Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB virus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
FB virus
Ahoj nejsem v IT nejak pokrocily takze to mozna bude dost nesrozumitelny ale snad to nejak pude, na FB mi prisla zprava s odkazem na video jako uplnej "blbec" sem to otevrel a stahnul se mi soubor flash player. nesel spustit nic, ale od te doby mi nejde FB a kdyz dam restartovat PC tak se mi nejdriv spusti v nouzovim rezimu a pochvili se zas restartuje a az pak se konecne pusti PC normalne. vubec nvm co s tim.
Re: FB virus
Zdravim
Tu v mojom blogu
prave som napisal komplet navod.
Takze postupuj az po bod 8, AVPTOOL netreba zatial robit,
Vsetky logy, co programy daju vloz sem, do fora,ak nieco nepojde uz aj pis, nakolko tato infekcia bude sa rozsirovat ako mor .
Tu v mojom blogu
prave som napisal komplet navod.
Takze postupuj az po bod 8, AVPTOOL netreba zatial robit,
Vsetky logy, co programy daju vloz sem, do fora,ak nieco nepojde uz aj pis, nakolko tato infekcia bude sa rozsirovat ako mor .
Re: FB virus
mam tady hned prvni problem, kdyz dam nouzovej rezim tak se mi to po pak vterinach hned restartuje a kdyz skusim znova nouzak tak to udela znova, nejde to udelat bez nouzaku?
Re: FB virus
ano, odstran nastavenie miestnej siete lan, v normalnom rezime, a skus stiahnut roguekiller, ak nepojde nieco ihned pisat,
Re: FB virus
tohle je s toho roguekiller
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: Scan -- Date : 07/18/2011 16:00:33
Bad processes: 9
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-12-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SUSP PATH] sysdriver32_.exe -- c:\windows\sysdriver32_.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
Registry Entries: 12
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Users\Jakub\AppData\Roaming\dwm.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Jakub\AppData\Local\Temp\csrss.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3164604649-2522290797-2587036930-1004[...]\Winlogon : Shell (explorer.exe,C:\Users\Jakub\AppData\Roaming\dwm.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Windows : Load (C:\Windows\TEMP\csrss.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3164604649-2522290797-2587036930-1004[...]\Windows : Load (C:\Users\Jakub\AppData\Local\Temp\csrss.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Windows : Load (C:\Windows\TEMP\csrss.exe) -> FOUND
[SUSP PATH] HP SimpleSave Monitor.lnk : C:\Users\Jakub\AppData\Roaming\HP SimpleSave Application\StartHelper.exe -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:49859) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: Scan -- Date : 07/18/2011 16:00:33
Bad processes: 9
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-12-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-7-0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SUSP PATH] sysdriver32_.exe -- c:\windows\sysdriver32_.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
Registry Entries: 12
[SUSP PATH] HKCU\[...]\Winlogon : Shell (explorer.exe,C:\Users\Jakub\AppData\Roaming\dwm.exe) -> FOUND
[SUSP PATH] HKCU\[...]\Windows : Load (C:\Users\Jakub\AppData\Local\Temp\csrss.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3164604649-2522290797-2587036930-1004[...]\Winlogon : Shell (explorer.exe,C:\Users\Jakub\AppData\Roaming\dwm.exe) -> FOUND
[SUSP PATH] HKUS\.DEFAULT[...]\Windows : Load (C:\Windows\TEMP\csrss.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-21-3164604649-2522290797-2587036930-1004[...]\Windows : Load (C:\Users\Jakub\AppData\Local\Temp\csrss.exe) -> FOUND
[SUSP PATH] HKUS\S-1-5-18[...]\Windows : Load (C:\Windows\TEMP\csrss.exe) -> FOUND
[SUSP PATH] HP SimpleSave Monitor.lnk : C:\Users\Jakub\AppData\Roaming\HP SimpleSave Application\StartHelper.exe -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (http=127.0.0.1:49859) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: FB virus
Dobre, spust Rogue Killer pouzi moznost 3 a 5 .
a potom pokracuj malwarebytes, log vloz sem
a potom pokracuj malwarebytes, log vloz sem
Re: FB virus
stale je tam aj proxy, tak pouzi aj moznost 4.
Este nieco ak mas win 7, vsetko pustaj ako administrator, pravy klik spustit ako administrator, ok.
Este nieco ak mas win 7, vsetko pustaj ako administrator, pravy klik spustit ako administrator, ok.
Re: FB virus
moznost 3:
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: HOSTSFix -- Date : 07/18/2011 16:09:33
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
moznost 5:
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: DNSFix -- Date : 07/18/2011 16:10:21
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
malwarebytes bude asi chvili trvat a az to dodela tak mam vypnout tu obnovu a restartovat PC nebo kdyz to nedelam v nouzaku tak nemusim restartovat?
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: HOSTSFix -- Date : 07/18/2011 16:09:33
Bad processes: 0
HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 http://www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 http://www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 http://www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 http://www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]
Resetted HOSTS:
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
moznost 5:
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: DNSFix -- Date : 07/18/2011 16:10:21
Bad processes: 0
Registry Entries: 0
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
malwarebytes bude asi chvili trvat a az to dodela tak mam vypnout tu obnovu a restartovat PC nebo kdyz to nedelam v nouzaku tak nemusim restartovat?
Re: FB virus
takto ak malwarebytes ukonci UPLNY sken, daj vsetko zmazat, log vloz sem,
Potom vypnes obnovu systemu a restrtujes pocitac a obnovu zapnes spat.
Druhy sken uz netreba robit s malwarebytes, nakolko skenujes v normalnom rezime,
pokracujes dalej TDSSKILLER <<log vloz sem a Vycistis TEMP-pouzijes TFC a CCleaner, ak to vsetko budes mat napis, a pokracujeme combofixeom.
Potom vypnes obnovu systemu a restrtujes pocitac a obnovu zapnes spat.
Druhy sken uz netreba robit s malwarebytes, nakolko skenujes v normalnom rezime,
pokracujes dalej TDSSKILLER <<log vloz sem a Vycistis TEMP-pouzijes TFC a CCleaner, ak to vsetko budes mat napis, a pokracujeme combofixeom.
Re: FB virus
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verze databáze: 7190
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.7.2011 16:48:23
mbam-log-2011-07-18 (16-48-23).txt
Typ: Úplná kontrola (A:\|C:\|D:\|E:\|F:\|)
Kontrolované objekty: 419418
Uplynulý čas: 44 minut, 2 sekund
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče v registru: 7
Infikované hodnoty v registru: 13
Infikované datové položky v registru: 4
Infikované složky: 0
Infikované soubory: 41
Infikované procesy v paměti:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 1776 -> Unloaded process successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2108 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1572 -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\_w1uT-BZ (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6821156.exe (Trojan.Agent) -> Value: 6821156.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5560659.exe (Trojan.Agent) -> Value: 5560659.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5771193.exe (Trojan.Downloader.H) -> Value: 5771193.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Backdoor.Delf) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1693088.exe (Trojan.Agent) -> Value: 1693088.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Jakub\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\6821156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Local\Temp\5560659.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5771193.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Windows\Temp\1693088.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files (x86)\WinRAR\Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Local\Temp\flash32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Roaming\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\dwm.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\l1rezerv.exe.vir (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\systemup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Michael\Desktop\poweriso46\Keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\Users\Michael\documents\downloads\flvdirect (1).exe (Adware.FLV) -> Quarantined and deleted successfully.
c:\Users\Michael\documents\downloads\flvdirect.exe (Adware.FLV) -> Quarantined and deleted successfully.
c:\Windows\System32\_w1uT-BZ.exe (Adware.LoudMo) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Backdoor.Cycbot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\_w1uT-BZ.exe (Adware.LoudMo) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2956463.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4395634.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4736211.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Windows\Temp\5631111.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6271705.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-12-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
www.malwarebytes.org
Verze databáze: 7190
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
18.7.2011 16:48:23
mbam-log-2011-07-18 (16-48-23).txt
Typ: Úplná kontrola (A:\|C:\|D:\|E:\|F:\|)
Kontrolované objekty: 419418
Uplynulý čas: 44 minut, 2 sekund
Infikované procesy v paměti: 3
Infikované moduly v paměti: 0
Infikované klíče v registru: 7
Infikované hodnoty v registru: 13
Infikované datové položky v registru: 4
Infikované složky: 0
Infikované soubory: 41
Infikované procesy v paměti:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 1776 -> Unloaded process successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 2108 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 1572 -> Unloaded process successfully.
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\_w1uT-BZ (Adware.LoudMo) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\conhost (Trojan.Agent) -> Value: conhost -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\6821156.exe (Trojan.Agent) -> Value: 6821156.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5560659.exe (Trojan.Agent) -> Value: 5560659.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5771193.exe (Trojan.Downloader.H) -> Value: 5771193.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent) -> Value: systemup -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Backdoor.Delf) -> Value: l1rezerv.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\1693088.exe (Trojan.Agent) -> Value: 1693088.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.
Infikované datové položky v registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\Load (Trojan.Agent) -> Bad: (C:\Users\Jakub\AppData\Local\Temp\csrss.exe) Good: () -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-12-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\6821156.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Local\Temp\5560659.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\5771193.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Windows\Temp\1693088.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\program files (x86)\Ubisoft\ubisoft game launcher\ubiorbitapi_r2.dll (Trojan.Agent.CK) -> Quarantined and deleted successfully.
c:\program files (x86)\WinRAR\Patch.exe (Malware.Tool) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Local\Temp\flash32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\AppData\Roaming\dwm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\dwm.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\l1rezerv.exe.vir (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\sysdriver32.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\sysdriver32_.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Jakub\Desktop\rk_quarantine\systemup.exe.vir (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Michael\Desktop\poweriso46\Keygen.exe (RiskWare.Tool.HCK) -> Quarantined and deleted successfully.
c:\Users\Michael\documents\downloads\flvdirect (1).exe (Adware.FLV) -> Quarantined and deleted successfully.
c:\Users\Michael\documents\downloads\flvdirect.exe (Adware.FLV) -> Quarantined and deleted successfully.
c:\Windows\System32\_w1uT-BZ.exe (Adware.LoudMo) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\dwm.exe (Backdoor.Cycbot) -> Quarantined and deleted successfully.
c:\Windows\System32\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\_w1uT-BZ.exe (Adware.LoudMo) -> Quarantined and deleted successfully.
c:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\microsoft\conhost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\2956463.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4395634.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4736211.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Windows\Temp\5631111.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6271705.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.tray-12-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0-lnk\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\csrss.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
Re: FB virus
ok, no len spust este raz Rogue killer moznost2 a vloz sem log.
Re: FB virus
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: Remove -- Date : 07/18/2011 16:54:02
Bad processes: 1
[SUSP PATH] uUACTokenSvc.exe -- c:\users\jakub\appdata\roaming\hp simplesave application\uuactokensvc.exe -> KILLED
Registry Entries: 0
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 64 bits version
Started in : Normal mode
User: Jakub [Admin rights]
Mode: Remove -- Date : 07/18/2011 16:54:02
Bad processes: 1
[SUSP PATH] uUACTokenSvc.exe -- c:\users\jakub\appdata\roaming\hp simplesave application\uuactokensvc.exe -> KILLED
Registry Entries: 0
HOSTS File:
127.0.0.1 localhost
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: FB virus
ok, pokracuj vypnut obnovu restart zapnut spat, TDSSKILLER, a vycistit temp, log s TDSS vloz sem
Re: FB virus
TDSSKILLER mi nenasel vubec nic vyhodilo mi to uplne prazdny okno, je to dobre ?
Re: FB virus
no musis kliknut na REPORT