VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

facebook vir

https://forum.viry.cz:443/viewtopic.php?t=113319

Stránka 3 z 3

Re: facebook vir

Napsal: 19 črc 2011 21:38
od Caroprd111
Vydržte, napíšu Vám opravný skript. :)

Re: facebook vir

Napsal: 19 črc 2011 21:43
od Caroprd111
Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Run fix, PC se restartuje, výsledný log vložte sem.

Kód: Vybrat vše

:commands
[EMPTYTEMP]
[EMPTYFLASH]

:OTL
DRV - File not found [Kernel | Unknown | Running] -- -- (txblwx)
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.babylon.com/?babsrc=SP_ss&q={searchTerms}&mntrId=192d12eb000000000000001150dc7a71&tlver=1.4.19.19&ss=1&affID=17981
[2011.05.10 19:40:14 | 000,002,428 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Bar = http://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Prev Search Page = http://google.icq.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://google.icq.com/search/search_frame.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://google.icq.com
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
O4 - HKLM..\Run: [QuickTime Task] File not found
O4 - HKCU..\Run: [ICQ] File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - No CLSID value found.
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O15 - HKCU\..Trusted Domains: ([]msn in Tento počítač)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9VCM.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/ ... mv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx.com/webplayer/stag ... taller.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/products/plugin/aut ... s-i586.cab (Reg Error: Key error.)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Internet Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\System32\ldr.exe) - File not found
O31 - SafeBoot: AlternateShell - services32.exe
[2011.07.19 21:42:14 | 000,054,016 | ---- | M] () -- C:\WINDOWS\System32\drivers\dpvrws.sys
[2011.07.18 22:04:28 | 000,904,792 | ---- | M] () -- C:\WINDOWS\geoiplist.rar
[2011.07.18 19:48:54 | 005,589,370 | ---- | M] () -- C:\WINDOWS\phoenix.rar
[2011.07.18 19:48:54 | 000,182,617 | ---- | M] () -- C:\WINDOWS\ufa.rar
[2011.07.18 19:48:52 | 001,075,284 | ---- | M] () -- C:\WINDOWS\rpcminer.rar
[2011.07.18 19:47:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\loader2.exe_ok
[2011.07.17 03:24:22 | 004,636,907 | ---- | M] () -- C:\WINDOWS\geoiplist
[2011.07.18 22:04:29 | 004,636,907 | ---- | C] () -- C:\WINDOWS\geoiplist
[2011.07.18 22:04:27 | 000,904,792 | ---- | C] () -- C:\WINDOWS\geoiplist.rar
[2011.07.18 19:48:52 | 000,182,617 | ---- | C] () -- C:\WINDOWS\ufa.rar
[2011.07.18 19:48:51 | 005,589,370 | ---- | C] () -- C:\WINDOWS\phoenix.rar
[2011.07.18 19:48:50 | 001,075,284 | ---- | C] () -- C:\WINDOWS\rpcminer.rar
[2011.07.18 19:47:05 | 000,000,180 | ---- | C] () -- C:\WINDOWS\info1
[2011.07.18 19:46:52 | 000,000,000 | ---- | C] () -- C:\WINDOWS\loader2.exe_ok

Re: facebook vir

Napsal: 20 črc 2011 16:28
od misel111
All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: deda
->Temp folder emptied: 214526 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 15584875 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 15,00 mb


[EMPTYFLASH]

User: Default User

User: All Users

User: deda

User: NetworkService

User: LocalService

Total Flash Files Cleaned = 0,00 mb

========== OTL ==========
Error: Unable to stop service txblwx!
Service\Driver key txblwx not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml moved successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Prev Search Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Bar| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{855F3B16-6D32-4FE6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4FE6-8A56-BBB695989046}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B863453A-26C3-4e1f-A54D-A2CD196348E9}\ not found.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\ deleted successfully.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\WMV9VCM.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {67DABFBF-D0AB-41FA-9C46-CC0F21721616}
C:\WINDOWS\Downloaded Program Files\DivXPlugin.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67DABFBF-D0AB-41FA-9C46-CC0F21721616}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File et Explorer Classes for Java file://C:\WINDOWS\SYSTEM\iejava.cab not found.
Starting removal of ActiveX control Internet Explorer Classes for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Internet Explorer Classes for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Internet Explorer Classes for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Internet Explorer Classes for Java\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Starting removal of ActiveX control Win32 Classes Reg Error: Key error.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Win32 Classes Reg Error: Key error.\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Win32 Classes Reg Error: Key error.\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\WINDOWS\System32\ldr.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
C:\WINDOWS\SYSTEM32\DRIVERS\dpvrws.sys moved successfully.
C:\WINDOWS\geoiplist.rar moved successfully.
C:\WINDOWS\phoenix.rar moved successfully.
C:\WINDOWS\ufa.rar moved successfully.
C:\WINDOWS\rpcminer.rar moved successfully.
C:\WINDOWS\loader2.exe_ok moved successfully.
C:\WINDOWS\geoiplist moved successfully.
File C:\WINDOWS\geoiplist not found.
File C:\WINDOWS\geoiplist.rar not found.
File C:\WINDOWS\ufa.rar not found.
File C:\WINDOWS\phoenix.rar not found.
File C:\WINDOWS\rpcminer.rar not found.
C:\WINDOWS\info1 moved successfully.
File C:\WINDOWS\loader2.exe_ok not found.

OTL by OldTimer - Version 3.2.26.1 log created on 07202011_171704

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Re: facebook vir

Napsal: 20 črc 2011 20:00
od Caroprd111
Poprosím vás o nový log z RSIT. :)

Re: facebook vir

Napsal: 20 črc 2011 20:05
od misel111
dobrý večer
včera večer návratu ztoho nouzového režimu se mi RSIT a OTL vymazalo, poté jsem si OTL stahnul
ale RSIT tedka nemám, poradíte mi kde ho stáhnouz opět a jak v tom programu pok

Re: facebook vir

Napsal: 20 črc 2011 20:06
od Caroprd111
Dobrý večer. :)

http://www.viry.cz/forum/viewtopic.php?f=13&t=105895

Re: facebook vir

Napsal: 20 črc 2011 20:17
od misel111
Logfile of random's system information tool 1.09 (written by random/random)
Run by deda at 2011-07-20 21:13:46
Systém Microsoft Windows XP Professional Service Pack 1
System drive C: has 3 GB (28%) free of 10 GB
Total RAM: 255 MB (24% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:14:19, on 20.7.2011
Platform: Windows XP SP1 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP1 (6.00.2800.1106)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\atievxx.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\HP\hpcoretech\hpcmpmgr.exe
C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe
C:\Program Files\SweetIM\Messenger\SweetIM.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\System32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.exe
C:\Program Files\OpenOffice.org 2.3\program\soffice.BIN
C:\WINDOWS\System32\wbem\wmiapsrv.exe
C:\WINDOWS\System32\wuauclt.exe
C:\Program Files\Opera\opera.exe
C:\WINDOWS\System32\RUNDLL32.EXE
C:\Documents and Settings\deda\Plocha\RSIT.exe
C:\Program Files\trend micro\deda.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\SYSTEM\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O1 - Hosts: ˙ţ127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SWEETIE - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O3 - Toolbar: &Rádio - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: SweetIM Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll
O4 - HKLM\..\Run: [HP Component Manager] "C:\Program Files\HP\hpcoretech\hpcmpmgr.exe"
O4 - HKLM\..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe
O4 - HKLM\..\Run: [HP Software Update] "C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe"
O4 - HKLM\..\Run: [SweetIM] C:\Program Files\SweetIM\Messenger\SweetIM.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 2.3.lnk = C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: Belkin Wireless Utility.lnk = C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe
O8 - Extra context menu item: &ICQ Toolbar Search - res://C:\Program Files\ICQToolbar\toolbaru.dll/SEARCH.HTML
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O9 - Extra 'Tools' menuitem: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\MSMSGS.EXE
O16 - DPF: Win32 Classes -
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\System32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\System32\browseui.dll
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe

--
End of file - 5276 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Optimalizovat spouštění aplikace.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 6.0 CE\Reader\ActiveX\AcroIEHelper.dll [2003-05-12 50376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2005-05-31 853672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-14 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-07-14 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
SweetIM Toolbar Helper - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E718888-423F-11D2-876E-00A0C9082467} - &Rádio - C:\WINDOWS\System32\msdxm.ocx [2005-06-20 844828]
{EEE6C35B-6118-11DC-9C72-001320C79847} - SweetIM Toolbar for Internet Explorer - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-10-08 1172792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Component Manager"=C:\Program Files\HP\hpcoretech\hpcmpmgr.exe [2003-12-22 241664]
"HPDJ Taskbar Utility"=C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb10.exe [2004-03-04 172032]
"HP Software Update"=C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe [2004-02-18 49152]
"SweetIM"=C:\Program Files\SweetIM\Messenger\SweetIM.exe [2009-03-05 111928]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\ctfmon.exe [2005-06-20 13312]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-11-15 1670144]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SystemTray]
C:\WINDOWS\system32\SysTray.Exe [2005-06-20 3072]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^deda^Nabídka Start^Programy^Po spuštění^Deer Hunter 2005 Registration.lnk]
C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE /remind /language=CSY /PRNM=Deer Hunter 2005/PRMP=DH05/SKUN=PCXX/GTYP=OUTD []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^deda^Nabídka Start^Programy^Po spuštění^Product Registration.lnk]
C:\Program Files\Atari\Deer Hunter 2005\ATR1.EXE /remind /language=CSY /PRNM=Product []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE
Belkin Wireless Utility.lnk - C:\Program Files\Belkin\Belkin 802.11g Wireless Card Configuration Utility\Belkinwcui.exe

C:\Documents and Settings\deda\Nabídka Start\Programy\Po spuštění
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\nm.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"midi1"=wdmaud.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"VIDC.VDOM"=vdowave.drv
"VIDC.IV50"=ir50_32.dll
"msacm.iac2"=C:\WINDOWS\SYSTEM32\IAC25_32.AX
"msacm.lhacm"=lhacm.acm
"VIDC.WMV3"=wmv9vcm.dll

======List of files/folders created in the last 1 month======

2011-07-20 21:13:46 ----D---- C:\rsit
2011-07-19 21:18:24 ----D---- C:\WINDOWS\Application Data\Malwarebytes
2011-07-19 21:18:01 ----A---- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2011-07-19 21:17:52 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2011-07-19 21:17:48 ----A---- C:\WINDOWS\System32\drivers\mbam.sys
2011-07-19 21:17:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-07-19 20:53:12 ----ASH---- C:\hiberfil.sys
2011-07-19 20:51:13 ----D---- C:\WINDOWS\CSC
2011-07-19 20:51:01 ----A---- C:\WINDOWS\ntbtlog.txt
2011-07-19 20:26:09 ----D---- C:\_OTL
2011-07-19 19:14:11 ----D---- C:\Program Files\trend micro
2011-07-19 19:03:53 ----A---- C:\WINDOWS\System32\CF17799.exe
2011-07-19 19:03:19 ----D---- C:\WINDOWS\ERDNT
2011-07-19 19:03:14 ----A---- C:\WINDOWS\System32\CF17705.exe
2011-07-19 18:51:16 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2011-07-19 18:50:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2011-07-19 17:45:19 ----A---- C:\WINDOWS\System32\javaws.exe
2011-07-19 17:45:19 ----A---- C:\WINDOWS\System32\javaw.exe
2011-07-19 17:45:19 ----A---- C:\WINDOWS\System32\java.exe
2011-07-18 21:59:28 ----SHD---- C:\FOUND.050
2011-07-18 20:04:23 ----A---- C:\WINDOWS\ddh_iplist.txt
2011-07-18 19:50:17 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-07-18 19:47:33 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-07-18 19:46:52 ----A---- C:\WINDOWS\iplist.txt
2011-07-18 19:45:52 ----A---- C:\WINDOWS\front_ip_list.txt
2011-07-18 19:44:47 ----D---- C:\WINDOWS\av_ico
2011-07-18 19:26:22 ----A---- C:\WINDOWS\winlog-ids.txt
2011-07-18 19:26:22 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-06-22 18:30:51 ----D---- C:\WINDOWS\Application Data\Opera
2011-06-22 18:28:54 ----D---- C:\Program Files\Opera

======List of files/folders modified in the last 1 month======

2011-07-20 17:19:58 ----A---- C:\WINDOWS\SchedLog.Txt
2011-07-19 20:52:00 ----A---- C:\boot.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 agp440;Filtr Intel sběrnice AGP; C:\WINDOWS\System32\DRIVERS\agp440.sys [2001-08-17 25472]
R1 P3;Ovladač procesoru Intel PentiumIII; C:\WINDOWS\System32\DRIVERS\p3.sys [2005-06-20 39936]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\WINDOWS\System32\DRIVERS\AegisP.sys [2007-12-20 20747]
R2 irda;Protokol IrDA; C:\WINDOWS\System32\DRIVERS\irda.sys [2001-08-17 55296]
R3 atimpab;atimpab; C:\WINDOWS\System32\DRIVERS\atimpab.sys [2001-10-24 289664]
R3 DNINDIS5;DNINDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\Belkin\BELKIN~1.11G\DNINDIS5.SYS []
R3 E100B;Intel(R) PRO Adapter Driver; C:\WINDOWS\System32\DRIVERS\e100b325.sys [2001-10-24 117760]
R3 ltmodem5;LT Modem Driver; C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys [2002-09-20 607104]
R3 Maestro;ESS Maestro2E Audio Driver (WDM); C:\WINDOWS\system32\drivers\essm2e.sys [2002-08-28 137088]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\System32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RT61;Belkin RT2500 Wireless Driver; C:\WINDOWS\System32\DRIVERS\RT61.sys [2005-08-26 352768]
R3 SMCIRDA;SMC IrCC Miniport Device Driver; C:\WINDOWS\System32\DRIVERS\smcirda.sys [2001-10-24 35913]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2005-06-20 19328]
S3 aswRdr;aswRdr; C:\WINDOWS\System32\drivers\aswRdr.sys [2009-02-05 23152]
S3 Bridge;Most MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2005-06-20 68864]
S3 BridgeMP;Miniport mostu MAC; C:\WINDOWS\System32\DRIVERS\bridge.sys [2005-06-20 68864]
S3 BTWUSB;WIDCOMM USB Bluetooth Driver; C:\WINDOWS\System32\Drivers\btwusb.sys []
S3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\System32\DRIVERS\irsir.sys [2001-08-17 18688]
S3 k750bus;Sony Ericsson 750 driver (WDM); C:\WINDOWS\System32\DRIVERS\k750bus.sys [2005-07-07 55216]
S3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\WINDOWS\System32\drivers\mbamswissarmy.sys []
S3 ntoss.sys;ntoss.sys; \??\C:\WINDOWS\system32\drivers\ntoss.sys []
S3 usbprint;Třída USB Printer; C:\WINDOWS\System32\DRIVERS\usbprint.sys [2002-08-29 24960]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2002-08-29 14208]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2002-08-29 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\System32\atievxx.exe [2001-10-24 37376]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\System32\svchost.exe [2005-06-20 12800]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-05-04 153376]

-----------------EOF-----------------

Re: facebook vir

Napsal: 20 črc 2011 20:22
od Caroprd111
Obrázek V logu nevidím antivir a firewall, doinstalujte :!: http://www.viry.cz/forum/viewtopic.php?f=29&t=6152 + http://www.viry.cz/forum/viewtopic.php?f=41&t=6523


Obrázek Doinstalujte SP3.


Obrázek Stáhněte T-Cleaner http://sweb.cz/Marinus/T-Cleaner.exe
  • Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
  • Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Obrázek Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
  • Spusťte.
  • Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Obrázek Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
  • Spusťte.
  • Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)


Obrázek Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
  • Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

    Obrázek Záložka Čistič
  • Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

    Obrázek Záložka Registry
  • Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
    Obrázek OK Obrázek Zavřít

Obrázek Jak se chová PC?

Re: facebook vir

Napsal: 20 črc 2011 20:35
od misel111
počítač se chová zcela normálně. Přijde mi ještě rychlejší než byl. Vše je bez problémů a vše funguje. Nyní udělám to jak jste mi napsal.


akorát v tomto bodě

Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Nainstalujte a v průběhu instalace odškrtněte, že chcete instalovat yahoo toolbar.

Záložka Čistič
Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

Záložka Registry
Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.

Ccleaner už mám v počítačí stáhlí, tak už ho stahovat nebudu, akorát nevím jestli mam nainstalováno yahoo toolbar. vadilo by kdybych neměl ????

Re: facebook vir

Napsal: 20 črc 2011 20:41
od Caroprd111
Vůbec nevadí, jde právě o to, aby nainstalovaný nebyl. :)

Re: facebook vir

Napsal: 21 črc 2011 11:48
od misel111
tak jsem vše udělal jak jste mi říkal
ještě je třeba dělat něco ????
a prosím vás všechny programy které jsem si za tu dobu stáhnul si mám nechat v počítačí a nebo je vymazat např. OTL OTC RSIT mbat- setup ?????

Re: facebook vir

Napsal: 21 črc 2011 12:44
od Caroprd111
Pokud nejsou problémy, tak je to vše. :) Programy můžete smazat. :)
Všechny časy jsou v UTC+01:00
Stránka 3 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz