Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

o5... FB vir...rst PC po bootu XP

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

o5... FB vir...rst PC po bootu XP

#1 Příspěvek od pepe3dx »

Před nedávnem jsem chytil FB vir. Naběhnou XP a po nabootování se PC restartuje (někdy to hodí modrou smrt) V nouzovém režimu jde normálně tam to nerestartuje. Antivirak použivám McAfee. Za pomoc bych byl moc vděčný nechce se mi reinstalovat system.. Zkoušel jsem to dezinfikovat v nouzáku, ale nepovolí mi to instalaci ničeho.. :( Přikládam log z RSIT.
ps.žádnou hlášku to nepíše




info.txt logfile of random's system information tool 1.09 2011-11-14 18:51:22

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Activision(R)-->MsiExec.exe /X{3FAD68D9-1FA1-4871-9ADF-9151D969E943}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
Aktualizace systému Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x5
ATI Catalyst Control Center-->MsiExec.exe /I{E74138F2-5F04-4E4F-8389-419E012C9B4C}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
AV Voice Changer Software 7.0-->C:\PROGRA~1\AVVCS7~1.0\UNWISE.EXE C:\PROGRA~1\AVVCS7~1.0\INSTALL.LOG
Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
BECHEROVKA MARIÁŠ-->"c:\Program Files\Marias\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0415
CD MP3 Burner 3.00-->"C:\Program Files\CD MP3 Burner\unins000.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CrazyTalk for Skype-->C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\setup.exe -runfromtemp -l0x0404 -removeonly /remove
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
DesetiPrsty5 5.3-->C:\Program Files\DesetiPrsty\pmqUnInstall.exe
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Fraps (remove only)-->"C:\Program files\Fraps\uninstall.exe"
Free CD to MP3 Converter-->C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
FreeRIP v3.1-->"C:\Program Files\FreeRIP3\unins000.exe"
GamePark-->"C:\Program Files\GamePark\unins000.exe"
Gogo MP3 To CD Burner-->"C:\Program Files\Gogo MP3 To CD Burner\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_C8CBFED7F00D3A8C.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.1-->"C:\Program Files\InstallShield Installation Information\{71BFC818-0CED-42D6-9C87-5142918957EE}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 6.8.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L2Informer-->MsiExec.exe /X{84D9E837-E371-4C24-9514-B6A545191327}
Left 4 Dead Standalone Patch-->H:\LAN.LOUKOV\Install\left4death\Uninstall.exe
Left 4 Dead-->"C:\WINDOWS\Left 4 Dead\uninstall.exe" "/U:H:\LAN.LOUKOV\Install\left4death\Uninstall\uninstall.xml"
Lineage II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe" -l0x9 -removeonly
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MorphVOX Junior-->MsiExec.exe /I{F7049A79-20CC-4C4F-8C14-4C878AFAC27E}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /I{6869591A-7DD8-46D2-837F-57CBF7358955}
Nokia PC Suite-->C:\Documents and Settings\All Users\Data aplikací\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
O2 Internet Konfigurator-->C:\Program Files\TO2SSM\unSupportCenter.exe
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenOffice.org 3.1-->MsiExec.exe /I{23E797E9-F852-4AEA-93F0-772ED2B9D9F9}
OpenVPN 2.0.9-gui-1.0.3-->C:\Program Files\OpenVPN\Uninstall.exe
Oprava Hotfix systému Windows XP (KB912817)-->"C:\WINDOWS\$NtUninstallKB912817$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB936357-v2)-->"C:\WINDOWS\$NtUninstallKB936357-v2$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP číslo KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP číslo KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
PC Connectivity Solution-->MsiExec.exe /I{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Singularity(TM)-->"C:\Program Files\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe" -runfromtemp -l0x0409 -removeonly
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Speed-Link SL-6535 USB Pad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}\setup.exe" -l0x9 -removeonly
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Total Commander Ultima Prime 4.6.0.0-->"C:\Program Files\TC UP\un_TC UP.exe"
Trust WB-1400T Webcam-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F6CE1230-A694-4B86-B21C-A11A112689DA} /l1033
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Updates Downloader-->"C:\Program Files\Windows Updates Downloader\uninstall.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XnView 1.92.1-->"C:\Program Files\XnView\unins000.exe"

======Hosts File======

82.208.58.96 l2authd.lineage2.com
82.208.58.96 l2testauthd.lineage2.com
216.107.250.194 nprotect.lineage2.com
85.13.206.114 uuu20091124.info
85.13.206.114 u07012010u.com

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise (outdated)

======System event log======

Computer Name: METHANOL
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba inteligentního přenosu na pozadí (BITS) úspěšně odeslán.

Record Number: 5926
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: METHANOL
Event Code: 7036
Message: Stav služby Kompatibilita pro rychlé přepínání uživatelů byl změněn na: Spuštěno

Record Number: 5925
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 5924
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: METHANOL
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno

Record Number: 5923
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 7023
Message: Služba SPService byla ukončena s následující chybou:
Uvedený modul nebyl nalezen.


Record Number: 5922
Source Name: Service Control Manager
Time Written: 20110319083731.000000+060
Event Type: Chyba
User:

=====Application event log=====

Computer Name: METHANOL
Event Code: 105
Message: The service was started.

Record Number: 5
Source Name: ATI Smart
Time Written: 20111114143108.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 4
Source Name: LightScribeService
Time Written: 20111114140611.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 0
Message:
Record Number: 3
Source Name: ICQ Service
Time Written: 20111114140606.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 0
Message:
Record Number: 2
Source Name: gupdate
Time Written: 20111114140605.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20111114140602.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\TC UP\PLUGINS\Library;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Data aplikací\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Data aplikací\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: o5... FB vir...rst PC po bootu XP

#2 Příspěvek od cernohous13 »

Vítám tě u nás Obrázek

Potřebuji tento log - C:\rsit\log.txt

Zůstaň v Nouzovém režimu s prací v síti a zkus
:arrow: stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej)
:arrow: Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl :)
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#3 Příspěvek od pepe3dx »

Zasílam log co jsi chtěl.


Logfile of random's system information tool 1.09 (written by random/random)
Run by pepe3dx at 2011-11-14 18:51:15
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (7%) free of 305 GB
Total RAM: 1535 MB (83% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, cs@dictionaries.addons.mozilla.org:1.0.2, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#4 Příspěvek od pepe3dx »

PC které je infikované virem není přpojené k sítí. Proto jsem stáhnul soft na notebook (na kterém jsem nyní), ale nedaří se mi ho zkopírovat na flešku a náslešdně instalovat v PC.. :(
Soft MBAM jsem nainstaloval a již prohledavá PC..mam kontrolovat všechny disky ?? (mam 2x 160 GB)
nebo stačí jen C:\ system ??
Naposledy upravil(a) pepe3dx dne 15 lis 2011 15:57, celkem upraveno 1 x.
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: o5... FB vir...rst PC po bootu XP

#5 Příspěvek od cernohous13 »

:?: log.txt není kompletní - z toho fragmentu nic nevyčtu
pepe3dx píše: nedaří se mi ho zkopírovat na flešku a náslešdně instalovat v PC.. :(
nedaří se ho zkopírovat nebo instalovat :???:
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#6 Příspěvek od pepe3dx »

Zasílám kompletní log c:\rsit\log.txt předtim jsem ho špatně zkopíroval sry. A Roguekiller mi nejde zkopírovat na flešku..stahnutej ho mam na ntb. :?:

Logfile of random's system information tool 1.09 (written by random/random)
Run by pepe3dx at 2011-11-14 18:51:15
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (7%) free of 305 GB
Total RAM: 1535 MB (83% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, cs@dictionaries.addons.mozilla.org:1.0.2, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default\extensions\
cs@dictionaries.addons.mozilla.org
travian-bot@uw.hu
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default\searchplugins\
askcom.xml
daemon-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-29 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-08 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-04-08 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-08 298160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-29 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-11-17 75048]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-17 159232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-01-08 395640]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2011-01-05 133432]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-06 26102056]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-21 39408]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"frmihwjc"=C:\Documents and Settings\pepe3dx\frmihwjc.exe []
"MSConfig"=C:\Documents and Settings\pepe3dx\mge.exe \u []
"mssend"=C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2\svcnost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
TWEAKUI.CPL,TweakMeUp []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\pepe3dx\Nabídka Start\Programy\Po spuštění
3cteup1.exe
3hrc09z.exe
f26cx7opgrh.exe
faq1mns88p.exe
khrc09z60q.exe
pfbrrns3.exe
plwrrijk.exe
q703c1yup.exe
xiyzev2jz1.exe
xoog8703o.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\pepe3dx\Dokumenty\Stažené soubory\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost.exe"
"C:\Program Files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe"="C:\Program Files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Disabled:aolload.exe"
"F:\Games\CoD 4 MW\iw3mp.exe"="F:\Games\CoD 4 MW\iw3mp.exe:*:Disabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"F:\Games\Crysis\Bin32\Crysis.exe"="F:\Games\Crysis\Bin32\Crysis.exe:*:Disabled:Crysis_32"
"F:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="F:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Disabled:CrysisDedicatedServer_32"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Disabled:CyberLink PowerDVD 10.0"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe:*:Disabled:CyberLink PowerDVD 10.0"
"C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe"="C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe:*:Disabled:Demigod"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Disabled:ICQ7.1"
"C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2\svcnost.exe"="C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2\svcnost.exe:*:Disabled:ldrsoft"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Disabled:McAfee Framework Service"
"C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe:*:Disabled:mRouterRuntime"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB"
"C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe"="C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe:*:Disabled:Singularity"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.MJPG"=pvmjpg21.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"vidc.i263"=i263_32.drv
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIV3"=DivXc32.dll
"VIDC.DIV4"=DivXc32f.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2011-11-14 18:51:17 ----D---- C:\Program Files\trend micro
2011-11-14 18:51:15 ----D---- C:\rsit
2011-11-14 17:49:57 ----D---- C:\WINDOWS\pss
2011-11-14 17:03:42 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-11-14 14:59:00 ----D---- C:\WINDOWS\CSC

======List of files/folders modified in the last 1 month======

2011-11-14 18:51:17 ----RD---- C:\Program Files
2011-11-14 18:50:30 ----A---- C:\WINDOWS\ntbtlog.txt
2011-11-14 18:49:56 ----D---- C:\WINDOWS
2011-11-14 18:44:30 ----D---- C:\Documents and Settings\pepe3dx\Data aplikací\uTorrent
2011-11-14 18:44:26 ----D---- C:\WINDOWS\Temp
2011-11-14 18:34:57 ----RSH---- C:\boot.ini
2011-11-14 18:34:57 ----A---- C:\WINDOWS\win.ini
2011-11-14 18:34:57 ----A---- C:\WINDOWS\System.ini
2011-11-14 18:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-14 17:16:01 ----SHD---- C:\WINDOWS\Installer
2011-11-14 17:15:42 ----D---- C:\Documents and Settings\pepe3dx\Data aplikací\Skype
2011-11-14 17:14:10 ----D---- C:\WINDOWS\Prefetch
2011-11-14 17:08:32 ----D---- C:\WINDOWS\security
2011-11-14 17:03:42 ----D---- C:\WINDOWS\system32
2011-11-14 16:47:28 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-14 15:28:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-14 14:52:39 ----D---- C:\WINDOWS\system32\oodag
2011-11-14 14:47:58 ----D---- C:\QUARANTINE
2011-11-14 14:47:58 ----D---- C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 SI3132;SiI-3132 SATALink Controller; C:\WINDOWS\system32\DRIVERS\SI3132.sys [2005-01-19 67200]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2004-11-01 10368]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-01-25 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-10 32256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-29 52136]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
S1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 20:25:46]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
S2 nebfvers;nebfvers; C:\WINDOWS\system32\drivers\nebfvers.sys [2011-01-30 82944]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
S2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
S3 agjmhsk9;agjmhsk9; C:\WINDOWS\system32\drivers\agjmhsk9.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-21 25280]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-29 64360]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-29 72264]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-29 34152]
S3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-29 168776]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 npkcrypt;npkcrypt; \??\F:\Games\Lineage 2\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\F:\Games\Lineage 2\system\npkycryp.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-09-07 21920]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-24 53248]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
S2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
S2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-29 144960]
S2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-29 54872]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-17 66872]
S2 SPService;SPService; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-21 182768]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#7 Příspěvek od pepe3dx »

Tady zasílám log po použití soft. MBAM udělal jsem vše dle tvích rad. C:\ jsem nechal zkontrolovat a odstranil vše co bylo v seznamu.
Ještě tak asi učiním i s sotatními disky.

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

15.11.2011 15:34:52
mbam-log-2011-11-15 (15-34-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 272130
Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 140

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lEkLbHb26400 (Trojan.FakeAlert) -> Value: lEkLbHb26400 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Trojan.Agent) -> Value: mssend -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig (Trojan.Agent) -> Value: MSConfig -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Oficla) -> Bad: ("C:\DOCUME~1\pepe3dx\LOCALS~1\Temp\goqw.tco") Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\pepe3dx\Data aplikací\juzjf.exe,explorer.exe,C:\RECYCLER\S-1-5-21-1454016326-4292737402-853098381-8657\djwi2kcew.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe "C:\DOCUME~1\pepe3dx\LOCALS~1\Temp\goqw.tco" vnbyln) Good: (explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\data aplikací\leklbhb26400\leklbhb26400.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\goqw.tco (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\all users\data aplikací\j7336mgfkgmf6550.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\1sjuyvhyq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\1wxg2g3op.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3e7wlevjc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3ifaqclyp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3sufl4fmv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3z1piteyc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\5oydvxxvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\62ucfmt5b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\67mkkbkde.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\6uzpzdcvk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\6ywqkpswo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\7mlvscpkd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\81xyhg25m.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\9ykb6om3x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\a4zkhj0sg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ad1qo2nks.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ajd9fsmnz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\akwcdumxe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\amewru56w.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ayto2t4x4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\bq9vtyjyz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\bqyp98ut7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ckrcezixi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ctanlvdso.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\czmnfjld2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\d7mkqecty.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\djxwsnatl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\dyeqgf7of.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ezhzjtatr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\f9nt4u7ig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\fcqkhqjrc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\fvc4lqwbb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\g3ffvsity.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\gvdkeibjo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\heh6yuvks.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\hrgpgaxbn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\hyodt6qpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\i0oqr4hep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\iq4lbokr5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\iy6h86fea.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\k1x930obu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\k7kgnjgjm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\kt2js5a05.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ktdxjvzjo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\l8fa5vjxq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\lkxhcgjhl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\lshy1if8j.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\mtwl8is9d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\n9wfv1691.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\oikrtxbv1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\p2trdjhbk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\p2wj241e3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\p6wnetiky.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\qccoemcad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\qsf0nxry8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\rdnwihbrh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\rf7hlaw58.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\rwmjf3f5v.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\t6ohru1r6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\t8crhtqsj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\taod2epef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\tn0krodbj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\u9oppitda.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\uqfcwrgyy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\uqyufpf58.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\v6p5s9qig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\vbsvltvfo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\vt0jz94y5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\vvffyy1rz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\xegh2kr8i.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\y0k61ugp0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ymu9c6duf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\zisctl3xb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\znekh3pwh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\znwy6dbvj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\dokumenty\stažené soubory\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\dokumenty\stažené soubory\facebook-pic000934519.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\025.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\0796247.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\272.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\4069.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\4428568.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\499.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\503242.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\51602.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\524.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\540.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\610.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\6445.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\768.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\8.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\80966.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\813144.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\844.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\880.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\8C.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\9.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\A.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\B.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\fvnrei[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\sample[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\workpurt[2] (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\zup[1] (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\cas[1] (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\cdsceds[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\cmewo5[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\lord1[1] (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\UB6ZY5MB\lord1[1] (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\UB6ZY5MB\sample[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\UB6ZY5MB\workpurt[1] (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\cas[1] (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\ch4k[1] (Trojan.VB) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\iconush1[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\sec[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\wisjcb[1].txt (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\3hrc09z.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\faq1mns88p.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\khrc09z60q.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\pfbrrns3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\xoog8703o.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0111194712-6825991149-372096567-3556\yv8g67.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-8806889352-2525075463-484597010-8774\yv8g67.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6ca45415-19ad-4329-b5cf-65d3d6b04c4c}\RP810\A0173169.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\5EEAEB8D.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\6DECD52F.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ssjha.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\6116572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\010112010146101105.rx (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\010112010146114101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\01011201014650115.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: o5... FB vir...rst PC po bootu XP

#8 Příspěvek od cernohous13 »

:D Se tu smolím s dalším pokusem ale mezitím MBAM už kus práce udělal :wink:

:arrow: Pokračujeme další zbraní (zkus v normálním režimu - při problémech v nouzovém)
Stáhni si :arrow: : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#9 Příspěvek od pepe3dx »

ouk jdu na to..MBAM dobrá utilitka.. :thumbsup: už mi projíždí i ntb..jdu na ten ComboFix pak sem pastnu ten log.
ouuu po nabootování systemu opět modrá smrt.. :cry: ComboFix musim zpustit v nouzáku..
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#10 Příspěvek od pepe3dx »

Nedaří se mi vypnout McAfee. Ani přes Správce úloh. Nevidím ho tam jako proces.. :?:
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: o5... FB vir...rst PC po bootu XP

#11 Příspěvek od cernohous13 »

On asi v NR ani neběží - ignoruj a nahoď CF
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#12 Příspěvek od pepe3dx »

PC během prace CF hodilo rst a naběhlo v normálním režimu..a zatim to nepadlo.. :idea:
Tady zasílám ten log..



ComboFix 11-11-15.01 - pepe3dx 15.11.2011 17:28:38.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1272 [GMT 1:00]
Spuštěný z: c:\documents and settings\pepe3dx\Plocha\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pepe3dx\frmihwjc.exe
c:\windows\42F831D9.exe
c:\windows\5155FA54.exe
c:\windows\74D97781.exe
c:\windows\ntdll.dl
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-15 do 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 13:51 . 2011-11-15 13:51 -------- d-----w- c:\documents and settings\pepe3dx\Data aplikací\Malwarebytes
2011-11-15 13:50 . 2011-11-15 13:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-15 13:50 . 2011-11-15 13:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-15 13:50 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-14 17:51 . 2011-11-14 17:51 -------- d-----w- c:\program files\trend micro
2011-11-14 16:03 . 2011-11-14 16:03 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-08 395640]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2011-01-05 133432]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-17 75048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Lucka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.1.lnk - h:\openoffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\pepe3dx\Nabídka Start\Programy\Po spuštění\
3cteup1.exe [2011-1-30 43520]
f26cx7opgrh.exe [2011-1-30 43520]
plwrrijk.exe [2011-1-30 43520]
q703c1yup.exe [2011-2-8 43520]
xiyzev2jz1.exe [2011-1-30 43520]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Singularity(TM)\\Binaries\\Singularity.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"17061:TCP"= 17061:TCP:*:Disabled:spport
"6055:TCP"= 6055:TCP:*:Disabled:spport
"18591:TCP"= 18591:TCP:*:Disabled:spport
"19980:TCP"= 19980:TCP:*:Disabled:spport
"14579:TCP"= 14579:TCP:*:Disabled:spport
"5717:TCP"= 5717:TCP:*:Disabled:spport
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.4.2008 16:24 717296]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 20:25];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.6.2008 7:53 246520]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7.9.2008 19:02 21920]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 13:37 26624]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.1.2011 12:07 136176]
S2 nebfvers;nebfvers;c:\windows\system32\drivers\nebfvers.sys [30.1.2011 21:56 82944]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.1.2011 12:07 136176]
S3 npkycryp;npkycryp;\??\f:\games\Lineage 2\system\npkycryp.sys --> f:\games\Lineage 2\system\npkycryp.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 11:06]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 11:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://clinic.mcafee.com/clinic/mpfplus/en-us/mpfplus4/chkupd.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\documents and settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: České slovníky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-frmihwjc - c:\documents and settings\pepe3dx\frmihwjc.exe
HKLM-Run-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-Tweak UI - TWEAKUI.CPL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 17:37
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="143F83A1836FED090C094082E275E79162487F8C41E57CF916CFD54AB4D27DD8C0AEFDD577F384FCA50ABFBEB53ED7BBCACD5ABCEF30668624AE013372804663CB7B6D09D216531A4F3DFC4B82CDCE4F0724DC2175961BD784CDCC1050D6FE6709D26A132D287E1194A48E7D6DDB3F0C7A43422C1D5680D5123B359062B79F21EB74CF018552B0082256D3DCFC7525A3AAB50883160202E34C957716A1D923BA0DB7BE90BB119599C8FD6D26FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C8EDD5E5BE2F6E667FEBC9E127BECC74C7DD8105BFCC401134388ED3B2D05F76AD149DAF54B608F6188477F8BDE064AB2F334444B616EA7B691FDAB4AC138FCCAA258B5B203D9E9830C95575FE3A45336CECE02491D10F24603DDB7C1A5DEF64EF1A2B382960E2D16B11E20868A1545D1DBD75CB920F49D384F9D56F3849CA06D038269430715B42BE33E5E8C4C84BCD3D1D1EBF6010022BA94834FA52AA6F5CCFA24F0477D991F89F3289EF1C9B419C0C6934C4D7626412A54AB70120949B84BE40869D7425BCC2893E2EDA9C7F8FB4D39C61CFCDFEF009CF1860B68B8E06DF8AE8372AD47AC65375AC65F9CAE39CD64886C003DBBFB25D7B857F1C7F0605F19AC3F32F81DF6D216C4020AA70871B8A479559E35B0F9BDD7D5B57F4811CD98A692B6D2DC7A33425C3196099886332DE0B22925020730984DDA0E8FF39944EBCBFB3C82EF3C7126D1635AF9357B21DD9FC36141B52CF7CB9A3C9F82C732716E6AE77571BC60D5357403F600B56175419B1BCF2854303EAD5754FDBC36A317F896B7D855C28995E9769A69C144527A12C20D149057C783DB4FDF9128A65B0C2919B2B3E9F57EFE813C9A04E9828E12D0B7D32737ABCC5F36020115B0706C3B60ED03A8E93CAA6EFEDFD56D26047AAFC0D089515BB2BBF8DFA2BB9AC6638CA1C1C6B52A1A719CD82730839EAA511C5CE7992F34BFC0B50E421AFB035F4115D23907BF02BDE28745852DC0652EE522B3124FA9C12DA0FE6F88020D08F24084F37247754D1FD5C24E680C8A63E9B15B65CDE5C13F6E0C0284A2AAA0B47E0A7C40DED4927C0C8047A4E037C58E9D183CB66F02A2C9D33749C3C617CC6902BC420533AE34D4D60EB689C44CB8B10BF2DA7F0E7F5ECD304607BDEA008AD804E9C0A5690CDD6D549C5156B01C90E7F90D74AC036DE68E5CD09190CB50B68B8A190696BD52F4B55E3F7FF47FAC5AA5B327683E6E8C97A434E5DFF16A28145EA342C2643220C46CD17E4C6556B78B3008F33C4735D42A7995068E2D0A5AC6FD60D44DAB0B457BA612D2E6BA982AFA204A9C15717BEFC0CB64A4DF9D33ED5971D333219F5246AACC032F209B7326E2E3CEBDC1782FBDDF2E0AAC"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1956)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\RTHDCPL.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-15 17:43:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-15 16:43
.
Před spuštěním: Volných bajtů: 23 351 201 792
Po spuštění: Volných bajtů: 29 102 714 880
.
- - End Of File - - AA35265A769752B3420BC14B0ACE5C7C
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: o5... FB vir...rst PC po bootu XP

#13 Příspěvek od cernohous13 »

Podaří se ti ve složce c:\documents and settings\pepe3dx\Nabídka Start\Programy\Po spuštění\ smazat všechny soubory?
3cteup1.exe
f26cx7opgrh.exe
plwrrijk.exe
q703c1yup.exe
xiyzev2jz1.exe

jinak na to vezmu kanon :)
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
pepe3dx
Návštěvník
Návštěvník
Příspěvky: 208
Registrován: 14 lis 2011 20:42

Re: o5... FB vir...rst PC po bootu XP

#14 Příspěvek od pepe3dx »

Tu složku mi to ukazuje jako prázdnou a to i v TC jeji velikost to ukazuje 212 kB tak nevim.. :?:
Jinak ted jsem "ho" znova restart a běží v pohodě.. :idea:
Ještě jestli by jsi mi poradil nějakou utilitku na optimalizaci systemu co jednou za čas pustím
aby to běhalo tak jak má.
Nahoru
Uživatelský avatar
cernohous13
VIP in memoriam
VIP in memoriam
Příspěvky: 8721
Registrován: 09 pro 2006 06:19
Bydliště: Jablonec nad Nisou
Kontaktovat uživatele:
Kontaktovat uživatele cernohous13

Re: o5... FB vir...rst PC po bootu XP

#15 Příspěvek od cernohous13 »

Zatím neřeš nic dopředu, dej mi aktuální RSIT - ještě je tam dost čištění :wink:
Doporučení:
V průběhu léčení prováděj nové instalace a odinstalace jen na můj pokyn.
Důkladně prostuduj a proveď celou operaci podle mé odpovědi.
V případě nejasností se zeptej - vysvětlím Obrázek

-------------------------------------------------------------------------------------------------
> Podpora fóra <
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“