FB vir - Youtube video s aktualizaci flash playeru

[AndrejDrozd]

Dobrý den vážení krotitelé virů. Chtěl bych se na Vás obrátit s prosbou, zřejmě ne jako první. Jde o ten odporný vir z FB, kde jsem odkázán na video Youtube, které však jak jsem zjistil není ze stránek youtube ale z nějakého serveru a následně chce aktualizovat pro shlédnutí flash player. Bohužel se mi podařilo v mé ranní hlouposti nainstalovat nabízenou aktualizaci a problém byl na světě.
Zde posílám RSIT log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by ONEILL at 2011-07-21 10:18:22
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 7 GB (14%) free of 51 GB
Total RAM: 4092 MB (69% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\ONEILL\AppData\Roaming\Mozilla\Firefox\Profiles\cdssr3pa.default

prefs.js - "browser.startup.homepage" - "http://centrum.cz"
prefs.js - "extensions.enabledItems" - "engine@conduit.com:3.3.3.2, {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... 2786678&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=1.1.9]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npwachk.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npwachk.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\ONEILL\AppData\Roaming\Mozilla\Firefox\Profiles\cdssr3pa.default\extensions\
engine@conduit.com
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}

C:\Users\ONEILL\AppData\Roaming\Mozilla\Firefox\Profiles\cdssr3pa.default\searchplugins\
conduit.xml
qip-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngi1.dll [2010-12-31 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6B5863A0-C43F-4C0A-982B-CC0E9125783F}]
QipLI Class - C:\Users\ONEILL\AppData\Roaming\Microsoft\Internet Explorer\qstatsrv.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Users\ONEILL\AppData\Roaming\Microsoft\Internet Explorer\qipsearchbar.dll [2010-10-25 140752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\tbuTo0.dll [2010-12-31 3911776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-01-05 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - uTorrentBar Toolbar - C:\Program Files (x86)\uTorrentBar\tbuTo0.dll [2010-12-31 3911776]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\ConduitEngi1.dll [2010-12-31 3911776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2007-08-24 33648]
"MGSysCtrl"=C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe [2008-08-12 704512]
"ITSecMng"=C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [2007-09-28 75136]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"SafeQ Client"=C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2010-03-31 249856]
"wxpdrv"=C:\Windows\services32.exe [2011-07-21 1178112]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-2-0\svchost.exe [2011-07-21 1178112]
"tray_ico1"=C:\Windows\update.tray-15-0\svchost.exe [2011-07-21 1178112]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"1192038.exe"=C:\Windows\Temp\1192038.exe [2011-07-21 232960]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-21 232960]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-21 232960]
"7461453.exe"=C:\Users\ONEILL\AppData\Local\Temp\7461453.exe [2011-07-21 232960]
"5257411.exe"=C:\Windows\Temp\5257411.exe [2011-07-21 232960]
"6462925.exe"=C:\Windows\Temp\6462925.exe [2011-07-21 483328]
"systemup"=C:\Windows\systemup.exe [2011-07-21 114176]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-21 110592]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"NVIDIA driver monitor"=C:\Windows\nvsvc32.exe []
"MultiCalc"=C:\Program Files (x86)\MultiCalc\MultiCalc.exe WinStart []
"QIP Internet Guardian"=C:\Users\ONEILL\AppData\Roaming\QipGuard\QipGuard.exe []
"RGSC"=I:\Installed games\GTA4\Rockstar Games Social Club\RGSCLauncher.exe /silent []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma Loader.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Aktualizovat ESET licenci.lnk - C:\Program Files (x86)\ESET\MiNODLogin\MiNODLogin.exe
Bluetooth Manager.lnk - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2007-08-24 2212224]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\hitmanpro35.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\HitmanPro35Crusader]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\River Past\Wave@MP3\WaveAtMp3.exe"="C:\Program Files\River Past\Wave@MP3\WaveAtMp3.exe:*:Enabled:River Past Wave@MP3"
"I:\dOwNLoAd\P17535732.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"I:\dOwNLoAd\P17535732.JPG-www.facebook(3).exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"I:\dOwNLoAd\Flash-Player.exe"="I:\dOwNLoAd\Flash-Player.exe:*:Enabled:I:\dOwNLoAd\Flash-Player.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"
"C:\Windows\services32.exe"="C:\Windows\services32.exe:*:Enabled:C:\Windows\services32.exe"
"C:\Windows\update.tray-2-0\svchost.exe"="C:\Windows\update.tray-2-0\svchost.exe:*:Enabled:C:\Windows\update.tray-2-0\svchost.exe"
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"msacm.voxacm160"=vct3216.acm
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"VIDC.MP42"=mpg4c32.dll
"VIDC.MP43"=mpg4c32.dll
"VIDC.MPG4"=mpg4c32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2011-07-21 10:18:22 ----D---- C:\Program Files (x86)\trend micro
2011-07-21 09:56:28 ----SHD---- C:\Config.Msi
2011-07-21 09:45:31 ----HD---- C:\Windows\update.tray-15-0-lnk
2011-07-21 09:45:31 ----HD---- C:\Windows\update.tray-15-0
2011-07-21 09:41:20 ----A---- C:\Windows\ddh_iplist.txt
2011-07-21 09:40:30 ----A---- C:\Windows\l1rezerv.exe
2011-07-21 09:40:18 ----D---- C:\Windows\system64
2011-07-21 09:40:16 ----A---- C:\Windows\systemup.exe
2011-07-21 09:39:09 ----D---- C:\Windows\ufa
2011-07-21 09:39:09 ----D---- C:\Windows\rpcminer
2011-07-21 09:39:09 ----D---- C:\Windows\phoenix
2011-07-21 09:38:24 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-21 09:38:20 ----A---- C:\Windows\unrar.exe
2011-07-21 09:38:13 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-21 09:37:58 ----HD---- C:\Windows\update.2
2011-07-21 09:37:52 ----HD---- C:\Windows\update.5.0
2011-07-21 09:37:47 ----A---- C:\Windows\iplist.txt
2011-07-21 09:36:44 ----A---- C:\Windows\sysdriver32_.exe
2011-07-21 09:36:30 ----A---- C:\Windows\sysdriver32.exe
2011-07-21 09:36:22 ----D---- C:\Windows\av_ico
2011-07-21 09:36:00 ----A---- C:\Windows\front_ip_list.txt
2011-07-21 09:34:24 ----HD---- C:\Windows\update.1
2011-07-21 09:34:21 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-07-21 09:34:21 ----HD---- C:\Windows\update.tray-2-0
2011-07-21 09:23:56 ----A---- C:\Windows\winlog-ids.txt
2011-07-21 09:23:56 ----A---- C:\Windows\winlog-dirs.txt
2011-07-21 09:23:50 ----A---- C:\Windows\services32.exe
2011-07-17 14:21:49 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-07-17 14:21:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-17 14:21:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-17 14:21:46 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-17 14:21:45 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-17 14:21:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-17 14:21:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-17 14:21:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-17 14:21:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-17 14:21:44 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-07-17 13:49:43 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-07-17 13:49:43 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-07-17 13:49:43 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-07-17 13:49:42 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-07-17 13:49:42 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-07-17 13:49:40 ----A---- C:\Windows\SysWOW64\user.exe
2011-06-29 18:23:44 ----A---- C:\Windows\SysWOW64\drvinst.exe
2011-06-29 18:23:44 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2011-06-29 18:23:43 ----A---- C:\Windows\SysWOW64\devrtl.dll
2011-06-29 18:23:43 ----A---- C:\Windows\SysWOW64\devobj.dll
2011-06-29 18:23:38 ----A---- C:\Windows\SysWOW64\mssrch.dll
2011-06-29 18:23:37 ----A---- C:\Windows\SysWOW64\tquery.dll
2011-06-29 18:23:36 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2011-06-29 18:23:35 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-06-29 18:23:35 ----A---- C:\Windows\SysWOW64\mssph.dll
2011-06-29 18:23:34 ----A---- C:\Windows\SysWOW64\mssvp.dll
2011-06-29 18:23:33 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2011-06-29 18:23:33 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2011-06-29 18:23:32 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2011-06-26 13:13:18 ----D---- C:\Program Files (x86)\NWN2Czech
2011-06-23 11:31:23 ----D---- C:\Program Files (x86)\PDFCreator
2011-06-23 11:31:23 ----A---- C:\Windows\SysWOW64\MSMPIDE.DLL

======List of files/folders modified in the last 1 month======

2011-07-21 10:18:22 ----RD---- C:\Program Files (x86)
2011-07-21 10:18:20 ----D---- C:\Windows\Temp
2011-07-21 10:17:04 ----SHD---- C:\System Volume Information
2011-07-21 10:00:40 ----D---- C:\ProgramData\NVIDIA
2011-07-21 09:58:57 ----RD---- C:\Program Files
2011-07-21 09:58:57 ----HD---- C:\ProgramData
2011-07-21 09:56:59 ----SHD---- C:\Windows\Installer
2011-07-21 09:45:31 ----AD---- C:\Windows
2011-07-21 09:39:16 ----D---- C:\Windows\System32
2011-07-21 09:30:47 ----D---- C:\Windows\SysWOW64
2011-07-21 09:30:02 ----D---- C:\Program Files (x86)\Google
2011-07-21 09:29:20 ----D---- C:\Windows\Prefetch
2011-07-19 03:20:06 ----D---- C:\Windows\winsxs
2011-07-18 23:01:25 ----D---- C:\Windows\AppPatch
2011-07-01 11:38:02 ----D---- C:\Windows\inf
2011-06-30 11:30:40 ----D---- C:\Windows\Microsoft.NET
2011-06-30 11:30:03 ----RSD---- C:\Windows\assembly
2011-06-29 18:43:02 ----RSD---- C:\Windows\Fonts
2011-06-27 02:46:11 ----D---- C:\Windows\rescache
2011-06-26 12:25:02 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-06-23 17:14:31 ----SHD---- C:\Boot
2011-06-23 17:06:24 ----D---- C:\Program Files (x86)\Windows Sidebar
2011-06-23 17:06:24 ----D---- C:\Program Files (x86)\Windows Portable Devices
2011-06-23 17:06:24 ----D---- C:\Program Files (x86)\Windows Mail
2011-06-23 17:06:24 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-23 17:06:23 ----D---- C:\Program Files (x86)\Windows Photo Viewer
2011-06-23 17:06:23 ----D---- C:\Program Files (x86)\Windows Media Player
2011-06-23 17:06:13 ----D---- C:\Windows\servicing
2011-06-23 17:06:13 ----D---- C:\Windows\ehome
2011-06-23 17:05:58 ----SHD---- C:\Windows\BitLockerDiscoveryVolumeContents
2011-06-23 17:05:57 ----D---- C:\Windows\SysWOW64\da-DK
2011-06-23 17:05:56 ----D---- C:\Windows\SysWOW64\en-US
2011-06-23 17:05:55 ----D---- C:\Windows\SysWOW64\oobe
2011-06-23 17:05:54 ----D---- C:\Windows\SysWOW64\Setup
2011-06-23 17:05:54 ----D---- C:\Windows\SysWOW64\migration
2011-06-23 17:05:54 ----D---- C:\Windows\SysWOW64\AdvancedInstallers
2011-06-23 17:05:53 ----D---- C:\Windows\SysWOW64\cs
2011-06-23 17:05:52 ----D---- C:\Windows\SysWOW64\cs-CZ
2011-06-23 17:05:49 ----D---- C:\Windows\SysWOW64\sppui
2011-06-23 17:05:49 ----D---- C:\Windows\SysWOW64\manifeststore
2011-06-23 17:05:49 ----D---- C:\Windows\SysWOW64\es-ES
2011-06-23 17:05:49 ----D---- C:\Windows\SysWOW64\en
2011-06-23 17:05:48 ----D---- C:\Windows\SysWOW64\wbem
2011-06-23 17:05:47 ----D---- C:\Windows\SysWOW64\migwiz
2011-06-23 17:05:46 ----D---- C:\Windows\SysWOW64\Dism
2011-06-23 17:05:03 ----D---- C:\Windows\PolicyDefinitions
2011-06-23 10:07:29 ----A---- C:\Windows\SysWOW64\msclmd.dll
2011-06-22 09:30:29 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor64;nvstor64; C:\Windows\system32\DRIVERS\nvstor64.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys []
R1 Tosrfcom;Bluetooth RFCOMM; C:\Windows\System32\Drivers\tosrfcom.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 aksdf;aksdf; C:\Windows\system32\DRIVERS\aksdf.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys []
R3 ElbyCDFL;ElbyCDFL; C:\Windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys []
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys []
R3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys []
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6264.sys []
R3 nvsmu;nvsmu; C:\Windows\system32\DRIVERS\nvsmu.sys []
R3 smserial;smserial; C:\Windows\system32\DRIVERS\SmSerl64.sys []
R3 tosporte;Bluetooth COM Port; C:\Windows\system32\DRIVERS\tosporte.sys []
S2 SSIPDDP;SSIPDDP: Parallel port device driver; \??\C:\Windows\system32\Drivers\SSIPDDP.SYS [1998-07-08 55296]
S3 a1f02ugp;a1f02ugp; C:\Windows\SysWOW64\drivers\a1f02ugp.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys []
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
S3 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys []
S3 hitmanpro35;Hitman Pro 3.5 Support Driver; \??\C:\Windows\system32\drivers\hitmanpro35.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx64.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys []
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 tosrfbd;Bluetooth RFBUS; C:\Windows\system32\DRIVERS\tosrfbd.sys []
S3 tosrfbnp;Bluetooth RFBNEP; C:\Windows\System32\Drivers\tosrfbnp.sys []
S3 Tosrfhid;Bluetooth RFHID; C:\Windows\system32\DRIVERS\Tosrfhid.sys []
S3 tosrfnds;Bluetooth Personal Area Network; C:\Windows\system32\DRIVERS\tosrfnds.sys []
S3 TosRfSnd;Bluetooth Audio; C:\Windows\system32\drivers\tosrfsnd.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\Windows\system32\DRIVERS\tosrfusb.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 FlexNET SCIA;FlexNET SCIA; C:\Program Files (x86)\Common Files\SCIA\Protection\lmgrd.exe [2009-11-21 1334096]
R2 Micro Star SCM;Micro Star SCM; C:\Program Files (x86)\System Control Manager\MSIService.exe [2008-02-21 159744]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-21 340480]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-21 483328]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-21 232960]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-10-16 369256]
R2 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2007-09-28 168296]
R2 wxpdrivers;wxpdrivers; C:\Windows\update.1\svchost.exe [2011-07-21 1178112]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-11-03 1044816]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 Drozd;Drozd; C:\Program Files (x86)\SCIA\Engineer2008\Flexlm\Lmgrd.exe [2008-04-02 974848]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-12-13 85096]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-05-27 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2007-08-24 68464]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2007-08-24 443776]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-09-23 935208]

-----------------EOF-----------------

[ondrejchejn]

Mám ten samý problém bohužel akorát 64 bitové windows 7 uplne mi to odkrouhlo antivir

[motji]

Mám ten samý problém bohužel akorát 64 bitové windows 7 uplne mi to odkrouhlo antivir

Prosím založte si svůj vlastní topic, takto by se nám to pletlo . každému uživateli se věnujeme ve vlastním topicu.

[motji]

Hezké dopoledne .
Udělám s Vámi dohodu . Vy mi slíbíte, že odinstalujete ten nelegální NOD, a já Vám pomůžu. Platí?

[AndrejDrozd]

No co mi zbývá. Sem asi v situaci jako cukrovkář který se má rozhodnout jestli sušenky a nebo noha Pryč tedy s ním.

[motji]

No to jste, ale jestli Vám můžu radit, free Avast je lepší .

Stahněte Rkill z jednoho z odkazů, pokud by ho vir blokoval, zkuste stahnout jiný

Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill COM:
http://download.bleepingcomputer.com/grinler/rkill.com



Rkill PIF:
http://download.bleepingcomputer.com/grinler/rkill.pif

-spusťte ho a nechejte pracovat. Sám se ukončí.

- Ted nerestartujte počítač!



Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
- přejmenujte combofix na potvůrka.com

[AndrejDrozd]

Nejde mi spustit odkaz na Combofix. Najdu ho ještě jinde?

[motji]

Combofix byl stažen z linku, budeme muset použít jiný nástroj

Stahněte OTL http://oldtimer.geekstogo.com/OTL.exe
-uložte ho na plochu a spustte soubor OTL.exe.
-do bílého okna dole skopírujte tento skript:

Kód: Vybrat vše

netsvcs
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s

/md5start
cngaudit.dll
cryptsvc.dll
eNetHook.dll
eventlog.dll
hal.dll
logevent.dll
netlogon.dll
ntelogon.dll
scecli.dll
sceclt.dll
ws2_32.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
adp3132.sys
AGP440.sys
ahcix86.sys
ahcix86s.sys
atapi.sys
cdrom.sys
Changer.sys
fastfat.sys
iaStor.sys
iastorv.sys
IdeChnDr.sys
isapnp.sys
JakNDis.sys
KR10N.sys
mv61xx.sys
ndis.sys
ntfs.sys
nvata.sys
nvatabus.sys
nvgts.sys
nvraid.sys
nvrd32.sys
nvstor.sys
nvstor32.sys
symmpi.sys
tcpip.sys
vaxscsi.sys
viamraid.sys
viasraid.sys
ViPrt.sys
/md5stop

C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe


HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\BITS /s
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c

type c:\boot.ini >> test.txt /c
%SystemDrive%\PhysicalMBR.bin /md5 

- zaškrtněte okénko Pro všechny uživatele.
-označte okénka Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
- Klikněte na tlačítko Prohledat
-po dokončení skenu se objeví logy OTL.Txt a Extras.txt, vložte je zde

[AndrejDrozd]

A safra...V průběhu scanningu OTL došlo samo k restartu a znovu došlo ke stejným problémům jako předtím. Po restartu naskočí safe mode a jakmile naběhne znovu dojde k restartu a naskčí normal mode

[motji]

Zkuste restartovat pc, mačkejte f8 a jděte rovnou do safe mode

[AndrejDrozd]

Takže nový postup bude znovu spustit RKILL a pak opakovat OTL?

[motji]

Ano

[AndrejDrozd]

....Safe mode padá okamžitě po načtení.

[AndrejDrozd]

Znovu jsem zkusil OTL v normal modu kde po notné chvílůi naskočila hláška: Cannot create file: C:\Users\ONEILL\Desktop\cmd.bat

Nicméně vznikly dva soubory desktop.ini

První obsahuje:

[.shellclassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

Druhý:

[.shellclassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183

[motji]

Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.