Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

FB update Flash Player vir - dalsi stastlivec

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

FB update Flash Player vir - dalsi stastlivec

#1 Příspěvek od Pillow »

Dobrý den, taky jsem díky vlastní nepozornosti a hlouposti naletěl a zkusil si "upgradovat" Flash player. Prosím proto o pomoc, výpis z RSIT následuje. Počítač se restartuje do nouzového režimu, tam cca 30 vteřin zůstane a opět se restartuje už do normálního režimu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Jaruska at 2011-08-19 21:36:26
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 70 GB (69%) free of 102 GB
Total RAM: 2038 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:37:05, on 19.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\csrss.exe
C:\windows\system32\services.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\svchost.exe
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\windows\update.7.1\svchostdriver.exe
C:\windows\Explorer.EXE
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
C:\windows\update.5.0\svchost.exe
C:\windows\update.2\svchost.exe
C:\windows\update.5.0\svchost.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Program Files\EeePC\CapsHook\CapsHook.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\windows\system32\igfxsrvc.exe
C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe
C:\windows\sysdriver32.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\windows\system32\svchost.exe
C:\Windows\update.tray-7-0\svchost.exe
C:\windows\update.1\svchost.exe
C:\Windows\l1rezerv.exe
C:\windows\update.2\svchost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
C:\windows\system32\SearchIndexer.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Windows\update.tray-7-0-lnk\svchost.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\update.7.1\svchostdriver.exe
C:\windows\system32\sppsvc.exe
C:\Users\Jaruska\Desktop\RSIT.exe
C:\Program Files\trend micro\Jaruska.exe
C:\windows\System32\svchost.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?gcht=HC&o=101702&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\windows\AsScrPro.exe
O4 - HKLM\..\Run: [EeeSplendidAgent] C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\windows\update.tray-7-0\svchost.exe
O4 - HKLM\..\Run: [6615640.exe] "C:\Windows\Temp\6615640.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [1912996.exe] "C:\Users\Jaruska\AppData\Local\Temp\1912996.exe"
O4 - HKLM\..\Run: [2683326.exe] "C:\Windows\Temp\2683326.exe"
O4 - HKLM\..\Run: [1724409.exe] "C:\Windows\Temp\1724409.exe"
O4 - HKLM\..\Run: [53745007-loader2.exe] "C:\Windows\Temp\53745007-loader2.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\windows\l1rezerv.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O20 - AppInit_DLLs: C:\windows\system32\nvinit.dll
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ddservice - Unknown owner - C:\windows\update.7.1\svchostdriver.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: srvbtcclient - Unknown owner - C:\windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe
O23 - Service: wxpdrivers - Unknown owner - C:\windows\update.1\svchost.exe

--
End of file - 9944 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Jaruska\AppData\Roaming\Mozilla\Firefox\Profiles\o4gou3a1.default

prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.icq.com/search/afe_result ... id=afex&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npFoxitReaderPlugin.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Jaruska\AppData\Roaming\Mozilla\Firefox\Profiles\o4gou3a1.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}

C:\Users\Jaruska\AppData\Roaming\Mozilla\Firefox\Profiles\o4gou3a1.default\searchplugins\
icqplugin-1.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-07-21 42272]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-19 1594664]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-11-19 83240]
"ASUS Screen Saver Protector"=C:\windows\AsScrPro.exe [2010-07-30 3058304]
"EeeSplendidAgent"=C:\Program Files\ASUS\EPC\EeeSplendid\AsAgent.exe []
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"SuperHybridEngine"=AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe []
"LiveUpdate"=AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto []
"CapsHook"=AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe []
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2010-06-10 414384]
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-05-10 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-05-10 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-05-10 150552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-04-27 9177632]
"OOBESetup"=C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [2009-12-11 334848]
"ASUSPRP"=C:\Program Files\ASUS\APRP\APRP.EXE [2010-07-30 2018032]
"ASUSWebStorage"=C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"wxpdrv"=C:\windows\services32.exe [2011-08-19 1215488]
"tray_ico"= []
"tray_ico0"=C:\windows\update.tray-7-0\svchost.exe [2011-08-19 1215488]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"6615640.exe"=C:\Windows\Temp\6615640.exe [2011-08-19 258048]
"sysdriver32.exe"=C:\windows\sysdriver32.exe [2011-08-19 258048]
"sysdriver32_.exe"=C:\windows\sysdriver32_.exe [2011-08-19 258048]
"1912996.exe"=C:\Users\Jaruska\AppData\Local\Temp\1912996.exe [2011-08-19 258048]
"2683326.exe"=C:\Windows\Temp\2683326.exe [2011-08-19 632832]
"1724409.exe"=C:\Windows\Temp\1724409.exe [2011-08-19 258048]
"53745007-loader2.exe"=C:\Windows\Temp\53745007-loader2.exe [2011-08-19 258048]
"l1rezerv.exe"=C:\windows\l1rezerv.exe [2011-08-19 232960]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe /nogui []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files\ASUS\AsusVibe\AsusVibeLauncher.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-05-10 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-08-19 21:36:26 ----D---- C:\rsit
2011-08-19 21:36:26 ----D---- C:\Program Files\trend micro
2011-08-19 21:21:33 ----D---- C:\windows\av_ico
2011-08-19 21:06:40 ----A---- C:\windows\winlog-ids.txt
2011-08-19 21:06:40 ----A---- C:\windows\winlog-dirs.txt
2011-08-19 21:05:21 ----D---- C:\windows\ufa
2011-08-19 21:05:21 ----D---- C:\windows\rpcminer
2011-08-19 21:05:21 ----D---- C:\windows\phoenix
2011-08-19 20:58:35 ----A---- C:\windows\unrar.exe
2011-08-19 20:54:32 ----A---- C:\windows\btc_client_iplist.txt
2011-08-19 20:53:35 ----A---- C:\windows\l1rezerv.exe
2011-08-19 20:53:17 ----A---- C:\windows\iecheck_iplist.txt
2011-08-19 20:53:03 ----HD---- C:\windows\update.5.0
2011-08-19 20:52:35 ----HD---- C:\windows\update.2
2011-08-19 20:52:24 ----HD---- C:\windows\update.7.1
2011-08-19 20:52:14 ----A---- C:\windows\iplist.txt
2011-08-19 20:51:54 ----A---- C:\windows\sysdriver32_.exe
2011-08-19 20:51:40 ----A---- C:\windows\sysdriver32.exe
2011-08-19 20:51:27 ----A---- C:\windows\front_ip_list.txt
2011-08-19 20:50:10 ----HD---- C:\windows\update.1
2011-08-19 20:50:04 ----HD---- C:\windows\update.tray-7-0-lnk
2011-08-19 20:50:04 ----HD---- C:\windows\update.tray-7-0
2011-08-19 20:43:18 ----A---- C:\windows\services32.exe
2011-08-19 20:42:08 ----D---- C:\## aswSnx private storage
2011-08-11 11:41:59 ----A---- C:\windows\system32\xmllite.dll
2011-08-11 11:41:55 ----A---- C:\windows\system32\ntoskrnl.exe
2011-08-11 11:41:53 ----A---- C:\windows\system32\ntkrnlpa.exe
2011-08-11 11:41:50 ----A---- C:\windows\system32\drivers\mrxsmb10.sys
2011-08-11 11:41:44 ----A---- C:\windows\system32\drivers\tcpip.sys
2011-08-11 11:41:39 ----A---- C:\windows\system32\iertutil.dll
2011-08-11 11:41:34 ----A---- C:\windows\system32\mshtml.dll
2011-08-11 11:41:33 ----A---- C:\windows\system32\ieframe.dll
2011-08-11 11:41:30 ----A---- C:\windows\system32\wininet.dll
2011-08-11 11:41:30 ----A---- C:\windows\system32\urlmon.dll
2011-08-11 11:41:29 ----A---- C:\windows\system32\url.dll
2011-08-11 11:41:29 ----A---- C:\windows\system32\mshtmled.dll
2011-08-11 11:41:29 ----A---- C:\windows\system32\msfeeds.dll
2011-08-11 11:41:29 ----A---- C:\windows\system32\ieui.dll
2011-08-11 11:41:28 ----A---- C:\windows\system32\jsproxy.dll
2011-08-11 11:41:24 ----A---- C:\windows\system32\winsrv.dll
2011-08-11 11:41:24 ----A---- C:\windows\system32\KernelBase.dll
2011-08-11 11:41:24 ----A---- C:\windows\system32\kernel32.dll
2011-08-11 11:41:24 ----A---- C:\windows\system32\conhost.exe
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-08-11 11:41:23 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-08-11 11:41:22 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-08-11 11:41:20 ----A---- C:\windows\system32\odbcjt32.dll
2011-08-11 11:41:19 ----A---- C:\windows\system32\odbctrac.dll
2011-08-11 11:41:19 ----A---- C:\windows\system32\odbccu32.dll
2011-08-11 11:41:19 ----A---- C:\windows\system32\odbccr32.dll
2011-08-11 11:41:19 ----A---- C:\windows\system32\odbccp32.dll
2011-08-08 21:39:47 ----D---- C:\Program Files\Common Files\Java
2011-08-08 21:39:33 ----A---- C:\windows\system32\javaws.exe
2011-08-08 21:39:33 ----A---- C:\windows\system32\javaw.exe
2011-08-08 21:39:33 ----A---- C:\windows\system32\java.exe

======List of files/folders modified in the last 1 month======

2011-08-19 21:36:26 ----RD---- C:\Program Files
2011-08-19 21:28:35 ----D---- C:\windows\System32
2011-08-19 21:28:35 ----D---- C:\windows\inf
2011-08-19 21:28:35 ----A---- C:\windows\system32\PerfStringBackup.INI
2011-08-19 21:23:22 ----D---- C:\windows\Temp
2011-08-19 21:22:16 ----D---- C:\windows\system32\config
2011-08-19 21:21:58 ----D---- C:\Users\Jaruska\AppData\Roaming\ASUS WebStorage
2011-08-19 21:21:33 ----D---- C:\Windows
2011-08-19 21:14:06 ----SHD---- C:\windows\Installer
2011-08-19 21:13:42 ----SHD---- C:\System Volume Information
2011-08-19 21:13:41 ----HD---- C:\ProgramData
2011-08-19 20:53:04 ----D---- C:\windows\system32\drivers\etc
2011-08-19 20:46:27 ----D---- C:\Program Files\Mozilla Firefox
2011-08-11 21:25:51 ----D---- C:\windows\Microsoft.NET
2011-08-11 21:25:48 ----RSD---- C:\windows\assembly
2011-08-11 16:41:16 ----D---- C:\AsusVibeData
2011-08-11 16:41:09 ----D---- C:\Program Files\ASUS
2011-08-11 16:35:12 ----D---- C:\windows\winsxs
2011-08-11 16:33:31 ----AD---- C:\windows\system32\drivers
2011-08-11 16:33:30 ----D---- C:\windows\system32\migration
2011-08-11 16:33:30 ----D---- C:\Program Files\Internet Explorer
2011-08-11 14:22:33 ----D---- C:\windows\system32\catroot
2011-08-11 14:19:30 ----A---- C:\windows\system32\MRT.exe
2011-08-11 11:41:08 ----D---- C:\windows\system32\catroot2
2011-08-08 21:39:47 ----D---- C:\Program Files\Common Files
2011-08-08 21:39:21 ----D---- C:\Program Files\Java
2011-08-05 15:22:36 ----D---- C:\windows\Prefetch

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-06-05 330264]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-07-23 19656]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R1 AsUpIO;AsUpIO; C:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-05-08 2710592]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-05-10 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-04-27 3084256]
R3 kbfiltr;Keyboard Filter; C:\windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2010-05-10 68208]
R3 Sftfs;Sftfs; C:\windows\system32\DRIVERS\Sftfslh.sys [2009-12-02 550760]
R3 Sftplay;Sftplay; C:\windows\system32\DRIVERS\Sftplaylh.sys [2009-12-02 195944]
R3 Sftredir;Sftredir; C:\windows\system32\DRIVERS\Sftredirlh.sys [2009-12-02 21864]
R3 Sftvol;Sftvol; C:\windows\system32\DRIVERS\Sftvollh.sys [2009-12-02 19304]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-11-19 230448]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;Ovladač filtru AMD portu AGP; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-05-21 88104]
S3 btwavdt;Bluetooth AVDT; C:\windows\system32\drivers\btwavdt.sys [2010-05-21 111144]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-05-21 18728]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;Filtr SIS sběrnice AGP; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\windows\system32\DRIVERS\sscdbus.sys [2005-08-17 58352]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;Filtr VIA sběrnice AGP; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-19 219136]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-05-21 652576]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 ddservice;ddservice; C:\windows\update.7.1\svchostdriver.exe [2011-08-19 382464]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-07-12 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 sftlist;Application Virtualization Client; C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R2 srvbtcclient;srvbtcclient; C:\windows\update.5.0\svchost.exe [2011-08-19 348672]
R2 srviecheck;srviecheck; C:\windows\update.2\svchost.exe [2011-08-19 632832]
R2 srvsysdriver32;srvsysdriver32; C:\windows\sysdriver32.exe [2011-08-19 258048]
R2 wxpdrivers;wxpdrivers; C:\windows\update.1\svchost.exe [2011-08-19 1215488]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-10-23 1343400]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: FB update Flash Player vir - dalsi stastlivec

#2 Příspěvek od Caroprd111 »

Zdravím a vítám vás na našem bezpečnostním fóru viry.cz :welcome:

Můj nick je Caroprd111. Budu se vám v tomto topicu věnovat a snažit se odstranit všechny vaše problémy s počítačem. :)
Než začneme, přečtěte si prosím následující poznámky.
  • Pokud nemáte, zálohujte si všechna důležitá data. Infikovaný počítač je nevyzpytatelný.
  • Důsledně a pečlivě si přečtěte celý postup, poté pokračujte po jednotlivých krocích.
  • Prosím, nespouštějte žádné další programy na vlastní pěst, zejména ComboFix. Zbytečně tím můžete zkomplikovat odvirování, dokonce i znefunkčnit systém.
  • Absence příznaků nemusí vždy znamenat, že je počítač čistý, proto vždy spolupracujte až do doby, než vám napíšu, že je počítač v pořádku.
  • V případě, že něčemu nerozumíte nebo si nejste jist, neváhejte se mě zeptat.
  • Pokud bude log dlouhý a nevejde se do jednoho příspěvku, rozdělte jej do více příspěvků.


:arrow: Stáhněte OTL http://oldtimer.geekstogo.com/OTL.exe na plochu
  • Spusťte, poté do spodního políčka vložte následující skript.

Kód: Vybrat vše

 
safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU /s
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wuauserv" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\BITS" /v ImagePath /c
reg query "HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager" /v BootExecute /c
reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v "PendingFileRenameOperations" /c
type c:\boot.ini >> test.txt /c
*crack*
*keygen*
  • Označte položku Pro všechny uživatele.
  • Označte položky Kontrola na havěť "LOP" a Kontrola na havěť "Purity"
  • Klikněte na tlačítko Prohledat
  • Po dokončení, sem vložte logy OTL.Txt a Extras.txt
Obrázek
Nahoru
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

Re: FB update Flash Player vir - dalsi stastlivec

#3 Příspěvek od Pillow »

Diky za privitani. Bohuzel scan nedobehne, vyskoci hlaska Cannot create file "cesta\cmd.bat" (viz obrazek) a ve stavovem radku zustane scan registru, ktery je take na obrazku. Ten se nezmeni ani po cca dvaceti minutach. Spoustel jsem i jako spravce a OTL mam na plose.
Přílohy
error_res.png
error_res.png (168.56 KiB) Zobrazeno 2112 x
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: FB update Flash Player vir - dalsi stastlivec

#4 Příspěvek od Caroprd111 »

Zkuste to se skriptem:

Kód: Vybrat vše

safebootminimal 
safebootnetwork
drivers32
savembr:0
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
/md5start
scecli.dll
autochk.exe
csrss.exe
explorer.exe
lsass.exe
services.exe
smss.exe
spoolsv.exe
svchost.exe
userinit.exe
winlogon.exe
atapi.sys
cdrom.sys 
ndis.sys
ntfs.sys
tcpip.sys
%SystemDrive%\PhysicalMBR.bin
/md5stop
C:\windows\system32\spool\prtprocs|dll;true;true;true /FP
%systemroot%\system32\drivers\*.sys /5
%systemroot%\system32\drivers\*.sys /X 
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\system32\*.* /5
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\system32\config\*.sav 
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\*.* /U /s
%systemroot%\*. /mp /s
%ALLUSERSPROFILE%\Data Aplikací\*.*
%ALLUSERSPROFILE%\Data Aplikací\*.exe /s
%ALLUSERSPROFILE%\Dáta aplikácií\*.*
%ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s
*crack* /s
*keygen* /s
%APPDATA%\*.
%APPDATA%\*.*
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
type c:\boot.ini >> test.txt /c
Obrázek
Nahoru
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

Re: FB update Flash Player vir - dalsi stastlivec

#5 Příspěvek od Pillow »

Pomohlo, diky. Takze logy:

OTL logfile created on: 21.8.2011 14:03:22 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jaruska\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,07% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 56,63 Gb Free Space | 56,63% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 107,90 Gb Free Space | 91,55% Space Free | Partition Type: NTFS
Drive E: | 7,55 Gb Total Space | 7,52 Gb Free Space | 99,69% Space Free | Partition Type: FAT32

Computer Name: MAZLIK | User Name: Jaruska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.08.21 08:17:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jaruska\Desktop\OTL.exe
PRC - [2011.08.19 20:53:31 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
PRC - [2011.08.19 20:53:02 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011.08.19 20:53:02 | 000,348,672 | ---- | M] () -- C:\Windows\update.5.0\svchost.exe
PRC - [2011.08.19 20:52:34 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.08.19 20:52:34 | 000,632,832 | ---- | M] () -- C:\Windows\update.2\svchost.exe
PRC - [2011.08.19 20:52:22 | 000,382,464 | ---- | M] () -- C:\Windows\update.7.1\svchostdriver.exe
PRC - [2011.08.19 20:51:40 | 000,258,048 | ---- | M] () -- C:\Windows\sysdriver32.exe
PRC - [2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-7-0\svchost.exe
PRC - [2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () -- C:\Windows\update.1\svchost.exe
PRC - [2011.06.29 12:20:24 | 000,743,936 | ---- | M] (Ufasoft) -- C:\Windows\ufa\ufa.exe
PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2011.02.23 11:49:46 | 000,731,472 | ---- | M] (ecareme) -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe
PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.07.30 02:13:48 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.06.30 00:31:56 | 001,241,520 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
PRC - [2010.06.12 06:56:42 | 000,976,872 | ---- | M] (AsusTek Computer Inc.) -- C:\Program Files\ASUS\LiveUpdate\LiveUpdate.exe
PRC - [2010.06.10 22:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
PRC - [2010.05.29 01:41:36 | 000,445,344 | ---- | M] (ASUS) -- C:\Program Files\EeePC\CapsHook\CapsHook.exe
PRC - [2010.05.21 22:42:48 | 000,828,704 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
PRC - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
PRC - [2010.04.03 02:45:20 | 000,407,552 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
PRC - [2009.12.02 23:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009.12.02 23:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2009.11.19 15:44:14 | 000,083,240 | ---- | M] (Synaptics Incorporated) -- C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
PRC - [2009.09.11 20:41:02 | 000,100,328 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
PRC - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () -- C:\Windows\System32\AsusService.exe
PRC - [2009.06.05 04:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe


========== Modules (No Company Name) ==========

MOD - [2011.08.19 20:53:31 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
MOD - [2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-7-0\svchost.exe
MOD - [2011.08.11 16:54:27 | 001,670,144 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\47a4b624c147aae197214d4ee5f0661b\Microsoft.VisualBasic.ni.dll
MOD - [2011.08.11 16:53:32 | 001,051,136 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Management\6e9a08576157b4aeb91a3aaa452fcb00\System.Management.ni.dll
MOD - [2011.08.11 16:38:19 | 012,433,408 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\0d43c5e77ee7b8466700b16d7e7d4bb7\System.Windows.Forms.ni.dll
MOD - [2011.08.11 16:37:53 | 001,587,200 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\9e87dd8fe5d0f925d80a6a6eaf74fdb9\System.Drawing.ni.dll
MOD - [2011.08.11 16:36:50 | 005,453,312 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml\16d2854bf69d59d94e64a918365705f1\System.Xml.ni.dll
MOD - [2011.08.11 16:36:36 | 000,971,264 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\36d0ed3f2a65b9d67933ed46dfcd2ccb\System.Configuration.ni.dll
MOD - [2011.08.11 16:36:33 | 007,963,648 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\System\3da7c6c1a0f26ae91883fd8b03ec192d\System.ni.dll
MOD - [2011.08.11 14:21:03 | 000,025,600 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\Accessibility\b614f2d2f13857c09c98b02944fc1c41\Accessibility.ni.dll
MOD - [2011.08.11 14:21:01 | 011,490,304 | ---- | M] () -- C:\windows\assembly\NativeImages_v2.0.50727_32\mscorlib\16b68fcaff063835ae0ee348a1201f2a\mscorlib.ni.dll
MOD - [2010.11.13 04:37:03 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_cs_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.13 03:54:29 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_cs_b77a5c561934e089\System.Windows.Forms.resources.dll
MOD - [2010.10.22 12:40:18 | 000,178,176 | ---- | M] () -- C:\Users\Jaruska\JPG resampler\JRcm.dll
MOD - [2010.09.04 08:47:48 | 000,028,672 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AxInterop.ShockwaveFlashObjects.dll
MOD - [2010.09.02 13:08:00 | 000,118,784 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt.dll
MOD - [2010.06.10 22:12:06 | 000,414,384 | ---- | M] () -- C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
MOD - [2010.05.21 22:42:58 | 000,132,384 | ---- | M] () -- C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll
MOD - [2010.03.15 12:28:24 | 000,141,824 | ---- | M] () -- C:\Program Files\WinRAR\RarExt.dll
MOD - [2009.03.02 04:08:04 | 000,003,584 | ---- | M] () -- C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\LogicNP.PropSheetExtensionHelper.dll


========== Win32 Services (SafeList) ==========

SRV - [2011.08.19 20:53:02 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\Windows\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.08.19 20:52:34 | 000,632,832 | ---- | M] () [Auto | Running] -- C:\Windows\update.2\svchost.exe -- (srviecheck)
SRV - [2011.08.19 20:52:22 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\windows\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011.08.19 20:51:40 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\windows\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () [Auto | Running] -- C:\Windows\update.1\svchost.exe -- (wxpdrivers)
SRV - [2010.10.23 08:07:07 | 001,343,400 | ---- | M] (Microsoft Corporation) [Unknown | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.05.21 22:42:48 | 000,652,576 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.12.02 23:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009.12.02 23:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2009.08.19 02:35:56 | 000,219,136 | ---- | M] () [Auto | Running] -- C:\Windows\System32\AsusService.exe -- (AsusService)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.05 04:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)


========== Driver Services (SafeList) ==========

DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010.07.23 04:10:29 | 000,019,656 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\windows\system32\DRIVERS\nvpciflt.sys -- (nvpciflt)
DRV - [2010.07.23 04:10:27 | 010,913,672 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.05.10 11:28:15 | 000,068,208 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1C62x86.sys -- (L1C)
DRV - [2010.03.31 03:40:20 | 000,011,520 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsUpIO.sys -- (AsUpIO)
DRV - [2009.12.02 23:23:52 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2009.12.02 23:23:50 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2009.12.02 23:23:48 | 000,195,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2009.12.02 23:23:46 | 000,550,760 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2009.07.20 11:29:40 | 000,013,880 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\kbfiltr.sys -- (kbfiltr)
DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2005.08.17 07:45:00 | 000,058,352 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\sscdbus.sys -- (sscdbus) SAMSUNG USB Composite Device driver (WDM)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
IE - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com [binary data]
IE - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?gcht=HC&o=101702&l=dis
IE - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz/"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..keyword.URL: "http://search.icq.com/search/afe_result ... id=afex&q="

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.08.19 20:46:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.05.13 16:16:05 | 000,000,000 | ---D | M]

[2010.10.21 20:08:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaruska\AppData\Roaming\Mozilla\Extensions
[2011.07.02 18:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Jaruska\AppData\Roaming\Mozilla\Firefox\Profiles\o4gou3a1.default\extensions
[2010.10.21 22:43:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Jaruska\AppData\Roaming\Mozilla\Firefox\Profiles\o4gou3a1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.08.14 15:30:50 | 000,000,950 | ---- | M] () -- C:\Users\Jaruska\AppData\Roaming\Mozilla\Firefox\Profiles\o4gou3a1.default\searchplugins\icqplugin-1.xml
[2009.07.13 17:12:02 | 000,000,944 | ---- | M] () -- C:\Users\Jaruska\AppData\Roaming\Mozilla\Firefox\Profiles\o4gou3a1.default\searchplugins\icqplugin.xml
[2011.08.08 21:39:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.10.27 12:06:27 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011.08.08 21:39:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}
File not found (No name found) --
() (No name found) -- C:\USERS\JARUSKA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\O4GOU3A1.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011.08.19 20:46:26 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.05.04 04:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010.10.25 20:13:49 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll
[2011.05.13 16:16:01 | 000,002,208 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
[2011.05.13 16:16:01 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2011.04.16 12:26:38 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2011.05.13 16:16:01 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2011.05.13 16:16:01 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2011.05.13 16:16:01 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.08.21 11:57:33 | 000,202,984 | -H-- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 facebook.com
O1 - Hosts: 127.0.0.1 http://www.facebook.com
O1 - Hosts: 127.0.0.1 af-za.facebook.com
O1 - Hosts: 127.0.0.1 az-az.facebook.com
O1 - Hosts: 127.0.0.1 id-id.facebook.com
O1 - Hosts: 127.0.0.1 ms-my.facebook.com
O1 - Hosts: 127.0.0.1 bs-ba.facebook.com
O1 - Hosts: 127.0.0.1 ca-es.facebook.com
O1 - Hosts: 127.0.0.1 cs-cz.facebook.com
O1 - Hosts: 127.0.0.1 cy-gb.facebook.com
O1 - Hosts: 127.0.0.1 da-dk.facebook.com
O1 - Hosts: 127.0.0.1 de-de.facebook.com
O1 - Hosts: 127.0.0.1 et-ee.facebook.com
O1 - Hosts: 127.0.0.1 en-gb.facebook.com
O1 - Hosts: 127.0.0.1 es-la.facebook.com
O1 - Hosts: 127.0.0.1 eo-eo.facebook.com
O1 - Hosts: 127.0.0.1 eu-es.facebook.com
O1 - Hosts: 127.0.0.1 tl-ph.facebook.com
O1 - Hosts: 127.0.0.1 fo-fo.facebook.com
O1 - Hosts: 127.0.0.1 fr-fr.facebook.com
O1 - Hosts: 127.0.0.1 fy-nl.facebook.com
O1 - Hosts: 127.0.0.1 ga-ie.facebook.com
O1 - Hosts: 127.0.0.1 gl-es.facebook.com
O1 - Hosts: 127.0.0.1 ko-kr.facebook.com
O1 - Hosts: 50053 more lines...
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [1724409.exe] C:\Windows\Temp\1724409.exe ()
O4 - HKLM..\Run: [1912996.exe] C:\Users\Jaruska\AppData\Local\Temp\1912996.exe ()
O4 - HKLM..\Run: [2683326.exe] C:\Windows\Temp\2683326.exe ()
O4 - HKLM..\Run: [53745007-loader2.exe] C:\Windows\Temp\53745007-loader2.exe ()
O4 - HKLM..\Run: [6615640.exe] C:\Windows\Temp\6615640.exe ()
O4 - HKLM..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe (ASUS)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\aprp.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [avast] File not found
O4 - HKLM..\Run: [CapsHook] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] File not found
O4 - HKLM..\Run: [HotkeyMon] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [HotkeyService] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [l1rezerv.exe] C:\windows\l1rezerv.exe ()
O4 - HKLM..\Run: [LiveUpdate] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [SuperHybridEngine] C:\windows\System32\AsusSender.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4 - HKLM..\Run: [sysdriver32.exe] C:\windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O4 - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001..\Run: [msnmsgr] File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O7 - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - AppInit_DLLs: (C:\windows\system32\nvinit.dll) - C:\Windows\System32\nvinit.dll (NVIDIA Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (aswBoot.exe /A:"*" /L:"English" /KBD:2 /dir:"C:\PROGRA~1\AVASTS~1\Avast\defs\11070401") - C:\windows\System32\aswBoot.exe (AVAST Software)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootMin: wxpdrivers - C:\Windows\update.1\svchost.exe ()
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: wxpdrivers - C:\Windows\update.1\svchost.exe ()
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices

Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo8 - C:\windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\windows\System32\iccvid.dll (Radius Inc.)
PhysicalDisk0 MBR saved to C:\PhysicalMBR.bin

========== Files/Folders - Created Within 30 Days ==========

[2011.08.21 12:39:37 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011.08.21 08:29:07 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Users\Jaruska\Desktop\OTL.exe
[2011.08.19 22:26:17 | 000,222,080 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\MpSigStub.exe
[2011.08.19 21:36:26 | 000,000,000 | ---D | C] -- C:\Program Files\trend micro
[2011.08.19 21:36:26 | 000,000,000 | ---D | C] -- C:\rsit
[2011.08.19 21:21:33 | 000,000,000 | ---D | C] -- C:\windows\av_ico
[2011.08.19 21:14:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.08.19 21:05:21 | 000,000,000 | ---D | C] -- C:\windows\ufa
[2011.08.19 21:05:21 | 000,000,000 | ---D | C] -- C:\windows\rpcminer
[2011.08.19 21:05:21 | 000,000,000 | ---D | C] -- C:\windows\phoenix
[2011.08.19 20:53:03 | 000,000,000 | -H-D | C] -- C:\windows\update.5.0
[2011.08.19 20:52:35 | 000,000,000 | -H-D | C] -- C:\windows\update.2
[2011.08.19 20:52:24 | 000,000,000 | -H-D | C] -- C:\windows\update.7.1
[2011.08.19 20:50:10 | 000,000,000 | -H-D | C] -- C:\windows\update.1
[2011.08.19 20:50:04 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-7-0-lnk
[2011.08.19 20:50:04 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-7-0
[2011.08.19 20:42:08 | 000,000,000 | ---D | C] -- C:\## aswSnx private storage
[2011.08.11 11:41:55 | 003,912,576 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntoskrnl.exe
[2011.08.11 11:41:53 | 003,967,872 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ntkrnlpa.exe
[2011.08.11 11:41:29 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\msfeeds.dll
[2011.08.11 11:41:29 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\ieui.dll
[2011.08.11 11:41:29 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\url.dll
[2011.08.11 11:41:28 | 001,638,912 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\mshtml.tlb
[2011.08.11 11:41:28 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\jsproxy.dll
[2011.08.11 11:41:24 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\conhost.exe
[2011.08.11 11:41:24 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\winsrv.dll
[2011.08.11 11:41:23 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-file-l1-1-0.dll
[2011.08.11 11:41:23 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2011.08.11 11:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2011.08.11 11:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2011.08.11 11:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2011.08.11 11:41:23 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-string-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-io-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2011.08.11 11:41:23 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2011.08.11 11:41:22 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-security-base-l1-1-0.dll
[2011.08.11 11:41:22 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2011.08.11 11:41:22 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-util-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2011.08.11 11:41:22 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\windows\System32\api-ms-win-core-console-l1-1-0.dll
[2011.08.11 11:41:20 | 000,319,488 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbcjt32.dll
[2011.08.11 11:41:19 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbctrac.dll
[2011.08.11 11:41:19 | 000,122,880 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccp32.dll
[2011.08.11 11:41:19 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccu32.dll
[2011.08.11 11:41:19 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\windows\System32\odbccr32.dll
[2011.08.08 21:39:47 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011.08.08 21:39:33 | 000,157,472 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaws.exe
[2011.08.08 21:39:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\javaw.exe
[2011.08.08 21:39:33 | 000,145,184 | ---- | C] (Sun Microsystems, Inc.) -- C:\windows\System32\java.exe
[2010.07.06 04:50:14 | 000,013,880 | ---- | C] ( ) -- C:\windows\System32\drivers\kbfiltr.sys

========== Files - Modified Within 30 Days ==========

[2011.08.21 14:07:07 | 000,000,512 | ---- | M] () -- C:\PhysicalMBR.bin
[2011.08.21 12:27:50 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2011.08.21 12:04:43 | 000,631,736 | ---- | M] () -- C:\windows\System32\perfh005.dat
[2011.08.21 12:04:43 | 000,616,452 | ---- | M] () -- C:\windows\System32\perfh009.dat
[2011.08.21 12:04:43 | 000,122,100 | ---- | M] () -- C:\windows\System32\perfc005.dat
[2011.08.21 12:04:43 | 000,106,574 | ---- | M] () -- C:\windows\System32\perfc009.dat
[2011.08.21 12:04:43 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.21 12:04:43 | 000,009,920 | -H-- | M] () -- C:\windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.21 11:57:42 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.21 11:57:33 | 000,202,984 | -H-- | M] () -- C:\windows\System32\drivers\etc\hosts
[2011.08.21 11:57:33 | 000,000,734 | ---- | M] () -- C:\windows\System32\drivers\etc\hîsts
[2011.08.21 11:57:07 | 1602,740,224 | -HS- | M] () -- C:\hiberfil.sys
[2011.08.21 09:30:23 | 318,592,815 | ---- | M] () -- C:\Users\Jaruska\Documents\_Za04888
[2011.08.21 09:23:48 | 3898,119,196 | ---- | M] () -- C:\Users\Jaruska\Documents\plocha.zip
[2011.08.21 08:17:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Users\Jaruska\Desktop\OTL.exe
[2011.08.19 21:34:54 | 000,781,383 | ---- | M] () -- C:\Users\Jaruska\Desktop\RSIT.exe
[2011.08.19 21:14:11 | 000,002,577 | ---- | M] () -- C:\windows\System32\config.nt
[2011.08.19 21:05:20 | 005,589,370 | ---- | M] () -- C:\windows\phoenix.rar
[2011.08.19 21:05:20 | 000,246,272 | ---- | M] () -- C:\windows\unrar.exe
[2011.08.19 21:05:20 | 000,182,617 | ---- | M] () -- C:\windows\ufa.rar
[2011.08.19 21:05:19 | 001,075,284 | ---- | M] () -- C:\windows\rpcminer.rar
[2011.08.19 21:03:50 | 000,904,792 | ---- | M] () -- C:\windows\geoiplist.rar
[2011.08.19 20:57:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\System32\FlashPlayerCPLApp.cpl
[2011.08.19 20:53:56 | 000,000,179 | ---- | M] () -- C:\windows\info1
[2011.08.19 20:53:31 | 000,232,960 | ---- | M] () -- C:\windows\l1rezerv.exe
[2011.08.19 20:52:12 | 000,000,000 | ---- | M] () -- C:\windows\loader2.exe_ok
[2011.08.19 20:51:40 | 000,258,048 | ---- | M] () -- C:\windows\sysdriver32_.exe
[2011.08.19 20:51:40 | 000,258,048 | ---- | M] () -- C:\windows\sysdriver32.exe
[2011.08.19 20:41:16 | 001,215,488 | ---- | M] () -- C:\windows\services32.exe
[2011.08.16 14:41:26 | 002,574,365 | ---- | M] () -- C:\Users\Jaruska\Desktop\DSC_1778.JPG
[2011.08.11 16:41:15 | 000,001,934 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\AsusVibeLauncher.lnk

========== Files Created - No Company Name ==========

[2011.08.21 09:47:21 | 000,000,512 | ---- | C] () -- C:\PhysicalMBR.bin
[2011.08.21 09:27:25 | 318,592,815 | ---- | C] () -- C:\Users\Jaruska\Documents\_Za04888
[2011.08.21 09:23:48 | 3898,119,196 | ---- | C] () -- C:\Users\Jaruska\Documents\plocha.zip
[2011.08.19 21:34:53 | 000,781,383 | ---- | C] () -- C:\Users\Jaruska\Desktop\RSIT.exe
[2011.08.19 21:14:13 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.08.19 21:05:20 | 005,589,370 | ---- | C] () -- C:\windows\phoenix.rar
[2011.08.19 21:05:20 | 000,182,617 | ---- | C] () -- C:\windows\ufa.rar
[2011.08.19 21:05:19 | 001,075,284 | ---- | C] () -- C:\windows\rpcminer.rar
[2011.08.19 20:58:37 | 004,636,907 | ---- | C] () -- C:\windows\geoiplist
[2011.08.19 20:58:35 | 000,904,792 | ---- | C] () -- C:\windows\geoiplist.rar
[2011.08.19 20:58:35 | 000,246,272 | ---- | C] () -- C:\windows\unrar.exe
[2011.08.19 20:53:35 | 000,232,960 | ---- | C] () -- C:\windows\l1rezerv.exe
[2011.08.19 20:52:23 | 000,000,179 | ---- | C] () -- C:\windows\info1
[2011.08.19 20:51:57 | 000,000,000 | ---- | C] () -- C:\windows\loader2.exe_ok
[2011.08.19 20:51:54 | 000,258,048 | ---- | C] () -- C:\windows\sysdriver32_.exe
[2011.08.19 20:51:40 | 000,258,048 | ---- | C] () -- C:\windows\sysdriver32.exe
[2011.08.19 20:43:18 | 001,215,488 | ---- | C] () -- C:\windows\services32.exe
[2011.08.16 14:32:07 | 002,574,365 | ---- | C] () -- C:\Users\Jaruska\Desktop\DSC_1778.JPG
[2011.02.03 22:35:58 | 000,116,224 | ---- | C] () -- C:\windows\System32\pdfcmnnt.dll
[2010.10.21 18:28:27 | 000,006,144 | ---- | C] () -- C:\windows\System32\drivers\ASUSHWIO.SYS
[2010.10.21 17:59:59 | 000,000,852 | ---- | C] () -- C:\windows\System32\drivers\RTKHDRC.dat
[2010.10.21 17:59:59 | 000,000,520 | ---- | C] () -- C:\windows\System32\drivers\RTEQEX0.dat
[2010.10.21 17:59:14 | 000,004,692 | ---- | C] () -- C:\windows\System32\drivers\SamSfPa.dat
[2010.10.21 17:59:14 | 000,000,008 | ---- | C] () -- C:\windows\System32\drivers\rtkhdaud.dat
[2010.07.30 02:25:13 | 000,129,472 | ---- | C] () -- C:\windows\TISReg.exe
[2010.07.30 02:18:59 | 000,219,136 | ---- | C] () -- C:\windows\System32\AsusService.exe
[2010.07.30 02:18:58 | 000,025,616 | ---- | C] () -- C:\windows\AsAcpiSvrLang.ini
[2010.07.30 02:16:06 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
[2010.07.30 02:14:28 | 000,011,520 | ---- | C] () -- C:\windows\System32\drivers\AsUpIO.sys
[2010.07.30 02:07:27 | 000,013,931 | ---- | C] () -- C:\windows\System32\RaCoInst.dat
[2010.07.12 18:10:54 | 000,408,168 | ---- | C] () -- C:\windows\System32\easyUpdatusAPIU.dll
[2010.07.12 18:10:54 | 000,347,350 | ---- | C] () -- C:\windows\System32\nvcoproc.bin
[2009.07.14 06:57:37 | 000,067,584 | --S- | C] () -- C:\windows\bootstat.dat
[2009.07.14 06:33:53 | 000,290,728 | ---- | C] () -- C:\windows\System32\FNTCACHE.DAT
[2009.07.14 04:05:48 | 000,616,452 | ---- | C] () -- C:\windows\System32\perfh009.dat
[2009.07.14 04:05:48 | 000,291,294 | ---- | C] () -- C:\windows\System32\perfi009.dat
[2009.07.14 04:05:48 | 000,106,574 | ---- | C] () -- C:\windows\System32\perfc009.dat
[2009.07.14 04:05:48 | 000,031,548 | ---- | C] () -- C:\windows\System32\perfd009.dat
[2009.07.14 04:05:05 | 000,000,741 | ---- | C] () -- C:\windows\System32\NOISE.DAT
[2009.07.14 04:04:11 | 000,215,943 | ---- | C] () -- C:\windows\System32\dssec.dat
[2009.07.14 01:55:01 | 000,043,131 | ---- | C] () -- C:\windows\mib.bin
[2009.07.14 01:51:43 | 000,073,728 | ---- | C] () -- C:\windows\System32\BthpanContextHandler.dll
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\windows\System32\BWContextHandler.dll
[2009.06.20 21:14:36 | 000,292,004 | ---- | C] () -- C:\windows\System32\perfi005.dat
[2009.06.20 21:14:35 | 000,631,736 | ---- | C] () -- C:\windows\System32\perfh005.dat
[2009.06.20 21:14:35 | 000,122,100 | ---- | C] () -- C:\windows\System32\perfc005.dat
[2009.06.20 21:14:35 | 000,036,232 | ---- | C] () -- C:\windows\System32\perfd005.dat
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\windows\System32\mlang.dat
[2009.02.26 08:50:32 | 000,000,176 | ---- | C] () -- C:\windows\explorer.exe.config

========== LOP Check ==========

[2010.07.30 02:24:45 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\ASUS WebStorage
[2010.07.30 02:24:45 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\ASUS WebStorage
[2011.08.21 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\ASUS WebStorage
[2010.10.25 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Foxit Software
[2010.10.22 12:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Jpeg Resampler
[2010.10.21 20:09:31 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Miranda
[2010.10.21 21:02:11 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\OpenOffice.org
[2011.01.02 00:03:00 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\SoftGrid Client
[2011.01.01 11:29:03 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\TP
[2011.07.05 08:42:15 | 000,030,382 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >
"Sidebar" = C:\Program Files\Windows Sidebar\sidebar.exe /autoRun -- [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation)
"msnmsgr" = "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background


< MD5 for: ATAPI.SYS >
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.07.14 03:14:12 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=41E4C8EBA464E7D6A5BA5E8827732AEB -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7600.16385_none_e1ca436d2314b860\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\System32\autochk.exe
[2010.11.20 14:16:54 | 000,668,160 | ---- | M] (Microsoft Corporation) MD5=F88A52EB62019D6A62FDD9E08034DBD8 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.1.7601.17514_none_e3fb573520033bfa\autochk.exe

< MD5 for: CDROM.SYS >
[2009.07.14 01:11:26 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BA6E70AA0E6091BC39DE29477D866A77 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7600.16385_none_5f7fb206051affbb\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\drivers\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\System32\DriverStore\FileRepository\cdrom.inf_x86_neutral_6381e09675524225\cdrom.sys
[2010.11.20 10:38:10 | 000,108,544 | ---- | M] (Microsoft Corporation) MD5=BE167ED0FDB9C1FA1133953C18D5A6C9 -- C:\Windows\winsxs\x86_cdrom.inf_31bf3856ad364e35_6.1.7601.17514_none_61b0c5ce02098355\cdrom.sys

< MD5 for: CSRSS.EXE >
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\System32\csrss.exe
[2009.07.14 03:14:16 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=342271F6142E7C70805B8A81E1BA5F5C -- C:\Windows\winsxs\x86_microsoft-windows-csrss_31bf3856ad364e35_6.1.7600.16385_none_58ba39fb456943bd\csrss.exe

< MD5 for: EXPLORER.EXE >
[2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
[2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe
[2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe
[2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe

< MD5 for: LSASS.EXE >
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\System32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16385_none_a620e0e5be1ecda7\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.16484_none_a61fe281be1fb177\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7600.20594_none_a69eaf60d7456d32\lsass.exe
[2009.07.14 03:14:23 | 000,022,528 | ---- | M] (Microsoft Corporation) MD5=F42309C4191C506B71DB5D1126D26318 -- C:\Windows\winsxs\x86_microsoft-windows-lsa_31bf3856ad364e35_6.1.7601.17514_none_a851f4adbb0d5141\lsass.exe

< MD5 for: NDIS.SYS >
[2009.07.14 03:20:44 | 000,710,720 | ---- | M] (Microsoft Corporation) MD5=23759D175A0A9BAAF04D05047BC135A8 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7600.16385_none_a79d81ea7d62a289\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\System32\drivers\ndis.sys
[2010.11.20 14:30:06 | 000,712,576 | ---- | M] (Microsoft Corporation) MD5=E7C54812A2AAF43316EB6930C1FFA108 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.1.7601.17514_none_a9ce95b27a512623\ndis.sys

< MD5 for: NTFS.SYS >
[2011.03.11 07:44:01 | 001,210,240 | ---- | M] (Microsoft Corporation) MD5=187002CE05693C306F43C873F821381F -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16778_none_a65558427e3453b4\ntfs.sys
[2010.11.20 14:30:06 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=33C3093D09017CFE2E219F2472BFF6EB -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17514_none_a87893a87b2db29e\ntfs.sys
[2009.07.14 03:20:44 | 001,210,432 | ---- | M] (Microsoft Corporation) MD5=3795DCD21F740EE799FB7223234215AF -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.16385_none_a6477fe07e3f2f04\ntfs.sys
[2011.03.11 07:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\System32\drivers\ntfs.sys
[2011.03.11 07:39:00 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=81189C3D7763838E55C397759D49007A -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.17577_none_a83ab4fe7b5ba649\ntfs.sys
[2011.03.11 07:52:25 | 001,210,752 | ---- | M] (Microsoft Corporation) MD5=A7266D82DB9675AFBDED39695B69EDAC -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7600.20921_none_a70e0489972fb38f\ntfs.sys
[2011.03.11 07:28:10 | 001,211,264 | ---- | M] (Microsoft Corporation) MD5=E2EDE3F02F95B896A1C7C6F0CC0C4083 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.1.7601.21680_none_a8b27fd79487b0a3\ntfs.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll

< MD5 for: SERVICES.EXE >
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\System32\services.exe
[2009.07.14 03:14:36 | 000,259,072 | ---- | M] (Microsoft Corporation) MD5=5F1B6A9C35D3D5CA72D6D6FDEF9747D6 -- C:\Windows\winsxs\x86_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_cf36168b2e9c967b\services.exe

< MD5 for: SMSS.EXE >
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\System32\smss.exe
[2009.07.14 03:14:39 | 000,069,632 | ---- | M] (Microsoft Corporation) MD5=16742790895960690237A5143CEDEC8B -- C:\Windows\winsxs\x86_microsoft-windows-smss_31bf3856ad364e35_6.1.7600.16385_none_ac10fe207a85352b\smss.exe

< MD5 for: SPOOLSV.EXE >
[2010.08.20 06:25:14 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=2FB4CE429488156B19C0D8E5C4552043 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.20785_none_d6ab9bc23bf9f1c6\spoolsv.exe
[2009.07.14 03:14:41 | 000,316,416 | ---- | M] (Microsoft Corporation) MD5=49B6DD6AB3715B7A67965F17194E98A9 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16385_none_d621f94522dc5a87\spoolsv.exe
[2010.11.20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\System32\spoolsv.exe
[2010.11.20 14:17:45 | 000,317,440 | ---- | M] (Microsoft Corporation) MD5=866A43013535DC8587C258E43579C764 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7601.17514_none_d8530d0d1fcade21\spoolsv.exe
[2010.08.21 07:32:37 | 000,316,928 | ---- | M] (Microsoft Corporation) MD5=D1BB750EB51694DE183E08B9C33BE5B2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.1.7600.16661_none_d6339da722cfb4be\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2011.08.19 20:52:34 | 000,632,832 | ---- | M] () MD5=0CD76DB73F3108CDB413EE8239212ECE -- C:\Windows\update.2\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\System32\svchost.exe
[2009.07.14 03:14:41 | 000,020,992 | ---- | M] (Microsoft Corporation) MD5=54A47F6B5E09A77E61649109C6A08866 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
[2011.08.19 20:53:02 | 000,348,672 | ---- | M] () MD5=6EECAB7626BABA17DB082754B5E8C5CE -- C:\Windows\update.5.0\svchost.exe
[2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\Windows\update.1\svchost.exe
[2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\Windows\update.tray-7-0\svchost.exe
[2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () MD5=AA72E1635B2CDBFFF923ADEF52B6D3B8 -- C:\Windows\update.tray-7-0-lnk\svchost.exe

< MD5 for: TCPIP.SYS >
[2011.04.25 06:56:06 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=0158D5E9982E9D6A90DFC802F618E130 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16802_none_b347f075c77b9c9d\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\System32\drivers\tcpip.sys
[2011.06.21 07:34:23 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=04E4A7D53A7ACE02E8C55B17A498F631 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17638_none_b513df73c4b4f466\tcpip.sys
[2011.04.25 06:31:30 | 001,290,624 | ---- | M] (Microsoft Corporation) MD5=24326784DF8F3D5F5BBB9F878CE33C14 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17603_none_b52f4dc5c4a121e0\tcpip.sys
[2009.07.14 03:19:10 | 001,285,712 | ---- | M] (Microsoft Corporation) MD5=2CC3D75488ABD3EC628BBB9A4FC84EFC -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16385_none_b2f46875c7b9d667\tcpip.sys
[2010.11.20 14:30:12 | 001,290,112 | ---- | M] (Microsoft Corporation) MD5=37E8FA3779668837CA9E2C36D2415949 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.17514_none_b5257c3dc4a85a01\tcpip.sys
[2011.04.25 08:31:09 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=6D4728CFF2724FF3A4654971D61D0F1C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21712_none_b5ad1a5addc7c444\tcpip.sys
[2011.04.25 06:44:18 | 001,298,816 | ---- | M] (Microsoft Corporation) MD5=8861B9A06BA99C6E1D62D0C86DFAB86C -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20951_none_b39a7d5ae0c2aec5\tcpip.sys
[2011.06.21 07:30:45 | 001,301,376 | ---- | M] (Microsoft Corporation) MD5=93C444D118B184452132357C322124CD -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20992_none_b3703df4e0e237e0\tcpip.sys
[2010.06.14 08:06:58 | 001,288,576 | ---- | M] (Microsoft Corporation) MD5=A39EA325C081AD27461F630C8E3E56E0 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.20733_none_b3b219fae0b0af43\tcpip.sys
[2010.06.14 08:12:30 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=BB7F39C31C4A4417FD318E7CD184E225 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16610_none_b33b1c29c7858b92\tcpip.sys
[2011.06.21 07:39:53 | 001,286,016 | ---- | M] (Microsoft Corporation) MD5=C2DAAEB48F3A47C410B041A0D2382EE1 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7600.16839_none_b32e82b7c78da1d1\tcpip.sys
[2011.06.21 08:54:00 | 001,303,424 | ---- | M] (Microsoft Corporation) MD5=DEC4940487050AE13C60C86F40E07E75 -- C:\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.1.7601.21754_none_b583db3edde666b6\tcpip.sys

< MD5 for: USERINIT.EXE >
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe

< MD5 for: WINLOGON.EXE >
[2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe

< C:\windows\system32\spool\prtprocs|dll;true;true;true /FP >
[2009.07.14 03:15:35 | 000,022,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\jnwppr.dll
[2010.11.20 14:21:36 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\spool\prtprocs\w32x86\winprint.dll
[2009.06.20 21:13:45 | 000,003,584 | ---- | M] (Lexmark International Inc.) -- C:\Windows\System32\spool\prtprocs\w32x86\cs-CZ\LXKPTPRC.DLL.mui

< %systemroot%\system32\drivers\*.sys /5 >

< %systemroot%\system32\drivers\*.sys /X >
[2009.06.10 23:14:29 | 003,440,660 | ---- | M] () -- C:\windows\system32\drivers\gm.dls
[2009.06.10 23:14:29 | 000,000,646 | ---- | M] () -- C:\windows\system32\drivers\gmreadme.txt
[2009.06.10 23:27:38 | 000,000,003 | ---- | M] () -- C:\windows\system32\drivers\MsftWdf_Kernel_01009_Inbox_Critical.Wdf
[2010.07.30 02:05:26 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_Kernel_SynTP_01009.Wdf
[2009.07.26 22:44:04 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2010.11.09 12:42:15 | 000,000,000 | -H-- | M] () -- C:\windows\system32\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2010.07.23 04:10:10 | 000,010,920 | ---- | M] (NVIDIA Corporation) -- C:\windows\system32\drivers\nvBridge.kmd
[2010.05.03 09:20:58 | 000,000,520 | ---- | M] () -- C:\windows\system32\drivers\RTEQEX0.dat
[2010.04.06 08:58:54 | 000,000,008 | ---- | M] () -- C:\windows\system32\drivers\rtkhdaud.dat
[2010.05.03 09:17:36 | 000,000,852 | ---- | M] () -- C:\windows\system32\drivers\RTKHDRC.dat
[2009.12.30 11:58:00 | 000,004,692 | ---- | M] () -- C:\windows\system32\drivers\SamSfPa.dat

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\system32\*.* /5 >
[2011.08.21 12:04:43 | 000,009,920 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.08.21 12:04:43 | 000,009,920 | -H-- | M] () -- C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.08.19 21:14:11 | 000,002,577 | ---- | M] () -- C:\windows\system32\config.nt
[2011.08.19 20:57:42 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\system32\FlashPlayerCPLApp.cpl
[2011.08.21 12:04:43 | 000,122,100 | ---- | M] () -- C:\windows\system32\perfc005.dat
[2011.08.21 12:04:43 | 000,106,574 | ---- | M] () -- C:\windows\system32\perfc009.dat
[2011.08.21 12:04:43 | 000,631,736 | ---- | M] () -- C:\windows\system32\perfh005.dat
[2011.08.21 12:04:43 | 000,616,452 | ---- | M] () -- C:\windows\system32\perfh009.dat
[2011.08.21 12:04:43 | 001,471,574 | ---- | M] () -- C:\windows\system32\PerfStringBackup.INI

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\system32\config\*.sav >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\*.* /U /s >
[6 C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[1 C:\windows\Installer\*.tmp files -> C:\windows\Installer\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\d9ad0644b362e8208605baad436c65c0\*.tmp files -> C:\windows\SoftwareDistribution\Download\d9ad0644b362e8208605baad436c65c0\*.tmp -> ]
[1 C:\windows\SoftwareDistribution\Download\ec2cc6ab7853f7f87c73b2f137bf7916\*.tmp files -> C:\windows\SoftwareDistribution\Download\ec2cc6ab7853f7f87c73b2f137bf7916\*.tmp -> ]
[1 C:\windows\System32\config\systemprofile\AppData\Local\SoftGrid Client\140066.CSY-90140011-66-405\*.tmp files -> C:\windows\System32\config\systemprofile\AppData\Local\SoftGrid Client\140066.CSY-90140011-66-405\*.tmp -> ]
[18 C:\windows\Temp\*.tmp files -> C:\windows\Temp\*.tmp -> ]

< %systemroot%\*. /mp /s >

< %ALLUSERSPROFILE%\Data Aplikací\*.* >

< %ALLUSERSPROFILE%\Data Aplikací\*.exe /s >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.* >

< %ALLUSERSPROFILE%\Dáta aplikácií\*.exe /s >

< *crack* /s >

< *keygen* /s >

< %APPDATA%\*. >
[2010.07.30 02:29:31 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Adobe
[2011.08.21 11:57:32 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\ASUS WebStorage
[2010.10.25 20:25:52 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Foxit Software
[2009.07.14 06:54:12 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Identities
[2010.07.30 02:02:11 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\InstallShield
[2010.10.22 12:40:26 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Jpeg Resampler
[2010.07.30 02:18:47 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Macromedia
[2011.01.01 11:47:36 | 000,000,000 | --SD | M] -- C:\Users\Jaruska\AppData\Roaming\Microsoft
[2010.10.21 20:09:31 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Miranda
[2010.10.21 20:08:18 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\Mozilla
[2010.10.21 21:02:11 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\OpenOffice.org
[2011.01.02 00:03:00 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\SoftGrid Client
[2011.01.01 11:29:03 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\TP
[2011.03.23 12:58:49 | 000,000,000 | ---D | M] -- C:\Users\Jaruska\AppData\Roaming\WinRAR

< %APPDATA%\*.* >

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< type c:\boot.ini >> test.txt /c >

========== Files - Unicode (All) ==========
[2010.10.21 18:05:38 | 000,000,059 | ---- | M] ()(C:\windows\System32\??) -- C:\windows\System32\ʠ
[2010.10.21 18:05:38 | 000,000,059 | ---- | C] ()(C:\windows\System32\??) -- C:\windows\System32\ʠ

< End of report >
Nahoru
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

Re: FB update Flash Player vir - dalsi stastlivec

#6 Příspěvek od Pillow »

A Extras.txt:

OTL Extras logfile created on: 21.8.2011 14:03:22 - Run 1
OTL by OldTimer - Version 3.2.26.5 Folder = C:\Users\Jaruska\Desktop
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

1,99 Gb Total Physical Memory | 1,02 Gb Available Physical Memory | 51,07% Memory free
3,98 Gb Paging File | 2,86 Gb Available in Paging File | 71,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files
Drive C: | 100,00 Gb Total Space | 56,63 Gb Free Space | 56,63% Space Free | Partition Type: NTFS
Drive D: | 117,87 Gb Total Space | 107,90 Gb Free Space | 91,55% Space Free | Partition Type: NTFS
Drive E: | 7,55 Gb Total Space | 7,52 Gb Free Space | 99,69% Space Free | Partition Type: FAT32

Computer Name: MAZLIK | User Name: Jaruska | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\windows\winhlp32.exe (Microsoft Corporation)

[HKEY_USERS\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
"FirewallOverride" = 1
"DisableThumbnailCache" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{068B46A0-8858-4CEB-80BC-A4AE787A05FC}" = Windows Live Sync
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Panel nástrojů Bing
"{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 26
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{300A98D6-8DA2-45FF-9314-A6861D76A535}" = syncables desktop SE
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{38E5A3B1-ADF1-47E0-8024-76310A30EB36}" = LiveUpdate
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{436E0B79-2CFB-4E5F-9380-E17C1B25D0C5}" = WIDCOMM Bluetooth Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5092B6-F231-4D18-83BC-2618B729CA45}" = CapsHook
"{4FCBCF89-1823-4D97-A6F2-0E8DD66E273A}" = Broadcom Wireless Network Adapter
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate for Eee PC
"{6333FC29-BFE5-4024-AC78-958A1A7555D1}" = EeeSplendid
"{7036A6F4-5DAD-3908-956D-1752CD7F7E5A}" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"{71C0E38E-09F2-4386-9977-404D4F6640CD}" = Hotkey Service
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{859D40CF-8491-44AD-8FA8-7389CB418C64}" = 32 Bit HP CIO Components Installer
"{88F08F98-12BC-4613-81A2-8F9B88CFC73E}" = Super Hybrid Engine
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8FC4F1DD-F7FD-4766-804D-3C8FF1D309B0}" = Ralink RT2860 Wireless LAN Card
"{90140000-006D-0405-0000-0000000FF1CE}" = Microsoft Office Klikni a spusť 2010
"{90140011-0066-0405-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - čeština
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.1 MUI
"{CFF8B8E8-E086-4DE0-935F-FE22CAB54F80}" = Microsoft Search Enhancement Pack
"{D44AA979-47C2-4BC0-A860-09A54224EA44}_is1" = Game Park Console
"{D802DD00-16A8-4A58-AFC9-020C2380ECDA}" = EeeSplendid
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3D2DEDC-4732-4188-8A3A-1A3FFBD4D6C8}" = ebi.BookReader3J
"{FAB43061-FEFB-46E8-A159-96710395DB5E}" = OpenOffice.org 3.2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"avast" = avast! Free Antivirus
"Eee Docking_is1" = Eee Docking 3.8.1
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{17780F99-A9DF-450B-81B3-6781B20A17A8}" = FontResizer
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile CSY Language Pack" = Microsoft .NET Framework 4 Client Profile CSY Language Pack
"Miranda IM" = Miranda IM 0.9.22
"Mozilla Firefox 6.0 (x86 cs)" = Mozilla Firefox 6.0 (x86 cs)
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klikni a spusť 2010
"OOBERegBackup_is1" = OOBERegBackup
"ScreenSaverPatch_is1" = ScreenSaverPatch
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"WinRAR archiver" = WinRAR

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: FB update Flash Player vir - dalsi stastlivec

#7 Příspěvek od Caroprd111 »

:arrow: Znovu spusťte OTL a do spodního bílého okna vložte následující skript. Poté klikněte na Opravit, PC se restartuje, výsledný log vložte sem.

Kód: Vybrat vše

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]

:OTL
MOD - [2011.08.19 20:53:31 | 000,232,960 | ---- | M] () -- C:\Windows\l1rezerv.exe
MOD - [2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () -- C:\Windows\update.tray-7-0\svchost.exe
SRV - [2011.08.19 20:53:02 | 000,348,672 | ---- | M] () [Auto | Running] -- C:\Windows\update.5.0\svchost.exe -- (srvbtcclient)
SRV - [2011.08.19 20:52:34 | 000,632,832 | ---- | M] () [Auto | Running] -- C:\Windows\update.2\svchost.exe -- (srviecheck)
SRV - [2011.08.19 20:52:22 | 000,382,464 | ---- | M] () [Auto | Running] -- C:\windows\update.7.1\svchostdriver.exe -- (ddservice)
SRV - [2011.08.19 20:51:40 | 000,258,048 | ---- | M] () [Auto | Running] -- C:\windows\sysdriver32.exe -- (srvsysdriver32)
SRV - [2011.08.19 20:41:16 | 001,215,488 | -H-- | M] () [Auto | Running] -- C:\Windows\update.1\svchost.exe -- (wxpdrivers)
IE - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.ask.com/?gcht=HC&o=101702&l=dis
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [1724409.exe] C:\Windows\Temp\1724409.exe ()
O4 - HKLM..\Run: [1912996.exe] C:\Users\Jaruska\AppData\Local\Temp\1912996.exe ()
O4 - HKLM..\Run: [2683326.exe] C:\Windows\Temp\2683326.exe ()
O4 - HKLM..\Run: [53745007-loader2.exe] C:\Windows\Temp\53745007-loader2.exe ()
O4 - HKLM..\Run: [6615640.exe] C:\Windows\Temp\6615640.exe ()
O4 - HKLM..\Run: [EeeSplendidAgent] File not found
O4 - HKLM..\Run: [l1rezerv.exe] C:\windows\l1rezerv.exe ()
O4 - HKLM..\Run: [sysdriver32.exe] C:\windows\sysdriver32.exe ()
O4 - HKLM..\Run: [sysdriver32_.exe] C:\windows\sysdriver32_.exe ()
O4 - HKLM..\Run: [tray_ico] File not found
O4 - HKLM..\Run: [tray_ico0] C:\Windows\update.tray-7-0\svchost.exe ()
O4 - HKLM..\Run: [tray_ico1] File not found
O4 - HKLM..\Run: [tray_ico2] File not found
O4 - HKLM..\Run: [tray_ico3] File not found
O4 - HKLM..\Run: [tray_ico4] File not found
O4 - HKLM..\Run: [wxpdrv] C:\Windows\services32.exe ()
O4 - HKU\S-1-5-21-1008572926-2835988573-3867353674-1001..\Run: [msnmsgr] File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O31 - SafeBoot: AlternateShell - services32.exe
SafeBootMin: wxpdrivers - C:\Windows\update.1\svchost.exe ()
SafeBootNet: wxpdrivers - C:\Windows\update.1\svchost.exe ()
[2011.08.19 21:21:33 | 000,000,000 | ---D | C] -- C:\windows\av_ico
[2011.08.19 21:05:20 | 005,589,370 | ---- | M] () -- C:\windows\phoenix.rar
[2011.08.19 21:05:20 | 000,246,272 | ---- | M] () -- C:\windows\unrar.exe
[2011.08.19 21:05:20 | 000,182,617 | ---- | M] () -- C:\windows\ufa.rar
[2011.08.19 21:05:19 | 001,075,284 | ---- | M] () -- C:\windows\rpcminer.rar
[2011.08.19 21:03:50 | 000,904,792 | ---- | M] () -- C:\windows\geoiplist.rar
[2011.08.19 20:53:56 | 000,000,179 | ---- | M] () -- C:\windows\info1
[2011.08.19 20:53:31 | 000,232,960 | ---- | M] () -- C:\windows\l1rezerv.exe
[2011.08.19 20:52:12 | 000,000,000 | ---- | M] () -- C:\windows\loader2.exe_ok
[2011.08.19 20:51:40 | 000,258,048 | ---- | M] () -- C:\windows\sysdriver32_.exe
[2011.08.19 20:51:40 | 000,258,048 | ---- | M] () -- C:\windows\sysdriver32.exe
[2011.08.19 20:41:16 | 001,215,488 | ---- | M] () -- C:\windows\services32.exe
[2011.08.19 21:05:20 | 005,589,370 | ---- | C] () -- C:\windows\phoenix.rar
[2011.08.19 21:05:20 | 000,182,617 | ---- | C] () -- C:\windows\ufa.rar
[2011.08.19 21:05:19 | 001,075,284 | ---- | C] () -- C:\windows\rpcminer.rar
[2011.08.19 20:58:37 | 004,636,907 | ---- | C] () -- C:\windows\geoiplist
[2011.08.19 20:58:35 | 000,904,792 | ---- | C] () -- C:\windows\geoiplist.rar
[2011.08.19 20:58:35 | 000,246,272 | ---- | C] () -- C:\windows\unrar.exe
[2011.08.19 20:53:35 | 000,232,960 | ---- | C] () -- C:\windows\l1rezerv.exe
[2011.08.19 20:52:23 | 000,000,179 | ---- | C] () -- C:\windows\info1
[2011.08.19 20:51:57 | 000,000,000 | ---- | C] () -- C:\windows\loader2.exe_ok
[2011.08.19 20:51:54 | 000,258,048 | ---- | C] () -- C:\windows\sysdriver32_.exe
[2011.08.19 20:51:40 | 000,258,048 | ---- | C] () -- C:\windows\sysdriver32.exe
[2011.08.19 20:43:18 | 001,215,488 | ---- | C] () -- C:\windows\services32.exe
[2011.08.19 21:05:21 | 000,000,000 | ---D | C] -- C:\windows\ufa
[2011.08.19 21:05:21 | 000,000,000 | ---D | C] -- C:\windows\rpcminer
[2011.08.19 21:05:21 | 000,000,000 | ---D | C] -- C:\windows\phoenix
[2011.08.19 20:53:03 | 000,000,000 | -H-D | C] -- C:\windows\update.5.0
[2011.08.19 20:52:35 | 000,000,000 | -H-D | C] -- C:\windows\update.2
[2011.08.19 20:52:24 | 000,000,000 | -H-D | C] -- C:\windows\update.7.1
[2011.08.19 20:50:10 | 000,000,000 | -H-D | C] -- C:\windows\update.1
[2011.08.19 20:50:04 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-7-0-lnk
[2011.08.19 20:50:04 | 000,000,000 | -H-D | C] -- C:\windows\update.tray-7-0
Obrázek
Nahoru
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

Re: FB update Flash Player vir - dalsi stastlivec

#8 Příspěvek od Pillow »

All processes killed
========== COMMANDS ==========
C:\windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 321 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Jaruska
->Temp folder emptied: 128628385 bytes
->Temporary Internet Files folder emptied: 979609010 bytes
->Java cache emptied: 631212 bytes
->FireFox cache emptied: 106775383 bytes
->Flash cache emptied: 963 bytes

User: Public

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 74612003 bytes
RecycleBin emptied: 236976241 bytes

Total Files Cleaned = 1 457,00 mb


[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Jaruska
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser

Total Flash Files Cleaned = 0,00 mb


========== OTL ==========
Service srvbtcclient stopped successfully!
Service srvbtcclient deleted successfully!
C:\Windows\update.5.0\svchost.exe moved successfully.
Service srviecheck stopped successfully!
Service srviecheck deleted successfully!
C:\Windows\update.2\svchost.exe moved successfully.
Service ddservice stopped successfully!
Service ddservice deleted successfully!
C:\Windows\update.7.1\svchostdriver.exe moved successfully.
Service srvsysdriver32 stopped successfully!
Service srvsysdriver32 deleted successfully!
C:\Windows\sysdriver32.exe moved successfully.
Service wxpdrivers stopped successfully!
Service wxpdrivers deleted successfully!
C:\Windows\update.1\svchost.exe moved successfully.
HKU\S-1-5-21-1008572926-2835988573-3867353674-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "ICQ Search" removed from browser.search.defaultenginename
Prefs.js: "ICQ Search" removed from browser.search.selectedEngine
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1008572926-2835988573-3867353674-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\1724409.exe deleted successfully.
File C:\Windows\Temp\1724409.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\1912996.exe deleted successfully.
File C:\Users\Jaruska\AppData\Local\Temp\1912996.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\2683326.exe not found.
File C:\Windows\Temp\2683326.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\53745007-loader2.exe deleted successfully.
File C:\Windows\Temp\53745007-loader2.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\6615640.exe deleted successfully.
File C:\Windows\Temp\6615640.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\EeeSplendidAgent deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\l1rezerv.exe deleted successfully.
C:\Windows\l1rezerv.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32.exe deleted successfully.
File C:\windows\sysdriver32.exe not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\sysdriver32_.exe deleted successfully.
C:\Windows\sysdriver32_.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico0 deleted successfully.
C:\Windows\update.tray-7-0\svchost.exe moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico1 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico2 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico3 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\tray_ico4 deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\wxpdrv deleted successfully.
C:\Windows\services32.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-1008572926-2835988573-3867353674-1001\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\\AlternateShell deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers\ deleted successfully.
File c:\windows\update.1\svchost.exe not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers\ deleted successfully.
File c:\windows\update.1\svchost.exe not found.
C:\windows\av_ico folder moved successfully.
C:\Windows\phoenix.rar moved successfully.
C:\Windows\unrar.exe moved successfully.
C:\Windows\ufa.rar moved successfully.
C:\Windows\rpcminer.rar moved successfully.
C:\Windows\geoiplist.rar moved successfully.
C:\Windows\info1 moved successfully.
File C:\windows\l1rezerv.exe not found.
C:\Windows\loader2.exe_ok moved successfully.
File C:\windows\sysdriver32_.exe not found.
File C:\windows\sysdriver32.exe not found.
File C:\windows\services32.exe not found.
File C:\windows\phoenix.rar not found.
File C:\windows\ufa.rar not found.
File C:\windows\rpcminer.rar not found.
C:\Windows\geoiplist moved successfully.
File C:\windows\geoiplist.rar not found.
File C:\windows\unrar.exe not found.
File C:\windows\l1rezerv.exe not found.
File C:\windows\info1 not found.
File C:\windows\loader2.exe_ok not found.
File C:\windows\sysdriver32_.exe not found.
File C:\windows\sysdriver32.exe not found.
File C:\windows\services32.exe not found.
C:\windows\ufa folder moved successfully.
C:\windows\rpcminer folder moved successfully.
C:\windows\phoenix\kernels\poclbm folder moved successfully.
C:\windows\phoenix\kernels\phatk folder moved successfully.
C:\windows\phoenix\kernels folder moved successfully.
C:\windows\phoenix folder moved successfully.
C:\windows\update.5.0 folder moved successfully.
C:\windows\update.2 folder moved successfully.
C:\windows\update.7.1 folder moved successfully.
C:\windows\update.1 folder moved successfully.
C:\windows\update.tray-7-0-lnk folder moved successfully.
C:\windows\update.tray-7-0 folder moved successfully.

OTL by OldTimer - Version 3.2.26.5 log created on 08212011_223429

Files\Folders moved on Reboot...
C:\windows\temp\HS.log moved successfully.

Registry entries deleted on Reboot...
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: FB update Flash Player vir - dalsi stastlivec

#9 Příspěvek od Caroprd111 »

Jak se chová PC?
Obrázek
Nahoru
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

Re: FB update Flash Player vir - dalsi stastlivec

#10 Příspěvek od Pillow »

Tak z dnesniho testovaciho provozu bych rekl ze normalne - nerestartuje, falesny antivir je pryc a rychlost v normalu. Jediny problem jsou Gadgety, pri pridani jakehokoliv na plochu je videt jenom zaviraci krizek, ale aplikace samotna uz ne. Nevim jestli to ma nejakou souvislost s virem. Kazdopadne pokrok velky, moc diky !
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: FB update Flash Player vir - dalsi stastlivec

#11 Příspěvek od Caroprd111 »

Ještě se na to tedy podíváme. :)

Obrázek Stáhněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=67229
  • Podle návodu v odkazu nainstalujte, poté dejte úplný sken.
  • Nic nemažte :!: MBAM má občas falešné detekce a mohl by smazat např. systémové soubory.
  • Log vložte sem.
Obrázek
Nahoru
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

Re: FB update Flash Player vir - dalsi stastlivec

#12 Příspěvek od Pillow »

Malwarebytes' Anti-Malware 1.50
http://www.malwarebytes.org

Verze databáze: 7537

Windows 6.1.7601 Service Pack 1
Internet Explorer 8.0.7601.17514

22.8.2011 21:46:24
mbam-log-2011-08-22 (21-46-12).txt

Typ kontroly: Úplný test (C:\|D:\|Q:\|)
Testované objekty: 258516
Uplynulý čas: 35 minut, 15 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 3
Infikované hodnoty v registru: 2
Infikované datové položky v registru: 3
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\sysdriver32.exe (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\systeminfog (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\SERVICES32.EXE (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\9917573.exe (Trojan.Downloader.Gen) -> Value: 9917573.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Services32.exe\close (Trojan.Agent) -> Value: close -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: FB update Flash Player vir - dalsi stastlivec

#13 Příspěvek od Caroprd111 »

Vše smažte a napište, co dělá PC. :)
Obrázek
Nahoru
Pillow
Návštěvník
Návštěvník
Příspěvky: 26
Registrován: 19 srp 2011 20:47

Re: FB update Flash Player vir - dalsi stastlivec

#14 Příspěvek od Pillow »

Provedeno a problem stale pritomen. Tak jsem si dovolil trochu vlastni iniciativy a dle tohoto navodu http://www.sevenforums.com/tutorials/14 ... 7-fix.html gadgety zprovoznil. Takze PC se tvari zatim spokojene a ja dekuji prevelice !
Nahoru
Uživatelský avatar
Caroprd111
VIP
VIP
Příspěvky: 13492
Registrován: 22 bře 2009 20:48
Bydliště: Třebíč
Kontaktovat uživatele:
Kontaktovat uživatele Caroprd111

Re: FB update Flash Player vir - dalsi stastlivec

#15 Příspěvek od Caroprd111 »

:thumbsup:


Obrázek Stáhněte T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Spusťte, pro potvrzení volby mačkejte klávesu A, Enter
  • Po použití program vymažte. Pozor, antiviry ho mohou falešně označit za vir.

Obrázek Stáhněte TFC http://oldtimer.geekstogo.com/TFC.exe
  • Spusťte.
  • Klikněte na "Start". Potvrďte hlášku kliknutím na "Ok" (Bude následovat restart)

Obrázek Stáhněte OTC http://oldtimer.geekstogo.com/OTC.exe
  • Spusťte.
  • Klikněte na "CleanUp!". Potvrďte hlášky kliknutím na "Yes" (Bude následovat restart)


Obrázek Stáhněte Ccleaner http://viry.cz/forum/viewtopic.php?t=7478
Obrázek Záložka Čistič
  • Dejte analyzovat, po dokončení dejte Spustit Ccleaner.

    Obrázek Záložka Registry
  • Klikněte na Hledej problémy, po dokončení klikněte na Opravit problémy, zálohu dělat nemusíte, potom dejte Opravit všechny problémy.
Obrázek OK Obrázek Zavřít


:arrow: Dejte nový log z RSIT.
Obrázek
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“