Stažený soubor

Zpráva

anakin123 · #16 Příspěvek od **anakin123** » 30 led 2011 11:18

Tak to je v pořádku. Ještě bych měl malou prozbu. Existuje nějaký program, který zapisuje důležitá hesla, která já napíšu? Jestli ano, jak bych jej mohl najít a následně eliminovat? Děkuji.

1danab · #17 Příspěvek od **1danab** » 30 led 2011 16:09

ano existuje...je to keylogger a většinou jej eliminují všechny slušné antivirové programy

vy sám ho těžko dohledáte

anakin123 · #18 Příspěvek od **anakin123** » 05 úno 2011 17:29

Opět potřebuji radu. Týden jsem nebyl doma a na tomto počítači. Po vrácení domů jsem spustil test Spyware Terminator. Našel následující položky: Marketscore (ve složce RelevantKnowledge) a KGBKeylogger (ProgramData\MPK\mkp.db).

Na mém počítači byl totiž bratr. Chtěl bych vás poprosit o pomoc. Zaregistroval jsem i několikanásobné přerušení internetového připojení. Webová stránka viry.cz mi najede, ale google.com ne. Děkuji.

1danab · #19 Příspěvek od **1danab** » 05 úno 2011 22:40

zdravím

poprosím Vás znovu o log z OTL
stáhněte si OTL z tohoto odkazu http://oldtimer.geekstogo.com/OTL.exe

stažený soubor spusťte jako správce

v otevřeném okně stiskněte tlačítko Prohledat, čímž spustíte sken; vyčkejte prosím dokončení skenu (cca 5 minut); poté se vám otevře okno Poznámkového bloku s logem, jehož obsah sem zkopírujte

anakin123 · #20 Příspěvek od **anakin123** » 05 úno 2011 23:57

========== Processes (SafeList) ==========

PRC - [2011.02.05 23:55:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LH\Desktop\OTL.exe
PRC - [2010.12.21 16:32:22 | 003,318,784 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
PRC - [2010.12.11 18:12:32 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2010.12.11 18:12:32 | 000,016,856 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
PRC - [2010.12.02 21:50:48 | 000,189,248 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2010.12.02 21:50:38 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2010.07.07 10:58:02 | 001,089,664 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe
PRC - [2010.05.06 22:59:42 | 002,815,192 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.04.27 03:09:52 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
PRC - [2010.03.16 18:22:40 | 005,309,056 | ---- | M] (
ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU\EPU.exe
PRC - [2010.03.02 19:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.26 13:15:56 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.03.30 07:32:40 | 000,032,768 | R--- | M] () -- C:\Windows\DAODx.exe

========== Modules (SafeList) ==========

MOD - [2011.02.05 23:55:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LH\Desktop\OTL.exe
MOD - [2009.07.14 02:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.08.26 02:57:14 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV:64bit: - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV:64bit: - [2010.05.06 22:59:38 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 02:41:19 | 000,045,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lpdsvc.dll -- (LPDSVC)
SRV:64bit: - [2009.07.14 02:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2010.12.21 16:32:22 | 000,948,775 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\sp_rsser.exe -- (sp_rssrv)
SRV - [2010.12.02 21:50:48 | 000,189,248 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2010.12.02 21:50:38 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2010.06.24 07:19:50 | 000,109,056 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.05\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.04.05 11:55:01 | 000,116,104 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2009.10.26 13:16:00 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2009.07.14 02:15:31 | 000,396,288 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2009.07.14 02:14:53 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2009.07.14 02:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2010.12.02 18:51:31 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.08.26 04:37:26 | 007,767,040 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.26 02:20:56 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.15 13:47:42 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.07 11:26:46 | 000,050,696 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2010.05.31 04:46:50 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2010.05.06 22:34:14 | 000,063,568 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.04.27 02:30:52 | 000,184,968 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.04.27 02:29:54 | 000,083,080 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.03.02 12:30:20 | 001,301,504 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.01.11 12:28:35 | 000,115,824 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.12.22 02:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.07.16 04:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 02:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 02:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:32:37 | 001,627,520 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Ph3xIB64.sys -- (Ph3xIB64)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 02:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "seznam.cz"
FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.01.15 13:55:47 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.01.15 13:55:47 | 000,000,000 | ---D | M]

[2010.12.01 20:01:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LH\AppData\Roaming\mozilla\Extensions
[2011.02.05 15:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\LH\AppData\Roaming\mozilla\Firefox\Profiles\othpxw0h.default\extensions
[2010.12.01 20:17:13 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\LH\AppData\Roaming\mozilla\Firefox\Profiles\othpxw0h.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}
[2011.02.05 15:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.01.24 15:12:43 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010.12.01 21:36:56 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.12.01 21:36:56 | 000,001,687 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\mall-cz.xml
[2010.12.01 21:36:56 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.12.01 21:36:56 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.12.01 21:36:56 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\LH\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [Six Engine] C:\Program Files (x86)\ASUS\EPU\EPU.exe (
ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [SpywareTerminatorUpdate] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O8:64bit: - Extra context menu item: Download all by FlashGet3 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8:64bit: - Extra context menu item: Download by FlashGet3 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: Download by FlashGet3 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\LH\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.2 192.168.5.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{388b2767-fe3d-11df-869d-20cf30e43acd}\Shell - "" = AutoRun
O33 - MountPoints2\{388b2767-fe3d-11df-869d-20cf30e43acd}\Shell\AutoRun\command - "" = F:\steambackup.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.02.05 23:54:53 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Users\LH\Desktop\OTL.exe
[2011.02.05 18:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2011.02.05 15:10:43 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2011.01.29 21:34:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\MPK
[2011.01.29 21:12:00 | 000,000,000 | ---D | C] -- C:\Users\LH\AppData\Local\VHS to DVD
[2011.01.29 21:11:21 | 000,000,000 | ---D | C] -- C:\Users\LH\Documents\VHS to DVD
[2011.01.29 21:10:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\honestech VHS to DVD 2.0 SE
[2011.01.29 21:09:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\honestech VHS to DVD 2.0 SE
[2011.01.29 21:09:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\honestech
[2011.01.29 21:08:52 | 000,000,000 | ---D | C] -- C:\Users\LH\AppData\Roaming\InstallShield
[2011.01.29 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\LH\AppData\Roaming\Moyea
[2011.01.29 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\LH\Documents\Leawo
[2011.01.29 11:28:47 | 000,000,000 | ---D | C] -- C:\Users\LH\AppData\Roaming\Leawo
[2011.01.29 11:27:18 | 000,139,264 | ---- | C] (http://www.xvid.org) -- C:\Windows\SysWow64\xvid.ax
[2011.01.29 11:27:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo
[2011.01.26 20:27:50 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.01.24 15:46:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2011.01.24 15:46:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2011.01.24 15:15:01 | 000,000,000 | ---D | C] -- C:\Users\LH\AppData\Roaming\skypePM
[2011.01.24 15:12:35 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2011.01.24 15:12:34 | 000,000,000 | ---D | C] -- C:\Users\LH\AppData\Roaming\Skype
[2011.01.24 15:12:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2011.01.21 19:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Nexon
[2011.01.21 19:06:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nexon
[2011.01.21 19:04:43 | 000,000,000 | ---D | C] -- C:\ProgramData\NexonEU
[2011.01.21 19:04:43 | 000,000,000 | ---D | C] -- C:\Nexon
[2011.01.21 17:59:25 | 1210,015,669 | ---- | C] (Nexon) -- C:\Users\LH\Desktop\Combatarms_eu.exe
[2011.01.17 21:12:01 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJSolutionMenuEX
[2011.01.17 21:11:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJMyPrinter
[2011.01.17 21:11:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEPPEX2
[2011.01.17 21:11:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonEPP
[2011.01.17 21:11:03 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJPLM
[2011.01.17 20:22:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Canon IJ Network Tool
[2011.01.17 20:22:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon IJ Network Utilities
[2011.01.17 20:18:20 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJMSetup
[2011.01.17 20:18:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registrace uživatele zařízení Canon MG5200 series
[2011.01.17 20:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\CANON
[2011.01.17 20:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\CanonIJWSpt
[2011.01.17 20:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CD-LabelPrint
[2011.01.17 20:14:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
[2011.01.17 20:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2011.01.17 20:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series Manual
[2011.01.17 20:13:59 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ
[2011.01.17 20:13:56 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information
[2011.01.17 20:13:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG5200 series
[2011.01.17 20:13:30 | 000,000,000 | -H-D | C] -- C:\Program Files\CanonBJ
[2011.01.17 20:13:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\STRING
[2011.01.17 20:12:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon
[2011.01.16 10:16:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\City Life Deluxe
[2011.01.15 20:26:14 | 000,000,000 | ---D | C] -- C:\Users\LH\Desktop\RUSE
[2011.01.15 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\LH\AppData\Roaming\Real
[2011.01.07 20:43:52 | 000,000,000 | ---D | C] -- C:\Users\LH\Desktop\Filmy

========== Files - Modified Within 30 Days ==========

[2011.02.05 23:55:00 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Users\LH\Desktop\OTL.exe
[2011.02.05 20:21:42 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.02.05 20:21:42 | 000,014,208 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.02.05 19:45:56 | 001,530,668 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.02.05 19:45:56 | 000,655,988 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.02.05 19:45:56 | 000,637,956 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.02.05 19:45:56 | 000,129,268 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.02.05 19:45:56 | 000,111,578 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.02.05 19:19:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.02.05 19:19:30 | 3219,791,872 | -HS- | M] () -- C:\hiberfil.sys
[2011.02.04 16:14:05 | 000,065,519 | ---- | M] () -- C:\Users\LH\Desktop\Inglourious-Basterds(0000148316).srt
[2011.01.29 21:10:47 | 000,002,081 | ---- | M] () -- C:\Users\Public\Desktop\honestech VHS to DVD 2.0 SE.lnk
[2011.01.24 15:46:09 | 000,002,533 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.01.21 19:06:41 | 000,001,630 | ---- | M] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2011.01.21 19:01:23 | 1210,015,669 | ---- | M] (Nexon) -- C:\Users\LH\Desktop\Combatarms_eu.exe
[2011.01.17 20:15:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011.01.17 20:14:26 | 000,002,354 | ---- | M] () -- C:\Users\Public\Desktop\Canon MG5200 series Příručka online.lnk

========== Files Created - No Company Name ==========

[2011.02.05 19:45:33 | 529,246,504 | ---- | C] () -- C:\Users\LH\Desktop\Tm Nations forever.exe
[2011.02.04 16:14:05 | 000,065,519 | ---- | C] () -- C:\Users\LH\Desktop\Inglourious-Basterds(0000148316).srt
[2011.01.29 21:10:47 | 000,002,081 | ---- | C] () -- C:\Users\Public\Desktop\honestech VHS to DVD 2.0 SE.lnk
[2011.01.24 15:46:09 | 000,002,533 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk
[2011.01.21 19:06:41 | 000,001,630 | ---- | C] () -- C:\Users\Public\Desktop\Combat Arms EU.lnk
[2011.01.17 20:22:42 | 000,013,056 | ---- | C] () -- C:\Windows\SysWow64\CNC1749D.TBL
[2011.01.17 20:15:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\Canon Solution Menu EX.lnk
[2011.01.17 20:14:26 | 000,002,354 | ---- | C] () -- C:\Users\Public\Desktop\Canon MG5200 series Příručka online.lnk
[2011.01.07 15:52:19 | 000,759,661 | ---- | C] () -- C:\Users\LH\Desktop\RUSE-Trainer-4.exe
[2010.12.23 22:22:23 | 000,765,952 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2010.12.23 22:22:23 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2010.12.19 18:57:19 | 001,547,176 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.12.19 13:42:38 | 000,000,880 | ---- | C] () -- C:\Users\LH\AppData\Local\SRDownloader.nast
[2010.12.19 08:41:06 | 000,000,331 | ---- | C] () -- C:\Windows\game.ini
[2010.12.15 21:30:27 | 000,006,788 | ---- | C] () -- C:\Windows\hpdj3600.ini
[2010.12.02 18:29:35 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.12.02 18:29:35 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.12.02 18:29:31 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.12.02 18:29:31 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.12.02 18:25:46 | 000,043,758 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.12.02 18:24:31 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.12.02 18:24:27 | 000,030,223 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.12.01 20:16:33 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.04.02 13:30:14 | 000,010,296 | ---- | C] () -- C:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat

========== LOP Check ==========

[2010.12.28 20:12:57 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\BITS
[2010.12.02 21:23:36 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\DAEMON Tools Lite
[2010.12.02 21:08:44 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\Dev-Cpp
[2010.12.01 20:16:30 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\FlashGet
[2010.12.01 20:16:28 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\FlashGetBHO
[2010.12.30 15:58:12 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\GHISLER
[2011.01.29 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\Leawo
[2011.01.29 11:28:47 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\Moyea
[2010.12.15 19:17:46 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\Opera
[2011.02.05 19:03:01 | 000,000,000 | ---D | M] -- C:\Users\LH\AppData\Roaming\Spyware Terminator
[2009.07.14 06:08:49 | 000,026,148 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========

< End of report >

1danab · #21 Příspěvek od **1danab** » 06 úno 2011 12:42

spusťte znovu OTL, do dolního okýnka zkopírujte následující skript:

Kód: Vybrat vše

:OTL
[2011.02.05 18:57:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge
[2011.01.29 21:34:36 | 000,000,000 | -HSD | C] -- C:\ProgramData\MPK

poté klikněte na Opravit
až proběhne oprava, vyskočí tabulka kde se vás to zeptá, jestli chcete otevřít protokol, dejte Ano a jeho text mi sem zkopírujte

toto C:\Windows\DAODx.exe pro jistotu otestujte na VIRUSTOTALu

jednoduchý návod: po načtení stránky, kliknout na Procházet, najít cestu k výše zmíněnému souboru a kliknout na tlačítko Odeslat soubor; pokud vyskočí hláška, že soubor byl už testován, ignorujte to a proveďte sken znova; po ukončení skenu sem vložte výsledky buď zkopírováním textu nebo vložením odkazu

anakin123 · #22 Příspěvek od **anakin123** » 06 úno 2011 15:14

========== OTL ==========
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RelevantKnowledge folder moved successfully.
C:\ProgramData\MPK folder moved successfully.

OTL by OldTimer - Version 3.2.20.6 log created on 02062011_140620

Když kliknu u VisualTotalu na send file, nic se nestane.

1danab · #23 Příspěvek od **1danab** » 06 úno 2011 18:26

a zadal jste cestu k tomu souboru?

anakin123 · #24 Příspěvek od **anakin123** » 06 úno 2011 19:27

Ano a stále nic.

1danab · #25 Příspěvek od **1danab** » 06 úno 2011 20:06

http://www.viry.cz/forum/viewtopic.php?f=29&t=51359
stáhněte, nainstalujte, proveďte sken dle návodu a výsledný log mi sem vložte

VIRY.CZ

Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor

Re: Stažený soubor