VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

fb virus

https://forum.viry.cz:443/viewtopic.php?t=113775

Stránka 3 z 4

Re: fb virus

Napsal: 27 črc 2011 10:55
od vyosek
Je to nova verze, v poradku, je to to same

Re: fb virus

Napsal: 27 črc 2011 10:59
od spanel112
tak co mam dat

rychla kontrola
uplna kontrola
bleskova kontrola (pro licencovane uzivatele)

Re: fb virus

Napsal: 27 črc 2011 11:00
od vyosek
Uplna kontrola

Re: fb virus

Napsal: 27 črc 2011 11:02
od spanel112
ono to doporucuje rychlou

a kdyz už tu uplnou mam nechat prozkoumat jenom pevny disk (C)

Re: fb virus

Napsal: 27 črc 2011 11:08
od vyosek
Dejte uplnou, na vsechny disky

Re: fb virus

Napsal: 27 črc 2011 11:48
od spanel112
Mám všechno smazat

Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7294

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.7.2011 12:46:21
mbam-log-2011-07-27 (12-46-15).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 263602
Uplynulý čas: 34 minut, 41 sekund

Infikované procesy v paměti: 8
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 6
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 52

Infikované procesy v paměti:
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 1904 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1864 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1368 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1244 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1712 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> 592 -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Agent) -> 2564 -> No action taken.
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Agent) -> 2572 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Value: RList -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Agent) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Agent) -> Value: w_distrib.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\documents and settings\domov\local settings\Temp\TMP1FC4.tmp (Trojan.Dropper) -> No action taken.
c:\documents and settings\domov\local settings\Temp\TMP352.tmp (Trojan.Dropper) -> No action taken.
c:\documents and settings\domov\local settings\Temp\TMP484.tmp (Trojan.Dropper) -> No action taken.
c:\documents and settings\domov\local settings\Temp\~TM1253.tmp (Trojan.Agent) -> No action taken.
c:\documents and settings\domov\local settings\Temp\TMP10F.tmp (Trojan.Dropper) -> No action taken.
c:\documents and settings\domov\Plocha\rk_quarantine\systemup.exe.vir (Trojan.Agent) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3108219.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3130879.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3891492.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5059751.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\86126696.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\93274_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\domov\local settings\Temp\4387979.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\domov\local settings\Temp\6546069.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\2863714.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3771942.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4353196.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4852922.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7032079.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8070984.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8441482.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\8798792.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9782495.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\9786906.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\95870140-loader2.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\domov\data aplikací\wiaserva.log (Malware.Trace) -> No action taken.
c:\WINDOWS\Temp\wpv681244198370.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\services32.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.3\svchost.exe (Trojan.Agent) -> No action taken.

Re: fb virus

Napsal: 27 črc 2011 11:52
od vyosek
vse smazte, pak se objevi dalsi log - ten sem vlozte

Re: fb virus

Napsal: 27 črc 2011 11:53
od spanel112
mam restartovat


Malwarebytes' Anti-Malware 1.50
www.malwarebytes.org

Verze databáze: 7294

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

27.7.2011 12:53:04
mbam-log-2011-07-27 (12-53-04).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 263602
Uplynulý čas: 34 minut, 41 sekund

Infikované procesy v paměti: 8
Infikované moduly v paměti: 0
Infikované klíče v registru: 10
Infikované hodnoty v registru: 6
Infikované datové položky v registru: 0
Infikované složky: 1
Infikované soubory: 52

Infikované procesy v paměti:
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> 1904 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1864 -> Unloaded process successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 1368 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1244 -> Unloaded process successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 1712 -> Unloaded process successfully.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> 592 -> Unloaded process successfully.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Agent) -> 2564 -> Unloaded process successfully.
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Agent) -> 2572 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RList (Malware.Trace) -> Value: RList -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Agent) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Agent) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\w_distrib.exe (Trojan.Agent) -> Value: w_distrib.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\documents and settings\domov\local settings\Temp\TMP1FC4.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\domov\local settings\Temp\TMP352.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\domov\local settings\Temp\TMP484.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\domov\local settings\Temp\~TM1253.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\domov\local settings\Temp\TMP10F.tmp (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\domov\Plocha\rk_quarantine\systemup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3108219.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3130879.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3891492.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\5059751.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\86126696.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\93274_myunrar2.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\domov\local settings\Temp\4387979.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\domov\local settings\Temp\6546069.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\2863714.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3771942.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4353196.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4852922.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\7032079.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\8070984.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\8441482.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\8798792.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\9782495.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\9786906.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\95870140-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\domov\data aplikací\wiaserva.log (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\wpv681244198370.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\sysdriver32_.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\WINDOWS\update.1\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\services32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-7-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\update.3\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.

Re: fb virus

Napsal: 27 črc 2011 11:54
od vyosek
Ano restart, pak spuste ComboFix jak jsem psal na uvod

Re: fb virus

Napsal: 27 črc 2011 11:55
od spanel112
Co ? to jeste neni konec

Re: fb virus

Napsal: 27 črc 2011 11:56
od vyosek
Ne neni, tohle je hodne slozita havet, cpe se vsude mozne

Re: fb virus

Napsal: 27 črc 2011 11:57
od spanel112
no tak jo

Re: fb virus

Napsal: 27 črc 2011 12:04
od vyosek
Pokud nechcete, nedelejte, ja PC zavirovane nemam, me je to fuk ci budete pokracovat nebo ne...

Re: fb virus

Napsal: 27 črc 2011 12:09
od spanel112
mohl byste jeste jednou napstat co mam presne udelat

Re: fb virus

Napsal: 27 črc 2011 12:10
od vyosek
Popsano zde http://www.viry.cz/forum/viewtopic.php? ... 1#p1012761 a je tam i odkaz na obrazkovy navod
Všechny časy jsou v UTC+01:00
Stránka 3 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz