VIRY.CZ

Nebudu zde popisovat co se stalo to všichni víme. Moje baba chatovala a podařilo se jí to taky.
Tak jsem si projel PC programem superantispywarem naslo to pár trojanů a pod. cca 25 kusů. Ty jsem odstranil použil cCleaner.
PC se zdá že funguje normálně, ale řekl bych že tam ještě něco mám jen to nemohu najít. Vše mi funguje, ale na FB se ne a ne připojit.
Poradíte co s tím?
Log: Heslo:
viry.cz

Zdravim
Sprav postupne vsetko tak ako mam napisane v blogu
logy vkladaj sem
AVPTOOL zatial nemusis robit,

Kam mám toto vložit? Oprava núdzového režimu pre xp
Jsem amatér

nikde, pokracuj v normalnom windowse, tento krok vynechaj,Oprava núdzového režimu pre xp a pokracuj dalej, citaj pozorne navod, kazdy program ti da log, obsah postupne vloz sem do fora.

Stala se mi taková nepříjemná věc, když program vyhodil log tak jsem ho nestihl ulozit a restartoval jsem PC. Jistě to je moje chyba ale uvědomil jsem si to až po odkliklnutí restartu.
Je to někde uložené? Byl to ten maleare softík

Byl to ten maleare softík

Ktory?/
RogueKiller.??

Špatně jsem to napsal tenhle
Anti-Malware Malwarebytes

ano spust znova malwarebytes, klikni na protokoly , a z najnovsim datumom otvor, a obsah skopiruj sem

Tak teď jsem se zastyděl jak to bylo jednoduché

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 7219

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

21.7.2011 12:15:41
mbam-log-2011-07-21 (12-15-41).txt

Typ kontroly: Úplný test (C:\|)
Testované objekty: 178342
Uplynulý čas: 17 minut, 54 sekund

Infikované procesy v paměti: 1
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 9
Infikované datové položky v registru: 3
Infikované složky: 1
Infikované soubory: 28

Infikované procesy v paměti:
c:\WINDOWS\systemup.exe (Trojan.Agent) -> 1532 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CURRENTCONTROLSET\SERVICES\WXPDRIVERS (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\2866302.exe (Trojan.Agent) -> Value: 2866302.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5117829.exe (Trojan.Agent) -> Value: 5117829.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4408643.exe (Trojan.Downloader.H) -> Value: 4408643.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\3564184.exe (Trojan.Agent) -> Value: 3564184.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Backdoor.Agent) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\ANTIVIRUSDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FIREWALLDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UPDATESDISABLENOTIFY (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Infikované složky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\WINDOWS\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Scooby\local settings\Temp\2866302.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\5117829.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4408643.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3564184.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Scooby\dokumenty\stažené soubory\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3cc2ebe3-5a22-4030-858e-63d02afa6a1a}\RP26\A0007524.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\system volume information\_restore{3cc2ebe3-5a22-4030-858e-63d02afa6a1a}\RP26\A0007527.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1059213.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\1793092.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\3899440.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\4634675.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\643752.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\517848246.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.

Ok, teraz spust este raz program ROGUEKILLER>>stlac na klavesnic 2 a stlac enter>.otvori sa log vloz sem obsah.

RogueKiller

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: Remove -- Date : 07/21/2011 12:33:36

Bad processes: 0

Registry Entries: 2
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

To je pod 3.


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: HOSTSFix -- Date : 07/21/2011 12:35:17

Bad processes: 0

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt

ok, este raz spust Rogue Killer a teraz stlac 3=enter
log vloz sem

pod 4.

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: ProxyFix -- Date : 07/21/2011 12:36:58

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

Pod 5.


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Started in : Normal mode
User: Scooby [Admin rights]
Mode: DNSFix -- Date : 07/21/2011 12:37:33

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt