FB_vir

[radimas]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mirek at 2011-07-25 11:41:40
Microsoft Windows 7 Professional
System drive C: has 69 GB (69%) free of 100 GB
Total RAM: 3071 MB (70% free)


======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Mirek\AppData\Roaming\Mozilla\Firefox\Profiles\xyfkd7jw.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{ea614400-e918-4741-9a97-7a972ff7c30b}:2.0.10, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.18"
prefs.js - "keyword.URL" - "http://www.webhledani.cz/results.aspx?i=39&tp=ab&q="

"avg@igeared"=C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.57\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{ea614400-e918-4741-9a97-7a972ff7c30b}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
avg_igeared.xml
firmycz.xml
mapycz.xml
seznam-cz.xml
zbocz.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-02 305328]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll [2011-05-21 1007160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll []
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-06-02 1018616]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-07-02 305328]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG9_TRAY"=C:\PROGRA~1\AVG\AVG9\avgtray.exe []
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2007-05-11 40048]
"wxpdrv"=C:\Windows\services32.exe [2011-07-21 1178112]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-12-0\svchost.exe [2011-07-21 1180672]
"tray_ico1"=C:\Windows\update.tray-2-0\svchost.exe [2011-07-21 1180672]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"2178512.exe"=C:\Windows\Temp\2178512.exe []
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-24 252928]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-24 247296]
"5982106.exe"=C:\Users\Mirek\AppData\Local\Temp\5982106.exe []
"4583706-loader2.exe"=C:\Windows\Temp\4583706-loader2.exe []
"systemup"=C:\Windows\systemup.exe [2011-07-21 118784]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-24 235520]
"1908460.exe"=C:\Windows\Temp\1908460.exe [2011-07-24 247296]
"26056478-loader2.exe"=C:\Users\Mirek\AppData\Local\Temp\26056478-loader2.exe [2011-07-24 247296]
"3552799.exe"=C:\Windows\Temp\3552799.exe [2011-07-24 495616]
"17465101-loader2.exe"=C:\Windows\Temp\17465101-loader2.exe [2011-07-24 247296]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-05-24 336384]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe /hide /waitservice []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-09-02 13351304]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2010-10-05 39408]
"ICQ"=C:\Program Files\ICQ7.2\ICQ.exe [2011-01-05 133432]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="avgrsstx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-25 11:41:40 ----D---- C:\rsit
2011-07-25 11:41:40 ----D---- C:\Program Files\trend micro
2011-07-25 11:27:51 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-07-25 11:27:51 ----HD---- C:\Windows\update.tray-2-0
2011-07-25 11:19:05 ----D---- C:\Program Files\CCleaner
2011-07-24 19:54:36 ----D---- C:\ProgramData\ATI
2011-07-24 19:54:30 ----D---- C:\Program Files\AMD APP
2011-07-24 19:54:11 ----D---- C:\ProgramData\AMD
2011-07-24 19:54:05 ----A---- C:\Windows\system32\drivers\amdiox86.sys
2011-07-24 19:53:46 ----D---- C:\Program Files\ATI
2011-07-24 19:53:16 ----D---- C:\Program Files\ATI Technologies
2011-07-24 19:42:49 ----D---- C:\ATI
2011-07-24 19:37:48 ----D---- C:\Windows\ufa
2011-07-24 19:37:48 ----D---- C:\Windows\rpcminer
2011-07-24 19:37:48 ----D---- C:\Windows\phoenix
2011-07-21 19:30:57 ----A---- C:\Windows\l1rezerv.exe
2011-07-21 19:29:34 ----A---- C:\Windows\ddh_iplist.txt
2011-07-21 19:29:12 ----A---- C:\Windows\systemup.exe
2011-07-21 19:26:33 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-21 19:26:11 ----HD---- C:\Windows\update.2
2011-07-21 19:24:37 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-21 19:24:08 ----A---- C:\Windows\unrar.exe
2011-07-21 19:24:05 ----HD---- C:\Windows\update.5.0
2011-07-21 19:22:06 ----A---- C:\Windows\iplist.txt
2011-07-21 19:21:30 ----A---- C:\Windows\sysdriver32_.exe
2011-07-21 19:21:15 ----A---- C:\Windows\sysdriver32.exe
2011-07-21 19:21:06 ----AH---- C:\Windows\system32\ezsidmv.dat
2011-07-21 19:21:00 ----A---- C:\Windows\front_ip_list.txt
2011-07-21 19:20:43 ----D---- C:\Windows\av_ico
2011-07-21 19:19:30 ----HD---- C:\Windows\update.1
2011-07-21 19:19:10 ----HD---- C:\Windows\update.tray-12-0-lnk
2011-07-21 19:19:10 ----HD---- C:\Windows\update.tray-12-0
2011-07-21 19:09:07 ----A---- C:\Windows\winlog-ids.txt
2011-07-21 19:09:07 ----A---- C:\Windows\winlog-dirs.txt
2011-07-21 19:09:02 ----A---- C:\Windows\services32.exe
2011-07-18 22:43:44 ----D---- C:\Program Files\RAR Password Cracker
2011-07-13 18:57:24 ----D---- C:\d5e6e983a155c737cd685418aa3a
2011-07-13 09:27:14 ----A---- C:\Windows\system32\drivers\BTHUSB.SYS
2011-07-13 09:27:14 ----A---- C:\Windows\system32\drivers\bthport.sys
2011-07-13 09:27:12 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 09:27:12 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 09:27:12 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 09:27:12 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 09:27:12 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 09:27:10 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 09:27:09 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 09:27:09 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 09:27:07 ----A---- C:\Windows\system32\win32k.sys
2011-06-29 11:03:05 ----A---- C:\Windows\system32\umpnpmgr.dll

======List of files/folders modified in the last 1 month======

2011-07-25 11:41:58 ----D---- C:\Windows\Prefetch
2011-07-25 11:41:40 ----RD---- C:\Program Files
2011-07-25 11:39:32 ----D---- C:\Windows\Temp
2011-07-25 11:38:23 ----D---- C:\Users\Mirek\AppData\Roaming\Skype
2011-07-25 11:36:23 ----D---- C:\Windows\system32\drivers
2011-07-25 11:35:16 ----D---- C:\Windows\System32
2011-07-25 11:34:21 ----SHD---- C:\Windows\Installer
2011-07-25 11:33:06 ----D---- C:\Windows\system32\config
2011-07-25 11:32:50 ----SHD---- C:\Config.Msi
2011-07-25 11:32:48 ----HD---- C:\ProgramData
2011-07-25 11:29:40 ----D---- C:\Windows
2011-07-25 11:26:20 ----D---- C:\Users\Mirek\AppData\Roaming\ICQ
2011-07-25 11:24:42 ----SHD---- C:\System Volume Information
2011-07-25 11:14:41 ----D---- C:\Windows\Minidump
2011-07-25 11:14:41 ----D---- C:\Windows\debug
2011-07-25 11:08:17 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-25 11:08:16 ----D---- C:\Windows\inf
2011-07-25 08:39:07 ----D---- C:\Users\Mirek\AppData\Roaming\skypePM
2011-07-24 19:54:07 ----D---- C:\Windows\system32\DriverStore
2011-07-24 19:54:07 ----D---- C:\Windows\system32\catroot
2011-07-21 19:26:34 ----D---- C:\Windows\system32\drivers\etc
2011-07-21 19:20:16 ----D---- C:\Windows\system32\drivers\Avg
2011-07-21 19:18:05 ----D---- C:\Windows\system32\catroot2
2011-07-14 09:13:41 ----D---- C:\Windows\winsxs
2011-07-13 18:57:28 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 18:57:08 ----D---- C:\ProgramData\Microsoft Help
2011-06-30 08:26:56 ----D---- C:\Windows\Microsoft.NET
2011-06-30 08:26:35 ----RSD---- C:\Windows\assembly

[Caroprd111]

Zdravím.


Stáhněte http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe a spusťte. Poté stiskněte 2 a poté Enter. Log RKreport.txt mi sem vložte.


Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu

• Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys 
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys 
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys 
nvrd32.sys 
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

• Označte položku Pro všechny uživatele.
• Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
• Klikněte na tlačítko Prohledat
• Po dokončení, sem vložte logy OTL.Txt a Extras.txt

[radimas]

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: Mirek [Admin rights]
Mode: Remove -- Date : 07/25/2011 12:00:21

Bad processes: 7
[SVCHOST] svchost.exe -- c:\windows\update.tray-12-0\svchost.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.tray-2-0\svchost.exe -> KILLED
[SUSP PATH] systemup.exe -- c:\windows\systemup.exe -> KILLED
[SUSP PATH] l1rezerv.exe -- c:\windows\l1rezerv.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.5.0\svchost.exe -> KILLED
[SUSP PATH] sysdriver32.exe -- c:\windows\sysdriver32.exe -> KILLED
[SVCHOST] svchost.exe -- c:\windows\update.2\svchost.exe -> KILLED

Registry Entries: 18
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 2178512.exe ("C:\Windows\Temp\2178512.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5982106.exe ("C:\Users\Mirek\AppData\Local\Temp\5982106.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 4583706-loader2.exe ("C:\Windows\Temp\4583706-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\Windows\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\Windows\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 1908460.exe ("C:\Windows\Temp\1908460.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 26056478-loader2.exe ("C:\Users\Mirek\AppData\Local\Temp\26056478-loader2.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3552799.exe ("C:\Windows\Temp\3552799.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 17465101-loader2.exe ("C:\Windows\Temp\17465101-loader2.exe") -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

HOSTS File:
127.0.0.1 localhost
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
[...]


Finished : << RKreport[1].txt >>
RKreport[1].txt

[radimas]

Spustil jsem OTL , naklikal vše co jste psal, aplikace proběhla a hned se vypla. Nikde nemůžu najit soubory .txt které po mě chcete. když zkusím zpustit OTL znovu, píše mi to že již nemám přístup

[Caroprd111]

Aplikujte ComboFix podle návodu: http://www.bleepingcomputer.com/combofi ... t-combofix

[radimas]

udělal jsem vše podle návodu, vyhodilo mi to soubor v txt ... myslim nějak combo.txt... prostě to co mělo, najednou mi ale nejde otevřít ani ečko, ani mozilla nic... tajkže to tu nemam jak vložit, když vložim flešku do usb tak mi ji nenajde, jako by ji komp vůbec nebral. Nevíte kde je chyba ? když kliknu na třeba mozillu tak mi to napíše že je něco vymazáno z registru...

[Caroprd111]

Zkuste to v nouzovém režimu.