Facebook-VIR Vyřešeno

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Zamčeno
Uživatelský avatar
DennyX
nováček
Příspěvky: 32
Registrován: červenec 11
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod DennyX » 28 črc 2011 01:22

Ale ten T-cleaner mě pořád nejde stáhnou Avast i firewall mám vyplé.
Nahoru
Reklama
Top
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod jaro3 » 28 črc 2011 09:08

OK.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - Reg Error: Key error. File not found
O1 HOSTS File: ([2011.07.27 20:01:43 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8:64bit: - Extra context menu item: 使用快车3下载 - C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8:64bit: - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ()
O8 - Extra context menu item: 使用快车3下载 - C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetUrl.htm ()
O8 - Extra context menu item: 使用快车3下载全部链接 - C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm (
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
[2011.07.12 15:34:03 | 007,942,242 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.07.12 15:34:03 | 003,126,876 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.07.12 15:34:03 | 002,594,680 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.07.12 15:34:03 | 002,509,590 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
@Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTK1RVDNJCML147D5YWLL4AMPB4A591KLP32MVVVVVVVVVVVVV

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\System32\dllcache\*.tmp
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
C:\*.tmp
C:\Documents and Settings\All Users\Data aplikací\*.tmp
C:\Windows\SysNative\drivers\*.tmp
C:\Windows\SysWow64\drivers\*.tmp
C:\Program Files (x86)\*.tmp
C:\Windows\SysWow64\*.tmp
C:\Windows\SysNative\*.tmp
C:\Windows\SysNative\drivers\etc\hosts
C:\Windows\SysWow64\ezsidmv.dat
C:\Users\Intel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
C:\Windows\SysWow64\unrar.dll
C:\Windows\update.1
C:\Windows\services32.exe
C:\Windows\update.tray-9-0
C:\Windows\update.tray-7-0
C:\Windows\update.2
C:\Windows\update.3
C:\Windows\update.1
C:\Windows\services32.exe
C:\Windows\update.tray-9-0
C:\Windows\update.tray-7-0
C:\Windows\update.2
C:\Windows\update.3

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Windows\update.1\svchost.exe" =-
"C:\Windows\services32.exe" =-
"C:\Windows\update.tray-9-0\svchost.exe" =-
"C:\Windows\update.tray-7-0\svchost.exe" =-
"C:\Windows\update.2\svchost.exe" =-
"C:\Windows\update.3\svchost.exe" =-
"C:\Windows\update.1\svchost.exe" =-
"C:\Windows\services32.exe" =-
"C:\Windows\update.tray-9-0\svchost.exe" =-
"C:\Windows\update.2\svchost.exe" =-
"C:\Windows\update.3\svchost.exe" =-

:Commands
[resethosts]
[purity]
[emptytemp]
[EMPTYFLASH]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

+
Poklepej znovu na ikonu OTL by OldTimer, pod Vlastní skenování/opravy (Custom Scans/Fixes) vlož následující text , zeleně zbarvený:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT


Neměň nastavení, jen klikni na Prohledat (Run Scan), nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

+
V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\SYSTEM32\ntdll.dll

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
DennyX
nováček
Příspěvky: 32
Registrován: červenec 11
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod DennyX » 28 črc 2011 13:51

toto je 1 log :
All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
127.0.0.1 localhost removed from HOSTS file successfully
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
64bit-Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用快车3下载\ deleted successfully.
C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetUrl.htm moved successfully.
64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用快车3下载全部链接\ deleted successfully.
C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm moved successfully.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用快车3下载\ not found.
File C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetUrl.htm not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\使用快车3下载全部链接\ not found.
File C:\Users\Intel\AppData\Roaming\FlashGetBHO\GetAllUrl.htm ( not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88FED34C-F0CA-4636-A375-3CB6248B04CD}\ not found.
File {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{314111c7-a502-11d2-bbca-00c04f8ec294}\ not found.
File {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FFC8B962-9B40-4DFF-9458-1830C7DD7F5D}\ not found.
File {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype-ie-addon-data\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{91774881-D725-4E58-B298-07617B9B86A8}\ not found.
File {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
C:\Windows\SysNative\perfh005.dat moved successfully.
C:\Windows\SysNative\perfh009.dat moved successfully.
C:\Windows\SysNative\perfc005.dat moved successfully.
C:\Windows\SysNative\perfc009.dat moved successfully.
ADS C:\ProgramData:$SS_DESCRIPTOR_PVX2VCGKMVF9FFNYTK1RVDNJCML147D5YWLL4AMPB4A591KLP32MVVVVVVVVVVVVV deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\System32\*.tmp not found.
C:\WINDOWS\11AE680750D24F5982B32C3E695E94C2.TMP folder moved successfully.
C:\WINDOWS\1C4551A64743409391E41477CD655043.TMP folder moved successfully.
C:\WINDOWS\C5C1C0F0D62F4DBF81D4D7EF397C228B.TMP folder moved successfully.
C:\WINDOWS\DEA314C409294250BC9298E4C105F28D.TMP folder moved successfully.
C:\WINDOWS\E4D153288C89484BB9AAF5BE9EA6D01C.TMP folder moved successfully.
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\System32\dllcache\*.tmp not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
File\Folder c:\windows\Tasks\*.job not found.
File\Folder C:\*.tmp not found.
File\Folder C:\Documents and Settings\All Users\Data aplikací\*.tmp not found.
File\Folder C:\Windows\SysNative\drivers\*.tmp not found.
File\Folder C:\Windows\SysWow64\drivers\*.tmp not found.
File\Folder C:\Program Files (x86)\*.tmp not found.
File\Folder C:\Windows\SysWow64\*.tmp not found.
File\Folder C:\Windows\SysNative\*.tmp not found.
C:\Windows\SysNative\drivers\etc\hosts moved successfully.
C:\Windows\SysWow64\ezsidmv.dat moved successfully.
C:\Users\Intel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Windows\SysWow64\unrar.dll moved successfully.
File\Folder C:\Windows\update.1 not found.
File\Folder C:\Windows\services32.exe not found.
File\Folder C:\Windows\update.tray-9-0 not found.
File\Folder C:\Windows\update.tray-7-0 not found.
File\Folder C:\Windows\update.2 not found.
File\Folder C:\Windows\update.3 not found.
File\Folder C:\Windows\update.1 not found.
File\Folder C:\Windows\services32.exe not found.
File\Folder C:\Windows\update.tray-9-0 not found.
File\Folder C:\Windows\update.tray-7-0 not found.
File\Folder C:\Windows\update.2 not found.
File\Folder C:\Windows\update.3 not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.1\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\services32.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.tray-9-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.tray-7-0\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.2\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.3\svchost.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.1\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\services32.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.tray-9-0\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.2\svchost.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Windows\update.3\svchost.exe not found.
========== COMMANDS ==========
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Intel
->Temp folder emptied: 815936 bytes
->Temporary Internet Files folder emptied: 6061716 bytes
->Java cache emptied: 4295 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 56977 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 56502 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 26622 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 85315 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 7,00 mb


[EMPTYFLASH]

User: All Users

User: AppData

User: Default
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: Intel
->Flash cache emptied: 0 bytes

User: Public

User: UpdatusUser
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 07282011_132921

Files\Folders moved on Reboot...
C:\Users\Intel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\_avast5_\Webshlock.txt scheduled to be moved on reboot.

Registry entries deleted on Reboot...








a tady je 2 log:)
OTL logfile created on: 28.7.2011 13:34:46 - Run 2
OTL by OldTimer - Version 3.2.26.1 Folder = C:\Users\Intel\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,66 Gb Available Physical Memory | 66,60% Memory free
8,00 Gb Paging File | 6,64 Gb Available in Paging File | 83,07% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 100,51 Gb Total Space | 27,55 Gb Free Space | 27,41% Space Free | Partition Type: NTFS
Drive D: | 831,00 Gb Total Space | 75,62 Gb Free Space | 9,10% Space Free | Partition Type: NTFS
Drive E: | 6,13 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: INTEL-PC | User Name: Intel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.07.28 00:17:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Intel\Desktop\OTL.exe
PRC - [2011.06.27 21:44:54 | 000,214,520 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2011.06.27 18:32:36 | 000,075,064 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.04.28 23:42:28 | 002,619,904 | ---- | M] () -- C:\Users\Intel\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe
PRC - [2011.01.13 09:47:34 | 003,396,624 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010.12.08 23:15:44 | 000,063,360 | ---- | M] (DivX, LLC) -- C:\Program Files (x86)\DivX\DivX Plus Web Player\DDMService.exe
PRC - [2010.11.20 00:23:38 | 002,975,640 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe
PRC - [2009.12.22 16:23:00 | 002,647,040 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe
PRC - [2009.10.16 16:45:30 | 001,678,848 | ---- | M] () -- C:\Program Files (x86)\GIGABYTE\Gamer HUD Lite\HUD.exe
PRC - [2009.08.18 21:02:10 | 001,520,128 | ---- | M] () -- C:\Program Files (x86)\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe
PRC - [2008.11.07 04:00:00 | 000,077,824 | ---- | M] () -- C:\Program Files\Logitech\SetPoint\x86\SetPoint32.exe
PRC - [2007.01.29 15:41:26 | 000,073,728 | ---- | M] () -- C:\Program Files (x86)\KWorld Multimedia\TV713X Utilities\HMCP3XCtl.exe


========== Modules (SafeList) ==========

MOD - [2011.07.28 00:17:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Intel\Desktop\OTL.exe
MOD - [2011.07.27 22:26:13 | 000,189,728 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\snxhk.dll
MOD - [2009.12.18 17:23:58 | 000,194,560 | ---- | M] () -- C:\Program Files (x86)\Anti-Vibrate Oscar Editor\Win32Share.dll
MOD - [2009.07.14 03:03:50 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll
MOD - [2009.06.10 23:23:11 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.4927_none_d08a205e442db5b5\msvcr80.dll
MOD - [2008.11.07 04:00:00 | 000,038,912 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\x86\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.01.13 09:47:33 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2009.12.08 07:14:26 | 006,810,728 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.11.07 16:49:10 | 000,160,784 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.07.14 09:52:20 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.06.27 21:44:54 | 000,214,520 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2011.06.27 18:32:36 | 000,075,064 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.05.25 09:25:28 | 002,214,504 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.05.20 22:35:16 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.11.21 20:11:48 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.02.11 13:42:32 | 000,172,328 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2010.01.30 01:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.07.26 06:43:14 | 000,025,832 | ---- | M] (BioWare) [On_Demand | Stopped] -- D:\games\Dragon Age\bin_ship\daupdatersvc.service.exe -- (DAUpdaterSvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.05.25 09:25:48 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.05.19 19:49:54 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.02.02 18:28:19 | 000,310,728 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.01.27 19:49:48 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2011.01.13 09:37:23 | 000,062,032 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2010.09.05 10:33:52 | 000,042,696 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.07.01 15:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.03.13 00:04:56 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.03.11 22:29:30 | 000,834,544 | ---- | M] () [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.03.10 09:16:36 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2009.07.14 03:52:21 | 000,106,576 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.07.14 03:52:21 | 000,028,752 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2008.09.26 09:56:00 | 000,113,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2008.09.26 09:56:00 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2008.09.26 09:56:00 | 000,057,872 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008.09.26 09:56:00 | 000,055,312 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008.09.26 09:55:00 | 000,035,344 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L8042Kbd.sys -- (L8042Kbd)
DRV:64bit: - [2008.05.02 10:58:48 | 000,018,432 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcdx64)
DRV:64bit: - [2007.04.20 14:40:10 | 000,873,216 | ---- | M] (Philips Semiconductors GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\3xHybr64.sys -- (3xHybr64)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.57\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.05 12:33:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2010.12.22 01:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2010.12.22 01:17:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010.12.22 15:48:43 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010.12.05 12:33:55 | 000,000,000 | ---D | M]

[2010.10.14 19:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions
[2010.10.14 19:10:39 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

O1 HOSTS File: ([2011.07.28 13:29:24 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg64.dll (Google Inc.)
O2 - BHO: (Yahoo! Companion BHO) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Intel\AppData\Roaming\FlashGetBHO\FlashGetBHO31.dll (Trend Media Group)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (&Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\ycomp5_6_2_0.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [DivX Download Manager] C:\Program Files (x86)\DivX\DivX Plus Web Player\DDmService.exe (DivX, LLC)
O4 - HKCU..\Run: [AROReminder] C:\Program Files (x86)\Advanced Registry Optimizer\ARO.exe (Sammsoft)
O4 - HKCU..\Run: [Center Agent] C:\Program Files (x86)\KWorld Multimedia\HyperMedia\DTVR\Scheduled.exe ()
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [OscarEditor] C:\Program Files (x86)\Anti-Vibrate Oscar Editor\OscarEditor.exe ()
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] D:\torrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CNET TechTracker.lnk = C:\Users\Intel\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe ()
O4 - Startup: C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GIGABYTE Gamer HUD Lite.lnk = C:\Program Files (x86)\GIGABYTE\Gamer HUD Lite\HUD.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O8 - Extra context menu item: WikiKomentáře Google... - C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_70C5B381380DB17F.dll (Google Inc.)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_26)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (systempropertiesperformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.05.11 10:05:24 | 000,000,115 | R--- | M] () - E:\autorun.inf -- [ UDF ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2011.07.28 13:29:21 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.07.28 00:17:38 | 000,579,584 | ---- | C] (OldTimer Tools) -- C:\Users\Intel\Desktop\OTL.exe
[2011.07.28 00:17:31 | 000,258,560 | ---- | C] (OldTimer Tools) -- C:\Users\Intel\Desktop\OTH.scr
[2011.07.27 22:26:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2011.07.27 22:25:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Alwil Software
[2011.07.27 22:25:51 | 000,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2011.07.27 22:09:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.07.27 22:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.07.27 20:15:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.07.27 20:15:51 | 000,000,000 | ---D | C] -- C:\Users\Intel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
[2011.07.27 20:01:49 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.07.27 17:13:11 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT
[2011.07.27 15:24:29 | 000,000,000 | ---D | C] -- C:\Users\Intel\AppData\Roaming\Malwarebytes
[2011.07.27 15:24:23 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.27 15:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.07.27 15:24:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.07.27 15:24:20 | 000,025,912 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.07.27 15:24:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.07.26 21:01:34 | 000,000,000 | ---D | C] -- C:\Users\Intel\Documents\LucasArts
[2011.07.26 21:01:33 | 000,000,000 | ---D | C] -- C:\Users\Intel\AppData\Local\LucasArts
[2011.07.25 16:21:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Pro Antivirus
[2011.07.24 20:20:44 | 000,404,640 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2010.03.13 00:04:56 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Intel\AppData\Roaming\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011.07.28 13:30:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.07.28 13:30:29 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2011.07.28 13:29:24 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.07.28 00:17:41 | 000,579,584 | ---- | M] (OldTimer Tools) -- C:\Users\Intel\Desktop\OTL.exe
[2011.07.28 00:17:33 | 000,258,560 | ---- | M] (OldTimer Tools) -- C:\Users\Intel\Desktop\OTH.scr
[2011.07.27 22:26:11 | 000,054,156 | -H-- | M] () -- C:\Windows\QTFont.qfn
[2011.07.27 22:26:11 | 000,001,409 | ---- | M] () -- C:\Windows\QTFont.for
[2011.07.27 22:26:10 | 000,001,858 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.27 22:26:03 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.07.27 22:19:50 | 000,023,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.07.27 22:19:50 | 000,023,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.07.27 22:09:14 | 000,000,828 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.27 20:15:51 | 000,002,975 | ---- | M] () -- C:\Users\Intel\Desktop\HiJackThis.lnk
[2011.07.27 15:52:59 | 000,001,268 | ---- | M] () -- C:\Users\Intel\Desktop\MinecraftSP.exe – zástupce.lnk
[2011.07.27 15:24:23 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.27 14:44:01 | 000,001,939 | ---- | M] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011.07.26 23:56:50 | 000,007,605 | ---- | M] () -- C:\Users\Intel\AppData\Local\resmon.resmoncfg
[2011.07.24 20:22:34 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.07.24 20:20:44 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2011.07.15 10:09:05 | 000,002,346 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2011.07.12 15:34:03 | 000,004,572 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.07.09 14:54:38 | 000,000,810 | ---- | M] () -- C:\Users\Intel\Desktop\sfBot.exe – zástupce.lnk
[2011.07.06 19:52:42 | 000,041,272 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysWow64\drivers\mbamswissarmy.sys
[2011.07.06 19:52:42 | 000,025,912 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys

========== Files Created - No Company Name ==========

[2011.07.27 22:26:10 | 000,001,858 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.07.27 22:09:14 | 000,000,828 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2011.07.27 20:15:51 | 000,002,975 | ---- | C] () -- C:\Users\Intel\Desktop\HiJackThis.lnk
[2011.07.27 15:24:23 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.07.25 16:21:45 | 000,001,939 | ---- | C] () -- C:\Users\Public\Desktop\avast! Pro Antivirus.lnk
[2011.07.24 20:22:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.07.24 20:22:15 | 000,002,020 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.07.09 14:54:38 | 000,000,810 | ---- | C] () -- C:\Users\Intel\Desktop\sfBot.exe – zástupce.lnk
[2011.06.07 14:58:02 | 000,000,204 | ---- | C] () -- C:\Windows\SysWow64\secustat.dat
[2011.06.07 00:02:07 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI
[2011.05.20 22:35:28 | 000,304,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.04.03 21:36:56 | 000,002,048 | ---- | C] () -- C:\Windows\SysWow64\winver.exe
[2011.02.16 18:19:23 | 000,007,605 | ---- | C] () -- C:\Users\Intel\AppData\Local\resmon.resmoncfg
[2010.12.05 12:29:10 | 000,227,963 | ---- | C] () -- C:\Windows\hpoins46.dat
[2010.11.16 22:27:20 | 000,794,408 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2010.11.16 21:59:43 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2010.11.02 18:28:45 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2010.10.21 17:01:55 | 000,000,293 | ---- | C] () -- C:\Windows\game.ini
[2010.04.21 21:51:37 | 000,075,064 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.04.21 21:51:32 | 000,214,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.04.12 23:14:35 | 000,000,049 | ---- | C] () -- C:\Windows\wincheater.ini
[2010.04.02 17:17:34 | 000,179,091 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2010.03.25 23:51:05 | 000,020,870 | ---- | C] () -- C:\Users\Intel\AppData\Roaming\UserTile.png
[2010.03.13 00:04:56 | 000,007,859 | ---- | C] () -- C:\Users\Intel\AppData\Roaming\pcouffin.cat
[2010.03.13 00:04:56 | 000,001,167 | ---- | C] () -- C:\Users\Intel\AppData\Roaming\pcouffin.inf
[2010.03.12 23:57:24 | 000,001,044 | ---- | C] () -- C:\Users\Intel\AppData\Roaming\vso_ts_preview.xml
[2010.03.06 15:55:19 | 000,004,357 | ---- | C] () -- C:\Windows\TVP3XDrv.ini
[2010.01.29 23:21:20 | 000,000,532 | ---- | C] () -- C:\Windows\hpomdl46.dat
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.06.07 16:24:04 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2009.06.07 16:16:12 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll

========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2010.10.08 19:54:32 | 034,013,024 | ---- | M] () -- C:\PhysX.exe


< MD5 for: AGP440.SYS >
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys
[2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys
[2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys

< MD5 for: CNGAUDIT.DLL >
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll

< MD5 for: IASTORV.SYS >
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys
[2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys

< MD5 for: NETLOGON.DLL >
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\ERDNT\cache64\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll
[2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\ERDNT\cache86\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll
[2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll

< MD5 for: NVSTOR.SYS >
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\drivers\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys
[2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys

< MD5 for: SCECLI.DLL >
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\ERDNT\cache86\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll
[2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\ERDNT\cache64\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll
[2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll

< %systemroot%\*. /mp /s >

< End of report >
Nahoru
Uživatelský avatar
DennyX
nováček
Příspěvky: 32
Registrován: červenec 11
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod DennyX » 28 črc 2011 14:17

Asi týden tady nebudu, takže to budu moct řešit až pak..děkuju za pochopení :)
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod jaro3 » 28 črc 2011 18:18

OK , pak se ozvi.

Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Vlastní skenování/opravy do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[2010.10.14 19:10:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions
[2010.10.14 19:10:39 | 000,000,000 | ---D | M] (XfireXO Toolbar) -- C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}

:Files

:Reg
:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Opravit. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Windows\SysWow64\SI.bin

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
DennyX
nováček
Příspěvky: 32
Registrován: červenec 11
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod DennyX » 08 srp 2011 16:42

No už jsem konečně doma :-)

Tady je ten log:


All processes killed
========== OTL ==========
No active process named explorer.exe was found!
No active process named firefox.exe was found!
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\searchplugin folder moved successfully.
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\META-INF folder moved successfully.
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\lib folder moved successfully.
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\defaults folder moved successfully.
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\components folder moved successfully.
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\chrome folder moved successfully.
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3} folder moved successfully.
C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions folder moved successfully.
Folder C:\Users\Intel\AppData\Roaming\mozilla\Firefox\extensions\{5e5ab302-7f65-44cd-8211-c1d4caaccea3}\ not found.
========== FILES ==========
========== REGISTRY ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Intel
->Temp folder emptied: 130226 bytes
->Temporary Internet Files folder emptied: 1151398 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 470 bytes

User: Public
->Temp folder emptied: 0 bytes

User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 50874 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 1,00 mb


OTL by OldTimer - Version 3.2.26.1 log created on 08082011_163415

Files\Folders moved on Reboot...
C:\Users\Intel\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...
Nahoru
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod jaro3 » 08 srp 2011 21:48

Spusť OTL a klikni na Vyčisti.
Pak můžeš OTL smazat , C:\_OTL

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
Uživatelský avatar
DennyX
nováček
Příspěvky: 32
Registrován: červenec 11
Pohlaví: Muž
Stav:
Offline

Re: Facebook-VIR

Příspěvekod DennyX » 08 srp 2011 22:15

jojo děkuju za vše :-) .............. teď jsem zjisti ze facebook mi uz nejde jenom v exploreru :D
díík
Nahoru
Zamčeno

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 1 host