FB-virus

Zpráva

michalp · #1 Příspěvek od **michalp** » 26 črc 2011 22:07

dobrý deň tu je môj log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by PREKOP at 2011-07-26 22:59:26
Microsoft Windows 7 Ultimate
System drive C: has 56 GB (37%) free of 150 GB
Total RAM: 2047 MB (51% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 23:00:53, on 26. 7. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16800)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Winamp\winampa.exe
C:\Program Files\DivX\DivX Update\DivXUpdate.exe
C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
C:\Windows\update.tray-7-0\svchost.exe
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\ICQ7.5\ICQ.exe
C:\Users\PREKOP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PREKOP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\PREKOP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Windows\system32\wuauclt.exe
C:\Users\PREKOP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PREKOP\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\PREKOP\Downloads\RSIT.exe
C:\Program Files\trend micro\PREKOP.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/ut/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - {37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [avast!] "C:\Program Files\Alwil Software\Avast4\ashDisp.exe"
O4 - HKLM\..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [SSDMonitor] C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [5548657.exe] "C:\Windows\Temp\5548657.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [4199398.exe] "C:\Users\PREKOP\AppData\Local\Temp\4199398.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [23181441-loader2.exe] "C:\Windows\Temp\23181441-loader2.exe"
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKLM\..\Run: [4867393.exe] "C:\Windows\Temp\4867393.exe"
O4 - HKLM\..\Run: [5529076.exe] "C:\Windows\Temp\5529076.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\PREKOP\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [ICQ] "C:\Program Files\ICQ7.5\ICQ.exe" silent loginmode=4
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: PC Tools Startup and Shutdown Monitor service (PCToolsSSDMonitorSvc) - Unknown owner - C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe

--
End of file - 6705 bytes

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001UA.job
C:\Windows\tasks\Norton Security Scan for PREKOP.job
C:\Windows\tasks\RMSchedule.job

=========Mozilla firefox=========

ProfilePath - C:\Users\PREKOP\AppData\Roaming\Mozilla\Firefox\Profiles\3hzmzzrd.default

prefs.js - "browser.startup.homepage" - "http://start.icq.com/ut/"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... r=1.2.6&q="

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 11\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox 4.0 Beta 11\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox 4.0 Beta 11\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox 4.0 Beta 11\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
firefox-okolo.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Users\PREKOP\AppData\Roaming\Mozilla\Firefox\Profiles\3hzmzzrd.default\extensions\
DTToolbar@toolbarnet.com
{37483b40-c254-4a72-bda4-22ee90182c1e}
{800b5000-a755-47e1-992b-48a1c1357f07}
{C9B68337-E93A-44EA-94DC-CB300EC06444}

C:\Users\PREKOP\AppData\Roaming\Mozilla\Firefox\Profiles\3hzmzzrd.default\searchplugins\
conduit.xml
daemon-search.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-05-16 1164680]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-20 988480]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2011-04-07 1054520]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast!"=C:\Program Files\Alwil Software\Avast4\ashDisp.exe []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2006-06-21 35328]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-03-21 1230704]
"SSDMonitor"=C:\Program Files\Common Files\PC Tools\sMonitor\SSDMonitor.exe [2010-11-15 112600]
"wxpdrv"=C:\Windows\services32.exe [2011-07-26 1200640]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-7-0\svchost.exe [2011-07-26 1200640]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"5548657.exe"=C:\Windows\Temp\5548657.exe [2011-07-26 256000]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-26 256000]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-26 256000]
"4199398.exe"=C:\Users\PREKOP\AppData\Local\Temp\4199398.exe [2011-07-26 256000]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-26 232960]
"23181441-loader2.exe"=C:\Windows\Temp\23181441-loader2.exe [2011-07-26 256000]
"systemup"=C:\Windows\systemup.exe [2011-07-26 114176]
"4867393.exe"=C:\Windows\Temp\4867393.exe [2011-07-26 256000]
"5529076.exe"=C:\Windows\Temp\5529076.exe [2011-07-26 495616]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-07-14 1173504]
"Google Update"=C:\Users\PREKOP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 136176]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-06-15 15141768]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-07-25 124216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-26 22:59:27 ----D---- C:\Program Files\trend micro
2011-07-26 22:59:26 ----D---- C:\rsit
2011-07-26 20:30:24 ----A---- C:\Windows\system32\msv1_0.dll
2011-07-26 20:28:23 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2011-07-26 20:28:23 ----A---- C:\Windows\system32\PresentationHost.exe
2011-07-26 20:28:23 ----A---- C:\Windows\system32\netfxperf.dll
2011-07-26 20:28:23 ----A---- C:\Windows\system32\mscoree.dll
2011-07-26 20:28:23 ----A---- C:\Windows\system32\dfshim.dll
2011-07-26 20:23:57 ----A---- C:\Windows\ddh_iplist.txt
2011-07-26 20:23:35 ----A---- C:\Windows\systemup.exe
2011-07-26 20:21:36 ----A---- C:\Windows\system32\MRT.exe
2011-07-26 20:20:11 ----A---- C:\Windows\system32\browserchoice.exe
2011-07-26 20:18:08 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-07-26 20:18:00 ----A---- C:\Windows\system32\win32k.sys
2011-07-26 20:17:55 ----A---- C:\Windows\system32\srvsvc.dll
2011-07-26 20:14:27 ----A---- C:\Windows\system32\wintrust.dll
2011-07-26 20:14:23 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-07-26 20:14:23 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-07-26 20:14:23 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-07-26 20:14:22 ----A---- C:\Windows\system32\StructuredQuery.dll
2011-07-26 20:14:21 ----A---- C:\Windows\system32\shell32.dll
2011-07-26 20:14:21 ----A---- C:\Windows\system32\consent.exe
2011-07-26 20:14:17 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-07-26 20:14:17 ----A---- C:\Windows\system32\CertEnroll.dll
2011-07-26 20:14:16 ----A---- C:\Windows\system32\winresume.exe
2011-07-26 20:14:16 ----A---- C:\Windows\system32\winload.exe
2011-07-26 20:14:11 ----A---- C:\Windows\system32\mshtml.dll
2011-07-26 20:14:10 ----A---- C:\Windows\system32\iertutil.dll
2011-07-26 20:14:10 ----A---- C:\Windows\system32\ieframe.dll
2011-07-26 20:14:09 ----A---- C:\Windows\system32\wininet.dll
2011-07-26 20:14:09 ----A---- C:\Windows\system32\urlmon.dll
2011-07-26 20:14:09 ----A---- C:\Windows\system32\mstime.dll
2011-07-26 20:14:09 ----A---- C:\Windows\system32\msfeeds.dll
2011-07-26 20:14:09 ----A---- C:\Windows\system32\iedkcs32.dll
2011-07-26 20:14:08 ----A---- C:\Windows\system32\mshtmled.dll
2011-07-26 20:14:08 ----A---- C:\Windows\system32\msfeedssync.exe
2011-07-26 20:14:08 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-07-26 20:14:08 ----A---- C:\Windows\system32\licmgr10.dll
2011-07-26 20:14:08 ----A---- C:\Windows\system32\jsproxy.dll
2011-07-26 20:14:08 ----A---- C:\Windows\system32\ieui.dll
2011-07-26 20:14:08 ----A---- C:\Windows\system32\iepeers.dll
2011-07-26 20:13:57 ----A---- C:\Windows\system32\mfc42u.dll
2011-07-26 20:13:57 ----A---- C:\Windows\system32\mfc42.dll
2011-07-26 20:13:55 ----A---- C:\Windows\system32\lsasrv.dll
2011-07-26 20:13:55 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2011-07-26 20:13:52 ----A---- C:\Windows\system32\wmp.dll
2011-07-26 20:13:51 ----A---- C:\Windows\system32\wmploc.DLL
2011-07-26 20:13:43 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-07-26 20:13:43 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-07-26 20:13:43 ----A---- C:\Windows\system32\kernel32.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-26 20:13:42 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-26 20:13:42 ----A---- C:\Windows\system32\winsrv.dll
2011-07-26 20:13:42 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-26 20:13:42 ----A---- C:\Windows\system32\conhost.exe
2011-07-26 20:13:41 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-07-26 20:13:41 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-07-26 20:13:41 ----A---- C:\Windows\system32\drivers\srv.sys
2011-07-26 20:13:40 ----A---- C:\Windows\system32\mfc40u.dll
2011-07-26 20:13:40 ----A---- C:\Windows\system32\mfc40.dll
2011-07-26 20:13:38 ----A---- C:\Windows\system32\vbscript.dll
2011-07-26 20:13:38 ----A---- C:\Windows\system32\jscript.dll
2011-07-26 20:13:36 ----A---- C:\Windows\system32\ntdll.dll
2011-07-26 20:13:35 ----A---- C:\Windows\system32\spoolsv.exe
2011-07-26 20:13:34 ----A---- C:\Windows\system32\sbe.dll
2011-07-26 20:13:34 ----A---- C:\Windows\system32\EncDec.dll
2011-07-26 20:13:34 ----A---- C:\Windows\system32\CPFilters.dll
2011-07-26 20:13:33 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-07-26 20:13:33 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-07-26 20:13:33 ----A---- C:\Windows\system32\dnsapi.dll
2011-07-26 20:13:32 ----A---- C:\Windows\system32\schedsvc.dll
2011-07-26 20:13:32 ----A---- C:\Windows\system32\comctl32.dll
2011-07-26 20:13:31 ----A---- C:\Windows\system32\wmicmiplugin.dll
2011-07-26 20:13:31 ----A---- C:\Windows\system32\taskschd.dll
2011-07-26 20:13:31 ----A---- C:\Windows\system32\taskeng.exe
2011-07-26 20:13:31 ----A---- C:\Windows\system32\taskcomp.dll
2011-07-26 20:13:31 ----A---- C:\Windows\system32\schtasks.exe
2011-07-26 20:13:30 ----A---- C:\Windows\system32\apphelp.dll
2011-07-26 20:13:29 ----A---- C:\Windows\system32\odbc32.dll
2011-07-26 20:13:26 ----A---- C:\Windows\system32\tzres.dll
2011-07-26 20:13:24 ----A---- C:\Windows\system32\mstscax.dll
2011-07-26 20:13:24 ----A---- C:\Windows\system32\mstsc.exe
2011-07-26 20:13:23 ----A---- C:\Windows\system32\asycfilt.dll
2011-07-26 20:13:22 ----A---- C:\Windows\system32\rtutils.dll
2011-07-26 20:13:22 ----A---- C:\Windows\system32\kerberos.dll
2011-07-26 20:13:20 ----A---- C:\Windows\system32\ole32.dll
2011-07-26 20:13:20 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-07-26 20:13:20 ----A---- C:\Windows\system32\drivers\afd.sys
2011-07-26 20:13:19 ----A---- C:\Windows\system32\atmlib.dll
2011-07-26 20:13:19 ----A---- C:\Windows\system32\atmfd.dll
2011-07-26 20:13:18 ----A---- C:\Windows\system32\schannel.dll
2011-07-26 20:13:17 ----A---- C:\Windows\system32\oleaut32.dll
2011-07-26 20:13:14 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-07-26 20:13:14 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-07-26 20:13:13 ----A---- C:\Windows\system32\tsbyuv.dll
2011-07-26 20:13:13 ----A---- C:\Windows\system32\quartz.dll
2011-07-26 20:13:13 ----A---- C:\Windows\system32\msyuv.dll
2011-07-26 20:13:13 ----A---- C:\Windows\system32\msvidc32.dll
2011-07-26 20:13:13 ----A---- C:\Windows\system32\msrle32.dll
2011-07-26 20:13:13 ----A---- C:\Windows\system32\mciavi32.dll
2011-07-26 20:13:13 ----A---- C:\Windows\system32\iyuv_32.dll
2011-07-26 20:13:13 ----A---- C:\Windows\system32\avifil32.dll
2011-07-26 20:13:12 ----A---- C:\Windows\system32\t2embed.dll
2011-07-26 20:13:11 ----A---- C:\Windows\system32\webio.dll
2011-07-26 20:13:10 ----A---- C:\Windows\system32\inetcomm.dll
2011-07-26 20:13:08 ----A---- C:\Windows\system32\ir32_32.dll
2011-07-26 20:13:08 ----A---- C:\Windows\system32\iccvid.dll
2011-07-26 20:13:08 ----A---- C:\Windows\system32\fontsub.dll
2011-07-26 20:13:08 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-07-26 20:13:07 ----A---- C:\Windows\system32\wmpmde.dll
2011-07-26 20:13:07 ----A---- C:\Windows\system32\msasn1.dll
2011-07-26 20:13:01 ----A---- C:\Windows\system32\msxml3.dll
2011-07-26 20:13:00 ----A---- C:\Windows\system32\poqexec.exe
2011-07-26 20:12:50 ----A---- C:\Windows\system32\cabview.dll
2011-07-26 20:12:40 ----A---- C:\Windows\system32\winlogon.exe
2011-07-26 20:12:40 ----A---- C:\Windows\explorer.exe
2011-07-26 19:41:18 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-26 19:41:08 ----D---- C:\Windows\ufa
2011-07-26 19:41:08 ----D---- C:\Windows\rpcminer
2011-07-26 19:41:08 ----D---- C:\Windows\phoenix
2011-07-26 19:41:05 ----A---- C:\Windows\l1rezerv.exe
2011-07-26 19:40:34 ----HD---- C:\Windows\update.2
2011-07-26 19:39:56 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-26 19:39:12 ----HD---- C:\Windows\update.5.0
2011-07-26 19:38:33 ----A---- C:\Windows\unrar.exe
2011-07-26 19:37:02 ----A---- C:\Windows\iplist.txt
2011-07-26 19:37:00 ----D---- C:\Program Files\Common Files\Adobe
2011-07-26 19:37:00 ----D---- C:\Program Files\Adobe
2011-07-26 19:36:47 ----SHD---- C:\Config.Msi
2011-07-26 19:36:07 ----A---- C:\Windows\sysdriver32_.exe
2011-07-26 19:35:53 ----A---- C:\Windows\sysdriver32.exe
2011-07-26 19:35:36 ----A---- C:\Windows\front_ip_list.txt
2011-07-26 19:35:22 ----D---- C:\Windows\av_ico
2011-07-26 19:33:55 ----HD---- C:\Windows\update.1
2011-07-26 19:33:54 ----HD---- C:\Windows\update.tray-7-0-lnk
2011-07-26 19:33:54 ----HD---- C:\Windows\update.tray-7-0
2011-07-26 19:23:39 ----A---- C:\Windows\winlog-ids.txt
2011-07-26 19:23:39 ----A---- C:\Windows\winlog-dirs.txt
2011-07-26 19:23:35 ----A---- C:\Windows\services32.exe
2011-07-25 14:51:02 ----D---- C:\Program Files\ICQ6Toolbar
2011-07-25 14:50:45 ----D---- C:\ProgramData\ICQ
2011-07-25 14:47:55 ----D---- C:\Users\PREKOP\AppData\Roaming\ICQ
2011-07-25 14:47:41 ----D---- C:\Program Files\ICQ7.5
2011-07-23 11:57:50 ----D---- C:\ProgramData\Symantec
2011-07-23 11:57:45 ----D---- C:\Windows\system32\drivers\NSS
2011-07-23 11:57:45 ----D---- C:\ProgramData\Norton
2011-07-23 11:57:45 ----D---- C:\Program Files\Norton Security Scan
2011-07-23 11:57:43 ----D---- C:\ProgramData\NortonInstaller
2011-07-23 11:57:43 ----D---- C:\Program Files\NortonInstaller
2011-07-22 23:33:21 ----D---- C:\Windows\system32\Adobe
2011-07-17 20:28:34 ----A---- C:\Windows\system32\CleanMFT32.exe
2011-07-17 20:28:33 ----A---- C:\Windows\system32\msxml.dll
2011-07-17 20:28:26 ----D---- C:\Program Files\Common Files\PC Tools
2011-07-17 20:28:25 ----D---- C:\Program Files\Registry Mechanic
2011-07-17 20:28:25 ----AD---- C:\ProgramData\TEMP
2011-07-17 17:28:51 ----D---- C:\Program Files\Common Files\DivX Shared
2011-07-17 17:26:55 ----D---- C:\Program Files\DivX
2011-07-17 17:25:36 ----D---- C:\ProgramData\DivX
2011-07-12 19:36:37 ----D---- C:\Program Files\Counter-Strike 1.6
2011-07-12 19:29:12 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2011-07-12 19:28:43 ----D---- C:\Program Files\DAEMON Tools Lite
2011-07-11 19:27:21 ----A---- C:\Windows\system32\drivers\atksgt.sys
2011-07-11 19:27:20 ----A---- C:\Windows\system32\drivers\lirsgt.sys
2011-07-11 19:26:56 ----D---- C:\Windows\system32\AGEIA
2011-07-11 19:26:56 ----D---- C:\Program Files\AGEIA Technologies
2011-07-11 19:26:45 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2011-07-11 19:24:18 ----D---- C:\Users\PREKOP\AppData\Roaming\Prison Break
2011-07-11 19:18:52 ----D---- C:\Program Files\Deep Silver
2011-07-11 16:24:25 ----D---- C:\Program Files\EAGLE-5.11.0
2011-07-11 16:24:05 ----D---- C:\Users\PREKOP\AppData\Roaming\CadSoft
2011-07-06 18:23:35 ----D---- C:\ProgramData\NCH Software
2011-07-06 18:23:20 ----D---- C:\Users\PREKOP\AppData\Roaming\NCH Software
2011-07-05 23:14:31 ----D---- C:\Users\PREKOP\AppData\Roaming\AVS4YOU
2011-07-05 23:12:37 ----A---- C:\Windows\system32\libmfxsw32.dll
2011-07-05 23:12:36 ----A---- C:\Windows\system32\libmfxhw32.dll
2011-07-05 23:12:23 ----D---- C:\Program Files\Common Files\AVSMedia
2011-07-05 23:11:53 ----D---- C:\ProgramData\AVS4YOU
2011-07-05 23:11:53 ----D---- C:\Program Files\AVS4YOU
2011-07-05 23:11:53 ----A---- C:\Windows\system32\msxml3a.dll
2011-07-05 23:11:53 ----A---- C:\Windows\system32\GdiPlus.dll
2011-07-05 22:21:05 ----D---- C:\ProgramData\McAfee
2011-07-05 22:20:56 ----D---- C:\ProgramData\YouTube Downloader
2011-07-05 22:20:49 ----D---- C:\Program Files\YouTube Downloader
2011-07-05 20:13:22 ----D---- C:\Program Files\ABCgames Cheater
2011-07-05 12:23:41 ----D---- C:\Windows\system32\appmgmt
2011-07-04 22:26:16 ----D---- C:\Users\PREKOP\AppData\Roaming\DVDVideoSoft
2011-07-04 22:26:12 ----D---- C:\Users\PREKOP\AppData\Roaming\DVDVideoSoftIEHelpers
2011-06-30 20:35:23 ----D---- C:\Program Files\Cheating-Death
2011-06-29 21:11:27 ----D---- C:\Users\PREKOP\AppData\Roaming\Hamachi
2011-06-29 21:11:10 ----A---- C:\Windows\system32\drivers\hamachi.sys
2011-06-28 16:12:19 ----D---- C:\Users\PREKOP\AppData\Roaming\GetRightToGo
2011-06-27 19:18:16 ----D---- C:\Program Files\GIANTS Software
2011-06-27 19:11:26 ----A---- C:\Windows\system32\dxtmeta2.dll
2011-06-27 18:08:39 ----D---- C:\Users\PREKOP\AppData\Roaming\Canneverbe Limited
2011-06-27 18:08:39 ----D---- C:\ProgramData\Canneverbe Limited
2011-06-27 18:08:32 ----D---- C:\Program Files\CDBurnerXP
2011-06-27 17:57:34 ----RASH---- C:\MSDOS.SYS
2011-06-27 17:57:34 ----RASH---- C:\IO.SYS

======List of files/folders modified in the last 1 month======

2011-07-26 23:00:00 ----D---- C:\Windows\Temp
2011-07-26 22:59:27 ----RD---- C:\Program Files
2011-07-26 22:18:10 ----D---- C:\Users\PREKOP\AppData\Roaming\Skype
2011-07-26 21:04:01 ----D---- C:\Windows\system32\config
2011-07-26 20:37:09 ----D---- C:\Windows\Microsoft.NET
2011-07-26 20:37:08 ----RSD---- C:\Windows\assembly
2011-07-26 20:34:28 ----D---- C:\Windows\System32
2011-07-26 20:34:24 ----D---- C:\Windows\winsxs
2011-07-26 20:32:21 ----D---- C:\Windows\system32\drivers
2011-07-26 20:32:20 ----D---- C:\Windows\system32\sk-SK
2011-07-26 20:32:20 ----D---- C:\Windows
2011-07-26 20:32:20 ----D---- C:\Program Files\Windows Mail
2011-07-26 20:32:17 ----D---- C:\Windows\system32\Boot
2011-07-26 20:32:17 ----D---- C:\Windows\ehome
2011-07-26 20:32:15 ----D---- C:\Program Files\Windows Media Player
2011-07-26 20:32:14 ----D---- C:\Windows\inf
2011-07-26 20:32:14 ----D---- C:\Program Files\Internet Explorer
2011-07-26 20:32:13 ----D---- C:\Windows\system32\migration
2011-07-26 20:30:30 ----D---- C:\Windows\system32\catroot2
2011-07-26 20:30:29 ----D---- C:\Windows\system32\catroot
2011-07-26 20:25:42 ----SHD---- C:\System Volume Information
2011-07-26 20:21:37 ----D---- C:\Windows\debug
2011-07-26 20:18:43 ----D---- C:\Windows\SoftwareDistribution
2011-07-26 20:02:03 ----D---- C:\Windows\Logs
2011-07-26 19:55:51 ----D---- C:\Program Files\Windows Defender
2011-07-26 19:40:53 ----D---- C:\Windows\system32\drivers\etc
2011-07-26 19:38:22 ----SHD---- C:\Windows\Installer
2011-07-26 19:37:01 ----D---- C:\ProgramData\Adobe
2011-07-26 19:37:00 ----D---- C:\Program Files\Common Files
2011-07-25 22:34:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-25 21:35:44 ----D---- C:\Users\PREKOP\AppData\Roaming\vlc
2011-07-25 21:35:39 ----D---- C:\Users\PREKOP\AppData\Roaming\dvdcss
2011-07-25 14:51:01 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-25 14:50:45 ----HD---- C:\ProgramData
2011-07-23 11:57:52 ----D---- C:\Windows\Tasks
2011-07-23 11:57:52 ----D---- C:\Windows\system32\Tasks
2011-07-22 23:34:15 ----D---- C:\Windows\system32\Macromed
2011-07-21 12:27:10 ----RD---- C:\Program Files\Skype
2011-07-21 12:27:08 ----D---- C:\ProgramData\Skype
2011-07-21 12:21:17 ----D---- C:\Users\PREKOP\AppData\Roaming\skypePM
2011-07-15 22:57:29 ----D---- C:\Program Files\Mozilla Firefox 4.0 Beta 11
2011-07-12 19:29:30 ----D---- C:\Windows\system32\DriverStore
2011-07-12 19:29:06 ----D---- C:\Program Files\DAEMON Tools Toolbar
2011-07-09 10:54:00 ----D---- C:\Windows\system32\wdi
2011-07-07 18:00:06 ----A---- C:\Windows\ODBC.INI
2011-07-05 23:12:10 ----D---- C:\Program Files\Common Files\microsoft shared
2011-07-05 12:20:33 ----SD---- C:\Users\PREKOP\AppData\Roaming\Microsoft
2011-07-04 17:37:21 ----D---- C:\Windows\Prefetch
2011-07-02 10:07:25 ----D---- C:\Users\PREKOP\AppData\Roaming\Adobe
2011-06-29 22:24:11 ----D---- C:\Windows\system32\drivers\UMDF

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\Windows\System32\Drivers\PxHelp20.sys [2006-05-16 46080]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-06-25 691696]
R1 aswRdr;aswRdr; C:\Windows\system32\drivers\aswRdr.sys [2007-09-06 23152]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-12 218688]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-07-11 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-07-11 25888]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x86.sys [2009-07-14 47104]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2011-06-29 25280]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2011-04-07 247608]
R2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service; C:\Program Files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-26 348672]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-26 495616]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-26 256000]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-26 1200640]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 26 črc 2011 22:25

Zdravim a pekny vecer preji

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich
motji píše: Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill SCR:
http://download.bleepingcomputer.com/grinler/rkill.scr

Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne temer okamzite a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Ted nerestartujte PC - prisli byste o ucinek RKillu

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Aplikujte RogueKiller

stell píše: pouzijes RogueKiller>.spustis>>stlac 2> [enter] log vloz sem
http://www.viry.cz/forum/viewtopic.php? ... 05#p981205

Jeste znovu RogueKiller ale nyni s moznosti 3 a pote jeste jednou s moznosti 4

RKill i RogueKiller by mely udelat logy, vlozte mi je sem

michalp · #3 Příspěvek od **michalp** » 26 črc 2011 22:45

Dobrý večer ja som sa zasekol.Ked kliknem pravým tak nemám žiadnu možnosť spustiť ako správca.Mohli by ste mi poradiť?Stalo sa mi to keď som spúšťal Helper

#4 Příspěvek od **vyosek** » 26 črc 2011 22:51

Spoustejte tedy normalne dvojklikem...eXeHelper preskocte a jdete rovnout na RogueKiller

michalp · #5 Příspěvek od **michalp** » 26 črc 2011 23:05

This log file is located at C:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on . 07. 2011 at 0:03:39.
Operating System: Windows 7 Ultimate

Processes terminated by Rkill or while it was running:

Rkill completed on . 07. 2011 at 0:03:46.

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: PREKOP [Admin rights]
Mode: Remove -- Date : 07/27/2011 00:04:10

Bad processes: 0

Registry Entries: 0

HOSTS File:
127.0.0.1 localhost

Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: PREKOP [Admin rights]
Mode: HOSTSFix -- Date : 07/27/2011 00:05:12

Bad processes: 0

HOSTS File:
127.0.0.1 localhost

Resetted HOSTS:
127.0.0.1 localhost

Finished : << RKreport[5].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt

RogueKiller V5.2.8 [07/23/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: PREKOP [Admin rights]
Mode: ProxyFix -- Date : 07/27/2011 00:05:45

Bad processes: 0

Registry Entries: 0

Finished : << RKreport[6].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt ; RKreport[5].txt ;
RKreport[6].txt

#6 Příspěvek od **vyosek** » 26 črc 2011 23:13

Fajn, jdeme dale

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

michalp · #7 Příspěvek od **michalp** » 26 črc 2011 23:46

ComboFix 11-07-26.03 - PREKOP . 07. 2011 0:36.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1301 [GMT 2:00]
Running from: c:\users\PREKOP\Desktop\anti 2\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 21:37 . 2011-07-26 21:37 -------- d--h--w- c:\windows\PIF
2011-07-26 20:59 . 2011-07-26 21:00 -------- d-----w- c:\program files\trend micro
2011-07-26 20:59 . 2011-07-26 21:00 -------- d-----w- C:\rsit
2011-07-26 18:30 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-07-26 18:28 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-26 18:28 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-26 18:28 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-26 18:28 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-26 18:28 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-26 18:20 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-26 18:18 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-26 18:18 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-26 18:17 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-26 18:13 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-26 18:12 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-07-26 18:12 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2011-07-26 18:12 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-07-26 17:41 . 2011-07-26 17:41 -------- d-----w- c:\windows\ufa
2011-07-26 17:41 . 2011-07-26 17:41 -------- d-----w- c:\windows\rpcminer
2011-07-26 17:41 . 2011-07-26 17:41 -------- d-----w- c:\windows\phoenix
2011-07-26 17:38 . 2011-07-26 17:41 246272 ----a-w- c:\windows\unrar.exe
2011-07-26 17:37 . 2011-07-26 17:37 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-26 17:35 . 2011-07-26 17:35 -------- d-----w- c:\windows\av_ico
2011-07-26 17:33 . 2011-07-26 17:33 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-26 17:33 . 2011-07-26 17:33 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 12:51 . 2011-07-25 12:51 -------- d-----w- c:\program files\ICQ6Toolbar
2011-07-25 12:50 . 2011-07-25 12:51 -------- d-----w- c:\programdata\ICQ
2011-07-25 12:47 . 2011-07-26 19:06 -------- d-----w- c:\users\PREKOP\AppData\Roaming\ICQ
2011-07-25 12:47 . 2011-07-25 12:55 -------- d-----w- c:\program files\ICQ7.5
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\programdata\Symantec
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\windows\system32\drivers\NSS
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\programdata\Norton
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\program files\Norton Security Scan
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\program files\NortonInstaller
2011-07-22 21:33 . 2011-07-22 21:33 -------- d-----w- c:\windows\system32\Adobe
2011-07-17 18:28 . 2010-09-16 10:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-07-17 18:28 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-07-17 18:28 . 2008-09-17 20:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-07-17 18:28 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-07-17 18:28 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-07-17 18:28 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-07-17 18:28 . 2011-07-17 18:28 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-17 15:31 . 2011-07-17 15:31 -------- d-----w- c:\users\PREKOP\AppData\Local\DDMSettings
2011-07-17 15:28 . 2011-07-17 15:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-07-17 15:26 . 2011-07-17 15:30 -------- d-----w- c:\program files\DivX
2011-07-17 15:25 . 2011-07-17 15:30 -------- d-----w- c:\programdata\DivX
2011-07-12 17:36 . 2011-07-17 19:20 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-07-12 17:29 . 2011-07-12 17:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-12 17:28 . 2011-07-12 17:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-11 17:27 . 2011-07-11 17:27 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-07-11 17:27 . 2011-07-11 17:27 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-11 17:26 . 2011-07-11 17:27 -------- d-----w- c:\program files\AGEIA Technologies
2011-07-11 17:26 . 2011-07-11 17:26 -------- d-----w- c:\windows\system32\AGEIA
2011-07-11 17:26 . 2011-07-11 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-11 17:24 . 2011-07-11 17:43 -------- d-----w- c:\users\PREKOP\AppData\Roaming\Prison Break
2011-07-11 17:18 . 2011-07-11 17:18 -------- d-----w- c:\program files\Deep Silver
2011-07-11 14:24 . 2011-07-11 14:24 -------- d-----w- c:\program files\EAGLE-5.11.0
2011-07-11 14:24 . 2011-07-11 14:24 -------- d-----w- c:\users\PREKOP\AppData\Roaming\CadSoft
2011-07-08 19:49 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4190AF0E-7F50-4862-A9BE-7388AA2E8D44}\mpengine.dll
2011-07-06 16:24 . 2011-07-06 17:39 -------- d-----w- c:\users\PREKOP\AppData\Local\Conduit
2011-07-06 16:23 . 2011-07-06 16:23 -------- d-----w- c:\programdata\NCH Software
2011-07-06 16:23 . 2011-07-12 17:32 -------- d-----w- c:\users\PREKOP\AppData\Roaming\NCH Software
2011-07-05 21:14 . 2011-07-05 21:14 -------- d-----w- c:\users\PREKOP\AppData\Roaming\AVS4YOU
2011-07-05 21:12 . 2011-06-22 14:13 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-07-05 21:12 . 2011-06-22 14:13 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-07-05 21:12 . 2011-07-05 21:13 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-07-05 21:11 . 2011-07-05 21:14 -------- d-----w- c:\programdata\AVS4YOU
2011-07-05 21:11 . 2011-07-05 21:13 -------- d-----w- c:\program files\AVS4YOU
2011-07-05 21:11 . 2011-06-22 14:14 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-05 21:11 . 2011-06-22 14:13 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-07-05 20:21 . 2011-07-05 20:21 -------- d-----w- c:\programdata\McAfee
2011-07-05 20:20 . 2011-07-05 20:20 -------- d-----w- c:\programdata\YouTube Downloader
2011-07-05 20:20 . 2011-07-05 20:20 -------- d-----w- c:\program files\YouTube Downloader
2011-07-05 18:13 . 2011-07-05 18:13 -------- d-----w- c:\program files\ABCgames Cheater
2011-07-04 20:26 . 2011-07-04 20:26 -------- d-----w- c:\users\PREKOP\AppData\Roaming\DVDVideoSoft
2011-07-02 08:07 . 2011-07-26 17:36 -------- d-----w- c:\users\PREKOP\AppData\Local\Adobe
2011-06-30 18:35 . 2011-06-30 18:35 -------- d-----w- c:\program files\Cheating-Death
2011-06-29 19:11 . 2011-07-04 15:18 -------- d-----w- c:\users\PREKOP\AppData\Roaming\Hamachi
2011-06-29 19:11 . 2011-06-29 19:11 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-28 14:12 . 2011-06-28 14:15 -------- d-----w- c:\users\PREKOP\AppData\Roaming\GetRightToGo
2011-06-27 17:18 . 2011-06-27 17:18 -------- d-----w- c:\program files\GIANTS Software
2011-06-27 17:11 . 2000-08-19 17:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2011-06-27 16:08 . 2011-06-27 16:08 -------- d-----w- c:\users\PREKOP\AppData\Roaming\Canneverbe Limited
2011-06-27 16:08 . 2011-06-27 16:08 -------- d-----w- c:\programdata\Canneverbe Limited
2011-06-27 16:08 . 2011-06-27 16:08 -------- d-----w- c:\program files\CDBurnerXP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 16:18 . 2011-06-25 16:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-24 17:14 . 2011-06-25 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-07-25 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"tray_ico0"="c:\windows\update.tray-7-0\svchost.exe" [2011-07-26 1200640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-25 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-12 218688]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-04-07 247608]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001Core.job
- c:\users\PREKOP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 16:50]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001UA.job
- c:\users\PREKOP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 16:50]
.
2011-07-26 c:\windows\Tasks\Norton Security Scan for PREKOP.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-23 11:19]
.
2011-07-26 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-07-17 15:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/ut/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.100.252
FF - ProfilePath - c:\users\PREKOP\AppData\Roaming\Mozilla\Firefox\Profiles\3hzmzzrd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ut/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex_ut&tb_ver=1.2.6&q=
pref(startup.homepage_override_url,);
pref(startup.homepage_welcome_url,);
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico1 - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-VideoPad - c:\program files\NCH Software\VideoPad\uninst.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
.
**************************************************************************
.
Completion time: 2011-07-27 00:44:22 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-26 22:44
.
Pre-Run: 66 505 555 968 bytes free
Post-Run: 68 663 431 168 bytes free
.
- - End Of File - - 8904E084D730F36CA5A0FCC47D04D59E

#8 Příspěvek od **vyosek** » 26 črc 2011 23:54

Prejmenujte ComboFix na pitomec.com at si uvedomite ze na blbiny se neklika

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\ICQ6Toolbar
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk

File::
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001UA.job
C:\Windows\tasks\Norton Security Scan for PREKOP.job
C:\Windows\tasks\RMSchedule.job

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Skype"=-
"ICQ"=-
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"DivXUpdate"=-
"tray_ico0"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

Driver::
ICQ Service

DDS::
uStart Page = hxxp://start.icq.com/ut/

Firefox::
FF - ProfilePath - c:\users\PREKOP\AppData\Roaming\Mozilla\Firefox\Profiles\3hzmzzrd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ut/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... r=1.2.6&q=

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

michalp · #9 Příspěvek od **michalp** » 27 črc 2011 00:08

ComboFix 11-07-26.03 - PREKOP . 07. 2011 1:03.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1138 [GMT 2:00]
Running from: c:\users\PREKOP\Desktop\anti 2\pitomec.com.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\front_ip_list.txt
.
.
((((((((((((((((((((((((( Files Created from 2011-06-26 to 2011-07-26 )))))))))))))))))))))))))))))))
.
.
2011-07-26 23:07 . 2011-07-26 23:07 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 22:40 . 2011-07-26 23:07 -------- d-----w- c:\users\PREKOP\AppData\Local\temp
2011-07-26 21:37 . 2011-07-26 21:37 -------- d--h--w- c:\windows\PIF
2011-07-26 20:59 . 2011-07-26 21:00 -------- d-----w- c:\program files\trend micro
2011-07-26 20:59 . 2011-07-26 21:00 -------- d-----w- C:\rsit
2011-07-26 18:30 . 2009-09-10 05:52 257024 ----a-w- c:\windows\system32\msv1_0.dll
2011-07-26 18:28 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2011-07-26 18:28 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2011-07-26 18:28 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2011-07-26 18:28 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2011-07-26 18:28 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2011-07-26 18:20 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2011-07-26 18:18 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-07-26 18:18 . 2011-06-11 02:37 2332672 ----a-w- c:\windows\system32\win32k.sys
2011-07-26 18:17 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2011-07-26 18:13 . 2011-03-11 05:40 1164288 ----a-w- c:\windows\system32\mfc42u.dll
2011-07-26 18:12 . 2010-01-09 06:52 132608 ----a-w- c:\windows\system32\cabview.dll
2011-07-26 18:12 . 2009-10-31 05:45 2614272 ----a-w- c:\windows\explorer.exe
2011-07-26 18:12 . 2009-10-28 06:17 285696 ----a-w- c:\windows\system32\winlogon.exe
2011-07-26 17:41 . 2011-07-26 17:41 -------- d-----w- c:\windows\ufa
2011-07-26 17:41 . 2011-07-26 17:41 -------- d-----w- c:\windows\rpcminer
2011-07-26 17:41 . 2011-07-26 17:41 -------- d-----w- c:\windows\phoenix
2011-07-26 17:38 . 2011-07-26 17:41 246272 ----a-w- c:\windows\unrar.exe
2011-07-26 17:37 . 2011-07-26 17:37 -------- d-----w- c:\program files\Common Files\Adobe
2011-07-26 17:35 . 2011-07-26 17:35 -------- d-----w- c:\windows\av_ico
2011-07-26 17:33 . 2011-07-26 17:33 -------- d--h--w- c:\windows\update.tray-7-0
2011-07-26 17:33 . 2011-07-26 17:33 -------- d--h--w- c:\windows\update.tray-7-0-lnk
2011-07-25 12:51 . 2011-07-25 12:51 -------- d-----w- c:\program files\ICQ6Toolbar
2011-07-25 12:50 . 2011-07-25 12:51 -------- d-----w- c:\programdata\ICQ
2011-07-25 12:47 . 2011-07-26 19:06 -------- d-----w- c:\users\PREKOP\AppData\Roaming\ICQ
2011-07-25 12:47 . 2011-07-25 12:55 -------- d-----w- c:\program files\ICQ7.5
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\programdata\Symantec
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\windows\system32\drivers\NSS
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\programdata\Norton
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\program files\Norton Security Scan
2011-07-23 09:57 . 2011-07-23 09:57 -------- d-----w- c:\program files\NortonInstaller
2011-07-22 21:33 . 2011-07-22 21:33 -------- d-----w- c:\windows\system32\Adobe
2011-07-17 18:28 . 2010-09-16 10:26 37336 ----a-w- c:\windows\system32\CleanMFT32.exe
2011-07-17 18:28 . 2008-04-02 14:54 1101824 ----a-w- c:\windows\system32\UniBox210.ocx
2011-07-17 18:28 . 2008-09-17 20:17 658432 ----a-w- c:\windows\system32\MSCOMCT2.OCX
2011-07-17 18:28 . 2008-04-02 14:53 212992 ----a-w- c:\windows\system32\UniBoxVB12.ocx
2011-07-17 18:28 . 2008-04-02 14:53 880640 ----a-w- c:\windows\system32\UniBox10.ocx
2011-07-17 18:28 . 2004-08-04 06:00 506368 ----a-w- c:\windows\system32\msxml.dll
2011-07-17 18:28 . 2011-07-17 18:28 -------- d-----w- c:\program files\Common Files\PC Tools
2011-07-17 15:31 . 2011-07-17 15:31 -------- d-----w- c:\users\PREKOP\AppData\Local\DDMSettings
2011-07-17 15:28 . 2011-07-17 15:30 -------- d-----w- c:\program files\Common Files\DivX Shared
2011-07-17 15:26 . 2011-07-17 15:30 -------- d-----w- c:\program files\DivX
2011-07-17 15:25 . 2011-07-17 15:30 -------- d-----w- c:\programdata\DivX
2011-07-12 17:36 . 2011-07-17 19:20 -------- d-----w- c:\program files\Counter-Strike 1.6
2011-07-12 17:29 . 2011-07-12 17:29 218688 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-12 17:28 . 2011-07-12 17:29 -------- d-----w- c:\program files\DAEMON Tools Lite
2011-07-11 17:27 . 2011-07-11 17:27 281760 ----a-w- c:\windows\system32\drivers\atksgt.sys
2011-07-11 17:27 . 2011-07-11 17:27 25888 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2011-07-11 17:26 . 2011-07-11 17:27 -------- d-----w- c:\program files\AGEIA Technologies
2011-07-11 17:26 . 2011-07-11 17:26 -------- d-----w- c:\windows\system32\AGEIA
2011-07-11 17:26 . 2011-07-11 17:26 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2011-07-11 17:24 . 2011-07-11 17:43 -------- d-----w- c:\users\PREKOP\AppData\Roaming\Prison Break
2011-07-11 17:18 . 2011-07-11 17:18 -------- d-----w- c:\program files\Deep Silver
2011-07-11 14:24 . 2011-07-11 14:24 -------- d-----w- c:\program files\EAGLE-5.11.0
2011-07-11 14:24 . 2011-07-11 14:24 -------- d-----w- c:\users\PREKOP\AppData\Roaming\CadSoft
2011-07-08 19:49 . 2011-06-20 06:57 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4190AF0E-7F50-4862-A9BE-7388AA2E8D44}\mpengine.dll
2011-07-06 16:24 . 2011-07-06 17:39 -------- d-----w- c:\users\PREKOP\AppData\Local\Conduit
2011-07-06 16:23 . 2011-07-06 16:23 -------- d-----w- c:\programdata\NCH Software
2011-07-06 16:23 . 2011-07-12 17:32 -------- d-----w- c:\users\PREKOP\AppData\Roaming\NCH Software
2011-07-05 21:14 . 2011-07-05 21:14 -------- d-----w- c:\users\PREKOP\AppData\Roaming\AVS4YOU
2011-07-05 21:12 . 2011-06-22 14:13 10833920 ----a-w- c:\windows\system32\libmfxsw32.dll
2011-07-05 21:12 . 2011-06-22 14:13 10915840 ----a-w- c:\windows\system32\libmfxhw32.dll
2011-07-05 21:12 . 2011-07-05 21:13 -------- d-----w- c:\program files\Common Files\AVSMedia
2011-07-05 21:11 . 2011-07-05 21:14 -------- d-----w- c:\programdata\AVS4YOU
2011-07-05 21:11 . 2011-07-05 21:13 -------- d-----w- c:\program files\AVS4YOU
2011-07-05 21:11 . 2011-06-22 14:14 1700352 ----a-w- c:\windows\system32\GdiPlus.dll
2011-07-05 21:11 . 2011-06-22 14:13 24576 ----a-w- c:\windows\system32\msxml3a.dll
2011-07-05 20:21 . 2011-07-05 20:21 -------- d-----w- c:\programdata\McAfee
2011-07-05 20:20 . 2011-07-05 20:20 -------- d-----w- c:\programdata\YouTube Downloader
2011-07-05 20:20 . 2011-07-05 20:20 -------- d-----w- c:\program files\YouTube Downloader
2011-07-05 18:13 . 2011-07-05 18:13 -------- d-----w- c:\program files\ABCgames Cheater
2011-07-04 20:26 . 2011-07-04 20:26 -------- d-----w- c:\users\PREKOP\AppData\Roaming\DVDVideoSoft
2011-07-02 08:07 . 2011-07-26 17:36 -------- d-----w- c:\users\PREKOP\AppData\Local\Adobe
2011-06-30 18:35 . 2011-06-30 18:35 -------- d-----w- c:\program files\Cheating-Death
2011-06-29 19:11 . 2011-07-04 15:18 -------- d-----w- c:\users\PREKOP\AppData\Roaming\Hamachi
2011-06-29 19:11 . 2011-06-29 19:11 25280 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-06-28 14:12 . 2011-06-28 14:15 -------- d-----w- c:\users\PREKOP\AppData\Roaming\GetRightToGo
2011-06-27 17:18 . 2011-06-27 17:18 -------- d-----w- c:\program files\GIANTS Software
2011-06-27 17:11 . 2000-08-19 17:29 268048 ----a-w- c:\windows\system32\dxtmeta2.dll
2011-06-27 16:08 . 2011-06-27 16:08 -------- d-----w- c:\users\PREKOP\AppData\Roaming\Canneverbe Limited
2011-06-27 16:08 . 2011-06-27 16:08 -------- d-----w- c:\programdata\Canneverbe Limited
2011-06-27 16:08 . 2011-06-27 16:08 -------- d-----w- c:\program files\CDBurnerXP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-25 16:18 . 2011-06-25 16:18 691696 ----a-w- c:\windows\system32\drivers\sptd.sys
2011-05-24 17:14 . 2011-06-25 16:44 222080 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1173504]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-06-15 15141768]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-07-25 124216]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
"SSDMonitor"="c:\program files\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2010-11-15 112600]
"tray_ico0"="c:\windows\update.tray-7-0\svchost.exe" [2011-07-26 1200640]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-06-25 691696]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-07-12 218688]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-04-07 247608]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files\Common Files\PC Tools\sMonitor\StartManSvc.exe [2010-10-01 632792]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001Core.job
- c:\users\PREKOP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 16:50]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001UA.job
- c:\users\PREKOP\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-25 16:50]
.
2011-07-26 c:\windows\Tasks\Norton Security Scan for PREKOP.job
- c:\progra~1\NORTON~2\Engine\351~1.6\Nss.exe [2011-07-23 11:19]
.
2011-07-26 c:\windows\Tasks\RMSchedule.job
- c:\program files\Registry Mechanic\RegMech.exe [2011-07-17 15:05]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/ut/
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.100.252
FF - ProfilePath - c:\users\PREKOP\AppData\Roaming\Mozilla\Firefox\Profiles\3hzmzzrd.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2801948&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/ut/
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex_ut&tb_ver=1.2.6&q=
pref(startup.homepage_override_url,);
pref(startup.homepage_welcome_url,);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-07-27 01:08:16
ComboFix-quarantined-files.txt 2011-07-26 23:08
ComboFix2.txt 2011-07-26 22:44
.
Pre-Run: 68 707 852 288 bytes free
Post-Run: 68 667 994 112 bytes free
.
- - End Of File - - F60446E4B415FC240ED14C9667D8DB8E

#10 Příspěvek od **vyosek** » 27 črc 2011 00:12

Nejak se nam neprovedlo co melo, takze na to pujdem jinak

Stahnete OTM (viz muj podpis)

Pokud pouzivate Win Vista ci W7, kliknete na OTM pravym a dejte Run As Administrator ci Spustit jako spravce
Do leveho okna Paste Instructions for Items to be Moved (pod zlutou caru) vlozte obsah, ktery mate nize

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Skype"=-
"ICQ"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=-
"DivXUpdate"=-
"tray_ico0"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000

:services
ICQ Service

:files
C:\Program Files\DAEMON Tools Toolbar
C:\Program Files\ICQ6Toolbar
c:\windows\ufa
c:\windows\rpcminer
c:\windows\phoenix
c:\windows\av_ico
c:\windows\update.tray-7-0
c:\windows\update.tray-7-0-lnk
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001UA.job
C:\Windows\tasks\Norton Security Scan for PREKOP.job
C:\Windows\tasks\RMSchedule.job
c:\windows\unrar.exe
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Kliknete na cervene tlacitko MoveIt!
Budete vyzvani na restart, dejte Yes, log pote najdete C:\_OTM\MovedFiles, obsah sem vlozte

michalp · #11 Příspěvek od **michalp** » 27 črc 2011 00:19

All processes killed
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Skype deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\ICQ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\WinampAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe Reader Speed Launcher deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Adobe ARM deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"FirewallOverride"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\software\microsoft\security center\\"DisableThumbnailCache"|dword:00000000 /E : value set successfully!
========== SERVICES/DRIVERS ==========
Service ICQ Service stopped successfully!
Service ICQ Service deleted successfully!
========== FILES ==========
C:\Program Files\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files\DAEMON Tools Toolbar folder moved successfully.
C:\Program Files\ICQ6Toolbar folder moved successfully.
c:\windows\ufa folder moved successfully.
c:\windows\rpcminer folder moved successfully.
c:\windows\phoenix\kernels\poclbm folder moved successfully.
c:\windows\phoenix\kernels\phatk folder moved successfully.
c:\windows\phoenix\kernels folder moved successfully.
c:\windows\phoenix folder moved successfully.
c:\windows\av_ico folder moved successfully.
c:\windows\update.tray-7-0 folder moved successfully.
c:\windows\update.tray-7-0-lnk folder moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2092026132-1107486264-608300520-1001UA.job moved successfully.
C:\Windows\tasks\Norton Security Scan for PREKOP.job moved successfully.
C:\Windows\tasks\RMSchedule.job moved successfully.
c:\windows\unrar.exe moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: PREKOP
->Temp folder emptied: 53248 bytes
->Temporary Internet Files folder emptied: 3856915 bytes
->FireFox cache emptied: 502541826 bytes
->Google Chrome cache emptied: 337508100 bytes
->Flash cache emptied: 143416 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 805,00 mb

OTM by OldTimer - Version 3.1.18.0 log created on 07272011_011508

#12 Příspěvek od **vyosek** » 27 črc 2011 00:22

Jak se chova PC

michalp · #13 Příspěvek od **michalp** » 27 črc 2011 00:23

Čo myslíte pod pojmom ako sa chová??

#14 Příspěvek od **vyosek** » 27 črc 2011 00:24

Tak jestli bezi v poradku, ci nevyskakuji nejaka okna...ci je tak jako pred infekci

michalp · #15 Příspěvek od **michalp** » 27 črc 2011 00:27

myslím, že všetko je v poriadku

mne vírus spôsobil len to, že mi nešiel FB teda pokiaľ viem nič iné sa nedialo

a teraz mi už ide a nevyhadzuje žiadne okná.Vyzerá byť v poriadku.

Tie programy ktoré som použil môžem odinštalovať?? alebo ich mám pre istotu nechať v PC??

VIRY.CZ

FB-virus

FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus

Re: FB-virus