VIRY.CZ

dobry den
mam dost zavazny problem s virem ktery znepristupni facebook
zaclo to takto:
kamarad se logl na ucet a normalne chatoval..po chvili mu napsal JEHO KAMOS anglicky hi how are you..odepsal proc pises anglicky..on automaticky a okamzite odepsal FOR FUN..pote nam poslal odkaz na youtube (to vlasten ani youtube nebyl jen nas tak oblb ze sme to otevreli) a tam bylo video jmeno prijmeni a anglickej napis..shlednuti 23400..hodilo nam to at ztahneme flash player..uz to mi bylo divny ale bohuzel kamarad pustil instalaci..flash player to nebyl protoze ve vlastnosteh neukazal verzi ale jen flash palyer a mnel jen 4 Kb..pote to vsem jeho pratelum na chatu zacalo anglciky psat to same..kamarad byl nucen ted cely FB deaktivovat a mozna i zrusit..
problem cislo 2:
ten primo řečeno sraač i zrusil oba antiviry (avast,kaspersky 2011) a kdyz na nej ukazu hodi to absolutne stejnou tabulku..ze neni treba zakrocit ze to vyresi sam..tabulka vypadala uplne jinak nez avast tabulky vypadaji..avast ani kaspersky nejde vypnout nejde smazat nejde nic..jsem bez antiviru bez facebooku (kterej ja mam 2 dni)..prosim o pomoc
dekuji
muj minuly problem s win32 jeefo ste mi uspezne pomohli vyresit takze ted na vas spoliham znovu....

Zdravim
mozes mi dat do sukromnej spravy,link na to video??
dakujem.

1:Restart do nudzoveho rezimu s pracou v sieti

2: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

3:pouzijes Malwarebytes, Uplny skan, co najde daj zmazat>>log vloz sem.
Stiahnes>>mbam-setup
Nainstalovat, aktualizovat, a spustit skan.
Spravit UPLNY skan, co najde daj ZMAZAT, ak bude treba restart, uz mozes povolit.
Log vloz sem.
Podrobny Navod:
http://www.viry.cz/forum/viewtopic.php?f=29&t=67229

bohuzel odkaz jsem stratil..z vzteku sem ho radsi vymazal i z historie..ale presne popisu co to bylo
vypadalo to UPLE jako stranka fyoutubu..ale nahore misto odkazu na youtubu bylo JEN cislo..byla tam ikonka jako facebook ale jen toto video..kolem zadna jina..ty podobna jak bejvaj proste nic..ale v KOMENTEH byly anglicky psane komenty od JEHO pratel s FB..i s fotkama..nejake byly cesky..video se nezpustilo jen to hodilo odkaz na download toho flash playeru..
jdu na vaz postup

No skoda, chcel som to ulovit,
Pokracuj podla navodu.

tak jinak..odkaz jsme nasli jsou jih ale stovky..ono to vyrabi tu stranku podle facebook jmena..posilam odkaz na jednoho z kamaradovich pratel ..soukroma zprava

ok, idem to ulovit,
sprav co som napisal, ak nieco nepojde napis.

ejjj dalsi problem..pote co jsem zapl roguekiller a zkopiroval odkaz tak mi internet explo.. a mozzila pise NELZE se spojit s proxy serverem..takze ted jsem na jine pocitaci a nevim jak dostanu ten log sem k vam

spustil si rogue killer>>stalcil 2>>enter??

ano vybehl soubor s logem ten sem skopiroval ale internet prestal fungovat..aplikace jako skype jedou ale nedostanu se na stranku..uz mame na druhem pocitaci log



RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Remove -- Date : 07/17/2011 15:44:01

Bad processes: 10
[SUSP PATH] dwm.exe -- c:\documents and settings\administrator\data aplikací\dwm.exe -> KILLED
[SUSP PATH] conhost.exe -- c:\documents and settings\administrator\data aplikací\microsoft\conhost.exe -> KILLED
[SUSP PATH] csrss.exe -- c:\docume~1\admini~1\locals~1\temp\csrss.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-1-0\svchost.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED

Registry Entries: 24
[SUSP PATH] HKLM\[...]\Run : conhost (C:\Documents and Settings\Administrator\Data aplikací\Microsoft\conhost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\WINDOWS\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5983560.exe ("C:\WINDOWS\TEMP\5983560.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\WINDOWS\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\WINDOWS\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 283844.exe ("C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\283844.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3851050.exe ("C:\WINDOWS\TEMP\3851050.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 9738040.exe ("C:\WINDOWS\TEMP\9738040.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\WINDOWS\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\WINDOWS\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 9004844.exe ("C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\9004844.exe") -> DELETED
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Documents and Settings\Administrator\Data aplikací\dwm.exe) -> DELETED
[SUSP PATH] HKCU\[...]\Windows : Load (C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\csrss.exe) -> DELETED
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:64727) -> NOT REMOVED, USE PROXYFIX
[HJ] {20D04FE0-3AEA-1069-A2D8-08002B30309D}\ 1: -> REPLACED (0)
[HJ] HKCU\[...]\Internet Settings : WarnOnHTTPSToHTTPRedirect (0) -> REPLACED (1)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\ClassicStartMenu : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[HJ] HKCU\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

dobre spust este raz Rogue killer a stlac
postupne 3,enter,potom este raz 4,enter, 5,enter,6,enter
log vloz sem a napis ci ide internet

jdu na to potrva to budu to muset kopirovat na cd rw

no ak to pomackas tak internet uz malo by ist,uvidis.

mam poslat jen log te 6tky? nebo vseh 5

6-ky,ide internet?/si v nudzovom rezime s pracou v sieti??

j jsem na svem PC internet jede diky moc:D
v nouzovem nejsem posilam log s 6TKY

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Administrator [Admin rights]
Mode: Shortcuts HJfix -- Date : 07/17/2011 16:12:07

Bad processes: 0