VIRY.CZ

Co ty cracky?



Jestli bude Avast rvat, ze to chce otevrit v sandboxu, nedovolte to! Vyberte moznost Otevrit normalne
Znovu spustte OTL
Do spodniho okna vlozte nasledujici text (vcetne te dvojtecky pred slovem commands) Kliknete na Opravit a nechte program pracovat. Pri otazce na restart souhlaste.
Po restartu se objevi novy log, ten sem dejte.




Udelejte !!!uplnou!!! kontrolu s MBAM http://forum.viry.cz/viewtopic.php?f=29&t=115222 a dejte sem vysledky. Predem nic nemazte, miva obcas falesne detekce

Jeste dodam, at pak na to nezapomenu, mate strasny brajgl na plose. Velikost plochy by nemela byt vetsi nez 200-300MB. Vy tam mate nejaka videa a dalsi veci. Pryc s tim, brzdi to pc.

Otl log:



All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: MajiOriginal
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Google Chrome cache emptied: 249341308 bytes
->Flash cache emptied: 0 bytes

User: Mamka
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 238,00 mb


[EMPTYFLASH]

User: All Users

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: MajiOriginal
->Flash cache emptied: 0 bytes

User: Mamka
->Flash cache emptied: 0 bytes

User: NetworkService

Total Flash Files Cleaned = 0,00 mb

========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-MAJIORIGINAL-PC-MajiOriginal.job moved successfully.
C:\WINDOWS\tasks\At1.job moved successfully.
C:\WINDOWS\tasks\DriverEasy Scheduled Scan.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-329068152-1606980848-1004Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-329068152-1606980848-1004UA.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-329068152-1606980848-1005Core.job moved successfully.
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1801674531-329068152-1606980848-1005UA.job moved successfully.
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Ask\APN-Stub\ATU2 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Ask\APN-Stub folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\Ask folder moved successfully.
C:\Documents and Settings\MajiOriginal\Data aplikací\Ask.com folder moved successfully.
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1801674531-329068152-1606980848-1004\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_USERS\S-1-5-21-1801674531-329068152-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1801674531-329068152-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1801674531-329068152-1606980848-1004\Software\Microsoft\Internet Explorer\SearchScopes\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B9C7CE32-DA91-43C2-B7E9-0E9AAFC675CD}\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=3\ deleted successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Update\1.3.21.115\npGoogleUpdate3.dll moved successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@tools.google.com/Google Update;version=9\ deleted successfully.
File C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Update\1.3.21.115\npGoogleUpdate3.dll not found.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\tb_ux folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\lib folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\content_script\hack folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\content_script folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\config\skin\js folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\config\skin\images folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\config\skin\css folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\config\skin folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\config\locales\en folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\config\locales folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\config folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0\background folder moved successfully.
C:\Documents and Settings\MajiOriginal\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aaaaoggiphohkihibdkcnhnokmkfmhnj\7.15.4.24150_0 folder moved successfully.
Registry value HKEY_USERS\S-1-5-21-1801674531-329068152-1606980848-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
C:\Documents and Settings\All Users\Data aplikací\IObit\Game Booster 3\Opt folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit\Game Booster 3\BackLnk folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit\Game Booster 3 folder moved successfully.
C:\Documents and Settings\All Users\Data aplikací\IObit folder moved successfully.
C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5C.tmp folder deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP1.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP16.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP19.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP1C.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP1F.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP22.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP25.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP28.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP2B.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP2E.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP31.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP34.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP37.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP3A.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP3D.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP40.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMP43.tmp deleted successfully.
C:\WINDOWS\system32\CatRoot\TMPF.tmp deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AESTFltr\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Driver Genius\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dxtory Update Checker 2.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WMPNSCFG\ deleted successfully.

OTL by OldTimer - Version 3.2.56.0 log created on 08052012_173330

Files\Folders moved on Reboot...
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...
[2012.08.05 17:34:56 | 000,000,000 | ---- | M] () C:\WINDOWS\temp\_avast_\Webshlock.txt : Unable to obtain MD5

Registry entries deleted on Reboot...

OTL provedlo co melo, takze jeste pockam na ten MBAM.

Zatím:

Nalezené objekty: 5

Pocet neni az tak dulezity, hlavni je co a kde nasel.
Ale to uvidim pak v logu

myslíte že to půjde zpravit ??? hlavně ty Cpůčka ???

Mbam Log...


Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Verze databáze: v2012.08.05.06

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
MajiOriginal :: MAJIORIGINAL-PC [administrátor]

5.8.2012 17:49:13
mbam-log-2012-08-05 (20-03-19).txt

Typ: Úplná kontrola (C:\|E:\|)
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 363432
Uplynulý čas: 2 hodin, 12 minut, 27 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 10
C:\Documents and Settings\MajiOriginal\Dokumenty\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\Keygen.exe (Trojan.Agent.CK) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\MajiOriginal\Dokumenty\Downloads\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\Sony.Vegas.Pro.10.x86-x64.Cracked-Torrentleech\SonyVegasProCRACK.exe (RiskWare.Tool.HCK) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\MajiOriginal\Dokumenty\Downloads\Adobe After Effects CS4 (Final) [RH]\Adobe After Effects CS4\ACS4MC- Keygen\Keygen (X-FORCE)\ACS4MC-Keygen (X-FORCE).exe (Trojan.Downloader) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\MajiOriginal\Dokumenty\Downloads\Camtasia Studio 7 + Keygen\Camtasia_Studio_7_Keygen.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\Documents and Settings\MajiOriginal\Plocha\dllcentral_d11409.exe (PUP.BundleOffers.IIQ) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{A3CF237E-FBD2-4337-85A1-6BD495FECC5A}\RP26\A0005024.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{A3CF237E-FBD2-4337-85A1-6BD495FECC5A}\RP27\A0005361.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{A3CF237E-FBD2-4337-85A1-6BD495FECC5A}\RP27\A0005362.exe (RiskWare.Tool.HCK) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{A3CF237E-FBD2-4337-85A1-6BD495FECC5A}\RP52\A0013032.exe (RiskWare.Tool.CK) -> Žádná instrukce nebyla provedena.
C:\System Volume Information\_restore{A3CF237E-FBD2-4337-85A1-6BD495FECC5A}\RP52\A0013068.exe (PUP.ToolbarDownloader) -> Žádná instrukce nebyla provedena.

(konec)

No jo, to jsou ty cracky. Vsechno doporucuji smazat.

Pak sem dejte novy log z RSIT a napiste, jak je na tom pc.

Pokud je procesor stale vytizen, spustte spravce uloh a podivejte se, ktery proces vytezuje procesor nejvice

Omlouvám se ale netuším jak to smazat ale když jsem se koukl do Správce úloh tak jsem tam viděl že nejvíce CPu žere "nečiné procesy systému" pořád něco kolem 90 a více

No smaze to MBAM. Ovsem jestli jste ho uz zavrel, budete muset udelat test znova. A pak proste nechat polozky odstranit, nebo hodit do karanteny.

Pokud necinne procesy maji 90%, znamena to, ze procesor jede jen na 10% , coz neni nejaky extrem. Prave tento jediny radek (nečiné procesy systému) to ma tak, ze cim vetsi je tam cislo, tim mene je procesor vytizen.

Mi momentalne nečiné procesy systému zabiraji 95%, takze dole se pise Vyuziti CPU 5%

Ale pořád nechápu před týdnem jsem video na pohodu rozjel a ted mi to nejak nejde nemohlo by to být tím že ten malware napadl nějakej driver ???
taky mi začal blbnout touch control panel

Mozne to je, uvidime po odstraneni haveti. Pak to jeste proverime.
Jinak to video se seka jen na netu, nebo i normalne stazene, pripadne z CD?
Tu plochu uz jste procistil?

Jen na internetu se seká když jsem jí zpustil v kmp ta jel na fullscreen normálně tak nevím
dnes už to nechci dělat udělám to zítra kompletní test a promazání plochy

Dobra, budu tady zase nakukovat cely den. Jinak pokud to dela jen na internetu, pada moznost poskozeni ovladace. Bude to chtit bud preinstalovat flashplayer (nebo v cem to spoustite), pripadne cely prohlizec. Ale jeste uvidime. Nejdriv udelejte to MBAM a tu plochu. Pak se uvidi.