell.blogspot.com/2011/03/ ... nikov.html

Re: FB VIRUS

Napsal: 22 črc 2011 12:14
od stell
pockaj ty mas xp
pre teba plati toto
Alebo:
1:Stlac Kláves s logom Windows + R
2:Napíšeme:control folders
3:klikneme na zobrazenie.
4:Zaškrtneme,Zobrazovať skryté súbory a priečinky.
5:Klikneme na tlačidlo OK.

Re: FB VIRUS

Napsal: 22 črc 2011 12:19
od stevo7
Už som to našiel a všetko urobil..

chcem sa ti poďakovať, veľmi si ťa vážim a určite podporím :)
Maj sa,

Re: FB VIRUS

Napsal: 22 črc 2011 12:22
od stell
:)
Nemas zaco
Všechny časy jsou v UTC+01:00
Stránka 2 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz