VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

o5... FB vir...rst PC po bootu XP

https://forum.viry.cz:443/viewtopic.php?t=117029

Stránka 1 z 4

o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 13:59
od pepe3dx
Před nedávnem jsem chytil FB vir. Naběhnou XP a po nabootování se PC restartuje (někdy to hodí modrou smrt) V nouzovém režimu jde normálně tam to nerestartuje. Antivirak použivám McAfee. Za pomoc bych byl moc vděčný nechce se mi reinstalovat system.. Zkoušel jsem to dezinfikovat v nouzáku, ale nepovolí mi to instalaci ničeho.. :( Přikládam log z RSIT.
ps.žádnou hlášku to nepíše




info.txt logfile of random's system information tool 1.09 2011-11-14 18:51:22

======Uninstall list======

-->C:\Program Files\Ahead\nero\uninstall\UNNERO.exe /UNINSTALL
-->MsiExec /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
µTorrent-->"C:\Program Files\uTorrent\uTorrent.exe" /UNINSTALL
Activision(R)-->MsiExec.exe /X{3FAD68D9-1FA1-4871-9ADF-9151D969E943}
Adobe AIR-->C:\Program Files\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{A2BCA9F1-566C-4805-97D1-7FDC93386723}
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10l_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\FlashUtil10k_Plugin.exe -maintain plugin
Adobe Reader 7.0-->MsiExec.exe /I{AC76BA86-7AD7-1033-7646-A70000000000}
Aktualizace systému Windows XP (KB894391)-->"C:\WINDOWS\$NtUninstallKB894391$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB898461)-->"C:\WINDOWS\$NtUninstallKB898461$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB900485)-->"C:\WINDOWS\$NtUninstallKB900485$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB904942)-->"C:\WINDOWS\$NtUninstallKB904942$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB908531)-->"C:\WINDOWS\$NtUninstallKB908531$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB910437)-->"C:\WINDOWS\$NtUninstallKB910437$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB911280)-->"C:\WINDOWS\$NtUninstallKB911280$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB916595)-->"C:\WINDOWS\$NtUninstallKB916595$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB920872)-->"C:\WINDOWS\$NtUninstallKB920872$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB922582)-->"C:\WINDOWS\$NtUninstallKB922582$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB927891)-->"C:\WINDOWS\$NtUninstallKB927891$\spuninst\spuninst.exe"
Aktualizace systému Windows XP (KB938828)-->"C:\WINDOWS\$NtUninstallKB938828$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB923689)-->"C:\WINDOWS\$NtUninstallKB923689$\spuninst\spuninst.exe"
Aktualizace zabezpečení produktu Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB893756)-->"C:\WINDOWS\$NtUninstallKB893756$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB896358)-->"C:\WINDOWS\$NtUninstallKB896358$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB896423)-->"C:\WINDOWS\$NtUninstallKB896423$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB896428)-->"C:\WINDOWS\$NtUninstallKB896428$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB899587)-->"C:\WINDOWS\$NtUninstallKB899587$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB899591)-->"C:\WINDOWS\$NtUninstallKB899591$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB900725)-->"C:\WINDOWS\$NtUninstallKB900725$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB901017)-->"C:\WINDOWS\$NtUninstallKB901017$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB901190)-->"C:\WINDOWS\$NtUninstallKB901190$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB901214)-->"C:\WINDOWS\$NtUninstallKB901214$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB905414)-->"C:\WINDOWS\$NtUninstallKB905414$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB905749)-->"C:\WINDOWS\$NtUninstallKB905749$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB908519)-->"C:\WINDOWS\$NtUninstallKB908519$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB911562)-->"C:\WINDOWS\$NtUninstallKB911562$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB911927)-->"C:\WINDOWS\$NtUninstallKB911927$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB913580)-->"C:\WINDOWS\$NtUninstallKB913580$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB914388)-->"C:\WINDOWS\$NtUninstallKB914388$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB914389)-->"C:\WINDOWS\$NtUninstallKB914389$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB917537)-->"C:\WINDOWS\$NtUninstallKB917537$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB918118)-->"C:\WINDOWS\$NtUninstallKB918118$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB918439)-->"C:\WINDOWS\$NtUninstallKB918439$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB919007)-->"C:\WINDOWS\$NtUninstallKB919007$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920213)-->"C:\WINDOWS\$NtUninstallKB920213$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920670)-->"C:\WINDOWS\$NtUninstallKB920670$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920683)-->"C:\WINDOWS\$NtUninstallKB920683$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB920685)-->"C:\WINDOWS\$NtUninstallKB920685$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB921503)-->"C:\WINDOWS\$NtUninstallKB921503$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB922819)-->"C:\WINDOWS\$NtUninstallKB922819$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923191)-->"C:\WINDOWS\$NtUninstallKB923191$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923414)-->"C:\WINDOWS\$NtUninstallKB923414$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB923980)-->"C:\WINDOWS\$NtUninstallKB923980$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB924270)-->"C:\WINDOWS\$NtUninstallKB924270$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB924667)-->"C:\WINDOWS\$NtUninstallKB924667$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB925902)-->"C:\WINDOWS\$NtUninstallKB925902$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB926255)-->"C:\WINDOWS\$NtUninstallKB926255$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB926436)-->"C:\WINDOWS\$NtUninstallKB926436$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB927779)-->"C:\WINDOWS\$NtUninstallKB927779$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB927802)-->"C:\WINDOWS\$NtUninstallKB927802$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB928255)-->"C:\WINDOWS\$NtUninstallKB928255$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB930178)-->"C:\WINDOWS\$NtUninstallKB930178$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB931261)-->"C:\WINDOWS\$NtUninstallKB931261$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB932168)-->"C:\WINDOWS\$NtUninstallKB932168$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB933729)-->"C:\WINDOWS\$NtUninstallKB933729$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB935840)-->"C:\WINDOWS\$NtUninstallKB935840$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB937894)-->"C:\WINDOWS\$NtUninstallKB937894$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB938829)-->"C:\WINDOWS\$NtUninstallKB938829$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB941202)-->"C:\WINDOWS\$NtUninstallKB941202$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB941644)-->"C:\WINDOWS\$NtUninstallKB941644$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB943460)-->"C:\WINDOWS\$NtUninstallKB943460$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB943485)-->"C:\WINDOWS\$NtUninstallKB943485$\spuninst\spuninst.exe"
Aktualizace zabezpečení systému Windows XP (KB944653)-->"C:\WINDOWS\$NtUninstallKB944653$\spuninst\spuninst.exe"
Apple Application Support-->MsiExec.exe /I{553255F3-78FD-40F1-A6F8-6882140265FE}
Apple Software Update-->MsiExec.exe /I{6956856F-B6B3-4BE0-BA0B-8F495BE32033}
Athlon 64 Processor Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\09\01\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{C151CE54-E7EA-4804-854B-F515368B0798}\setup.exe" -l0x5
ATI Catalyst Control Center-->MsiExec.exe /I{E74138F2-5F04-4E4F-8389-419E012C9B4C}
ATI Display Driver-->rundll32 C:\WINDOWS\system32\atiiiexx.dll,_InfEngUnInstallINFFile_RunDLL@16 -force_restart -flags:0x2010001 -inf_class:DISPLAY -clean
ATI HYDRAVISION-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{083F79E4-6FE9-46FB-A6C6-4F8862742947}\setup.exe"
ATI Parental Control & Encoder-->MsiExec.exe /I{8D70145A-3BD3-4DBF-9CBF-223EF4A43257}
AV Voice Changer Software 7.0-->C:\PROGRA~1\AVVCS7~1.0\UNWISE.EXE C:\PROGRA~1\AVVCS7~1.0\INSTALL.LOG
Balíček ovladače systému Windows - Nokia Modem (06/01/2009 7.01.0.4)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokbtmdm_0777326F40B753DD4E385F058ADB286B70A301FE\nokbtmdm.inf
Balíček ovladače systému Windows - Nokia Modem (10/05/2009 4.2)-->C:\PROGRA~1\DIFX\270581355A767BF1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\nokia_blue_AAB746D5658CCF4CAE7A35CED5F0ADA3C447A973\nokia_bluetooth.inf
Balíček ovladače systému Windows - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\B4723E9A0713E5B1\dpinst.exe /u C:\WINDOWS\system32\DRVSTORE\pccsmcfd_A3B3916E5D8138F59EE218321B27B044D3B18294\pccsmcfd.inf
BECHEROVKA MARIÁŠ-->"c:\Program Files\Marias\unins000.exe"
Call of Duty(R) 4 - Modern Warfare(TM) 1.4 Patch-->C:\Program Files\InstallShield Installation Information\{3BD633E0-4BF8-4499-9149-88F0767D449C}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.5 Multiplayer Patch-->C:\Program Files\InstallShield Installation Information\{8503C901-85D7-4262-88D2-8D8B2A7B08B8}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM) 1.6 Patch-->C:\Program Files\InstallShield Installation Information\{8A15B7D9-908A-4EF9-BA84-5AEDE61743EE}\setup.exe -runfromtemp -l0x0409
Call of Duty(R) 4 - Modern Warfare(TM)-->C:\Program Files\InstallShield Installation Information\{E48469CC-635E-4FD5-A122-1497C286D217}\setup.exe -runfromtemp -l0x0415
CD MP3 Burner 3.00-->"C:\Program Files\CD MP3 Burner\unins000.exe"
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
CrazyTalk for Skype-->C:\Program Files\InstallShield Installation Information\{8865B208-4759-4308-8DB5-3C18D2F568E2}\setup.exe -runfromtemp -l0x0404 -removeonly /remove
Crysis(R)-->MsiExec.exe /I{000E79B7-E725-4F01-870A-C12942B7F8E4}
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
CyberLink PowerDVD 10-->"C:\Program Files\InstallShield Installation Information\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}\Setup.exe" /z-uninstall
DesetiPrsty5 5.3-->C:\Program Files\DesetiPrsty\pmqUnInstall.exe
DEVIL MAY CRY 4-->MsiExec.exe /I{D4E5A687-797D-44B1-8F96-4FD7A24166A9}
eMule-->"C:\Program Files\eMule\Uninstall.exe"
Fraps (remove only)-->"C:\Program files\Fraps\uninstall.exe"
Free CD to MP3 Converter-->C:\PROGRA~1\CDTOMP~1\UNWISE.EXE C:\PROGRA~1\CDTOMP~1\INSTALL.LOG
FreeRIP v3.1-->"C:\Program Files\FreeRIP3\unins000.exe"
GamePark-->"C:\Program Files\GamePark\unins000.exe"
Gogo MP3 To CD Burner-->"C:\Program Files\Gogo MP3 To CD Burner\unins000.exe"
Google Toolbar for Internet Explorer-->"C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarManager_C8CBFED7F00D3A8C.exe" /uninstall
Google Toolbar for Internet Explorer-->MsiExec.exe /I{18455581-E099-4BA8-BC6B-F34B2F06600C}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Hamachi 1.0.2.5-->C:\Program Files\Hamachi\uninstall.exe
High Definition Audio Driver Package - KB888111-->"C:\WINDOWS\$NtUninstallKB888111WXPSP2$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB926239)-->"C:\WINDOWS\$NtUninstallKB926239$\spuninst\spuninst.exe"
ICQ Toolbar-->C:\Program Files\ICQ6Toolbar\ICQUnToolbar.exe
ICQ7.1-->"C:\Program Files\InstallShield Installation Information\{71BFC818-0CED-42D6-9C87-5142918957EE}\ICQ7.exe" -runfromtemp -l0x0009 -removeonly
ImageMixer VCD/DVD2 for OLYMPUS-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\0701\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{1F51A0CA-2BDD-474E-BB90-C7FA8EA78F52}\Setup.exe" -l0x9 UNINSTALL
Java(TM) 6 Update 22-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216011FF}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
K-Lite Mega Codec Pack 6.8.0-->"C:\Program Files\K-Lite Codec Pack\unins000.exe"
L2Informer-->MsiExec.exe /X{84D9E837-E371-4C24-9514-B6A545191327}
Left 4 Dead Standalone Patch-->H:\LAN.LOUKOV\Install\left4death\Uninstall.exe
Left 4 Dead-->"C:\WINDOWS\Left 4 Dead\uninstall.exe" "/U:H:\LAN.LOUKOV\Install\left4death\Uninstall\uninstall.xml"
Lineage II-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{076A6FD8-EE45-4A83-B3C9-C7C34E7CAFDD}\setup.exe" -l0x9 -removeonly
Logitech Registration-->MsiExec.exe /I{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Magic ISO Maker v5.4 (build 0251)-->C:\PROGRA~1\MagicISO\UNWISE.EXE C:\PROGRA~1\MagicISO\INSTALL.LOG
McAfee AntiSpyware Enterprise Module-->"C:\Program Files\McAfee\VirusScan Enterprise\scan32.exe" /UninstallMAS
McAfee VirusScan Enterprise-->MsiExec.exe /I{35C03C04-3F1F-42C2-A989-A757EE691F65}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 2.0-->C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Microsoft .NET Framework 2.0\install.exe
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft User-Mode Driver Framework Feature Pack 1.7-->"C:\WINDOWS\$NtUninstallWudf01007$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
MorphVOX Junior-->MsiExec.exe /I{F7049A79-20CC-4C4F-8C14-4C878AFAC27E}
Mozilla Firefox (3.6.13)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
MSVC80_x86_v2-->MsiExec.exe /I{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}
MSXML 4.0 SP2 (KB936181)-->MsiExec.exe /I{C04E32E0-0416-434D-AFB9-6969D703A9EF}
MSXML 6.0 Parser (KB933579)-->MsiExec.exe /I{0A869A65-8C94-4F7C-A5C7-972D3C8CED9E}
Nero Suite-->C:\Program Files\Common Files\Nero\Uninstall\setupx.exe /uninstall ExtraUninstallID=""
Nokia Connectivity Cable Driver-->MsiExec.exe /I{6869591A-7DD8-46D2-837F-57CBF7358955}
Nokia PC Suite-->C:\Documents and Settings\All Users\Data aplikací\Installations\{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}\Nokia_PC_Suite_7_1_40_1_cze_web.exe
Nokia PC Suite-->MsiExec.exe /I{9249D7E7-33E7-4CC8-BB0B-3DF3C3CB2568}
NVIDIA PhysX-->MsiExec.exe /X{E10DB5DA-E576-40EA-A7FC-1CB2A7B283A6}
O&O Defrag Professional Edition-->MsiExec.exe /I{53480330-E1D1-41CA-B8F8-7F78644F7F50}
O2 Internet Konfigurator-->C:\Program Files\TO2SSM\unSupportCenter.exe
OLYMPUS Master-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{BA820A24-704B-428D-9904-71A10DAC1372} /l1033 /zUNINSTALL
OpenOffice.org 3.1-->MsiExec.exe /I{23E797E9-F852-4AEA-93F0-772ED2B9D9F9}
OpenVPN 2.0.9-gui-1.0.3-->C:\Program Files\OpenVPN\Uninstall.exe
Oprava Hotfix systému Windows XP (KB912817)-->"C:\WINDOWS\$NtUninstallKB912817$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB935448)-->"C:\WINDOWS\$NtUninstallKB935448$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB935843)-->"C:\WINDOWS\$NtUninstallKB935843$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP (KB936357-v2)-->"C:\WINDOWS\$NtUninstallKB936357-v2$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP číslo KB873339-->C:\WINDOWS\$NtUninstallKB873339$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB885836-->C:\WINDOWS\$NtUninstallKB885836$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB886185-->C:\WINDOWS\$NtUninstallKB886185$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB887472-->C:\WINDOWS\$NtUninstallKB887472$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB888302-->C:\WINDOWS\$NtUninstallKB888302$\spuninst\spuninst.exe
Oprava Hotfix systému Windows XP číslo KB890859-->"C:\WINDOWS\$NtUninstallKB890859$\spuninst\spuninst.exe"
Oprava Hotfix systému Windows XP číslo KB891781-->C:\WINDOWS\$NtUninstallKB891781$\spuninst\spuninst.exe
PC Connectivity Solution-->MsiExec.exe /I{6E0352EE-6F0D-4FBC-B1B8-4FF032C78BE0}
PowerDVD-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}\Setup.exe" -uninstall
PowerISO-->"C:\Program Files\PowerISO\uninstall.exe"
PSPad editor-->"C:\Program Files\PSPad editor\Uninst\unins000.exe"
PunkBuster Services-->C:\WINDOWS\system32\pbsvc.exe -u
QuickTime-->MsiExec.exe /I{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\Setup.exe" -l0x5 -removeonly
Singularity(TM)-->"C:\Program Files\InstallShield Installation Information\{3FAD68D9-1FA1-4871-9ADF-9151D969E943}\setup.exe" -runfromtemp -l0x0409 -removeonly
Skype Toolbars-->MsiExec.exe /I{981029E0-7FC9-4CF3-AB39-6F133621921A}
Skype™ 4.2-->MsiExec.exe /X{D103C4BA-F905-437A-8049-DB24763BBE36}
Softarová utilita ATI - Odinstalovat-->C:\Program Files\ATI Technologies\UninstallAll\AtiCimUn.exe
Speed-Link SL-6535 USB Pad-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B0DC2DA9-2AF9-422A-88E0-1B84E0F65DB5}\setup.exe" -l0x9 -removeonly
Switch Sound File Converter-->C:\Program Files\NCH Swift Sound\Switch\uninst.exe
TeamSpeak 2 RC2-->"C:\Program Files\Teamspeak2_RC2\unins000.exe"
Total Commander Ultima Prime 4.6.0.0-->"C:\Program Files\TC UP\un_TC UP.exe"
Trust WB-1400T Webcam-->C:\PROGRA~1\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F6CE1230-A694-4B86-B21C-A11A112689DA} /l1033
Ventrilo-->MsiExec.exe /I{789289CA-F73A-4A16-A331-54D498CE069F}
Windows Installer 3.1 (KB893803)-->"C:\WINDOWS\$MSI31Uninstall_KB893803v2$\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows Updates Downloader-->"C:\Program Files\Windows Updates Downloader\uninstall.exe"
Windows XP Service Pack 2-->C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe
WinRAR-->C:\Program Files\WinRAR\uninstall.exe
XnView 1.92.1-->"C:\Program Files\XnView\unins000.exe"

======Hosts File======

82.208.58.96 l2authd.lineage2.com
82.208.58.96 l2testauthd.lineage2.com
216.107.250.194 nprotect.lineage2.com
85.13.206.114 uuu20091124.info
85.13.206.114 u07012010u.com

======Security center information======

AV: VirusScan Enterprise + AntiSpyware Enterprise (outdated)

======System event log======

Computer Name: METHANOL
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Služba inteligentního přenosu na pozadí (BITS) úspěšně odeslán.

Record Number: 5926
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: METHANOL
Event Code: 7036
Message: Stav služby Kompatibilita pro rychlé přepínání uživatelů byl změněn na: Spuštěno

Record Number: 5925
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 7035
Message: Řídící příkaz Spuštěno byl službě Kompatibilita pro rychlé přepínání uživatelů úspěšně odeslán.

Record Number: 5924
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User: NT AUTHORITY\SYSTEM

Computer Name: METHANOL
Event Code: 7036
Message: Stav služby Terminálová služba byl změněn na: Spuštěno

Record Number: 5923
Source Name: Service Control Manager
Time Written: 20110319083748.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 7023
Message: Služba SPService byla ukončena s následující chybou:
Uvedený modul nebyl nalezen.


Record Number: 5922
Source Name: Service Control Manager
Time Written: 20110319083731.000000+060
Event Type: Chyba
User:

=====Application event log=====

Computer Name: METHANOL
Event Code: 105
Message: The service was started.

Record Number: 5
Source Name: ATI Smart
Time Written: 20111114143108.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 4
Message: The LightScribe Service started successfully.

Record Number: 4
Source Name: LightScribeService
Time Written: 20111114140611.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 0
Message:
Record Number: 3
Source Name: ICQ Service
Time Written: 20111114140606.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 0
Message:
Record Number: 2
Source Name: gupdate
Time Written: 20111114140605.000000+060
Event Type: Informace
User:

Computer Name: METHANOL
Event Code: 105
Message: The service was started.

Record Number: 1
Source Name: ATI Smart
Time Written: 20111114140602.000000+060
Event Type: Informace
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=C:\Program Files\NVIDIA Corporation\PhysX\Common;C:\Program Files\PC Connectivity Solution\;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;C:\Program Files\TC UP\PLUGINS\Library;C:\Program Files\QuickTime\QTSystem\
"windir"=%SystemRoot%
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 47 Stepping 2, AuthenticAMD
"PROCESSOR_REVISION"=2f02
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"FP_NO_HOST_CHECK"=NO
"VSEDEFLOGDIR"=C:\Documents and Settings\All Users\Data aplikací\McAfee\DesktopProtection
"DEFLOGDIR"=C:\Documents and Settings\All Users\Data aplikací\McAfee\DesktopProtection
"CLASSPATH"=.;C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre6\lib\ext\QTJava.zip
"SAFEBOOT_OPTION"=MINIMAL

-----------------EOF-----------------

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 14:24
od cernohous13
Vítám tě u nás Obrázek

Potřebuji tento log - C:\rsit\log.txt

Zůstaň v Nouzovém režimu s prací v síti a zkus
:arrow: stáhni a spusť http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
dej volbu 2 - vytvořený log sem zkopíruj

opakuj s volbou 3 a 4 (logy mi dej)
:arrow: Stáhni a nainstaluj MBAM zde http://www.download.com/Malwarebytes-An ... tag=button
Spustit > na 3.záložce "Aktualizace" > Kontrola aktualizací
následně na 1.záložce "Kontrolor" -> Úplná kontrola -> Prohledat
po ukončení -> Zobrazit výsledky -> zkontrolovat zda je vše označeno -> Odstranit označené
vyběhne log, ve kterém budou záznamy tohoto typu:
Infikované adresáře:
C:\Program Files\xxxxxx -> Quarantined and deleted successfully.
ten bych rád viděl :)

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 15:39
od pepe3dx
Zasílam log co jsi chtěl.


Logfile of random's system information tool 1.09 (written by random/random)
Run by pepe3dx at 2011-11-14 18:51:15
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (7%) free of 305 GB
Total RAM: 1535 MB (83% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, cs@dictionaries.addons.mozilla.org:1.0.2, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 15:45
od pepe3dx
PC které je infikované virem není přpojené k sítí. Proto jsem stáhnul soft na notebook (na kterém jsem nyní), ale nedaří se mi ho zkopírovat na flešku a náslešdně instalovat v PC.. :(
Soft MBAM jsem nainstaloval a již prohledavá PC..mam kontrolovat všechny disky ?? (mam 2x 160 GB)
nebo stačí jen C:\ system ??

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 15:56
od cernohous13
:?: log.txt není kompletní - z toho fragmentu nic nevyčtu
pepe3dx píše: nedaří se mi ho zkopírovat na flešku a náslešdně instalovat v PC.. :(
nedaří se ho zkopírovat nebo instalovat :???:

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 16:03
od pepe3dx
Zasílám kompletní log c:\rsit\log.txt předtim jsem ho špatně zkopíroval sry. A Roguekiller mi nejde zkopírovat na flešku..stahnutej ho mam na ntb. :?:

Logfile of random's system information tool 1.09 (written by random/random)
Run by pepe3dx at 2011-11-14 18:51:15
Systém Microsoft Windows XP Professional Service Pack 2
System drive C: has 20 GB (7%) free of 305 GB
Total RAM: 1535 MB (83% free)

HijackThis download failed

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://start.icq.com/"
prefs.js - "extensions.enabledItems" - "{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, cs@dictionaries.addons.mozilla.org:1.0.2, {800b5000-a755-47e1-992b-48a1c1357f07}:2.0.0.2, {7b13ec3e-999a-4b70-b9cb-2617b8323822}:2.5.8.6, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13"

"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.0.51204.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
browser.xpt
browserdirprovider.dll
brwsrcmp.dll
components.list
FeedConverter.js
FeedProcessor.js
FeedWriter.js
fuelApplication.js
GPSDGeolocationProvider.js
jsconsole-clhandler.js
NetworkGeolocationProvider.js
nsAddonRepository.js
nsBadCertHandler.js
nsBlocklistService.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDefaultCLH.js
nsDownloadManagerUI.js
nsExtensionManager.js
nsFormAutoComplete.js
nsHandlerService.js
nsHelperAppDlg.js
nsINIProcessor.js
nsIQTScriptablePlugin.xpt
nsLivemarkService.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsMicrosummaryService.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsPrivateBrowsingService.js
nsProxyAutoConfig.js
nsSafebrowsingApplication.js
nsSearchService.js
nsSearchSuggestions.js
nsSessionStartup.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsSidebar.js
nsTaggingService.js
nsTryToClose.js
nsUpdateService.js
nsUpdateServiceStub.js
nsUpdateTimerManager.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsURLFormatter.js
nsWebHandlerApp.js
pluginGlue.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
npnul32.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default\extensions\
cs@dictionaries.addons.mozilla.org
travian-bot@uw.hu
{7b13ec3e-999a-4b70-b9cb-2617b8323822}
{800b5000-a755-47e1-992b-48a1c1357f07}

C:\Documents and Settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default\searchplugins\
askcom.xml
daemon-search.xml
icqplugin-1.xml
icqplugin-10.xml
icqplugin-11.xml
icqplugin-12.xml
icqplugin-13.xml
icqplugin-14.xml
icqplugin-15.xml
icqplugin-16.xml
icqplugin-17.xml
icqplugin-18.xml
icqplugin-19.xml
icqplugin-2.xml
icqplugin-20.xml
icqplugin-21.xml
icqplugin-22.xml
icqplugin-3.xml
icqplugin-4.xml
icqplugin-5.xml
icqplugin-6.xml
icqplugin-7.xml
icqplugin-8.xml
icqplugin-9.xml
icqplugin.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]
scriptproxy - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll [2006-11-29 67136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-08 298160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll [2011-04-08 848952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-11-20 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-11-20 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2010-01-03 1019128]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-08 298160]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2005-12-19 15797248]
"Alcmtr"=C:\WINDOWS\ALCMTR.EXE [2005-05-03 69632]
"ATICCC"=C:\Program Files\ATI Technologies\ATI.ACE\cli.exe [2006-01-02 45056]
"ShStatEXE"=C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE [2006-11-29 112216]
"McAfeeUpdaterUI"=C:\Program Files\McAfee\Common Framework\UdaterUI.exe [2006-11-17 136768]
"MPFExe"=C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe []
"Logitech Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"openvpn-gui"=C:\Program Files\OpenVPN\bin\openvpn-gui.exe [2005-08-18 99328]
"TO2SSM_McciTrayApp"=C:\Program Files\TO2SSM\McciTrayApp.exe [2008-08-15 1473536]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-03-17 421888]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2009-06-17 55824]
"RemoteControl10"=C:\Program Files\CyberLink\PowerDVD10\PDVD10Serv.exe [2010-02-03 87336]
"BDRegion"=C:\Program Files\Cyberlink\Shared files\brs.exe [2010-11-17 75048]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []
"MSConfig"=C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe [2004-08-17 159232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2004-08-17 15360]
"MSMSGS"=C:\Program Files\Messenger\msmsgs.exe [2004-10-13 1694208]
"uTorrent"=C:\Program Files\uTorrent\uTorrent.exe [2011-01-08 395640]
"ICQ"=C:\Program Files\ICQ7.1\ICQ.exe [2011-01-05 133432]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2010-04-06 26102056]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2011-01-21 39408]
"NVIDIA driver monitor"=c:\windows\nvsvc32.exe []
"frmihwjc"=C:\Documents and Settings\pepe3dx\frmihwjc.exe []
"MSConfig"=C:\Documents and Settings\pepe3dx\mge.exe \u []
"mssend"=C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2\svcnost.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
bthprops.cpl,,BluetoothAuthenticationAgent []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Tweak UI]
TWEAKUI.CPL,TweakMeUp []

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

C:\Documents and Settings\pepe3dx\Nabídka Start\Programy\Po spuštění
3cteup1.exe
3hrc09z.exe
f26cx7opgrh.exe
faq1mns88p.exe
khrc09z60q.exe
pfbrrns3.exe
plwrrijk.exe
q703c1yup.exe
xiyzev2jz1.exe
xoog8703o.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-03-22 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll [2009-07-20 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"authentication packages"=msv1_0
nwprovau

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Documents and Settings\pepe3dx\Dokumenty\Stažené soubory\facebook-pic000934519.exe"="c:\windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:svchost.exe"
"C:\Program Files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe"="C:\Program Files\TC UP\PLUGINS\Media\uTorrent\utorrent.exe:*:Disabled:µTorrent"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Disabled:aolload.exe"
"F:\Games\CoD 4 MW\iw3mp.exe"="F:\Games\CoD 4 MW\iw3mp.exe:*:Disabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"F:\Games\Crysis\Bin32\Crysis.exe"="F:\Games\Crysis\Bin32\Crysis.exe:*:Disabled:Crysis_32"
"F:\Games\Crysis\Bin32\CrysisDedicatedServer.exe"="F:\Games\Crysis\Bin32\CrysisDedicatedServer.exe:*:Disabled:CrysisDedicatedServer_32"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Disabled:CyberLink PowerDVD 10.0"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe:*:Disabled:CyberLink PowerDVD 10.0"
"C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe"="C:\Program Files\Stardock Games\Demigod\bin\Demigod.exe:*:Disabled:Demigod"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Disabled:eMule"
"C:\Program Files\ICQLite\ICQLite.exe"="C:\Program Files\ICQLite\ICQLite.exe:*:Disabled:ICQ Lite"
"C:\Program Files\ICQ6\ICQ.exe"="C:\Program Files\ICQ6\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Disabled:ICQ6"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Disabled:ICQ7.1"
"C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2\svcnost.exe"="C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2\svcnost.exe:*:Disabled:ldrsoft"
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe"="C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Disabled:McAfee Framework Service"
"C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe"="C:\Program Files\Intuwave\Shared\mRouterRunTime\mRouterRuntime.exe:*:Disabled:mRouterRuntime"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Disabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Disabled:PnkBstrB"
"C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe"="C:\Program Files\Activision\Singularity(TM)\Binaries\Singularity.exe:*:Disabled:Singularity"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Disabled:Skype Extras Manager"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Disabled:Skype. Take a deep breath "
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.1\ICQ.exe"="C:\Program Files\ICQ7.1\ICQ.exe:*:Enabled:ICQ7.1"
"C:\Program Files\ICQ7.1\aolload.exe"="C:\Program Files\ICQ7.1\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe"="C:\Program Files\CyberLink\PowerDVD10\PowerDVD10.exe:*:Enabled:CyberLink PowerDVD 10.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.IYUV"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.FPS1"=frapsvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.MJPG"=pvmjpg21.dll
"wave1"=wdmaud.drv
"mixer1"=wdmaud.drv
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=l3codeca.acm
"vidc.i263"=i263_32.drv
"msacm.l3fhg"=mp3fhg.acm
"msacm.divxa32"=divxa32.acm
"msacm.vorbis"=vorbis.acm
"VIDC.X264"=x264vfw.dll
"VIDC.DIV3"=DivXc32.dll
"VIDC.DIV4"=DivXc32f.dll
"VIDC.HFYU"=huffyuv.dll
"VIDC.VP70"=vp7vfw.dll
"VIDC.XVID"=xvidvfw.dll
"VIDC.LAGS"=lagarith.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.txt - open - "C:\Program Files\PSPad editor\PSPad.exe" "%1"

======List of files/folders created in the last 1 month======

2011-11-14 18:51:17 ----D---- C:\Program Files\trend micro
2011-11-14 18:51:15 ----D---- C:\rsit
2011-11-14 17:49:57 ----D---- C:\WINDOWS\pss
2011-11-14 17:03:42 ----HD---- C:\WINDOWS\system32\GroupPolicy
2011-11-14 14:59:00 ----D---- C:\WINDOWS\CSC

======List of files/folders modified in the last 1 month======

2011-11-14 18:51:17 ----RD---- C:\Program Files
2011-11-14 18:50:30 ----A---- C:\WINDOWS\ntbtlog.txt
2011-11-14 18:49:56 ----D---- C:\WINDOWS
2011-11-14 18:44:30 ----D---- C:\Documents and Settings\pepe3dx\Data aplikací\uTorrent
2011-11-14 18:44:26 ----D---- C:\WINDOWS\Temp
2011-11-14 18:34:57 ----RSH---- C:\boot.ini
2011-11-14 18:34:57 ----A---- C:\WINDOWS\win.ini
2011-11-14 18:34:57 ----A---- C:\WINDOWS\System.ini
2011-11-14 18:20:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2011-11-14 17:16:01 ----SHD---- C:\WINDOWS\Installer
2011-11-14 17:15:42 ----D---- C:\Documents and Settings\pepe3dx\Data aplikací\Skype
2011-11-14 17:14:10 ----D---- C:\WINDOWS\Prefetch
2011-11-14 17:08:32 ----D---- C:\WINDOWS\security
2011-11-14 17:03:42 ----D---- C:\WINDOWS\system32
2011-11-14 16:47:28 ----D---- C:\WINDOWS\system32\CatRoot2
2011-11-14 15:28:47 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2011-11-14 14:52:39 ----D---- C:\WINDOWS\system32\oodag
2011-11-14 14:47:58 ----D---- C:\QUARANTINE
2011-11-14 14:47:58 ----D---- C:\Documents and Settings\pepe3dx\Data aplikací\xu2umayytdjapkjejjvqvjqtqleh322n2

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI Texas Instruments; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2004-08-03 61056]
R0 SI3132;SiI-3132 SATALink Controller; C:\WINDOWS\system32\DRIVERS\SI3132.sys [2005-01-19 67200]
R0 SiFilter;SATALink driver accelerator; C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys [2004-11-01 10368]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2009-01-25 717296]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2008-01-18 77696]
R1 cdrbsdrv;cdrbsdrv; C:\WINDOWS\system32\drivers\cdrbsdrv.sys [2005-05-10 32256]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2005-01-07 138752]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2001-10-25 9600]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2009-06-17 20240]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 usbstor;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
S1 AmdK8;Ovladač procesoru AMD; C:\WINDOWS\system32\DRIVERS\AmdK8.sys [2005-03-09 42496]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-17 14848]
S1 mferkdk;VSCore mferkdk; \??\C:\Program Files\McAfee\VirusScan Enterprise\mferkdk.sys []
S1 mfetdik;McAfee Inc.; C:\WINDOWS\system32\drivers\mfetdik.sys [2006-11-29 52136]
S1 SCDEmu;SCDEmu; C:\WINDOWS\system32\drivers\SCDEmu.sys [2008-01-20 33292]
S1 VD_FileDisk;VD_FileDisk; C:\WINDOWS\system32\drivers\VD_FileDisk.sys [2006-01-13 15872]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 20:25:46]; \??\C:\Program Files\CyberLink\PowerDVD10\NavFilter\000.fcl []
S2 nebfvers;nebfvers; C:\WINDOWS\system32\drivers\nebfvers.sys [2011-01-30 82944]
S2 NwlnkIpx;Transportní protokol kompatibilní s NWLink IPX/SPX/NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnkipx.sys [2004-08-03 88448]
S2 NwlnkNb;Služba NWLink pro rozhraní NetBIOS; C:\WINDOWS\system32\DRIVERS\nwlnknb.sys [2001-10-25 63232]
S2 NwlnkSpx;Protokol NWLink SPX/SPXII; C:\WINDOWS\system32\DRIVERS\nwlnkspx.sys [2001-10-25 55936]
S3 agjmhsk9;agjmhsk9; C:\WINDOWS\system32\drivers\agjmhsk9.sys []
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2004-08-03 60800]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2006-03-22 1522688]
S3 BthEnum;Ovladač pro Bluetooth Request Block; C:\WINDOWS\system32\DRIVERS\BthEnum.sys [2004-08-03 17024]
S3 BTHMODEM;Ovladač komunikace modemu Bluetooth; C:\WINDOWS\system32\DRIVERS\bthmodem.sys [2004-08-03 38016]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\WINDOWS\system32\DRIVERS\bthpan.sys [2004-08-03 100992]
S3 BTHPORT;Ovladač portu Bluetooth; C:\WINDOWS\System32\Drivers\BTHport.sys [2004-08-17 274304]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\WINDOWS\System32\Drivers\BTHUSB.sys [2004-08-03 18944]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-08-03 17024]
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-11-21 25280]
S3 HidBth;Miniport Bluetooth HID Microsoft; C:\WINDOWS\system32\DRIVERS\hidbth.sys [2004-08-17 25600]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2005-12-19 4127232]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 LMouKE;Logitech SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys []
S3 mfeapfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeapfk.sys [2006-11-29 64360]
S3 mfeavfk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfeavfk.sys [2006-11-29 72264]
S3 mfebopk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfebopk.sys [2006-11-29 34152]
S3 mfehidk;McAfee Inc.; C:\WINDOWS\system32\drivers\mfehidk.sys [2006-11-29 168776]
S3 MREMP50;MREMP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50.SYS []
S3 MREMP50a64;MREMP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS []
S3 MREMPR5;MREMPR5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS []
S3 MRENDIS5;MRENDIS5 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS []
S3 MRESP50;MRESP50 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50.SYS []
S3 MRESP50a64;MRESP50a64 NDIS Protocol Driver; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-17 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2004-08-03 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-08-03 85376]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-08-03 10880]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2004-08-03 61824]
S3 npkcrypt;npkcrypt; \??\F:\Games\Lineage 2\system\npkcrypt.sys []
S3 npkycryp;npkycryp; \??\F:\Games\Lineage 2\system\npkycryp.sys []
S3 NPPTNT2;NPPTNT2; \??\C:\WINDOWS\system32\npptNT2.sys []
S3 NWRDR;NetWare Rdr; C:\WINDOWS\system32\DRIVERS\nwrdr.sys [2006-10-13 163584]
S3 PAC207;Trust WB-1400T Webcam; C:\WINDOWS\system32\DRIVERS\pfc027.sys [2005-02-24 162176]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\WINDOWS\system32\DRIVERS\rfcomm.sys [2004-08-03 59648]
S3 SCREAMINGBDRIVER;Screaming Bee Audio; C:\WINDOWS\system32\drivers\ScreamingBAudio.sys [2008-09-07 21920]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-08-03 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-08-03 15360]
S3 tap0801;TAP-Win32 Adapter V8; C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-10-01 26624]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-08-03 19328]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2008-01-18 83328]
S3 yukonwxp;NDIS5.1 Miniport Driver for Marvell Yukon Ethernet Controller; C:\WINDOWS\system32\DRIVERS\yk51x86.sys [2005-09-19 241280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-03-22 405504]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-03-17 520192]
S2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
S2 BthServ;Bluetooth Support Service; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
S2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2010-01-03 246520]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-09-15 153376]
S2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2005-07-24 53248]
S2 McAfeeFramework;McAfee Framework Service; C:\Program Files\McAfee\Common Framework\FrameworkService.exe [2006-11-17 104000]
S2 McciCMService;McciCMService; C:\Program Files\Common Files\Motive\McciCMService.exe [2007-10-15 303104]
S2 McShield;McAfee McShield; C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe [2006-11-29 144960]
S2 McTaskManager;McAfee Task Manager; C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe [2006-11-29 54872]
S2 NWCWorkstation;Klient systému NetWare; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 O&O Defrag;O&O Defrag; C:\WINDOWS\system32\oodag.exe [2007-05-11 1050120]
S2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2008-10-17 66872]
S2 SPService;SPService; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S2 STI Simulator;STI Simulator; C:\WINDOWS\System32\PAStiSvc.exe [2005-01-14 53248]
S2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-17 14336]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2005-09-23 29896]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2005-09-23 66240]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-01-21 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-01-21 182768]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logitech\Bluetooth\LBTServ.exe [2009-07-20 121360]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2006-10-01 16384]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2009-10-27 657408]
S3 usprserv;User Privilege Service; C:\WINDOWS\System32\svchost.exe [2004-08-17 14336]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]

-----------------EOF-----------------

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 16:44
od pepe3dx
Tady zasílám log po použití soft. MBAM udělal jsem vše dle tvích rad. C:\ jsem nechal zkontrolovat a odstranil vše co bylo v seznamu.
Ještě tak asi učiním i s sotatními disky.

Malwarebytes' Anti-Malware
www.malwarebytes.org

Database version:

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 6.0.2900.2180

15.11.2011 15:34:52
mbam-log-2011-11-15 (15-34-52).txt

Scan type: Full scan (C:\|)
Objects scanned: 272130
Time elapsed: 14 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 9
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 140

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\idid (Trojan.Sasfix) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\sp (TrojanProxy.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SPService (TrojanProxy.Agent) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\lEkLbHb26400 (Trojan.FakeAlert) -> Value: lEkLbHb26400 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4B00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4B00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{96AFBE69-C3B0-4b00-8578-D933D2896EE2} (TrojanProxy.Agent) -> Value: {96AFBE69-C3B0-4b00-8578-D933D2896EE2} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Worm.Palevo) -> Value: Shell -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\mssend (Trojan.Agent) -> Value: mssend -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSConfig (Trojan.Agent) -> Value: MSConfig -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SvcHost\netsvc (TrojanProxy.Agent) -> Value: netsvc -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Terminal Server\Install\Software\Microsoft\Windows\CurrentVersion\Run\NVIDIA driver monitor (Backdoor.Agent) -> Value: NVIDIA driver monitor -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Taskman (Worm.Palevo) -> Value: Taskman -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Trojan.Oficla) -> Bad: ("C:\DOCUME~1\pepe3dx\LOCALS~1\Temp\goqw.tco") Good: () -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (C:\Documents and Settings\pepe3dx\Data aplikací\juzjf.exe,explorer.exe,C:\RECYCLER\S-1-5-21-1454016326-4292737402-853098381-8657\djwi2kcew.exe) Good: (Explorer.exe) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Shell (Hijack.Shell) -> Bad: (Explorer.exe rundll32.exe "C:\DOCUME~1\pepe3dx\LOCALS~1\Temp\goqw.tco" vnbyln) Good: (explorer.exe) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\data aplikací\leklbhb26400\leklbhb26400.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\goqw.tco (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\all users\data aplikací\j7336mgfkgmf6550.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\1sjuyvhyq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\1wxg2g3op.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3e7wlevjc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3ifaqclyp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3sufl4fmv.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\3z1piteyc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\5oydvxxvc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\62ucfmt5b.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\67mkkbkde.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\6uzpzdcvk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\6ywqkpswo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\7mlvscpkd.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\81xyhg25m.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\9ykb6om3x.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\a4zkhj0sg.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ad1qo2nks.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ajd9fsmnz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\akwcdumxe.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\amewru56w.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ayto2t4x4.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\bq9vtyjyz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\bqyp98ut7.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ckrcezixi.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ctanlvdso.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\czmnfjld2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\d7mkqecty.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\djxwsnatl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\dyeqgf7of.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ezhzjtatr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\f9nt4u7ig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\fcqkhqjrc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\fvc4lqwbb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\g3ffvsity.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\gvdkeibjo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\heh6yuvks.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\hrgpgaxbn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\hyodt6qpx.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\i0oqr4hep.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\iq4lbokr5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\iy6h86fea.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\k1x930obu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\k7kgnjgjm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\kt2js5a05.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ktdxjvzjo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\l8fa5vjxq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\lkxhcgjhl.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\lshy1if8j.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\mtwl8is9d.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\n9wfv1691.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\oikrtxbv1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\p2trdjhbk.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\p2wj241e3.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\p6wnetiky.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\qccoemcad.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\qsf0nxry8.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\rdnwihbrh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\rf7hlaw58.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\rwmjf3f5v.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\svchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\t6ohru1r6.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\t8crhtqsj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\taod2epef.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\tn0krodbj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\u9oppitda.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\uqfcwrgyy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\uqyufpf58.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\v6p5s9qig.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\vbsvltvfo.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\vt0jz94y5.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\vvffyy1rz.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\xegh2kr8i.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\y0k61ugp0.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\ymu9c6duf.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\zisctl3xb.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\znekh3pwh.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\data aplikací\znwy6dbvj.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\dokumenty\stažené soubory\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Lucka\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\dokumenty\stažené soubory\facebook-pic000934519.exe (Backdoor.Agent.Gen) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\025.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\0796247.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\272.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\4069.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\4428568.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\499.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\503242.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\51602.exe (Trojan.VB) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\524.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\540.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\610.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\6445.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\768.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\8.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\80966.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\813144.exe (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\844.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\880.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\8C.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\9.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\A.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\B.tmp (Trojan.Oficla) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\fvnrei[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\sample[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\workpurt[2] (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\A9OZMDMX\zup[1] (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\cas[1] (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\cdsceds[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\cmewo5[1].txt (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\SXWZW30B\lord1[1] (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\UB6ZY5MB\lord1[1] (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\UB6ZY5MB\sample[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\UB6ZY5MB\workpurt[1] (Worm.Rimecud) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\cas[1] (Spyware.Passwords.XGen) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\ch4k[1] (Trojan.VB) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\iconush1[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\sec[1] (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\temporary internet files\Content.IE5\W1234563\wisjcb[1].txt (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\3hrc09z.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\faq1mns88p.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\khrc09z60q.exe (Worm.Autorun) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\pfbrrns3.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\nabídka start\Programy\po spuštění\xoog8703o.exe (Trojan.Refroso) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-0111194712-6825991149-372096567-3556\yv8g67.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\RECYCLER\s-1-5-21-8806889352-2525075463-484597010-8774\yv8g67.exe (Trojan.Ddox) -> Quarantined and deleted successfully.
c:\system volume information\_restore{6ca45415-19ad-4329-b5cf-65d3d6b04c4c}\RP810\A0173169.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\5EEAEB8D.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\WINDOWS\6DECD52F.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
c:\WINDOWS\Temp\ssjha.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\local settings\Temp\6116572.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\documents and settings\all users\data aplikací\common.data (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\secupdat.dat (Backdoor.Bot) -> Quarantined and deleted successfully.
c:\documents and settings\pepe3dx\secupdat.dat (Worm.Autorun) -> Quarantined and deleted successfully.
c:\WINDOWS\010112010146101105.rx (Malware.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\010112010146114101.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\01011201014650115.xxe (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\bk23567.dat (KoobFace.Trace) -> Quarantined and deleted successfully.
c:\WINDOWS\fdgg34353edfgdfdf (KoobFace.Trace) -> Quarantined and deleted successfully.

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 16:50
od cernohous13
:D Se tu smolím s dalším pokusem ale mezitím MBAM už kus práce udělal :wink:

:arrow: Pokračujeme další zbraní (zkus v normálním režimu - při problémech v nouzovém)
Stáhni si :arrow: : ComboFix
a ulož ho na plochu.
návod na použití: http://www.bleepingcomputer.com/combofi ... t-combofix
Ukonči všechna aktivní okna,vypni Antispy a Antivir a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Odmítni stažení Konzole...
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna a nic nespouštěj
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Kdyby ti po použití ComboFixu systém nenaběhl - při restartu F8 a poslední známá funkční konfigurace

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 17:23
od pepe3dx
ouk jdu na to..MBAM dobrá utilitka.. :thumbsup: už mi projíždí i ntb..jdu na ten ComboFix pak sem pastnu ten log.
ouuu po nabootování systemu opět modrá smrt.. :cry: ComboFix musim zpustit v nouzáku..

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 18:16
od pepe3dx
Nedaří se mi vypnout McAfee. Ani přes Správce úloh. Nevidím ho tam jako proces.. :?:

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 18:17
od cernohous13
On asi v NR ani neběží - ignoruj a nahoď CF

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 18:48
od pepe3dx
PC během prace CF hodilo rst a naběhlo v normálním režimu..a zatim to nepadlo.. :idea:
Tady zasílám ten log..



ComboFix 11-11-15.01 - pepe3dx 15.11.2011 17:28:38.1.1 - x86 NETWORK
Systém Microsoft Windows XP Professional 5.1.2600.2.1250.420.1029.18.1535.1272 [GMT 1:00]
Spuštěný z: c:\documents and settings\pepe3dx\Plocha\ComboFix.exe
AV: VirusScan Enterprise + AntiSpyware Enterprise *Enabled/Outdated* {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
.
VAROVÁNÍ - NA TOMTO POČÍTAČI NENÍ NAINSTALOVÁNA KONZOLA PRO ZOTAVENÍ !!
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\pepe3dx\frmihwjc.exe
c:\windows\42F831D9.exe
c:\windows\5155FA54.exe
c:\windows\74D97781.exe
c:\windows\ntdll.dl
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-15 do 2011-11-15 )))))))))))))))))))))))))))))))
.
.
2011-11-15 13:51 . 2011-11-15 13:51 -------- d-----w- c:\documents and settings\pepe3dx\Data aplikací\Malwarebytes
2011-11-15 13:50 . 2011-11-15 13:50 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2011-11-15 13:50 . 2011-11-15 13:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-11-15 13:50 . 2011-08-31 16:00 22216 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-11-14 17:51 . 2011-11-14 17:51 -------- d-----w- c:\program files\trend micro
2011-11-14 16:03 . 2011-11-14 16:03 -------- d--h--w- c:\windows\system32\GroupPolicy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2011-01-08 395640]
"ICQ"="c:\program files\ICQ7.1\ICQ.exe" [2011-01-05 133432]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2010-04-06 26102056]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-01-21 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2005-12-19 15797248]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"ShStatEXE"="c:\program files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2006-11-29 112216]
"McAfeeUpdaterUI"="c:\program files\McAfee\Common Framework\UdaterUI.exe" [2006-11-17 136768]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"openvpn-gui"="c:\program files\OpenVPN\bin\openvpn-gui.exe" [2005-08-18 99328]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-03-17 421888]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"RemoteControl10"="c:\program files\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-11-17 75048]
"BluetoothAuthenticationAgent"="bthprops.cpl" [2004-08-17 110592]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2004-08-17 15360]
.
c:\documents and settings\Lucka\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.1.lnk - h:\openoffice.org 3\program\quickstart.exe [2009-5-15 384512]
.
c:\documents and settings\pepe3dx\Nabídka Start\Programy\Po spuštění\
3cteup1.exe [2011-1-30 43520]
f26cx7opgrh.exe [2011-1-30 43520]
plwrrijk.exe [2011-1-30 43520]
q703c1yup.exe [2011-2-8 43520]
xiyzev2jz1.exe [2011-1-30 43520]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-9-18 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Taskman"=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-07-20 11:28 72208 ----a-w- c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 nwprovau
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\TC UP\\PLUGINS\\Media\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\ICQ7.1\\aolload.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD10.exe"=
"c:\\Program Files\\CyberLink\\PowerDVD10\\PowerDVD Cinema\\PowerDVDCinema10.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\ICQ7.1\\ICQ.exe"=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Activision\\Singularity(TM)\\Binaries\\Singularity.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
"17061:TCP"= 17061:TCP:*:Disabled:spport
"6055:TCP"= 6055:TCP:*:Disabled:spport
"18591:TCP"= 18591:TCP:*:Disabled:spport
"19980:TCP"= 19980:TCP:*:Disabled:spport
"14579:TCP"= 14579:TCP:*:Disabled:spport
"5717:TCP"= 5717:TCP:*:Disabled:spport
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)
.
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [21.4.2008 16:24 717296]
R1 VD_FileDisk;VD_FileDisk;c:\windows\system32\drivers\vd_filedisk.sys [13.1.2006 14:00 15872]
R2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/01/16 20:25];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [17.11.2010 21:29 87536]
R2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [15.6.2008 7:53 246520]
R3 SCREAMINGBDRIVER;Screaming Bee Audio;c:\windows\system32\drivers\ScreamingBAudio.sys [7.9.2008 19:02 21920]
R3 tap0801;TAP-Win32 Adapter V8;c:\windows\system32\drivers\tap0801.sys [1.10.2006 13:37 26624]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [21.1.2011 12:07 136176]
S2 nebfvers;nebfvers;c:\windows\system32\drivers\nebfvers.sys [30.1.2011 21:56 82944]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [21.1.2011 12:07 136176]
S3 npkycryp;npkycryp;\??\f:\games\Lineage 2\system\npkycryp.sys --> f:\games\Lineage 2\system\npkycryp.sys [?]
S3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\drivers\PFC027.sys [24.2.2005 12:29 162176]
.
Obsah adresáře 'Naplánované úlohy'
.
2011-04-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 10:34]
.
2011-11-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 11:06]
.
2011-11-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-21 11:06]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://start.icq.com/
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
mDefault_Search_URL = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://clinic.mcafee.com/clinic/mpfplus/en-us/mpfplus4/chkupd.asp
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
mSearchAssistant = hxxp://www.google.com/ie
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files\ICQ7.1\ICQ.exe
Trusted Zone: mojebanka.cz
FF - ProfilePath - c:\documents and settings\pepe3dx\Data aplikací\Mozilla\Firefox\Profiles\5r8epuh1.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: České slovníky pro kontrolu pravopisu: cs@dictionaries.addons.mozilla.org - %profile%\extensions\cs@dictionaries.addons.mozilla.org
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - %profile%\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
.
.
------- Asociace souborů -------
.
txtfile="c:\program files\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
HKCU-Run-frmihwjc - c:\documents and settings\pepe3dx\frmihwjc.exe
HKLM-Run-MPFExe - c:\progra~1\McAfee.com\PERSON~1\MpfTray.exe
HKLM-Run-Tweak UI - TWEAKUI.CPL
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-11-15 17:37
Windows 5.1.2600 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\System\ControlSet004\Services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG10.00.00.01WORKSTATION"="143F83A1836FED090C094082E275E79162487F8C41E57CF916CFD54AB4D27DD8C0AEFDD577F384FCA50ABFBEB53ED7BBCACD5ABCEF30668624AE013372804663CB7B6D09D216531A4F3DFC4B82CDCE4F0724DC2175961BD784CDCC1050D6FE6709D26A132D287E1194A48E7D6DDB3F0C7A43422C1D5680D5123B359062B79F21EB74CF018552B0082256D3DCFC7525A3AAB50883160202E34C957716A1D923BA0DB7BE90BB119599C8FD6D26FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC79339DB7CE019D40AA5C8EDD5E5BE2F6E667FEBC9E127BECC74C7DD8105BFCC401134388ED3B2D05F76AD149DAF54B608F6188477F8BDE064AB2F334444B616EA7B691FDAB4AC138FCCAA258B5B203D9E9830C95575FE3A45336CECE02491D10F24603DDB7C1A5DEF64EF1A2B382960E2D16B11E20868A1545D1DBD75CB920F49D384F9D56F3849CA06D038269430715B42BE33E5E8C4C84BCD3D1D1EBF6010022BA94834FA52AA6F5CCFA24F0477D991F89F3289EF1C9B419C0C6934C4D7626412A54AB70120949B84BE40869D7425BCC2893E2EDA9C7F8FB4D39C61CFCDFEF009CF1860B68B8E06DF8AE8372AD47AC65375AC65F9CAE39CD64886C003DBBFB25D7B857F1C7F0605F19AC3F32F81DF6D216C4020AA70871B8A479559E35B0F9BDD7D5B57F4811CD98A692B6D2DC7A33425C3196099886332DE0B22925020730984DDA0E8FF39944EBCBFB3C82EF3C7126D1635AF9357B21DD9FC36141B52CF7CB9A3C9F82C732716E6AE77571BC60D5357403F600B56175419B1BCF2854303EAD5754FDBC36A317F896B7D855C28995E9769A69C144527A12C20D149057C783DB4FDF9128A65B0C2919B2B3E9F57EFE813C9A04E9828E12D0B7D32737ABCC5F36020115B0706C3B60ED03A8E93CAA6EFEDFD56D26047AAFC0D089515BB2BBF8DFA2BB9AC6638CA1C1C6B52A1A719CD82730839EAA511C5CE7992F34BFC0B50E421AFB035F4115D23907BF02BDE28745852DC0652EE522B3124FA9C12DA0FE6F88020D08F24084F37247754D1FD5C24E680C8A63E9B15B65CDE5C13F6E0C0284A2AAA0B47E0A7C40DED4927C0C8047A4E037C58E9D183CB66F02A2C9D33749C3C617CC6902BC420533AE34D4D60EB689C44CB8B10BF2DA7F0E7F5ECD304607BDEA008AD804E9C0A5690CDD6D549C5156B01C90E7F90D74AC036DE68E5CD09190CB50B68B8A190696BD52F4B55E3F7FF47FAC5AA5B327683E6E8C97A434E5DFF16A28145EA342C2643220C46CD17E4C6556B78B3008F33C4735D42A7995068E2D0A5AC6FD60D44DAB0B457BA612D2E6BA982AFA204A9C15717BEFC0CB64A4DF9D33ED5971D333219F5246AACC032F209B7326E2E3CEBDC1782FBDDF2E0AAC"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(1220)
c:\windows\system32\Ati2evxx.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
.
- - - - - - - > 'explorer.exe'(1956)
c:\program files\Logitech\SetPoint\GameHook.dll
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\program files\McAfee\Common Framework\FrameworkService.exe
c:\windows\RTHDCPL.EXE
c:\program files\McAfee\Common Framework\McTray.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\windows\system32\rundll32.exe
c:\program files\McAfee\VirusScan Enterprise\Mcshield.exe
c:\program files\McAfee\VirusScan Enterprise\VsTskMgr.exe
c:\program files\McAfee\Common Framework\naPrdMgr.exe
c:\windows\system32\oodag.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\System32\PAStiSvc.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\system32\wscntfy.exe
c:\windows\System32\wbem\wmiapsrv.exe
.
**************************************************************************
.
Celkový čas: 2011-11-15 17:43:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-15 16:43
.
Před spuštěním: Volných bajtů: 23 351 201 792
Po spuštění: Volných bajtů: 29 102 714 880
.
- - End Of File - - AA35265A769752B3420BC14B0ACE5C7C

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 19:05
od cernohous13
Podaří se ti ve složce c:\documents and settings\pepe3dx\Nabídka Start\Programy\Po spuštění\ smazat všechny soubory?
3cteup1.exe
f26cx7opgrh.exe
plwrrijk.exe
q703c1yup.exe
xiyzev2jz1.exe

jinak na to vezmu kanon :)

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 19:37
od pepe3dx
Tu složku mi to ukazuje jako prázdnou a to i v TC jeji velikost to ukazuje 212 kB tak nevim.. :?:
Jinak ted jsem "ho" znova restart a běží v pohodě.. :idea:
Ještě jestli by jsi mi poradil nějakou utilitku na optimalizaci systemu co jednou za čas pustím
aby to běhalo tak jak má.

Re: o5... FB vir...rst PC po bootu XP

Napsal: 15 lis 2011 19:42
od cernohous13
Zatím neřeš nic dopředu, dej mi aktuální RSIT - ještě je tam dost čištění :wink:
Všechny časy jsou v UTC+01:00
Stránka 1 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz