Malware

[luboss_evo]

Zdravim, mam problem se svym externim HD. Kdykoliv ho pripojim k PC, avast me upozorni na prichozi Malware. Pokud vstoupim do slozky, kde mam postahovane filmy, tak mi vyskoci okenko s tim ze se vyskytli potize a jestli je chci odeslat. PC se mi pak zasekne a musim vse ukoncit pres spravce uloh. Mohl bych se zeptat, co mam udelat proto, abych virus odstranil?

Diky

[vyosek]

Zdravim a pekny den preji

Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

• Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
• Spustte a kliknete na Deletion
• Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895

[vyosek]

Proc jste problem nepopsal kolegovi zde http://forum.viry.cz/viewtopic.php?f=30&t=120032

Uz jednou jsem Vam tema zamknul, proc zakladate dalsi tohle

[luboss_evo]

Protoze predchozi tema se tykalo jineho problemu a predpokladal jsem, ze kdyz se ta skupina jmenuje logy a preventivky, tak tam takovahle otazka nepatri.

[vyosek]

OK, ono kdybyste to tam kolegovi popsal, tez by se nic nestalo

Udelejte tedy co jsem vam psal vyse

[luboss_evo]

############################## | UsbFix 7.059 | [Deletion]

User: lubos (Administrator) # LUBOMIR-41EE463 [ ]
Updated 16/09/2011 by El Desaparecido
Started at 11:00:17 | 04/03/2012
Website: http://eldesaparecido.com
Submit your sample: http://eldesaparecido.com/support.php
Contact: contact@eldesaparecido.com

CPU: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
CPU 2: Pentium(R) Dual-Core CPU T4500 @ 2.30GHz
Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
Internet Explorer 7.0.5730.13

Windows Firewall: Enabled
Antivirus: avast! Antivirus 5.0.100664585 [Enabled | Updated]
RAM -> 2009 Mb
C:\ (%systemdrive%) -> Fixed drive # 29 Gb (12 Mb free - 42%) [] # FAT32
D:\ -> Fixed drive # 29 Gb (11 Mb free - 38%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM
I:\ -> CD-ROM
J:\ -> Fixed drive # 298 Gb (25 Mb free - 8%) [HITACHI] # FAT32

################## | Files # Infected Folders |

Deleted ! J:\TS3W.exe
Deleted ! D:\Recycler\S-1-5-21-1644491937-484061587-1801674531-1003
Deleted ! J:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665\jwgkvsq.vmx
Deleted ! J:\Recycler\S-5-3-42-2819952290-8240758988-879315005-3665
Deleted ! D:\Autorun.inf

(!) Temporary files deleted.


################## | Registry |


################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{0f657738-e20d-11e0-8db8-002682f1730b}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{1e2c91f4-4157-11e0-8b21-002682f1730b}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{306841d8-287a-11e0-8ac2-002682f1730b}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{5b1d5f3c-677a-11e0-8bd7-002682f1730b}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{c2ebff7c-9b07-11e0-8c9e-002682f1730b}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{ebf679d2-c902-11e0-8d57-002682f1730b}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{f668255e-2273-11e0-8aa4-002682f1730b}

################## | Listing |

[22/12/2010 - 15:15:14 | D ] C:\FOUND.000
[08/11/2009 - 13:26:10 | N | 8082944] C:\FIFA08.exe
[28/06/2006 - 11:54:00 | N | 86191] C:\KERNEL.SYS
[28/06/2006 - 11:23:40 | N | 66357] C:\COMMAND.COM
[13/04/2006 - 07:07:58 | N | 18425] C:\LICENSE.TXT
[28/06/2006 - 13:10:34 | N | 320] C:\README.TXT
[19/11/2009 - 13:23:36 | D ] C:\SRC
[04/03/2012 - 09:41:20 | ASH | 2145386496] C:\pagefile.sys
[22/12/2010 - 15:21:44 | D ] C:\WINDOWS
[23/02/2011 - 09:14:40 | D ] C:\FOUND.001
[25/10/2001 - 14:00:00 | N | 4952] C:\Bootfont.bin
[13/04/2008 - 22:01:48 | N | 250576] C:\ntldr
[13/04/2008 - 20:13:04 | N | 47564] C:\NTDETECT.COM
[22/12/2010 - 15:25:56 | N | 512] C:\bootsect.dos
[21/07/2011 - 15:59:54 | N | 259] C:\boot.ini
[22/12/2010 - 15:26:44 | D ] C:\Documents and Settings
[22/12/2010 - 15:55:56 | D ] C:\Program Files
[22/12/2010 - 15:56:48 | N | 0] C:\CONFIG.SYS
[22/12/2010 - 15:56:48 | N | 0] C:\AUTOEXEC.BAT
[22/12/2010 - 15:56:48 | N | 0] C:\IO.SYS
[22/12/2010 - 15:56:48 | N | 0] C:\MSDOS.SYS
[22/12/2010 - 16:01:12 | SHD ] C:\System Volume Information
[25/12/2010 - 01:17:32 | SHD ] C:\Recycled
[03/05/2009 - 11:57:50 | D ] C:\SEVEN - Ruleta (CZ 2008)
[26/03/2011 - 10:32:10 | D ] C:\ptaci
[22/12/2010 - 16:04:48 | D ] C:\Drivers
[22/12/2010 - 16:07:34 | D ] C:\Intel
[08/07/2011 - 21:36:02 | D ] C:\dendrobatky
[01/08/2011 - 10:49:42 | D ] C:\FOUND.004
[03/10/2011 - 12:53:52 | D ] C:\FOUND.005
[20/10/2011 - 14:55:10 | D ] C:\FOUND.006
[05/09/2011 - 17:32:16 | D ] C:\Mobilní příspěvky_files
[05/09/2011 - 17:32:16 | N | 269248] C:\Mobilní příspěvky.htm
[23/12/2010 - 09:25:30 | RHD ] C:\MSOCache
[25/10/2011 - 22:11:34 | N | 12183] C:\rodinny rozpocet.xlsx
[21/10/2011 - 10:56:42 | N | 8806] C:\brigada.xlsx
[04/11/2011 - 15:04:54 | D ] C:\FOUND.007
[16/01/2011 - 13:03:18 | D ] C:\ples hanky
[09/01/2012 - 17:27:44 | D ] C:\FOUND.008
[29/12/2011 - 21:21:20 | D ] C:\mobil
[24/12/2011 - 17:00:52 | D ] C:\tatka
[14/05/2011 - 18:33:02 | D ] C:\FOUND.002
[28/11/2011 - 17:17:36 | N | 151] C:\liprefs.js
[22/06/2011 - 19:25:02 | D ] C:\FOUND.003
[29/02/2012 - 00:08:58 | D ] C:\totalcmd
[23/06/2011 - 13:23:04 | D ] C:\motyli
[29/12/2011 - 21:34:54 | D ] C:\Motivy (9.3.2011) na Nokia E71 by Kamil
[29/12/2011 - 21:44:14 | N | 27126] C:\blue-crown-pair.jpg
[02/03/2012 - 10:13:14 | D ] C:\Config.Msi
[28/02/2012 - 22:15:16 | D ] C:\foto
[01/03/2012 - 00:44:40 | D ] C:\hudba
[01/03/2012 - 00:39:34 | D ] C:\brigada
[10/11/2011 - 20:29:44 | N | 8625] C:\surfy.xlsx
[04/03/2012 - 10:59:56 | D ] C:\UsbFix
[04/03/2012 - 10:59:56 | N | 1300] C:\UsbFix.txt
[22/04/2011 - 20:45:40 | D ] D:\105_PANA
[22/04/2011 - 20:45:36 | D ] D:\106_PANA
[22/04/2011 - 20:45:25 | D ] D:\107_PANA
[07/03/2011 - 12:48:58 | N | 10857] D:\7.docx
[16/10/2011 - 23:42:03 | D ] D:\8d23528f2a83abbd36ef016b909d
[03/10/2011 - 15:15:03 | D ] D:\Biarritz
[21/06/2006 - 19:10:16 | N | 654638] D:\data1.cab
[21/06/2006 - 19:10:16 | N | 183968] D:\data1.hdr
[24/12/2010 - 22:37:40 | N | 5735525] D:\dream.mp3
[23/12/2010 - 10:53:54 | D ] D:\e9071024418290cf3c33
[26/02/2012 - 21:09:07 | D ] D:\Goon 2011 VODRip XviD - QP
[19/01/2011 - 19:05:49 | RHD ] D:\MSOCache
[25/12/2010 - 01:17:32 | D ] D:\Recycled
[04/03/2012 - 11:01:01 | SHD ] D:\RECYCLER
[01/03/2012 - 16:20:00 | D ] D:\skola
[01/03/2012 - 16:14:59 | D ] D:\Stažené soubory
[25/12/2011 - 23:23:59 | D ] D:\Subs
[01/03/2012 - 16:23:06 | SHD ] D:\System Volume Information
[29/02/2012 - 07:37:08 | D ] D:\The adjustment bureau
[25/12/2011 - 12:48:24 | D ] D:\Top Spin 4 [PAL][Multi5][Spanish][Wii][www.consolasatope.com]
[25/12/2011 - 18:22:43 | D ] D:\vánoce 2011
[11/09/2011 - 08:44:16 | N | 67157] D:\What-Dreams-May-Come.srt
[29/06/2010 - 19:34:04 | SHD ] J:\System Volume Information
[29/06/2010 - 19:49:50 | SHD ] J:\Recycled
[30/06/2010 - 16:48:02 | D ] J:\Movies
[30/06/2010 - 16:55:28 | D ] J:\Music
[13/08/2010 - 14:44:02 | SHD ] J:\$RECYCLE.BIN
[14/08/2010 - 11:28:24 | D ] J:\Dovolena cervenec-srpen 2010
[02/11/2010 - 14:15:28 | N | 5238] J:\treeinfo.wc
[06/11/2010 - 23:08:16 | D ] J:\REC
[07/11/2010 - 23:26:22 | D ] J:\clanky
[05/01/2002 - 03:38:38 | N | 54784] J:\msvci70.dll
[09/01/2011 - 23:31:32 | D ] J:\skola
[10/01/2011 - 11:59:14 | N | 1242] J:\cacert.crt
[28/01/2011 - 18:20:24 | N | 84172] J:\180095_179072318798755_100000879640514_390645_6952377_n.jpg
[28/01/2011 - 18:18:36 | N | 63952] J:\163645_174678622571458_100000879640514_367021_3615309_n.jpg
[28/01/2011 - 18:22:10 | D ] J:\---PTÁCI---
[30/01/2011 - 18:18:40 | N | 1668478] J:\P1070855.JPG
[30/01/2011 - 18:17:30 | N | 1565221] J:\P1070852.JPG
[30/01/2011 - 18:17:38 | N | 1554390] J:\P1070853.JPG
[22/12/2010 - 10:19:30 | N | 1557005] J:\P1070820.JPG
[22/12/2010 - 10:19:38 | N | 1567881] J:\P1070821.JPG
[21/12/2010 - 23:08:24 | N | 1330202] J:\P1070811.JPG
[21/12/2010 - 23:08:34 | N | 1322799] J:\P1070812.JPG
[21/12/2010 - 23:08:40 | N | 1367816] J:\P1070813.JPG
[21/12/2010 - 23:09:20 | N | 1421299] J:\P1070814.JPG
[21/12/2010 - 23:13:10 | N | 1368913] J:\P1070815.JPG
[21/12/2010 - 23:13:28 | N | 1381684] J:\P1070816.JPG
[22/12/2010 - 10:18:58 | N | 1594803] J:\P1070817.JPG
[22/12/2010 - 10:19:02 | N | 1583341] J:\P1070818.JPG
[22/12/2010 - 10:19:04 | N | 1611883] J:\P1070819.JPG
[28/05/2011 - 17:47:46 | ASH | 130560] J:\Thumbs.db
[30/01/2011 - 19:45:08 | N | 577632] J:\weber1.jpg
[30/01/2011 - 19:45:36 | N | 689643] J:\weber2.jpg
[30/01/2011 - 19:45:56 | N | 664652] J:\weber3.jpg
[04/02/2011 - 10:57:08 | N | 4069475] J:\Populacni-genetika-2010.pdf
[04/02/2011 - 10:57:14 | N | 2412177] J:\Determinace-pohlavi-2010.pdf
[04/02/2011 - 10:56:52 | N | 3075495] J:\Evolucni-genetika-2010.pdf
[04/02/2011 - 18:24:42 | N | 13554] J:\10 EVOLUČNÍ GENETIKA.docx
[31/01/2011 - 14:09:46 | N | 15588] J:\1 KAPITOLA.docx
[01/02/2011 - 11:11:34 | N | 16101] J:\2 DNA.docx
[01/02/2011 - 13:22:14 | N | 15636] J:\3 CYTOGENETIKA.docx
[02/02/2011 - 11:32:26 | N | 15490] J:\4 MIMOJADERNÁ DĚDIČNOST.docx
[03/02/2011 - 10:52:06 | N | 21115] J:\5 PŘENOS ZNAKU.docx
[01/02/2011 - 11:41:26 | N | 6258176] J:\6 Vazba genu.ppt
[03/02/2011 - 15:20:18 | N | 25110] J:\6 VAZBA GENŮ.docx
[03/02/2011 - 23:41:26 | N | 16890] J:\7 MUTACE A MUTAGENY.docx
[04/02/2011 - 16:36:00 | N | 13508] J:\9 POPULAČNÍ GENETIKA.docx
[04/02/2011 - 14:40:32 | N | 15952] J:\8 DETERMINACE POHLAVÍ.docx
[22/02/2011 - 16:36:38 | RSHD ] J:\RECYCLER
[23/02/2011 - 20:17:36 | D ] J:\ZS 2010-11
[14/12/2010 - 22:14:22 | N | 147968] J:\OBECNÁ CHEMIE 2010.doc
[27/05/2011 - 18:00:10 | N | 5006608] J:\TSLHost.dll
[27/05/2011 - 17:32:58 | N | 8192] J:\rld-s3genk.exe
[13/09/2011 - 18:17:04 | D ] J:\honza
[13/09/2011 - 18:17:30 | D ] J:\Honza video
[13/09/2011 - 18:27:04 | D ] J:\L
[16/12/2011 - 14:38:32 | N | 138628] J:\Moneyball.2011.BRRip.XviD-FTW.srt
[08/02/2012 - 21:37:48 | D ] J:\mr bean

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
D:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)
J:\Autorun.inf -> Vaccine created by UsbFix (TeamXscript)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_LUBOMIR-41EE463.zip
http://eldesaparecido.com/support.php
Thank you for your contribution.

################## | E.O.F |

[luboss_evo]

Logfile of random's system information tool 1.09 (written by random/random)
Run by lubos at 2012-03-04 11:05:36
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (42%) free of 30 GB
Total RAM: 2009 MB (77% free)

HijackThis download failed

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\lubos\Data aplikací\Mozilla\Firefox\Profiles\zjhkrr4l.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.seznam.cz/"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:1.1, wrc@avast.com:6.0.1289, {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26, jqs@sun.com:1.0, {ea614400-e918-4741-9a97-7a972ff7c30b}:2.4.2, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27"
prefs.js - "keyword.URL" - "http://search.yahoo.com/search?fr=green ... =937811&p="

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
brwsrcmp.dll
browserdirprovider.dll
jsconsole-clhandler.js
nsBadCertHandler.js
nsBlocklistService.js
nsAddonRepository.js
nsBrowserContentHandler.js
nsBrowserGlue.js
nsContentDispatchChooser.js
nsContentPrefService.js
nsDownloadManagerUI.js
nsSearchSuggestions.js
nsSessionStartup.js
nsDefaultCLH.js
nsSessionStore.js
nsSetDefaultBrowser.js
nsExtensionManager.js
nsTaggingService.js
nsHelperAppDlg.js
nsTryToClose.js
nsURLFormatter.js
nsLivemarkService.js
nsMicrosummaryService.js
nsUpdateServiceStub.js
nsPrivateBrowsingService.js
nsUpdateTimerManager.js
nsSafebrowsingApplication.js
nsUrlClassifierLib.js
nsUrlClassifierListManager.js
nsSearchService.js
nsWebHandlerApp.js
pluginGlue.js
nsSidebar.js
nsUpdateService.js
FeedProcessor.js
GPSDGeolocationProvider.js
NetworkGeolocationProvider.js
components.list
fuelApplication.js
nsFormAutoComplete.js
nsHandlerService.js
nsINIProcessor.js
nsLoginInfo.js
nsLoginManager.js
nsLoginManagerPrompter.js
nsPlacesAutoComplete.js
nsPlacesDBFlush.js
nsPlacesTransactionsService.js
nsProxyAutoConfig.js
storage-Legacy.js
storage-mozStorage.js
txEXSLTRegExFunctions.js
browser.xpt
FeedConverter.js
FeedWriter.js
WebContentConverter.js

C:\Program Files\Mozilla Firefox\plugins\
np32dsw.dll
ShockwavePlugin.class
NPOFF12.DLL
NPOFFICE.DLL
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
npdeployJava1.dll
npnul32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\lubos\Data aplikací\Mozilla\Firefox\Profiles\zjhkrr4l.default\extensions\
{20a82645-c095-46ed-80e3-08825760534b}
{ea614400-e918-4741-9a97-7a972ff7c30b}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-17 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-17 79648]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2011-09-06 3722416]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\Wcescomm.exe [2006-11-13 1289000]
"PC Suite Tray"=C:\Program Files\Nokia\Nokia PC Suite 6\PCSuite.exe [2008-04-16 1079808]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON Stylus SX200 Series]
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE [2007-12-13 188928]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2008-10-21 217088]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=3

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe"="C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe:*:Enabled:Intel(R) PROSet/Wireless WiMAX Service"
"C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe"="C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe:*:Enabled:Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service"
"C:\WINDOWS\System32\USMT\MIGWIZ.EXE"="C:\WINDOWS\System32\USMT\MIGWIZ.EXE:*:Enabled:Průvodce přenesením souborů a nastavení"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"D:\FIFA\Game\fifa.exe"="D:\FIFA\Game\fifa.exe:*:Enabled:FIFA 11"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\WINDOWS\System32\dpvsetup.exe"="C:\WINDOWS\System32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"D:\FlatOut\flatout.exe"="D:\FlatOut\flatout.exe:*:Enabled:flatout"
"C:\WINDOWS\System32\dplaysvr.exe"="C:\WINDOWS\System32\dplaysvr.exe:*:Enabled:Microsoft DirectPlay Helper"
"C:\Documents and Settings\LUBOS\Dokumenty\Stažené soubory\BULANCI.EXE"="C:\Documents and Settings\LUBOS\Dokumenty\Stažené soubory\BULANCI.EXE:*:Enabled:BULANCI"
"C:\WINDOWS\System32\rundll32.exe"="C:\WINDOWS\System32\rundll32.exe:*:Enabled:Run a DLL as an App"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\ICQ7.2\ICQ.exe"="C:\Program Files\ICQ7.2\ICQ.exe:*:Enabled:ICQ7.2"
"C:\Program Files\ICQ7.2\aolload.exe"="C:\Program Files\ICQ7.2\aolload.exe:*:Enabled:aolload.exe"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"MSVideo8"=VfWWDM32.dll
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-03-04 11:05:36 ----D---- C:\rsit
2012-03-04 11:02:30 ----RASHD---- C:\Autorun.inf
2012-03-04 10:59:55 ----A---- C:\UsbFix.txt
2012-03-04 10:59:54 ----D---- C:\UsbFix
2012-03-02 10:13:12 ----D---- C:\Config.Msi
2012-03-01 00:44:39 ----D---- C:\hudba
2012-03-01 00:39:33 ----D---- C:\brigada
2012-02-29 23:52:10 ----D---- C:\Program Files\trend micro
2012-02-29 23:43:55 ----D---- C:\Program Files\FileHippo.com
2012-02-29 00:08:57 ----D---- C:\totalcmd
2012-02-29 00:08:57 ----D---- C:\Documents and Settings\lubos\Data aplikací\GHISLER
2012-02-29 00:08:57 ----A---- C:\WINDOWS\UC.PIF
2012-02-29 00:08:57 ----A---- C:\WINDOWS\RAR.PIF
2012-02-29 00:08:57 ----A---- C:\WINDOWS\PKZIP.PIF
2012-02-29 00:08:57 ----A---- C:\WINDOWS\PKUNZIP.PIF
2012-02-29 00:08:57 ----A---- C:\WINDOWS\NOCLOSE.PIF
2012-02-29 00:08:57 ----A---- C:\WINDOWS\LHA.PIF
2012-02-29 00:08:57 ----A---- C:\WINDOWS\ARJ.PIF
2012-02-28 22:15:14 ----D---- C:\foto
2012-02-15 16:51:52 ----HD---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-15 16:51:24 ----HD---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-15 09:13:34 ----N---- C:\WINDOWS\system32\iacenc.dll
2012-02-07 11:19:29 ----D---- C:\Program Files\MSECache

======List of files/folders modified in the last 1 month======

2012-03-04 08:49:42 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-02-15 16:56:00 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-15 16:52:02 ----A---- C:\WINDOWS\system32\MRT.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-12-25 691696]
R1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2011-09-06 30808]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2011-09-06 34392]
R1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2011-09-06 442200]
R1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2011-09-06 320856]
R1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2011-09-06 52568]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2011-09-06 20568]
R2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2011-09-06 110552]
R2 BPPROT;Intel(R) WiMAX Link Protocol Driver; C:\WINDOWS\system32\DRIVERS\bpprot.sys [2009-02-01 18560]
R2 s24trans;WLAN Transport; C:\WINDOWS\system32\DRIVERS\s24trans.sys [2008-08-13 11904]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\WINDOWS\system32\DRIVERS\bcmwl5.sys [2008-09-10 1386624]
R3 bpenum;Intel(R) WiMAX Link Enumerator; C:\WINDOWS\system32\DRIVERS\bpenum.sys [2009-02-01 163840]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\WINDOWS\system32\drivers\CHDAU32.sys [2010-03-26 1774648]
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\igxpmp32.sys [2008-10-21 6048480]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2010-03-22 222672]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\WINDOWS\System32\Drivers\usbvideo.sys [2008-04-14 121984]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
S3 aana3pog;aana3pog; C:\WINDOWS\system32\drivers\aana3pog.sys []
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 nmwcd;Nokia USB Phone Parent; C:\WINDOWS\system32\drivers\ccdcmb.sys [2007-11-29 16896]
S3 nmwcdc;Nokia USB Generic; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2007-11-29 19328]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2007-09-17 21632]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 TrufosAlt;TrufosAlt; C:\WINDOWS\system32\DRIVERS\TrufosAlt.sys [2011-10-16 306320]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2007-11-29 8064]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;Nokia USB Serial Port; C:\WINDOWS\system32\DRIVERS\usbser.sys [2008-04-14 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2007-11-29 8064]
S3 vpnva;Cisco AnyConnect VPN Virtual Miniport Adapter for Windows; C:\WINDOWS\system32\DRIVERS\vpnva.sys [2009-02-03 20152]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2011-09-06 44768]
R2 DMAgent;Intel(R) PROSet/Wireless WiMAX Red Bend Device Management Service; C:\Program Files\Intel\WiMAX\Bin\DMAgent.exe [2009-02-05 348160]
R2 vpnagent;Cisco AnyConnect VPN Agent; C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2009-02-03 427192]
R2 WiMAXAppSrv;Intel(R) PROSet/Wireless WiMAX Service; C:\Program Files\Intel\WiMAX\Bin\AppSrv.exe [2009-02-05 2379776]
S2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40ST7.EXE [2007-12-17 143872]
S2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\Documents and Settings\All Users\Data aplikací\EPSON\EPW!3 SSRP\E_S40RP7.EXE [2007-01-11 113664]
S2 EvtEng;Intel(R) PROSet/Wireless Event Log; C:\Program Files\Intel\WiFi\bin\EvtEng.exe [2009-02-27 870672]
S2 RegSrvc;Intel(R) PROSet/Wireless Registry Service; C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe [2009-02-27 473360]
S2 S24EventMonitor;Intel(R) PROSet/Wireless WiFi Service; C:\Program Files\Intel\WiFi\bin\S24EvMon.exe [2009-02-27 909312]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-04-29 572928]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

• Ukoncete vsechny programy
• Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
• Pockejte na dokonceni PreScanu
• Zvolte moznost Prohledat (scan)
• Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

[luboss_evo]

RogueKiller V7.2.1 [02/29/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v: Normální režim
Uživatel: lubos [Práva správce]
Mode: Kontrola -- Date: 03/04/2012 18:46:40

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrů: 3 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[PROXY IE] HKCU\[...]\Internet Settings : ProxyServer (cache.natur.cuni.cz:3128) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač: [NAHRÁNO] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
ÿþ1

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: WDC WD2500BEVT-24A23T0 +++++
--- User ---
[MBR] 5afba683f74fc940e19217b25a1f7023
[BSP] d1bd78cef1535804381c2f83d4d77b0f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] FAT32-LBA (0x0c) [VISIBLE] Offset (sectors): 63 | Size: 30004 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 61448625 | Size: 30004 Mo
2 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 486126272 | Size: 1108 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[1].txt >>
RKreport[1].txt

[vyosek]

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

• Ulozte nejlepe na plochu
• Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Report
• Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

[luboss_evo]

pri tomhle ani predchozim scanu jsem nemel zapojeny externi HD, vadi to?

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 23 Stepping 10, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/03/04 (ISO 8601) at 19:08:42
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD2500BEVT-24A23T0 (01.01A02)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	232.9 Go  [Fixed] ==> XP MBR Code

MBR_MD5   : 5AFBA683F74FC940E19217B25A1F7023
MBR_SHA1  : B5949A9A6D6FAD3883166C2A40EF9BE313C5851D

Device\Harddisk0\Partition1	29.30 Go  	0x0C FAT32 [LBA]  __ BOOTABLE __
Device\Harddisk0\Partition2	29.30 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition3	1.08 Go  	0x12 Diagnostic 
________________________________________________________________________________

############################### Additional scan ################################

DRIVER  : C:\WINDOWS\System32\Drivers\dump_atapi.sys => Invisible on the disk
ADDRESS : 0xA8248000
SIZE    : 96.0 Ko

DRIVER  : C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS => Invisible on the disk
ADDRESS : 0xBA5C0000
SIZE    : 8.0 Ko

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 4E 65 70 6C   2ä.V.Í.ëÖaùÃNepl
0x00000130   61 74 6E A0 20 74 61 62 75 6C 6B 61 20 6F 64 64   atn. tabulka odd
0x00000140   A1 6C 85 00 43 68 79 62 61 20 70 FD 69 20 6E 61   ¡l..Chyba pýi na
0x00000150   9F A1 74 A0 6E A1 20 6F 70 65 72 61 9F 6E A1 68   .¡t.n¡ opera.n¡h
0x00000160   6F 20 73 79 73 74 82 6D 75 00 4F 70 65 72 61 9F   o syst.mu.Opera.
0x00000170   6E A1 20 73 79 73 74 82 6D 20 6E 65 6E 61 6C 65   n¡ syst.m nenale
0x00000180   7A 65 6E 00 00 00 00 00 00 00 00 00 00 00 00 00   zen.............
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 6A FF C3 FF C3 00 00 80 01   .....,Dj.Ã.Ã....
0x000001C0   01 00 0C FE FF FF 3F 00 00 00 72 A1 A9 03 00 FE   ...þ..?...r¡©..þ
0x000001D0   FF FF 07 FE FF FF B1 A1 A9 03 B1 A1 A9 03 00 FE   ...þ..±¡©.±¡©..þ
0x000001E0   FF FF 12 FE FF FF C0 B2 F9 1C B0 A6 22 00 00 00   ...þ..À²ù.°¦"...
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

[vyosek]

Ne nevadi, ale ted pred ComboFixem jej pripojte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[luboss_evo]

Vse jsem udelal podle navodu, poprve se mi zaseklo PC po 25 minutach po druhe mi asi po 15 min zcernala obrazovka (mozna se zapnul sporic), tak jsem to pak jeste 10 min nechal bezet, ale pocitac nereagoval. Nikam jsem behem scanu neklikal, vsechny aplikace jsem mel zavrene, antivir a firewall taky.

[vyosek]

Zkuste CF aplikovat v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

[luboss_evo]

Tak jsem to zase nekolikrat zkousel, v nouzovym stavu i normalne a nejde to. Vubec se mi nezacnou nacitat ty faze, jak je napsano v navodu. Jen to napise, ze to muze trvat i vic jak 10 min a pak tam blika kurzor a pul hodiny se nic nedeje.