RSIT Vyřešeno

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Zamčeno
X3m.
nováček
Příspěvky: 8
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

RSIT

Příspěvekod X3m. » 21 črc 2011 12:17

Zdravim
Skontroloval by mi niekto RSIT log
Mám tam neaký virus pravdepodobne :-(

Logfile of random's system information tool 1.09 (written by random/random)
Run by Paľa at 2011-07-21 11:05:44
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 14 GB (14%) free of 100 GB
Total RAM: 2047 MB (61% free)


======Scheduled tasks folder======

C:\Windows\tasks\Norton Security Scan for Paľa.job
C:\Windows\tasks\Uniblue SpeedUpMyPC Nag.job
C:\Windows\tasks\Uniblue SpeedUpMyPC.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Paľa\AppData\Roaming\Mozilla\Firefox\Profiles\445wbqob.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{c50ca3c4-5656-43c2-a061-13e717f73fc8}:4.0.1, {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1, youtube2mp3@mondayx.de:1.0.7, {6236BA26-C117-4007-928C-DE0716C7FA96}:1.0.6, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {1FD91A9C-410C-4090-BBCC-55D3450EF433}:2.0, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, illimitux@illimitux.net:4.0, personas@christopher.beard:1.6.2, {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23, engine@conduit.com:3.3.3.2, {1392b8d2-5c05-419f-a8f6-b9f15a596612}:3.3.3.2, plugin2@gameplaylabs.com:2.0, {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24, firefox@tvunetworks.com:2, 5, 3, 1, {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.3.0.7280, {ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}:0.3.8.1, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
prefs.js - "keyword.URL" - "http://search.imesh.com/web?src=ffb&systemid=1&q="

"smartwebprinting@hp.com"=C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
"m3ffxtbr@mywebsearch.com"=C:\Program Files\MyWebSearch\bar\1.bin


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pages.tvunetworks.com/WebPlayer]
"Description"=TVU Web Player Plugin
"Path"=C:\Windows\system32\TVUAx\npTVUAx.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18]
"Description"=Veetle TV Core
"Path"=C:\Program Files\Veetle\plugins\npVeetle.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18]
"Description"=Veetle TV Player
"Path"=C:\Program Files\Veetle\Player\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{AB2CE124-6272-4b12-94A9-7303C7397BD1}
{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
FlashGet3.xpi
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
npdeployJava1.dll
NPOFF12.DLL
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
crawlersrch.xml
dunaj-sk.xml
eBay.xml
google.xml
iMeshWebSearch.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Paľa\AppData\Roaming\Mozilla\Firefox\Profiles\445wbqob.default\extensions\
firefox@tvunetworks.com
personas@christopher.beard
plugin2@gameplaylabs.com
videosurf_enhanced@videosurf.com
youtube2mp3@mondayx.de
{28D35620-51D9-11DE-9D13-2DB156D89593}
{28D35620-51D9-11DE-9D13-2DB156D89593}chrome
{ea2b95c2-9be8-48ed-bdd1-5fcd2ad0ff99}

C:\Users\Paľa\AppData\Roaming\Mozilla\Firefox\Profiles\445wbqob.default\searchplugins\
conduit.xml
daemon-search.xml
icqplugin.xml
iMeshWebSearch.xml
web-search.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0347C33E-8762-4905-BF09-768834316C61}]
HP Print Enhancer - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-09-20 328248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2F364306-AA45-47B5-9F9D-39A8B94E7EF7}]
FGCatchUrl - C:\Program Files\FlashGet\jccatch.dll [2007-08-06 94308]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3CF7606-E683-4375-A372-96B75DA0AEF7}]
GdfrDUEn Class - C:\Program Files\Get Styles\enlbrdr.dll [2010-02-11 185856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F}]
MediaBar - C:\PROGRA~1\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-05-04 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F156768E-81EF-470C-9057-481BA8380DBA}]
FlashGet GetFlash Class - C:\Program Files\FlashGet\getflash.dll [2007-05-18 163840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}]
HP Smart BHO Class - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-09-20 509496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files\DAEMON Tools Toolbar\DTToolbar.dll [2010-03-25 968000]
{ABB49B3B-AB7D-4ED0-9135-93FD5AA4F69F} - MediaBar - C:\PROGRA~1\iMesh Applications\MediaBar\ToolBar\iMeshMediaBarDx.dll [2009-11-20 87472]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HP Software Update"=C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2007-05-08 54840]
"hpqSRMon"=C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe [2008-07-22 150528]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe /hide /waitservice []
"TNOD UP"=C:\Program Files\TNod User & Password Finder\TNODUP.exe [2010-04-02 1811968]
"AdobeCS4ServiceManager"=C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
"NBKeyScan"=C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-09-08 421888]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-06-08 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"DATAMNGR"=C:\PROGRA~1\iMesh Applications\MediaBar\Datamngr\datamngrUI.exe [2010-09-07 972720]
"Freecorder FLV Service"=C:\Program Files\Freecorder\FLVSrvc.exe [2010-06-26 167936]
"Flashget"=C:\Program Files\FlashGet\FlashGet.exe [2007-09-25 2007088]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08 254696]
"explorer.exe"=C:\Users\Paľa\AppData\Roaming\explorer.exe [2011-02-25 2616320]
"PWRISOVM.EXE"=C:\Program Files\PowerISO\PWRISOVM.EXE [2010-04-12 180224]
"wxpdrv"=C:\Windows\services32.exe []
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-3-0\svchost.exe [2011-07-20 1147392]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"2350003.exe"=C:\Windows\Temp\2350003.exe [2011-07-20 232960]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-20 238592]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-20 232960]
"6379822.exe"=C:\Users\Paľa\AppData\Local\Temp\6379822.exe [2011-07-20 232960]
"4360518.exe"=C:\Windows\Temp\4360518.exe [2011-07-20 232960]
"5200757.exe"=C:\Windows\Temp\5200757.exe [2011-07-20 483328]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-20 115200]
"systemup"=C:\Windows\systemup.exe [2011-07-20 118784]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"explorer.exe"=C:\Users\Paľa\AppData\Roaming\explorer.exe [2011-02-25 2616320]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
"uTorrent"=C:\Users\Paľa\utorrent.exe [2011-05-19 399736]
"explorer.exe"=C:\Users\Paľa\AppData\Roaming\explorer.exe [2011-02-25 2616320]
"SpywareTerminatorUpdate"=C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe [2011-07-21 3037696]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe

C:\Users\Paľa\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Odmenovac.appref-ms

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\PROGRA~1\iMesh Applications\MediaBar\Datamngr\datamngr.dll C:\PROGRA~1\iMesh Applications\MediaBar\Datamngr\IEBHO.dll "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\explorer.exe"="C:\Windows\explorer.exe:*:Enabled:Windows Messanger"
"C:\Users\Paľa\AppData\Roaming\explorer.exe"="C:\Users\Paľa\AppData\Roaming\explorer.exe:*:Enabled:Windows Messanger"
"C:\Users\Paľa\Flash-Player.exe"="C:\Users\Paľa\Flash-Player.exe:*:Enabled:C:\Users\Paľa\Flash-Player.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"
"C:\Windows\update.tray-3-0\svchost.exe"="C:\Windows\update.tray-3-0\svchost.exe:*:Enabled:C:\Windows\update.tray-3-0\svchost.exe"
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"msacm.divxa32"=msaud32_divx.acm

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2011-07-21 11:05:44 ----D---- C:\rsit
2011-07-21 11:05:44 ----D---- C:\Program Files\trend micro
2011-07-20 15:11:10 ----A---- C:\Windows\ddh_iplist.txt
2011-07-20 15:10:54 ----A---- C:\Windows\systemup.exe
2011-07-20 15:10:53 ----A---- C:\Windows\l1rezerv.exe
2011-07-20 14:31:57 ----D---- C:\Windows\ufa
2011-07-20 14:31:57 ----D---- C:\Windows\rpcminer
2011-07-20 14:31:57 ----D---- C:\Windows\phoenix
2011-07-20 14:30:02 ----A---- C:\Windows\unrar.exe
2011-07-20 14:29:33 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-20 14:29:20 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-20 14:29:09 ----HD---- C:\Windows\update.2
2011-07-20 14:28:31 ----HD---- C:\Windows\update.5.0
2011-07-20 14:27:57 ----A---- C:\Windows\sysdriver32_.exe
2011-07-20 14:27:49 ----A---- C:\Windows\iplist.txt
2011-07-20 14:27:43 ----A---- C:\Windows\sysdriver32.exe
2011-07-20 14:26:51 ----D---- C:\Windows\av_ico
2011-07-20 14:26:37 ----A---- C:\Windows\front_ip_list.txt
2011-07-20 14:25:06 ----HD---- C:\Windows\update.1
2011-07-20 14:25:04 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-07-20 14:25:04 ----HD---- C:\Windows\update.tray-3-0
2011-07-20 14:13:22 ----A---- C:\Windows\winlog-ids.txt
2011-07-20 14:13:22 ----A---- C:\Windows\winlog-dirs.txt
2011-07-16 13:37:45 ----A---- C:\Windows\system32\pbsvc.exe
2011-07-13 11:22:03 ----A---- C:\Windows\system32\kernel32.dll
2011-07-13 11:22:02 ----A---- C:\Windows\system32\winsrv.dll
2011-07-13 11:22:02 ----A---- C:\Windows\system32\conhost.exe
2011-07-13 11:21:57 ----A---- C:\Windows\system32\KernelBase.dll
2011-07-13 11:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 11:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 11:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 11:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 11:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 11:21:56 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 11:21:55 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-07-13 11:21:19 ----A---- C:\Windows\system32\win32k.sys
2011-07-13 11:17:11 ----A---- C:\Windows\system32\nvsvcr.dll
2011-07-13 11:17:10 ----A---- C:\Windows\system32\easyupdatusapiu.dll
2011-07-13 10:11:30 ----D---- C:\Program Files\WinPcap
2011-07-07 19:52:37 ----SHD---- C:\$RECYCLE.BIN
2011-07-07 19:49:36 ----A---- C:\Windows\NeroDigital.ini
2011-07-05 22:01:05 ----D---- C:\Program Files\Activision
2011-07-05 21:45:52 ----D---- C:\Program Files\PowerISO
2011-06-29 10:15:40 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-06-29 10:15:36 ----A---- C:\Windows\system32\tquery.dll
2011-06-29 10:15:36 ----A---- C:\Windows\system32\mssrch.dll
2011-06-29 10:15:35 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-06-29 10:15:35 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-06-29 10:15:35 ----A---- C:\Windows\system32\mssph.dll
2011-06-29 10:15:34 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-06-29 10:15:34 ----A---- C:\Windows\system32\mssvp.dll
2011-06-29 10:15:34 ----A---- C:\Windows\system32\mssphtb.dll
2011-06-29 10:15:34 ----A---- C:\Windows\system32\msscntrs.dll
2011-06-28 22:28:42 ----D---- C:\Users\Paľa\AppData\Roaming\Day 1 Studios

======List of files/folders modified in the last 1 month======

2011-07-21 11:07:37 ----D---- C:\Windows\Temp
2011-07-21 11:07:31 ----D---- C:\Users\Paľa\AppData\Roaming\uTorrent
2011-07-21 11:05:44 ----RD---- C:\Program Files
2011-07-21 11:01:41 ----D---- C:\Users\Paľa\AppData\Roaming\Spyware Terminator
2011-07-21 11:01:08 ----D---- C:\Program Files\Spyware Terminator
2011-07-21 10:56:05 ----D---- C:\Windows\system32\drivers
2011-07-21 10:55:32 ----D---- C:\Windows\system32\config
2011-07-20 15:13:11 ----D---- C:\Windows\System32
2011-07-20 15:11:10 ----D---- C:\Windows
2011-07-20 14:29:35 ----D---- C:\Windows\system32\drivers\etc
2011-07-20 14:25:06 ----HD---- C:\ProgramData
2011-07-19 08:55:20 ----SHD---- C:\System Volume Information
2011-07-18 22:03:29 ----D---- C:\Users\Paľa\AppData\Roaming\Skype
2011-07-18 14:39:25 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-07-16 13:39:13 ----RSD---- C:\Windows\assembly
2011-07-16 13:37:41 ----HD---- C:\Program Files\InstallShield Installation Information
2011-07-16 13:37:40 ----SHD---- C:\Windows\Installer
2011-07-16 13:37:40 ----HD---- C:\Config.Msi
2011-07-16 13:10:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-07-16 13:10:04 ----D---- C:\Windows\inf
2011-07-16 11:43:59 ----D---- C:\Windows\system32\catroot2
2011-07-13 11:32:46 ----D---- C:\Windows\winsxs
2011-07-13 11:30:29 ----D---- C:\Windows\system32\DriverStore
2011-07-13 11:23:21 ----A---- C:\Windows\system32\MRT.exe
2011-07-13 11:23:13 ----D---- C:\ProgramData\Microsoft Help
2011-07-13 11:21:48 ----D---- C:\Windows\system32\catroot
2011-07-13 11:20:11 ----D---- C:\ProgramData\NVIDIA
2011-07-13 11:17:40 ----RD---- C:\Users
2011-07-13 11:17:35 ----D---- C:\Program Files\NVIDIA Corporation
2011-07-12 22:33:42 ----AD---- C:\ProgramData\TEMP
2011-07-12 18:22:49 ----SHD---- C:\Boot
2011-07-07 13:52:37 ----SD---- C:\Users\Paľa\AppData\Roaming\Microsoft
2011-07-07 12:27:52 ----D---- C:\Program Files\Mozilla Firefox
2011-07-05 22:04:37 ----A---- C:\Windows\game.ini
2011-07-05 21:59:19 ----D---- C:\Program Files\Common Files\InstallShield
2011-07-04 19:40:19 ----D---- C:\Windows\system32\Tasks
2011-07-04 19:40:12 ----RD---- C:\Program Files\Skype
2011-07-04 19:40:08 ----D---- C:\ProgramData\Skype
2011-07-04 19:39:53 ----D---- C:\Program Files\Common Files
2011-07-04 19:39:25 ----D---- C:\ProgramData\Easybits GO
2011-07-04 19:39:15 ----D---- C:\Users\Paľa\AppData\Roaming\go
2011-07-03 20:18:59 ----D---- C:\Program Files\Steam
2011-07-02 11:11:28 ----D---- C:\Users\Paľa\AppData\Roaming\OnLive App
2011-07-02 11:11:13 ----D---- C:\Program Files\Nokia
2011-07-02 11:10:28 ----D---- C:\Program Files\McAfee Security Scan
2011-07-01 19:07:44 ----D---- C:\Windows\Prefetch
2011-06-30 20:11:12 ----D---- C:\ProgramData\Skype Extras
2011-06-29 12:38:54 ----RSD---- C:\Windows\Fonts
2011-06-29 10:39:47 ----D---- C:\Program Files\Microsoft Office

Dakujem

//Logy se nedávají do code , popiš taky svůj problém! jaro3
Nahoru
Reklama
Top
Uživatelský avatar
jaro3
člen Security týmu
Guru Level 15
Guru Level 15
Příspěvky: 43294
Registrován: červen 07
Bydliště: Jižní Čechy
Pohlaví: Muž
Stav:
Offline

Re: RSIT

Příspěvekod jaro3 » 21 črc 2011 14:56

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Nahoru
X3m.
nováček
Příspěvky: 8
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

Re: RSIT

Příspěvekod X3m. » 21 črc 2011 16:33

jaro3
Preinstaloval som celý PC pretože mi už skoro ani net nesiel.,
Ale dik :)
Možte lock
Nahoru
Kotik
Level 5
Level 5
Příspěvky: 2384
Registrován: únor 09
Pohlaví: Muž
Stav:
Offline

Re: RSIT  Vyřešeno

Příspěvekod Kotik » 21 črc 2011 16:37

To můžeš udělat sám, vpravo nahoře máš zelenou fajfku. :wink:
Ntb: HP Pavilion 13-a250nc
PC: i7-4770 + Noctua NH-U9B SE2 / GIGABYTE GA-B85M-D3H rev.1.1 / 2x Kingston HyperX Fury White 4GB 1866 MHz / Asus RX-570 OC / Samsung 870 EVO 500GB / Seagate Barracuda 7200.14 - 1TB /BITFENIX Neos, bílá + EVGA 500B / Win11 Home 64bit / AOC i2369VM
+ Genius SW​-HF 5.1 4000
Nahoru
Zamčeno

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti