cavte vsetci potreboval by som od vas velmi poradit neviem aky to je presne virus ale nejde mi odstranit mal by sa nachadzat niekde vo win32 a je to nejaky trojsky kon ale neviem presne aky prikladam log z RSIT a prosim o pomoc ( prepacte som tu novy ak som porusil nejake pravidlo tak sa ospravedlnujem viac krat sa to nezopakuje
Logfile of random's system information tool 1.06 (written by random/random)
Run by Monička at 2012-07-18 14:19:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (11%) free of 150 GB
Total RAM: 2046 MB (48% free)
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:38, on 18.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Monička\Desktop\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Monička\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
--
End of file - 10229 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2011-07-26 109568]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-11 13574144]
"nwiz"=nwiz.exe /install []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-11 86016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-11-23 208184]
"CPA"=C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [2011-11-23 182584]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-09-16 1961984]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
C:\Program Files\Vtune\TBPanel.exe [2008-09-05 2154496]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]
C:\Documents and Settings\Monička\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe"="C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"D:\MY DOKUMENTS\Programs\SweetImSetup.exe"="D:\MY DOKUMENTS\Programs\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE:*:Enabled:EPSON Driver Update"
"C:\Program Files\Codemasters\F1 2011\F1_2011.exe"="C:\Program Files\Codemasters\F1 2011\F1_2011.exe:*:Enabled:F1 2011"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe:*:Enabled:Assassin's Creed Revelations"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe:*:Enabled:Assassin's Creed Revelations Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe:*:Enabled:Assassin's Creed Revelations Update"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
======List of files/folders created in the last 1 months======
2012-07-18 14:19:03 ----D---- C:\rsit
2012-07-18 13:16:33 ----D---- C:\Documents and Settings\All Users\Application Data\CPA_VA
2012-07-18 13:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2012-07-18 13:12:08 ----D---- C:\Program Files\COMODO
2012-07-18 13:12:08 ----A---- C:\WINDOWS\system32\gdiplus.dll
2012-07-18 12:56:55 ----SHD---- C:\RECYCLER
2012-07-18 12:13:19 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-07-18 11:58:00 ----A---- C:\ComboFix.txt
2012-07-18 11:57:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-18 11:00:36 ----D---- C:\ComboFix
2012-07-11 17:20:13 ----DC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 17:20:08 ----DC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 17:19:24 ----DC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 17:18:34 ----DC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 17:16:48 ----DC---- C:\WINDOWS\$NtUninstallKB2698365$
======List of files/folders modified in the last 1 months======
2012-07-18 14:19:11 ----D---- C:\WINDOWS\temp
2012-07-18 13:53:31 ----D---- C:\Program Files\Mozilla Firefox
2012-07-18 13:47:20 ----D---- C:\Program Files\DontAngry!
2012-07-18 13:22:47 ----SHD---- C:\WINDOWS\Installer
2012-07-18 13:16:02 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-18 13:15:54 ----D---- C:\WINDOWS
2012-07-18 13:15:16 ----D---- C:\WINDOWS\system32\drivers
2012-07-18 13:13:22 ----D---- C:\Config.Msi
2012-07-18 13:12:20 ----D---- C:\WINDOWS\system32
2012-07-18 13:12:08 ----D---- C:\Program Files
2012-07-18 12:59:50 ----HD---- C:\WINDOWS\inf
2012-07-18 12:57:56 ----D---- C:\WINDOWS\SoftwareDistribution
2012-07-18 12:57:33 ----D---- C:\Documents and Settings\Monička\Application Data\Winamp
2012-07-18 12:57:15 ----SHD---- C:\WINDOWS\Temporary Internet Files
2012-07-18 12:18:07 ----D---- C:\Program Files\FlashFXP 4
2012-07-18 12:13:28 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-18 11:58:31 ----D---- C:\Qoobox
2012-07-18 11:43:23 ----A---- C:\WINDOWS\system.ini
2012-07-18 11:38:03 ----DC---- C:\WINDOWS\system32\dllcache
2012-07-18 11:25:13 ----D---- C:\WINDOWS\AppPatch
2012-07-18 11:25:11 ----D---- C:\Program Files\Common Files
2012-07-18 11:07:36 ----D---- C:\Documents and Settings\Monička\Application Data\Skype
2012-07-18 11:07:33 ----D---- C:\WINDOWS\Minidump
2012-07-18 10:52:18 ----D---- C:\WINDOWS\system32\CatRoot
2012-07-18 10:47:22 ----D---- C:\WINDOWS\system32\config
2012-07-18 10:46:03 ----D---- C:\WINDOWS\system32\wbem
2012-07-18 10:45:57 ----D---- C:\WINDOWS\Registration
2012-07-18 10:45:20 ----D---- C:\Documents and Settings\Monička\Application Data\dvdcss
2012-07-18 10:39:37 ----D---- C:\Documents and Settings\Monička\Application Data\GetRightToGo
2012-07-18 10:37:34 ----D---- C:\Documents and Settings
2012-07-17 22:48:24 ----D---- C:\WINDOWS\Prefetch
2012-07-16 15:06:07 ----D---- C:\Documents and Settings\Monička\Application Data\ICQ
2012-07-14 19:03:10 ----D---- C:\WINDOWS\Logs
2012-07-14 19:03:10 ----D---- C:\WINDOWS\Debug
2012-07-12 13:20:57 ----D---- C:\Program Files\RapidShareManager
2012-07-11 17:20:07 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 17:19:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-07-11 17:19:36 ----A---- C:\WINDOWS\win.ini
2012-07-11 17:19:34 ----D---- C:\Program Files\Common Files\System
2012-07-05 22:28:59 ----A---- C:\WINDOWS\NeroDigital.ini
2012-06-28 06:33:19 ----D---- C:\Program Files\LogMeIn Hamachi
2012-06-26 06:08:26 ----D---- C:\WINDOWS\Help
2012-06-25 18:30:42 ----D---- C:\WINDOWS\WinSxS
2012-06-25 18:29:58 ----D---- C:\WINDOWS\system32\DirectX
2012-06-25 18:29:24 ----RSD---- C:\WINDOWS\assembly
2012-06-25 18:17:23 ----D---- C:\Program Files\Ubisoft
2012-06-25 18:17:21 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-25 11:11:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2012-06-25 11:04:08 ----D---- C:\Documents and Settings\Monička\Application Data\Ubisoft
2012-06-25 11:02:34 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2012-06-25 06:56:15 ----A---- C:\WINDOWS\BlendSettings.ini
2012-06-24 22:55:05 ----D---- C:\WINDOWS\security
2012-06-19 14:59:17 ----D---- C:\Documents and Settings\Monička\Application Data\Media Player Classic
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2012-03-11 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-11 6128352]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-13 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-11 9856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aasde6iw;aasde6iw; C:\WINDOWS\system32\drivers\aasde6iw.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\MONIKA~1\LOCALS~1\Temp\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-11 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-04-16 75136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-13 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-06-23 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-24 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-13 135664]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
virus nejde odstranit antivirom
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
hunterwx
Re: virus nejde odstranit antivirom
prepac nevedel som ze sa nemoze s combom robit nakolko mne to pomohlo vzdy a nemusel som otravovat potom takto a mne sem nejde vlozit ten log z comba ze tam je velky pocet znakov ako to sem mam vlozit? vypise mi to pokazde Vaše zpráva obsahuje 162310 znaků. Maximální povolený počet znaků je 80000. a k tomu vyrusu ja vobec neviem kde je presne umiestneny ani ako sa vola celkovo len viem ze mi to pokafralo pc tak ze mi zmyzli vsetky ikonky ces nudzový rezim som dal obnovu no antivirak mi ukazal ze trojsky kon nelze vylecit nic viac k tomu neviem pardon
naozaj uz neviem ako to sem mam vlozit skusim na dva krat alebo mam znova spravit ten log alebo ho mam uploadnut niekde?
naozaj uz neviem ako to sem mam vlozit skusim na dva krat alebo mam znova spravit ten log alebo ho mam uploadnut niekde?
Naposledy upravil(a) hunterwx dne 18 črc 2012 14:59, celkem upraveno 1 x.
-
hunterwx
Re: virus nejde odstranit antivirom
no ja ten report nemam kedze mne sa hned resetol pocitac a ten report mi zmyzol 
a doteraz sa neobjavil aj ten prvy krat sa objavil az po nejakych 2 hodinach tak teraz len trpnem kedy mi to znova spravi.. bez toho sa to nejako neda ? prepac ze mas take trapenie s tym velmi sa ti ospravedlnujem za vzniknute problemy a slubujem ze comba sa bez odporucania uz ani nedotknem
a doteraz sa neobjavil aj ten prvy krat sa objavil az po nejakych 2 hodinach tak teraz len trpnem kedy mi to znova spravi.. bez toho sa to nejako neda ? prepac ze mas take trapenie s tym velmi sa ti ospravedlnujem za vzniknute problemy a slubujem ze comba sa bez odporucania uz ani nedotknem- Přílohy
-
- ComboFix.rar
- (23.59 KiB) Staženo 42 x
-
hunterwx
Re: virus nejde odstranit antivirom
c:\windows\explorer.exe
https://www.virustotal.com/file/8c7e8bc ... /analysis/
c:\windows\regedit.exe
https://www.virustotal.com/file/06cb6f4 ... /analysis/
c:\windows\system32\xcdzip32.dll
https://www.virustotal.com/file/cf84342 ... /analysis/
c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
https://www.virustotal.com/file/094a403 ... /analysis/
po tomto teste mi vybehol ten virus a uz mam aj umiestnenie ale len som si to opísal a nestihol som ani screen spravit tak dufam ze to dobrre napisem
c:/documents and settings/monicka/desktop/Dump_Hdd0_DR0.old.mbr
infiltrace
win 32/olmasco.x trojsky kun
info
vylecen smazanim ulozen do karanteny
a na plochu mi to ulozilo subor Dump_Hdd0_DR0.old
http://support.kaspersky.com/downloads/ ... killer.exe toto som si stiahol ale nejde mi to spustit
a taktiez RogueKiller mi nejde spustit
https://www.virustotal.com/file/8c7e8bc ... /analysis/
c:\windows\regedit.exe
https://www.virustotal.com/file/06cb6f4 ... /analysis/
c:\windows\system32\xcdzip32.dll
https://www.virustotal.com/file/cf84342 ... /analysis/
c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
https://www.virustotal.com/file/094a403 ... /analysis/
Kód: Vybrat vše
MBRScan v1.1.1
OS : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR : x86 Family 6 Model 23 Stepping 6, GenuineIntel
BOOT : Normal Boot
DATE : 2012/07/18 (ISO 8601) at 16:33:56
________________________________________________________________________________
DISK : Device\Harddisk0\DR0 __SAMSUNG HD322HJ (1AC01113)
BUS_TYPE : (0x03) P-ATA
USE_PIO : YES
MAX_TRANSFER : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________
Device\Harddisk0\DR0 298.1 Go [Fixed] ==> Possible MaxSS.sst MBR Code
MBR_MD5 : 7EBCF55B858704D10A1A02FDC8671F16
MBR_SHA1 : 813651AC57C241F5DBA0DB83B58D46BBF1F7DA4B
Device\Harddisk0\Partition1 146.5 Go 0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2 151.6 Go 0x07 NTFS / HPFS
________________________________________________________________________________
############################### Additional scan ################################
SystemStartOptions : NOEXECUTE=OPTIN FASTDETECT
________________________________________________________________________________
_____FAKED \Device\Harddisk0\DR0
0x00000000 31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00 1À.м.|....f`...
0x00000010 7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F ~Æ..~.´H¾.~Í.°P.
0x00000020 82 7B 01 81 2E 13 04 14 00 A1 13 04 C1 E0 06 A3 .{.......¡..Áà.£
0x00000030 02 7E 81 EC 0E 00 68 10 00 89 E5 BE A1 7D B9 05 .~.ì..h...御}¹.
0x00000040 00 66 31 DB E8 F8 00 FF 36 02 7E 07 8C 46 06 8C .f1Ûèø..6.~..F..
0x00000050 5E 04 E8 09 00 81 C4 10 00 66 61 06 1E CB 66 60 ^.è...Ä..fa..Ëf`
0x00000060 57 66 FF 36 14 7E 66 8F 46 08 66 FF 36 18 7E 66 Wf.6.~f.F.f.6.~f
0x00000070 8F 46 0C 66 8B 45 10 66 40 66 29 46 08 66 19 5E .F.f.E.f@f)F.f.^
0x00000080 0C 8B 45 14 89 46 02 B4 42 8A 16 00 7E 89 EE CD ..E..F.´B...~.îÍ
0x00000090 13 B0 52 0F 82 07 01 31 C0 BA 04 04 BE B2 7D 88 .°R....1Àº..¾²}.
0x000000A0 9F 42 7E FE C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00 .B~þÃuø..B~..è~.
0x000000B0 46 FE CE 75 04 29 D6 88 D6 FE C3 75 EA 31 C0 89 FþÎu.)Ö.ÖþÃuê1À.
0x000000C0 C3 8B 56 02 C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E Ã.V.Áâ..v.þÃ..B~
0x000000D0 E8 5B 00 00 E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C è[..é0í.Ï..B~&0.
0x000000E0 46 4A 75 E6 5F 66 8B 4D 18 66 0F B7 56 04 81 F9 FJuæ_f.M.f.·V..ù
0x000000F0 FF 7F B0 53 0F 87 A6 00 66 FF 75 1C 66 31 C0 66 ..°S..¦.f.u.f1Àf
0x00000100 89 45 1C 66 F7 D0 26 67 32 02 66 42 B3 08 66 D1 .E.f÷Ð&g2.fB³.fÑ
0x00000110 E8 73 06 66 35 20 83 B8 ED FE CB 75 F1 E2 E7 66 ès.f5 .¸íþËuñâçf
0x00000120 F7 D0 66 5B 66 39 D8 B0 43 75 73 66 61 C3 00 C8 ÷Ðf[f9Ø°CusfaÃ.È
0x00000130 89 C7 8A AD 42 7E 88 AF 42 7E 88 8D 42 7E C3 66 .Ç.B~.¯B~..B~Ãf
0x00000140 60 BF 00 80 8C 4E 06 89 7E 04 66 89 D8 40 89 45 `¿...N..~.f.Ø@.E
0x00000150 14 66 0F B7 06 B6 7D 66 89 45 10 B8 20 00 E8 FD .f.·.¶}f.E.¸ .èý
0x00000160 FE 8B 7E 04 8B 55 18 FC 60 F3 A6 81 7D FE 5C 00 þ.~..U.ü`ó¦.}þ\.
0x00000170 74 0E E3 0E 61 01 C7 29 C2 77 ED B0 4E E9 1E 00 t.ã.a.Ç)Âwí°Né..
0x00000180 41 4E 5F 81 C4 0E 00 60 89 FE BF 22 7E 59 57 89 AN_.Ä..`.þ¿"~YW.
0x00000190 C1 F3 A4 61 E3 03 E9 C5 FF 59 57 66 61 C3 F4 EB Áó¤aã.éÅ.YWfaÃôë
0x000001A0 FD 5C 62 6F 6F 74 00 00 00 00 00 00 00 00 00 00 ý\boot..........
0x000001B0 00 00 A8 D3 17 78 BF F6 BA 41 BB 41 00 00 80 01 ..¨Ó.x¿öºA»A....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 F3 6B 4F 12 00 00 ...þ..?...ókO...
0x000001D0 C1 FF 0F FE FF FF 32 6C 4F 12 CE 2B F3 12 00 00 Á..þ..2lO.Î+ó...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__ORIGINAL \Device\Harddisk0\DR0
0x00000000 33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C 3À.м.|ûP.P.ü¾.|
0x00000010 BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04 ¿..PW¹å.ó¤Ë½¾.±.
0x00000020 38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5 8n.|.u..Å.âôÍ..õ
0x00000030 83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B .Æ.It.8,tö.µ.´..
0x00000040 F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88 ð¬<.tü»..´.Í.ëò.
0x00000050 4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B N.èF.s*þF..~..t.
0x00000060 80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83 .~..t..¶.uÒ.F...
0x00000070 46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB F...V..è!.s..¶.ë
0x00000080 BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0 ¼.>þ}Uªt..~..tÈ.
0x00000090 B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56 ·.ë©.ü.W.õË¿...V
0x000000A0 00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC .´.Í.r#.Á$?..Þ.ü
0x000000B0 43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56 C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0 0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C .w#r.9F.s.¸..».|
0x000000D0 8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A .N..V.Í.sQOtN2ä.
0x000000E0 56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD V.Í.ëä.V.`»ªU´AÍ
0x000000F0 13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60 .r6.ûUªu0öÁ.t+a`
0x00000100 6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A j.j..v..v.j.h.|j
0x00000110 01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B .j.´B.ôÍ.aas.Ot.
0x00000120 32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61 2ä.V.Í.ëÖaùÃInva
0x00000130 6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61 lid partition ta
0x00000140 62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E ble.Error loadin
0x00000150 67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74 g operating syst
0x00000160 65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61 em.Missing opera
0x00000170 74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00 ting system.....
0x00000180 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x00000190 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001A0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001B0 00 00 00 00 00 2C 44 63 BA 41 BB 41 00 00 80 01 .....,DcºA»A....
0x000001C0 01 00 07 FE FF FF 3F 00 00 00 F3 6B 4F 12 00 00 ...þ..?...ókO...
0x000001D0 C1 FF 0F FE FF FF 32 6C 4F 12 CE 2B F3 12 00 00 Á..þ..2lO.Î+ó...
0x000001E0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................
0x000001F0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA ..............Uª
__________________________16_BIT_ASM_CODE
0x0000 31c0 XOR AX, AX
0x0002 8ed0 MOV SS, AX
0x0004 bc 007c MOV SP, 0x7c00
0x0007 0e PUSH CS
0x0008 1f POP DS
0x0009 0e PUSH CS
0x000A 07 POP ES
0x000B 66 60 PUSHAD
0x000D 8816 007e MOV [0x7e00], DL
0x0011 c606 047e 1e MOV BYTE [0x7e04], 0x1e
0x0016 b4 48 MOV AH, 0x48
0x0018 be 047e MOV SI, 0x7e04
0x001B cd 13 INT 0x13
0x001D b0 50 MOV AL, 0x50
0x001F 0f82 7b01 JB 0x19e
0x0023 812e 1304 1400 SUB WORD [0x413], 0x14
0x0029 a1 1304 MOV AX, [0x413]
0x002C c1e0 06 SHL AX, 0x6
0x002F a3 027e MOV [0x7e02], AX
0x0032 81ec 0e00 SUB SP, 0xe
0x0036 68 1000 PUSH 0x10
0x0039 89e5 MOV BP, SP
0x003B be a17d MOV SI, 0x7da1
0x003E b9 0500 MOV CX, 0x5
0x0041 66 31db XOR EBX, EBX
0x0044 e8 f800 CALL 0x13f
0x0047 ff36 027e PUSH WORD [0x7e02]
0x004B 07 POP ES
0x004C 8c46 06 MOV WORD [BP+0x6], ES
0x004F 8c5e 04 MOV WORD [BP+0x4], DS
0x0052 e8 0900 CALL 0x5e
0x0055 81c4 1000 ADD SP, 0x10
0x0059 66 61 POPAD
0x005B 06 PUSH ES
0x005C 1e PUSH DS
0x005D cb RETF
0x005E 66 60 PUSHAD
0x0060 57 PUSH DI
0x0061 66 ff36 147e PUSH DWORD [0x7e14]
0x0066 66 8f46 08 POP DWORD [BP+0x8]
0x006A 66 ff36 187e PUSH DWORD [0x7e18]
0x006F 66 8f46 0c POP DWORD [BP+0xc]
0x0073 66 8b45 10 MOV EAX, [DI+0x10]
0x0077 66 40 INC EAX
0x0079 66 2946 08 SUB [BP+0x8], EAX
0x007D 66 195e 0c SBB [BP+0xc], EBX
0x0081 8b45 14 MOV AX, [DI+0x14]
0x0084 8946 02 MOV [BP+0x2], AX
0x0087 b4 42 MOV AH, 0x42
0x0089 8a16 007e MOV DL, [0x7e00]
0x008D 89ee MOV SI, BP
0x008F cd 13 INT 0x13
0x0091 b0 52 MOV AL, 0x52
0x0093 0f82 0701 JB 0x19e
0x0097 31c0 XOR AX, AX
0x0099 ba 0404 MOV DX, 0x404
0x009C be b27d MOV SI, 0x7db2
0x009F 889f 427e MOV [BX+0x7e42], BL
0x00A3 fec3 INC BL
0x00A5 75 f8 JNZ 0x9f
0x00A7 8a8f 427e MOV CL, [BX+0x7e42]
0x00AB 0204 ADD AL, [SI]
0x00AD e8 7e00 CALL 0x12e
0x00B0 46 INC SI
0x00B1 fece DEC DH
0x00B3 75 04 JNZ 0xb9
0x00B5 29d6 SUB SI, DX
0x00B7 88d6 MOV DH, DL
0x00B9 fec3 INC BL
0x00BB 75 ea JNZ 0xa7
0x00BD 31c0 XOR AX, AX
0x00BF 89c3 MOV BX, AX
0x00C1 8b56 02 MOV DX, [BP+0x2]
0x00C4 c1e2 09 SHL DX, 0x9
0x00C7 8b76 04 MOV SI, [BP+0x4]
0x00CA fec3 INC BL
0x00CC 8a8f 427e MOV CL, [BX+0x7e42]
0x00D0 e8 5b00 CALL 0x12e
0x00D3 00e9 ADD CL, CH
0x00D5 30ed XOR CH, CH
0x00D7 89cf MOV DI, CX
0x00D9 8a8d 427e MOV CL, [DI+0x7e42]
0x00DD 26 300c XOR ES:[SI], CL
0x00E0 46 INC SI
0x00E1 4a DEC DX
0x00E2 75 e6 JNZ 0xca
0x00E4 5f POP DI
0x00E5 66 8b4d 18 MOV ECX, [DI+0x18]
0x00E9 66 0fb756 04 MOVZX EDX, [BP+0x4]
0x00EE 81f9 ff7f CMP CX, 0x7fff
0x00F2 b0 53 MOV AL, 0x53
0x00F4 0f87 a600 JA 0x19e
0x00F8 66 ff75 1c PUSH DWORD [DI+0x1c]
0x00FC 66 31c0 XOR EAX, EAX
0x00FF 66 8945 1c MOV [DI+0x1c], EAX
0x0103 66 f7d0 NOT EAX
0x0106 26 67 3202 XOR AL, ES:[EDX]
0x010A 66 42 INC EDX
0x010C b3 08 MOV BL, 0x8
0x010E 66 d1e8 SHR EAX, 0x1
0x0111 73 06 JAE 0x119
0x0113 66 35 2083b8ed XOR EAX, 0xedb88320
0x0119 fecb DEC BL
0x011B 75 f1 JNZ 0x10e
0x011D e2 e7 LOOP 0x106
0x011F 66 f7d0 NOT EAX
0x0122 66 5b POP EBX
0x0124 66 39d8 CMP EAX, EBX
0x0127 b0 43 MOV AL, 0x43
0x0129 75 73 JNZ 0x19e
0x012B 66 61 POPAD
0x012D c3 RET
0x012E 00c8 ADD AL, CL
0x0130 89c7 MOV DI, AX
0x0132 8aad 427e MOV CH, [DI+0x7e42]
0x0136 88af 427e MOV [BX+0x7e42], CH
0x013A 888d 427e MOV [DI+0x7e42], CL
0x013E c3 RET
0x013F 66 60 PUSHAD
0x0141 bf 0080 MOV DI, 0x8000
0x0144 8c4e 06 MOV WORD [BP+0x6], CS
0x0147 897e 04 MOV [BP+0x4], DI
0x014A 66 89d8 MOV EAX, EBX
0x014D 40 INC AX
0x014E 8945 14 MOV [DI+0x14], AX
0x0151 66 0fb706 b67d MOVZX EAX, [0x7db6]
0x0157 66 8945 10 MOV [DI+0x10], EAX
0x015B b8 2000 MOV AX, 0x20
0x015E e8 fdfe CALL 0x5e
0x0161 8b7e 04 MOV DI, [BP+0x4]
0x0164 8b55 18 MOV DX, [DI+0x18]
0x0167 fc CLD
0x0168 60 PUSHA
0x0169 f3 a6 REP CMPSB
0x016B 817d fe 5c00 CMP WORD [DI-0x2], 0x5c
0x0170 74 0e JZ 0x180
0x0172 e3 0e JCXZ 0x182
0x0174 61 POPA
0x0175 01c7 ADD DI, AX
0x0177 29c2 SUB DX, AX
0x0179 77 ed JA 0x168
0x017B b0 4e MOV AL, 0x4e
0x017D e9 1e00 JMP 0x19e
0x0180 41 INC CX
0x0181 4e DEC SI
0x0182 5f POP DI
0x0183 81c4 0e00 ADD SP, 0xe
0x0187 60 PUSHA
0x0188 89fe MOV SI, DI
0x018A bf 227e MOV DI, 0x7e22
0x018D 59 POP CX
0x018E 57 PUSH DI
0x018F 89c1 MOV CX, AX
0x0191 f3 a4 REP MOVSB
0x0193 61 POPA
0x0194 e3 03 JCXZ 0x199
0x0196 e9 c5ff JMP 0x15e
0x0199 59 POP CX
0x019A 57 PUSH DI
0x019B 66 61 POPAD
0x019D c3 RET
0x019E f4 HLT
0x019F eb fd JMP 0x19e
0x01A1 5c POP SP
0x01A2 626f 6f BOUND BP, [BX+0x6f]
0x01A5 74 00 JZ 0x1a7
0x01A7 0000 ADD [BX+SI], AL
0x01A9 0000 ADD [BX+SI], AL
0x01AB 0000 ADD [BX+SI], AL
0x01AD 0000 ADD [BX+SI], AL
0x01AF 0000 ADD [BX+SI], AL
0x01B1 00a8 d317 ADD [BX+SI+0x17d3], CH
0x01B5 78 bf JS 0x176
0x01B7 f6ba 41bb IDIV BYTE [BP+SI-0x44bf]
0x01BB 41 INC CX
0x01BC 0000 ADD [BX+SI], AL
0x01BE 8001 01 ADD BYTE [BX+DI], 0x1
0x01C1 0007 ADD [BX], AL
0x01C3 fe DB 0xfe
0x01C4 ff DB 0xff
0x01C5 ff DB 0xff
0x01C6 3f AAS
0x01C7 0000 ADD [BX+SI], AL
0x01C9 00f3 ADD BL, DH
0x01CB 6b4f 12 00 IMUL CX, [BX+0x12], 0x0
0x01CF 00c1 ADD CL, AL
0x01D1 ff0f DEC WORD [BX]
0x01D3 fe DB 0xfe
0x01D4 ff DB 0xff
0x01D5 ff32 PUSH WORD [BP+SI]
0x01D7 6c INSB
0x01D8 4f DEC DI
0x01D9 12ce ADC CL, DH
0x01DB 2bf3 SUB SI, BX
0x01DD 1200 ADC AL, [BX+SI]
0x01DF 0000 ADD [BX+SI], AL
0x01E1 0000 ADD [BX+SI], AL
0x01E3 0000 ADD [BX+SI], AL
0x01E5 0000 ADD [BX+SI], AL
0x01E7 0000 ADD [BX+SI], AL
0x01E9 0000 ADD [BX+SI], AL
0x01EB 0000 ADD [BX+SI], AL
0x01ED 0000 ADD [BX+SI], AL
0x01EF 0000 ADD [BX+SI], AL
0x01F1 0000 ADD [BX+SI], AL
0x01F3 0000 ADD [BX+SI], AL
0x01F5 0000 ADD [BX+SI], AL
0x01F7 0000 ADD [BX+SI], AL
0x01F9 0000 ADD [BX+SI], AL
0x01FB 0000 ADD [BX+SI], AL
0x01FD 0055 aa ADD [DI-0x56], DL
c:/documents and settings/monicka/desktop/Dump_Hdd0_DR0.old.mbr
infiltrace
win 32/olmasco.x trojsky kun
info
vylecen smazanim ulozen do karanteny
a na plochu mi to ulozilo subor Dump_Hdd0_DR0.old
http://support.kaspersky.com/downloads/ ... killer.exe toto som si stiahol ale nejde mi to spustit
a taktiez RogueKiller mi nejde spustit
-
hunterwx
Re: virus nejde odstranit antivirom
no tak dufam ze uz teraz to bude dobre a ze som to spravne pochopil takze ked mi tam vybehla tato tabulka File already analysed
This file was already analysed by VirusTotal on 2011-10-18 09:33:47.
Detection ratio: 1/41
You can take a look at the last analysis or analyse it again now.
dal som reanalysed tak si to myslel ? dufam ze ano inak som ta asi uplne blbo pochopil a odpust mi moh hlupi pristup k tomu
c:\windows\explorer.exe
https://www.virustotal.com/file/8c7e8bc ... 342625505/
c:\windows\regedit.exe
https://www.virustotal.com/file/06cb6f4 ... 342625827/
c:\windows\system32\xcdzip32.dll
tato zlozka mi nejako nejde inak oskenovat stale tam dava 9 mesiacov aj ked som dal znova a znova stale to iste co aj predtym
https://www.virustotal.com/file/cf84342 ... 342626481/
c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
https://www.virustotal.com/file/094a403 ... /analysis/
a nie nemam kde bohuzial vypalit cd/dvd bolo by to treba ? mam doma len tento pc z ktoreho teraz pisem ale pripadne by som siel nejakemu kamosovi
This file was already analysed by VirusTotal on 2011-10-18 09:33:47.
Detection ratio: 1/41
You can take a look at the last analysis or analyse it again now.
dal som reanalysed tak si to myslel ? dufam ze ano inak som ta asi uplne blbo pochopil a odpust mi moh hlupi pristup k tomu
c:\windows\explorer.exe
https://www.virustotal.com/file/8c7e8bc ... 342625505/
c:\windows\regedit.exe
https://www.virustotal.com/file/06cb6f4 ... 342625827/
c:\windows\system32\xcdzip32.dll
tato zlozka mi nejako nejde inak oskenovat stale tam dava 9 mesiacov aj ked som dal znova a znova stale to iste co aj predtym
https://www.virustotal.com/file/cf84342 ... 342626481/
c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
https://www.virustotal.com/file/094a403 ... /analysis/
a nie nemam kde bohuzial vypalit cd/dvd bolo by to treba ? mam doma len tento pc z ktoreho teraz pisem ale pripadne by som siel nejakemu kamosovi
-
hunterwx
Re: virus nejde odstranit antivirom
este sa opytam radsej tu zlozku mam vytvorit na ploche a je jedno ako ju pomenujem alebo sa ma volat tak isto ako ten program??
-
hunterwx
Re: virus nejde odstranit antivirom
teraz ao som zapol pc opat sa mi tam ukazala ta infiltracia a pise mi to
infiltrace nalezena v pameti
objekt-
operacni pamet-svchost.exe(1564)
infiltrace
warianta infiltrace win32/olmasco. o trojsky kun
info nelze lecit
a vytvoril som si na ploche slozku pomenoval som si ju mbrscan potom som spustil scan s tym ze v options som zaskrtol opat vsetko a dal report a tuna su tie subory ak som to nahodou spravil zle napis ja to spustim tak ako napises znova
infiltrace nalezena v pameti
objekt-
operacni pamet-svchost.exe(1564)
infiltrace
warianta infiltrace win32/olmasco. o trojsky kun
info nelze lecit
a vytvoril som si na ploche slozku pomenoval som si ju mbrscan potom som spustil scan s tym ze v options som zaskrtol opat vsetko a dal report a tuna su tie subory ak som to nahodou spravil zle napis ja to spustim tak ako napises znova
- Přílohy
-
- mbrscan.rar
- (6.75 KiB) Staženo 34 x
-
hunterwx
Re: virus nejde odstranit antivirom
tuna je to vlozene tak ze som tam nic neupravoval len som spustil hned scan ako sa to otvorilo
a to CD uz mam vypalene
a to CD uz mam vypalene
- Přílohy
-
- scan nie cez report.rar
- (1.13 KiB) Staženo 40 x
-
hunterwx
Re: virus nejde odstranit antivirom
a este otazka ked mi predtym ten tdsskiller nesiel ani otvorit teraz pojde?
-
hunterwx
Re: virus nejde odstranit antivirom
a kde najdem ten mbrfix? a ako ze sa spusti prostredi ale z mechaniky?
cize ak som dobre pochopil mam restartovat pc po tom ako rozbalim henten subor na c a vlozit do mechaniky to cd co som vypalil? potom v programoch najist ten mbr fix a postupovat podla dalsieho navaodu
cize ak som dobre pochopil mam restartovat pc po tom ako rozbalim henten subor na c a vlozit do mechaniky to cd co som vypalil? potom v programoch najist ten mbr fix a postupovat podla dalsieho navaodu
Naposledy upravil(a) hunterwx dne 19 črc 2012 14:37, celkem upraveno 1 x.
-
hunterwx
Re: virus nejde odstranit antivirom
napisalo mi to ze system nemoze spustit zadany program skusim este raz ten restart ani potom to nejde
-
hunterwx
Re: virus nejde odstranit antivirom
mne to otvorilo klasicky moju plochu ako vzdy potom som otvoril to cd dal som ten soft otvoril sa mi prikazovy riadok kde som skopiroval ten prikaz od teba lebo ked som otvoril to cd a dal som reatogo ako nacitat tak mi to nic nerobilo uz mi to otvorilo ale nemam to ako ty plochu ale len take okno a tam na vyber ale nemam tam to mbrfix este to treba nejako doinstalovat alebo ?
Naposledy upravil(a) hunterwx dne 19 črc 2012 14:55, celkem upraveno 1 x.
-
hunterwx
Re: virus nejde odstranit antivirom
lenze mne to cd nabootovat nechce ja ho dam do mechaniky a nerobi to nic
-
hunterwx
Re: virus nejde odstranit antivirom
to som sa chcel prave spytat ci to mam zapat na prvy boot z cd oki idem nato
Přispějete na provoz fóra?