Prosím o pomoc s odstránením "FB vírusu"
tu je log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Pc at 2011-08-22 20:30:54
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 19 GB (25%) free of 78 GB
Total RAM: 1023 MB (34% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:31:12, on 22.8.2011
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
C:\Program Files\Winamp\winampa.exe
C:\WINDOWS\system32\rundll32.exe
C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
C:\WINDOWS\update.tray-9-0\svchost.exe
C:\WINDOWS\update.tray-3-0\svchost.exe
C:\WINDOWS\systemup.exe
C:\WINDOWS\l1rezerv.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
C:\WINDOWS\system32\ntvdm.exe
C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\update.5.0\svchost.exe
C:\WINDOWS\sysdriver32.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\update.1\svchost.exe
C:\WINDOWS\update.2\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\ufa\ufa.exe
C:\DOCUME~1\Pc\LOCALS~1\Temp\TeamViewer\Version6\TeamViewer.exe
C:\WINDOWS\update.7.1\svchostdriver.exe
c:\docume~1\pc\locals~1\temp\teamviewer\version6\TeamViewer_Desktop.exe
C:\DOCUME~1\Pc\LOCALS~1\Temp\TeamViewer\Version6\tv_w32.exe
C:\Documents and Settings\Pc\Desktop\RSIT.exe
C:\Program Files\trend micro\Pc.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
O2 - BHO: XTTBPos00 - {055FD26D-3A88-4e15-963D-DC8493744B1D} - C:\PROGRA~1\ICQTOO~1\toolbaru.dll (file missing)
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\HP\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [BigDog305] C:\WINDOWS\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)
O4 - HKLM\..\Run: [nod32kui] "C:\Program Files\Eset\nod32kui.exe" /WAITSERVICE
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files\Winamp\winampa.exe"
O4 - HKLM\..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent
O4 - HKLM\..\Run: [UpdateReminder] C:\Program Files\Eset\UpdateReminder.exe
O4 - HKLM\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFTVFM\WFWIZ.exe
O4 - HKLM\..\Run: [wxpdrv] C:\WINDOWS\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\WINDOWS\update.tray-9-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\WINDOWS\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [8612805.exe] "C:\DOCUME~1\Pc\LOCALS~1\Temp\8612805.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\WINDOWS\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\WINDOWS\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [5825070.exe] "C:\WINDOWS\TEMP\5825070.exe"
O4 - HKLM\..\Run: [8990947.exe] "C:\DOCUME~1\Pc\LOCALS~1\Temp\8990947.exe"
O4 - HKLM\..\Run: [systemup] "C:\WINDOWS\systemup.exe" stand
O4 - HKLM\..\Run: [4608379.exe] "C:\WINDOWS\TEMP\4608379.exe"
O4 - HKLM\..\Run: [10894297-loader2.exe] "C:\WINDOWS\TEMP\10894297-loader2.exe"
O4 - HKLM\..\Run: [7739332.exe] "C:\WINDOWS\TEMP\7739332.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\WINDOWS\l1rezerv.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [AdVantage] "C:\Program Files\AdVantage\AdVantage.exe"
O4 - HKCU\..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe" /automount
O4 - HKCU\..\Run: [ares] "C:\Program Files\Ares\Ares.exe" -h
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Kalendár.lnk = C:\WINDOWS\MENINY.EXE
O4 - Global Startup: BlueSoleil.lnk = ?
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O4 - Global Startup: InterVideo WinCinema Manager.lnk = C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
O4 - Global Startup: McAfee Security Scan.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Translator Settings - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Vocabulary - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Translate Marked Text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Translate Web Page - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: BlueSoleil Hid Service - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe
O23 - Service: ddservice - Unknown owner - C:\WINDOWS\update.7.1\svchostdriver.exe
O23 - Service: Služba Google Update (gupdate1ca84cf9978c62a) (gupdate1ca84cf9978c62a) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: srvbtcclient - Unknown owner - C:\WINDOWS\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\WINDOWS\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\WINDOWS\sysdriver32.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: wxpdrivers - Unknown owner - C:\WINDOWS\update.1\svchost.exe
O24 - Desktop Component 0: (no name) - http://images.autobazar.eu/logo.gif
O24 - Desktop Component 1: (no name) - http://n03.joj.sk/data/L3BpY3R1cmUyL2lf ... cuanBlZw==
O24 - Desktop Component 2: (no name) - http://www.pozadie.sk/fotky/krajiny/10_ ... G2537m.jpg
--
End of file - 11762 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\WGASetup.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default
prefs.js - "extensions.enabledItems" - "{A89AED22-9133-424c-88E7-C8235C5FF302}:0.9.1, battlefieldheroespatcher@ea.com:4.0.27.0, {800b5000-a755-47e1-992b-48a1c1357f07}:1.1.5, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {64161300-e22b-11db-8314-0800200c9a66}:0.9.5, {003D3EDC-99B9-4a34-9C20-60CB94F7E829}:2007.15, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.5.0.8013, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.19"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... id=afex&q="
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Content Upload Plugin,version=1.0.0]
"Description"=DivX® Content Upload Plugin
"Path"=C:\Program Files\DivX\DivX Content Uploader\npUpload.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0]
"Description"=DivX® Player Plugin for VOD Content
"Path"=C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@joj.sk/TV_JOJ_Media_Player]
"Description"=TV JOJ Media Player
"Path"=C:\Program Files\TV JOJ Media Player\npplugin_netscape.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@zylom.com/ZylomGamesPlayer]
"Description"=Zylom Games Player 1.00
"Path"=C:\Documents and Settings\All Users\Application Data\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
C:\Program Files\Mozilla Firefox\extensions\
{800b5000-a755-47e1-992b-48a1c1357f07}
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{A89AED22-9133-424c-88E7-C8235C5FF302}
C:\Program Files\Mozilla Firefox\components\
aboutRights.js
aboutRobots.js
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
compreg.dat
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
jsconsole-clhandler.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsHandlerService.js
nsHelperAppDlg.js
nsIZylomPlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesTransactionsService.js
nsPostUpdateWin.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
txEXSLTRegExFunctions.js
WebContentConverter.js
xpti.dat
C:\Program Files\Mozilla Firefox\plugins\
npdivx32.dll
npDivxPlayerPlugin.dll
npnul32.dll
npzylomgamesplayer.dll
nsIDivxPlayerPlugin.xpt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\extensions\
battlefieldheroespatcher@ea.com
{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
{20a82645-c095-46ed-80e3-08825760534b}
{64161300-e22b-11db-8314-0800200c9a66}
C:\Documents and Settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\searchplugins\
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-23.xml
icqplugin-24.xml
icqplugin-25.xml
icqplugin-26.xml
icqplugin-27.xml
icqplugin-28.xml
icqplugin-29.xml
icqplugin-3.xml
icqplugin-30.xml
icqplugin-31.xml
icqplugin-32.xml
icqplugin-33.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D}]
XTTBPos00 Class - C:\PROGRA~1\ICQTOO~1\toolbaru.dll []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 5.0 CE\Reader\ActiveX\AcroIEHelper.ocx [2001-04-16 37808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll [2008-11-27 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-07-11 3821568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2009-06-01 962808]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\Documents and Settings\All Users\Application Data\LangSoft\WebIE.dll [2008-11-27 503808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2006-11-10 90112]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-17 2879488]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-11-15 16270848]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-04 69632]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
"BigDog305"=C:\WINDOWS\VM305_STI.EXE [2005-08-05 61440]
"nod32kui"=C:\Program Files\Eset\nod32kui.exe /WAITSERVICE []
"WinampAgent"=C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
"BluetoothAuthenticationAgent"=bthprops.cpl,,BluetoothAuthenticationAgent []
"UpdateReminder"=C:\Program Files\Eset\UpdateReminder.exe []
"WinFast Schedule"=C:\Program Files\WinFast\WFTVFM\WFWIZ.exe [2003-06-17 159744]
"wxpdrv"=C:\WINDOWS\services32.exe [2011-08-21 1213440]
"tray_ico"= []
"tray_ico0"=C:\WINDOWS\update.tray-9-0\svchost.exe [2011-08-21 1213440]
"tray_ico1"=C:\WINDOWS\update.tray-3-0\svchost.exe [2011-08-21 1213440]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"8612805.exe"=C:\DOCUME~1\Pc\LOCALS~1\Temp\8612805.exe [2011-08-22 258048]
"sysdriver32.exe"=C:\WINDOWS\sysdriver32.exe [2011-08-22 258048]
"sysdriver32_.exe"=C:\WINDOWS\sysdriver32_.exe [2011-08-22 258048]
"5825070.exe"=C:\WINDOWS\TEMP\5825070.exe [2011-08-22 258048]
"8990947.exe"=C:\DOCUME~1\Pc\LOCALS~1\Temp\8990947.exe [2011-08-22 258048]
"systemup"=C:\WINDOWS\systemup.exe [2011-08-22 137728]
"4608379.exe"=C:\WINDOWS\TEMP\4608379.exe [2011-08-22 634880]
"10894297-loader2.exe"=C:\WINDOWS\TEMP\10894297-loader2.exe [2011-08-22 258048]
"7739332.exe"=C:\WINDOWS\TEMP\7739332.exe [2011-08-22 258048]
"l1rezerv.exe"=C:\WINDOWS\l1rezerv.exe [2011-08-22 232960]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-04 15360]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-07-14 1961984]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"AdVantage"=C:\Program Files\AdVantage\AdVantage.exe []
"Picasa Media Detector"=C:\Program Files\Picasa2\PicasaMediaDetector.exe []
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\axcmd.exe [2008-02-22 217544]
"OEXPRESS"= []
"ares"=C:\Program Files\Ares\Ares.exe -h []
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2011-07-29 17361032]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
BlueSoleil.lnk - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
InterVideo WinCinema Manager.lnk - C:\Program Files\InterVideo\Common\Bin\WinCinemaMgr.exe
McAfee Security Scan.lnk - C:\Program Files\McAfee Security Scan\1.0.150\SSScheduler.exe
C:\Documents and Settings\Pc\Start Menu\Programs\Startup
Kalendár.lnk - C:\WINDOWS\MENINY.EXE
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2007-06-27 118784]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
WgaLogon.dll []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0
"EnableSecureUIAPaths"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\GameSpy Arcade\Aphex.exe"="C:\Program Files\GameSpy Arcade\Aphex.exe:*:Enabled:GameSpy Arcade"
"C:\Program Files\Atari\Terminator 3 - War of the Machines\T3.exe"="C:\Program Files\Atari\Terminator 3 - War of the Machines\T3.exe:*:Enabled:T3"
"C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe"="C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleil.exe:*:Enabled:Bluetooth Application"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Documents and Settings\Pc\Desktop\Flash-Player.exe"="C:\Documents and Settings\Pc\Desktop\Flash-Player.exe:*:Enabled:C:\Documents and Settings\Pc\Desktop\Flash-Player.exe"
"C:\WINDOWS\update.1\svchost.exe"="C:\WINDOWS\update.1\svchost.exe:*:Enabled:C:\WINDOWS\update.1\svchost.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\WINDOWS\services32.exe"="C:\WINDOWS\services32.exe:*:Enabled:C:\WINDOWS\services32.exe"
"C:\WINDOWS\update.tray-3-0\svchost.exe"="C:\WINDOWS\update.tray-3-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-3-0\svchost.exe"
"C:\WINDOWS\update.tray-9-0\svchost.exe"="C:\WINDOWS\update.tray-9-0\svchost.exe:*:Enabled:C:\WINDOWS\update.tray-9-0\svchost.exe"
"C:\WINDOWS\update.2\svchost.exe"="C:\WINDOWS\update.2\svchost.exe:*:Enabled:C:\WINDOWS\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=DivX.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"vidc.DIVX"=DivX.dll
"wave2"=wdmaud.drv
"mixer2"=wdmaud.drv
"VIDC.NTN1"=NUVision.ax
"VIDC.MPG4"=mpg4c32.dll
"VIDC.MP42"=mpg4c32.dll
======List of files/folders created in the last 1 month======
2011-08-22 20:30:54 ----D---- C:\rsit
2011-08-22 20:30:54 ----D---- C:\Program Files\trend micro
2011-08-22 20:26:51 ----D---- C:\Documents and Settings\Pc\Application Data\TeamViewer
2011-08-22 10:13:23 ----D---- C:\Program Files\AMD APP
2011-08-22 09:50:16 ----A---- C:\WINDOWS\l1rezerv.exe
2011-08-22 09:45:52 ----HD---- C:\WINDOWS\update.7.1
2011-08-22 09:44:55 ----D---- C:\WINDOWS\ufa
2011-08-22 09:44:55 ----D---- C:\WINDOWS\rpcminer
2011-08-22 09:44:55 ----D---- C:\WINDOWS\phoenix
2011-08-22 09:44:36 ----A---- C:\WINDOWS\iecheck_iplist.txt
2011-08-22 09:44:28 ----A---- C:\WINDOWS\btc_client_iplist.txt
2011-08-22 09:43:54 ----HD---- C:\WINDOWS\update.2
2011-08-22 09:42:39 ----HD---- C:\WINDOWS\update.5.0
2011-08-22 09:41:39 ----A---- C:\WINDOWS\unrar.exe
2011-08-22 09:41:32 ----A---- C:\WINDOWS\systemup.exe
2011-08-22 09:41:19 ----A---- C:\WINDOWS\iplist.txt
2011-08-22 09:40:27 ----A---- C:\WINDOWS\sysdriver32_.exe
2011-08-22 09:40:13 ----A---- C:\WINDOWS\sysdriver32.exe
2011-08-22 09:39:57 ----A---- C:\WINDOWS\front_ip_list.txt
2011-08-21 22:26:42 ----D---- C:\WINDOWS\av_ico
2011-08-21 22:24:58 ----HD---- C:\WINDOWS\update.1
2011-08-21 22:24:54 ----HD---- C:\WINDOWS\update.tray-9-0-lnk
2011-08-21 22:24:54 ----HD---- C:\WINDOWS\update.tray-9-0
2011-08-21 22:24:54 ----HD---- C:\WINDOWS\update.tray-3-0-lnk
2011-08-21 22:24:54 ----HD---- C:\WINDOWS\update.tray-3-0
2011-08-21 22:12:16 ----A---- C:\WINDOWS\winlog-ids.txt
2011-08-21 22:12:16 ----A---- C:\WINDOWS\winlog-dirs.txt
2011-08-21 22:12:11 ----A---- C:\WINDOWS\services32.exe
2011-08-19 17:49:59 ----RHD---- C:\Documents and Settings\Pc\Application Data\SecuROM
2011-07-28 17:49:12 ----A---- C:\WINDOWS\system32\OVDecode.dll
2011-07-28 17:48:54 ----A---- C:\WINDOWS\system32\OpenCL.dll
2011-07-28 17:48:36 ----A---- C:\WINDOWS\system32\amdocl.dll
======List of files/folders modified in the last 1 month======
2011-08-22 20:31:01 ----D---- C:\WINDOWS\Prefetch
2011-08-22 20:30:54 ----RD---- C:\Program Files
2011-08-22 20:15:42 ----D---- C:\Documents and Settings\Pc\Application Data\Skype
2011-08-22 19:36:57 ----D---- C:\WINDOWS\Temp
2011-08-22 19:36:22 ----D---- C:\Program Files\Mozilla Firefox
2011-08-22 19:36:03 ----A---- C:\WINDOWS\win.ini
2011-08-22 18:09:51 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-08-22 17:52:06 ----D---- C:\WINDOWS
2011-08-22 15:52:01 ----D---- C:\Program Files\ICQ6.5
2011-08-22 10:13:30 ----HD---- C:\Config.Msi
2011-08-22 10:13:24 ----SHD---- C:\WINDOWS\Installer
2011-08-22 10:13:23 ----D---- C:\WINDOWS\system32
2011-08-22 09:53:20 ----SHD---- C:\System Volume Information
2011-08-22 09:53:20 ----D---- C:\WINDOWS\system32\Restore
2011-08-22 09:38:17 ----A---- C:\boot.ini
2011-08-22 09:38:06 ----D---- C:\Program Files\McAfee Security Scan
2011-08-21 22:28:02 ----RD---- C:\Program Files\Skype
2011-08-21 22:27:55 ----D---- C:\Documents and Settings\All Users\Application Data\Skype
2011-08-21 22:24:57 ----D---- C:\Program Files\ESET
2011-08-19 11:02:46 ----D---- C:\Documents and Settings\All Users\Application Data\DivX
2011-08-16 18:17:25 ----A---- C:\WINDOWS\NeroDigital.ini
2011-08-12 08:58:36 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2011-08-12 08:57:35 ----D---- C:\WINDOWS\Minidump
2011-08-11 17:00:20 ----A---- C:\WINDOWS\system32\MRT.exe
2011-08-11 08:59:21 ----A---- C:\moduleName.txt
2011-08-09 19:19:10 ----D---- C:\WINDOWS\system32\CatRoot2
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 BTHidMgr;Bluetooth HID Manager Service; C:\WINDOWS\System32\Drivers\BTHidMgr.sys [2005-04-30 28271]
R0 ohci1394;VIA OHCI Compliant IEEE 1394 Host Controller; C:\WINDOWS\system32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2008-08-01 43872]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2008-03-07 716272]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2004-08-03 36096]
R1 nod32drv;nod32drv; C:\WINDOWS\system32\drivers\nod32drv.sys [2008-06-07 15424]
R1 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R3 Arp1394;1394 ARP Client Protocol; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2004-08-04 60800]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2007-06-27 2303488]
R3 BlueletAudio;Bluetooth Audio Service; C:\WINDOWS\system32\DRIVERS\blueletaudio.sys [2005-05-31 20480]
R3 BT;Bluetooth PAN Network Adapter; C:\WINDOWS\system32\DRIVERS\btnetdrv.sys [2005-04-30 10804]
R3 BTHidEnum;Bluetooth HID Enumerator; C:\WINDOWS\system32\DRIVERS\vbtenum.sys [2005-04-30 11860]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-16 4225920]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2004-08-04 61824]
R3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\WINDOWS\System32\Drivers\RootMdm.sys [2001-08-23 5888]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VComm;Virtual Serial port driver; C:\WINDOWS\system32\DRIVERS\VComm.sys [2004-10-19 61312]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\WINDOWS\System32\Drivers\VcommMgr.sys [2005-03-25 82148]
R3 WFIOCTL;WFIOCTL; \??\C:\Program Files\WinFast\WFTVFM\WFIOCTL.SYS []
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3); C:\WINDOWS\system32\drivers\wfeaglxt.sys [2008-12-25 433792]
R3 ZSMC0305;VIMICRO USB PC Camera V; C:\WINDOWS\System32\Drivers\usbVM305.sys [2006-02-09 392444]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S2 AMON;AMON; C:\WINDOWS\system32\drivers\amon.sys [2008-06-07 512096]
S2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.; C:\WINDOWS\system32\drivers\wf88vcap.sys [2003-06-24 182784]
S2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.; C:\WINDOWS\system32\drivers\WF88XBAR.sys [2003-06-24 9472]
S2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.; C:\WINDOWS\system32\drivers\WF88TUNE.sys [2003-06-24 29568]
S3 adjgx55t;adjgx55t; C:\WINDOWS\system32\drivers\adjgx55t.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\WINDOWS\System32\Drivers\btcusb.sys [2005-05-31 23000]
S3 BthEnum;Bluetooth Request Block Driver; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-04 17024]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Bluetooth Port Driver; C:\WINDOWS\System32\Drivers\BTHport.sys [2008-06-13 272128]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-04 18944]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\WINDOWS\system32\drivers\BTNetFilter.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-04 17024]
S3 cusbohcn;cusbohcn; \??\C:\DOCUME~1\Pc\LOCALS~1\Temp\cusbohcn.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MPE;BDA MPE Filter; C:\WINDOWS\system32\DRIVERS\MPE.sys [2004-08-04 15360]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-04 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-04 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2008-05-07 17536]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2008-05-07 20864]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-04 59648]
S3 s716bus;Sony Ericsson Device 716 driver (WDM); C:\WINDOWS\system32\DRIVERS\s716bus.sys [2007-04-04 83208]
S3 s716mdfl;Sony Ericsson Device 716 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s716mdfl.sys [2007-04-04 15112]
S3 s716mdm;Sony Ericsson Device 716 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s716mdm.sys [2007-04-04 108552]
S3 s716mgmt;Sony Ericsson Device 716 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s716mgmt.sys [2007-04-04 100360]
S3 s716nd5;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (NDIS); C:\WINDOWS\system32\DRIVERS\s716nd5.sys [2007-04-04 23176]
S3 s716obex;Sony Ericsson Device 716 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s716obex.sys [2007-04-04 98568]
S3 s716unic;Sony Ericsson Device 716 USB Ethernet Emulation SEMC716 (WDM); C:\WINDOWS\system32\DRIVERS\s716unic.sys [2007-04-04 98952]
S3 SE2Ebus;Sony Ericsson Device 046 Driver driver (WDM); C:\WINDOWS\system32\DRIVERS\SE2Ebus.sys [2006-05-01 61600]
S3 SE2Emdfl;Sony Ericsson Device 046 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\SE2Emdfl.sys [2006-05-01 9360]
S3 SE2Emdm;Sony Ericsson Device 046 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\SE2Emdm.sys [2006-05-01 97184]
S3 SE2Emgmt;Sony Ericsson Device 046 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\SE2Emgmt.sys [2006-05-01 88688]
S3 se2End5;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (NDIS); C:\WINDOWS\system32\DRIVERS\se2End5.sys [2006-05-01 18704]
S3 se2Eunic;Sony Ericsson Device 046 USB Ethernet Emulation SEMC46 (WDM); C:\WINDOWS\system32\DRIVERS\se2Eunic.sys [2006-05-01 90800]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-04 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-04 15360]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2008-06-06 8064]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-04 31616]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2004-08-03 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2004-08-03 25600]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2008-05-07 8064]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-04 26496]
S3 VHidMinidrv;Bluetooth HID Device Service; C:\WINDOWS\system32\drivers\VHIDMini.sys [2005-04-30 11736]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-04 19328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2007-06-27 483328]
R2 BlueSoleil Hid Service;BlueSoleil Hid Service; C:\Program Files\IVT Corporation\BlueSoleil\BTNtService.exe [2005-04-06 110592]
R2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
R2 ddservice;ddservice; C:\WINDOWS\update.7.1\svchostdriver.exe [2011-08-22 382464]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2009-06-01 222968]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-20 322120]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-01-23 66872]
R2 srvbtcclient;srvbtcclient; C:\WINDOWS\update.5.0\svchost.exe [2011-08-22 355840]
R2 srviecheck;srviecheck; C:\WINDOWS\update.2\svchost.exe [2011-08-22 634880]
R2 srvsysdriver32;srvsysdriver32; C:\WINDOWS\sysdriver32.exe [2011-08-22 258048]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wxpdrivers;wxpdrivers; C:\WINDOWS\update.1\svchost.exe [2011-08-21 1213440]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2007-06-29 520192]
S2 gupdate1ca84cf9978c62a;Služba Google Update (gupdate1ca84cf9978c62a); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24 133104]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-12-24 133104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-04 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-05-30 572416]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
FB vírus
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vírus
Udělejte kompletní sken MBAM: http://www.malwarebytes.org/mbam.php a dejte log. Předem nic nemažte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vírus
Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org
Verzia databázy: 7537
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
22.8.2011 21:49:13
mbam-log-2011-08-22 (21-49-07).txt
Typ kontroly: Úplná kontrola (A:\|C:\|D:\|E:\|F:\|)
Objektov kontrolovaných: 241668
Uplynutý čas: 34 min, 23 sek
Infikované služby pamäte: 10
Infikované moduly pamäte: 0
Infikované registračné kľúče: 22
Infikované registračné hodnoty: 16
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 46
Infikované služby pamäte:
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Dropper) -> 132 -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 2028 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 428 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 2868 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 3108 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> 276 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2568 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3364 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2292 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2628 -> No action taken.
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{602D9049-B4AC-4A25-BF75-A9B54D747CBA} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\TR.TRFactory.1 (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\TR.TRFactory (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{DABF362D-D442-4402-9208-CA9ED70DD01E} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5AC3A9EF-C0F8-41D4-B4E2-B7CEBB794151} (Adware.WhenU) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdVantage (Adware.Vomba) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8612805.exe (Trojan.Agent) -> Value: 8612805.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5825070.exe (Trojan.Agent) -> Value: 5825070.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8990947.exe (Trojan.Agent) -> Value: 8990947.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10894297-loader2.exe (Trojan.Agent) -> Value: 10894297-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7739332.exe (Trojan.Agent) -> Value: 7739332.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4608379.exe (Trojan.Agent) -> Value: 4608379.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdVantage (Adware.Vomba) -> Value: AdVantage -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované priečinky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.
Infikované súbory:
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\services32.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Pc\local settings\Temp\8612805.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5825070.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Pc\local settings\Temp\8990947.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\10894297-loader2.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7739332.exe (Trojan.Agent) -> No action taken.
c:\program files\advantage\TR.dll (Adware.WhenU) -> No action taken.
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> No action taken.
c:\WINDOWS\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-9-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\15168779.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\5797675.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6564826.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6940136.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\90671_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\Temp\1856944.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\2024132.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3618463.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3713899.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4608379.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6275878.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\737660010.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\documents and settings\Pc\local settings\Temp\pey47E.tmp (Backdoor.ProRat) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
www.malwarebytes.org
Verzia databázy: 7537
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180
22.8.2011 21:49:13
mbam-log-2011-08-22 (21-49-07).txt
Typ kontroly: Úplná kontrola (A:\|C:\|D:\|E:\|F:\|)
Objektov kontrolovaných: 241668
Uplynutý čas: 34 min, 23 sek
Infikované služby pamäte: 10
Infikované moduly pamäte: 0
Infikované registračné kľúče: 22
Infikované registračné hodnoty: 16
Infikované položky registračných dát: 3
Infikované priečinky: 1
Infikované súbory: 46
Infikované služby pamäte:
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Dropper) -> 132 -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> 2028 -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> 428 -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> 2868 -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> 3108 -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> 276 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 2568 -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> 3364 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2292 -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> 2628 -> No action taken.
Infikované moduly pamäte:
(Škodlivé položky neboli zistené)
Infikované registračné kľúče:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{602D9049-B4AC-4A25-BF75-A9B54D747CBA} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\TR.TRFactory.1 (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\TR.TRFactory (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{DABF362D-D442-4402-9208-CA9ED70DD01E} (Adware.WhenU) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{5AC3A9EF-C0F8-41D4-B4E2-B7CEBB794151} (Adware.WhenU) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Backdoor.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\AdVantage (Adware.Vomba) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\Root\LEGACY_SRVSYSDRIVER32 (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{055FD26D-3A88-4e15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\TypeLib\{77D6DDFA-7834-4541-B2B3-A8B0FB0E3924} (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00.1 (Trojan.BHO) -> No action taken.
HKEY_CLASSES_ROOT\ToolBand.XTTBPos00 (Trojan.BHO) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{055FD26D-3A88-4E15-963D-DC8493744B1D} (Trojan.BHO) -> No action taken.
Infikované registračné hodnoty:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico1 (Trojan.Dropper) -> Value: tray_ico1 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\l1rezerv.exe (Trojan.Agent) -> Value: l1rezerv.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Agent) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8612805.exe (Trojan.Agent) -> Value: 8612805.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Agent) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\5825070.exe (Trojan.Agent) -> Value: 5825070.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\8990947.exe (Trojan.Agent) -> Value: 8990947.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10894297-loader2.exe (Trojan.Agent) -> Value: 10894297-loader2.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\7739332.exe (Trojan.Agent) -> Value: 7739332.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\systemup (Trojan.Agent.Gen) -> Value: systemup -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\4608379.exe (Trojan.Agent) -> Value: 4608379.exe -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\AdVantage (Adware.Vomba) -> Value: AdVantage -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.
Infikované položky registračných dát:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
Infikované priečinky:
c:\WINDOWS\rpcminer (Trojan.BCMiner) -> No action taken.
Infikované súbory:
c:\WINDOWS\update.tray-9-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-3-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\l1rezerv.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\services32.exe (Trojan.Dropper) -> No action taken.
c:\documents and settings\Pc\local settings\Temp\8612805.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\sysdriver32_.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\5825070.exe (Trojan.Agent) -> No action taken.
c:\documents and settings\Pc\local settings\Temp\8990947.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\10894297-loader2.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\7739332.exe (Trojan.Agent) -> No action taken.
c:\program files\advantage\TR.dll (Adware.WhenU) -> No action taken.
c:\program files\alcohol soft\alcohol 120\Langs\AX_RU.dll (Malware.Packer.GenX) -> No action taken.
c:\WINDOWS\update.tray-3-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\update.tray-9-0-lnk\svchost.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\Temp\15168779.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\Temp\5797675.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6564826.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6940136.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\90671_myunrar2.exe (Trojan.Dropper) -> No action taken.
c:\WINDOWS\systemup.exe (Trojan.Agent.Gen) -> No action taken.
c:\WINDOWS\Temp\1856944.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\2024132.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3618463.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\3713899.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\4608379.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\6275878.exe (Trojan.Agent) -> No action taken.
c:\WINDOWS\Temp\737660010.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\documents and settings\Pc\local settings\Temp\pey47E.tmp (Backdoor.ProRat) -> No action taken.
c:\WINDOWS\update.2\svchost.exe (Backdoor.Agent) -> No action taken.
c:\WINDOWS\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\WINDOWS\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vírus
Smažte vše, co MBAM nalezl. Pak restartujte PC a na dočištění dejte log z ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vírus
ComboFix 11-08-23.03 - Pc 23.08.2011 20:02:57.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.378 [GMT 2:00]
Running from: c:\documents and settings\Pc\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pc\WINDOWS
c:\program files\AdVantage
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc
c:\program files\AdVantage\AdVantage.db
c:\program files\AdVantage\AdVantage.htm
c:\program files\AdVantage\AdVUninst.exe
c:\program files\AdVantage\user.db
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\VM305Cap.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
-------\Legacy_ddservice
-------\Legacy_ddservice
-------\Service_ddservice
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-22 19:09 . 2011-08-22 19:09 -------- d-----w- c:\documents and settings\Pc\Application Data\Malwarebytes
2011-08-22 19:09 . 2011-08-22 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-22 19:09 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 19:09 . 2011-08-22 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 19:09 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 18:30 . 2011-08-22 18:31 -------- d-----w- C:\rsit
2011-08-22 18:30 . 2011-08-22 18:31 -------- d-----w- c:\program files\trend micro
2011-08-22 18:26 . 2011-08-22 18:26 -------- d-----w- c:\documents and settings\Pc\Application Data\TeamViewer
2011-08-22 13:52 . 2011-08-22 13:52 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\PCHealth
2011-08-22 08:13 . 2011-08-22 08:13 -------- d-----w- c:\program files\AMD APP
2011-08-22 07:44 . 2011-08-22 07:44 -------- d-----w- c:\windows\ufa
2011-08-22 07:41 . 2011-08-22 07:44 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 20:26 . 2011-08-21 20:26 -------- d-----w- c:\windows\av_ico
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-9-0
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-3-0
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-08-19 15:49 . 2011-08-19 15:49 -------- d--h--r- c:\documents and settings\Pc\Application Data\SecuROM
2011-07-28 15:49 . 2011-07-28 15:49 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-28 15:48 . 2011-07-28 15:48 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 15:48 . 2011-07-28 15:48 13555712 ----a-w- c:\windows\system32\amdocl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 06:58 . 2009-01-03 11:59 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-12 06:58 . 2009-01-03 11:59 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2003-06-17 159744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Pc\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2007-12-9 49312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-1-6 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-9 102400]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2008 21:38 716272]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [7.6.2008 14:41 15424]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.8.2009 19:29 222968]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.8.2011 21:09 366640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [9.12.2007 18:33 35840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.8.2011 21:09 22712]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [20.12.2010 19:03 6085]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [20.12.2010 19:13 433792]
R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [5.1.2008 16:53 392444]
S2 gupdate1ca84cf9978c62a;Služba Google Update (gupdate1ca84cf9978c62a);c:\program files\Google\Update\GoogleUpdate.exe [24.12.2009 21:30 133104]
S2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [19.12.2010 11:15 182784]
S2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [19.12.2010 11:15 9472]
S2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.;c:\windows\system32\drivers\wf88tune.sys [19.12.2010 11:16 29568]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\Pc\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\Pc\LOCALS~1\Temp\cusbohcn.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24.12.2009 21:30 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [22.8.2011 21:09 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 19:30]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 19:30]
.
2011-08-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-24 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 10.202.38.1 87.244.194.34
FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe
HKLM-Run-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-FlatOut Ultimate Carnage - d:\games\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-NOD32 - c:\program files\Eset\Setup\setup.exe
AddRemove-PC Translator - c:\docume~1\Pc\LOCALS~1\Temp\UN32.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-23 20:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
scanning hidden files ...
.
.
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\compreg.dat 145047 bytes
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\xpti.dat 97780 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(408)
c:\program files\ICQ6Toolbar\ICQToolBar.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\dwwin.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\docume~1\Pc\LOCALS~1\Temp\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2011-08-23 20:12:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-23 18:12
.
Pre-Run: 20 296 110 080 bytes free
Post-Run: 11 adresárov, 25 199 943 680 voľných bajtov
.
- - End Of File - - 940BDFEAD211B221CD299A8A0F686CBB
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.421.1033.18.1023.378 [GMT 2:00]
Running from: c:\documents and settings\Pc\Desktop\ComboFix.exe
AV: Eset NOD32 Antivirus 2.70 *Enabled/Outdated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Pc\WINDOWS
c:\program files\AdVantage
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\components\IMeMedia_FF.xpt
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome.manifest
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\advantage.png
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\contents.rdf
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.js
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\overlay.xul
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\content\vssver2.scc
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\overlay.dtd
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\chrome\locale\en-US\vssver2.scc
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.js
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\install.rdf
c:\program files\AdVantage\{A89AED22-9133-424c-88E7-C8235C5FF302}\vssver2.scc
c:\program files\AdVantage\AdVantage.db
c:\program files\AdVantage\AdVantage.htm
c:\program files\AdVantage\AdVUninst.exe
c:\program files\AdVantage\user.db
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\BFIPatcher.pyc
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\BFIPatcher.pyc
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\VM305Cap.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
D:\install.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SRVBTCCLIENT
-------\Legacy_SRVIECHECK
-------\Legacy_WXPDRIVERS
-------\Legacy_ddservice
-------\Legacy_ddservice
-------\Service_ddservice
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Files Created from 2011-07-23 to 2011-08-23 )))))))))))))))))))))))))))))))
.
.
2011-08-22 19:09 . 2011-08-22 19:09 -------- d-----w- c:\documents and settings\Pc\Application Data\Malwarebytes
2011-08-22 19:09 . 2011-08-22 19:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-08-22 19:09 . 2011-07-06 17:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-08-22 19:09 . 2011-08-22 19:09 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-22 19:09 . 2011-07-06 17:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-22 18:30 . 2011-08-22 18:31 -------- d-----w- C:\rsit
2011-08-22 18:30 . 2011-08-22 18:31 -------- d-----w- c:\program files\trend micro
2011-08-22 18:26 . 2011-08-22 18:26 -------- d-----w- c:\documents and settings\Pc\Application Data\TeamViewer
2011-08-22 13:52 . 2011-08-22 13:52 -------- d-----w- c:\documents and settings\Pc\Local Settings\Application Data\PCHealth
2011-08-22 08:13 . 2011-08-22 08:13 -------- d-----w- c:\program files\AMD APP
2011-08-22 07:44 . 2011-08-22 07:44 -------- d-----w- c:\windows\ufa
2011-08-22 07:41 . 2011-08-22 07:44 246272 ----a-w- c:\windows\unrar.exe
2011-08-21 20:26 . 2011-08-21 20:26 -------- d-----w- c:\windows\av_ico
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-9-0
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-3-0
2011-08-21 20:24 . 2011-08-22 19:52 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-08-19 15:49 . 2011-08-19 15:49 -------- d--h--r- c:\documents and settings\Pc\Application Data\SecuROM
2011-07-28 15:49 . 2011-07-28 15:49 53760 ----a-w- c:\windows\system32\OVDecode.dll
2011-07-28 15:48 . 2011-07-28 15:48 43520 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-28 15:48 . 2011-07-28 15:48 13555712 ----a-w- c:\windows\system32\amdocl.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 06:58 . 2009-01-03 11:59 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-08-12 06:58 . 2009-01-03 11:59 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-06-16 01:34 . 2011-06-16 01:34 79872 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2011-06-16 01:34 . 2011-06-16 01:34 2117632 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NBJ"="c:\program files\Ahead\Nero BackItUp\NBJ.exe" [2005-07-14 1961984]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\axcmd.exe" [2008-02-22 217544]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-07-29 17361032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2006-11-10 90112]
"SkyTel"="SkyTel.EXE" [2006-05-17 2879488]
"RTHDCPL"="RTHDCPL.EXE" [2006-11-15 16270848]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2006-02-19 49152]
"BigDog305"="c:\windows\VM305_STI.EXE" [2005-08-05 61440]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-03 110592]
"WinFast Schedule"="c:\program files\WinFast\WFTVFM\WFWIZ.exe" [2003-06-17 159744]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-03 15360]
.
c:\documents and settings\Pc\Start Menu\Programs\Startup\
Kalend r.lnk - c:\windows\MENINY.EXE [2007-12-9 49312]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
BlueSoleil.lnk - c:\program files\IVT Corporation\BlueSoleil\BlueSoleil.exe [2009-1-6 1183744]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
InterVideo WinCinema Manager.lnk - c:\program files\InterVideo\Common\Bin\WinCinemaMgr.exe [2007-12-9 102400]
McAfee Security Scan.lnk - c:\program files\McAfee Security Scan\1.0.150\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableSecureUIAPaths"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\IVT Corporation\\BlueSoleil\\BlueSoleil.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [7.3.2008 21:38 716272]
R1 nod32drv;nod32drv;c:\windows\system32\drivers\nod32drv.sys [7.6.2008 14:41 15424]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [24.8.2009 19:29 222968]
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [22.8.2011 21:09 366640]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [9.12.2007 18:33 35840]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [22.8.2011 21:09 22712]
R3 WFIOCTL;WFIOCTL;c:\program files\WinFast\WFTVFM\WFIOCTL.sys [20.12.2010 19:03 6085]
R3 WFLR6654;WinFast TV2000 XP Expert (FM1216MK3);c:\windows\system32\drivers\wfeaglxt.sys [20.12.2010 19:13 433792]
R3 ZSMC0305;VIMICRO USB PC Camera V;c:\windows\system32\drivers\usbVM305.sys [5.1.2008 16:53 392444]
S2 gupdate1ca84cf9978c62a;Služba Google Update (gupdate1ca84cf9978c62a);c:\program files\Google\Update\GoogleUpdate.exe [24.12.2009 21:30 133104]
S2 WF23880;WinFast TV2000 XP Expert WDM Video Capture.;c:\windows\system32\drivers\wf88vcap.sys [19.12.2010 11:15 182784]
S2 WF88XBAR;WinFast TV2000 XP Expert WDM Crossbar.;c:\windows\system32\drivers\WF88XBAR.sys [19.12.2010 11:15 9472]
S2 WFTUNE;WinFast TV2000 XP Expert WDM TVTuner.;c:\windows\system32\drivers\wf88tune.sys [19.12.2010 11:16 29568]
S3 cusbohcn;cusbohcn;\??\c:\docume~1\Pc\LOCALS~1\Temp\cusbohcn.sys --> c:\docume~1\Pc\LOCALS~1\Temp\cusbohcn.sys [?]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [24.12.2009 21:30 133104]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [22.8.2011 21:09 41272]
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 19:30]
.
2011-08-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-12-24 19:30]
.
2011-08-23 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-03-24 21:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://start.icq.com/
uInternet Connection Wizard,ShellNext = iexplore
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\documents and settings\All Users\Application Data\LangSoft\WebIE.dll
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 10.202.38.1 87.244.194.34
FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-Picasa Media Detector - c:\program files\Picasa2\PicasaMediaDetector.exe
HKCU-Run-OEXPRESS - (no file)
HKCU-Run-ares - c:\program files\Ares\Ares.exe
HKLM-Run-nod32kui - c:\program files\Eset\nod32kui.exe
HKLM-Run-UpdateReminder - c:\program files\Eset\UpdateReminder.exe
HKLM-Run-tray_ico - (no file)
HKLM-Run-tray_ico2 - (no file)
HKLM-Run-tray_ico3 - (no file)
HKLM-Run-tray_ico4 - (no file)
AddRemove-Adobe Acrobat 5.0 - c:\windows\ISUN0405.EXE
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
AddRemove-FlatOut Ultimate Carnage - d:\games\FlatOut Ultimate Carnage\Uninstall.exe
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
AddRemove-NOD32 - c:\program files\Eset\Setup\setup.exe
AddRemove-PC Translator - c:\docume~1\Pc\LOCALS~1\Temp\UN32.EXE
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-08-23 20:10
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
BigDog305 = c:\windows\VM305_STI.EXE VIMICRO USB PC Camera (ZC0305)???????????????????0?????????@??????????????
.
scanning hidden files ...
.
.
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\compreg.dat 145047 bytes
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\xpti.dat 97780 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(860)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'lsass.exe'(916)
c:\windows\system32\imon.dll
c:\program files\Eset\pr_imon.dll
.
- - - - - - - > 'explorer.exe'(408)
c:\program files\ICQ6Toolbar\ICQToolBar.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\rundll32.exe
c:\windows\system32\dwwin.exe
c:\program files\IVT Corporation\BlueSoleil\BTNtService.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\windows\system32\wdfmgr.exe
c:\docume~1\Pc\LOCALS~1\Temp\TeamViewer\Version6\TeamViewer.exe
.
**************************************************************************
.
Completion time: 2011-08-23 20:12:58 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-23 18:12
.
Pre-Run: 20 296 110 080 bytes free
Post-Run: 11 adresárov, 25 199 943 680 voľných bajtov
.
- - End Of File - - 940BDFEAD211B221CD299A8A0F686CBB
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vírus
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\unrar.exe
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\compreg.dat
c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\xpti.dat
Folder::
c:\windows\ufa
c:\windows\update.tray-9-0
c:\windows\update.tray-9-0-lnk
c:\windows\update.tray-3-0
c:\windows\update.tray-3-0-lnk
Firefox::
FF - ProfilePath - c:\documents and settings\Pc\Application Data\Mozilla\Firefox\Profiles\oo37f75m.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_result ... id=afex&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Click to call with Skype: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} - c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
FF - Ext: Speed Dial: {64161300-e22b-11db-8314-0800200c9a66} - %profile%\extensions\{64161300-e22b-11db-8314-0800200c9a66}
FF - Ext: WebTran: {003D3EDC-99B9-4a34-9C20-60CB94F7E829} - %profile%\extensions\{003D3EDC-99B9-4a34-9C20-60CB94F7E829}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: FB vírus
Ďakujem veľmi pekne za pomoc 
-
Rudy
- Site Admin
- Příspěvky: 119508
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: FB vírus
Nemáte zač! Rád bych ale viděl log z posledního skenu CF, abych věděl, zda tam něco nezbylo.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
