Problém s virem PC nejde vypnout

Zpráva

Jehuda · #1 Příspěvek od **Jehuda** » 02 srp 2012 15:42

Ahoj, v PC byl vir a nyní jej nelze vypnout. Log z RSIT také nejde vytvořit. Program se sekne. Taktéž nelze přidat přílohu do mailu. Mozila se sekne. Mohu zkusit LOG ve stavu nouze?

Jehuda · #2 Příspěvek od **Jehuda** » 02 srp 2012 15:50

Ano dám to za chvilku vědět. Ve stavu nouze se mi log podařil:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2012-08-02 16:47:33
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 49 GB (64%) free of 76 GB
Total RAM: 767 MB (79% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:48:43, on 2.8.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.17110)
Boot mode: Safe mode with network support

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\Admin\Plocha\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2529008
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [SiSUSBRG] C:\WINDOWS\SiSUSBrg.exe
O4 - HKLM\..\Run: [SmartRAM] C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe /m
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe"
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
O4 - HKLM\..\Run: [Služba Acronis Scheduler2] "C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe"
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (file missing)
O17 - HKLM\System\CS2\Services\Tcpip\..\{62CD56EF-C853-4B78-9608-DD69F023CB03}: NameServer = 62.204.224.2,62.204.224.3,195.146.99.31
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: lxcz_device - - C:\WINDOWS\system32\lxczcoms.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)

--
End of file - 6547 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\avast! Emergency Update.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fkia5xm4.default

prefs.js - "browser.startup.homepage" - "www.seznam.cz"
prefs.js - "extensions.enabledItems" - "{31c7d459-9cc3-44f2-9dca-fc11795309b4}:2.5.6.0, {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}:6.0.05, {CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}:6.0.11, {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13, {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}:6.0.15, {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17, jqs@sun.com:1.0, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, cs@dictionaries.addons.mozilla.org:1.0.2, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22, {1d8566bd-f06f-4029-a3be-ba80af5a09f3}:3.3.3.2, engine@conduit.com:3.3.3.2, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.17"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

"{20a82645-c095-46ed-80e3-08825760534b}"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"wrc@avast.com"=C:\Program Files\Alwil Software\Avast5\WebRep\FF
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1]
"Description"=Yahoo! activeX Plug-in Bridge
"Path"=C:\Program Files\Yahoo!\Common\npyaxmpb.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\plugins\
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fkia5xm4.default\extensions\
cs@dictionaries.addons.mozilla.org
toolbar@ask.com

C:\Documents and Settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fkia5xm4.default\searchplugins\
askcomsearch.xml
conduit.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2006-12-18 59032]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-05 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-05 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2012-04-05 79648]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-07-03 1160792]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"=C:\WINDOWS\SiSUSBrg.exe [2002-07-12 106496]
"SmartRAM"=C:\Program Files\IObit\Advanced WindowsCare V2\MemCleaner.exe [2007-10-29 662016]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2008-01-21 61440]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2003-06-10 55296]
"TrueImageMonitor.exe"=C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe [2009-11-26 5129128]
"Služba Acronis Scheduler2"=C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe [2009-11-26 361976]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-07-03 4273976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2008-05-12 139264]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2006-02-14 567016]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2009-01-30 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoResolveSearch"=1
"HonorAutoRunSetting"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"C:\WINDOWS\system32\lxczcoms.exe"="C:\WINDOWS\system32\lxczcoms.exe:*:Enabled:Lexmark Communications System"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Windows Commander\WINCMD32.EXE"="C:\Windows Commander\WINCMD32.EXE:*:Enabled:Windows Commander 32 bit international version, file manager replacement for Windows"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"vidc.iv41"=ir41_32.ax
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"MSVideo8"=VfWWDM32.dll
"midi"=wdmaud.drv
"wave"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer"=wdmaud.drv

======List of files/folders created in the last 1 month======

2012-08-02 16:46:44 ----A---- C:\WINDOWS\ntbtlog.txt
2012-08-02 16:45:55 ----D---- C:\avast! sandbox
2012-07-25 12:56:07 ----D---- C:\Program Files\Ashampoo
2012-07-17 21:39:52 ----HDC---- C:\WINDOWS\$NtUninstallKB2691442$
2012-07-17 21:39:36 ----HDC---- C:\WINDOWS\$NtUninstallKB2718523$
2012-07-17 21:39:22 ----HDC---- C:\WINDOWS\$NtUninstallKB2655992$
2012-07-17 21:39:04 ----HDC---- C:\WINDOWS\$NtUninstallKB2719985$
2012-07-17 21:36:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2698365$
2012-07-17 20:09:56 ----SHD---- C:\Documents and Settings\All Users\Data aplikací\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-17 20:09:56 ----HD---- C:\Documents and Settings\All Users\Data aplikací\Common Files
2012-07-15 09:03:21 ----D---- C:\Documents and Settings\Admin\Data aplikací\.minecraft
2012-07-12 14:03:02 ----HDC---- C:\WINDOWS\$NtUninstallKB942288-v3$
2012-07-12 12:35:12 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-07-12 12:25:05 ----D---- C:\Program Files\CCleaner
2012-07-12 12:18:00 ----D---- C:\WINDOWS\pss
2012-07-12 12:16:24 ----D---- C:\Program Files\xpantispy

======List of files/folders modified in the last 1 month======

2012-08-02 16:48:35 ----D---- C:\Program Files\trend micro
2012-08-02 16:47:10 ----D---- C:\WINDOWS
2012-08-02 16:45:56 ----D---- C:\WINDOWS\Temp
2012-08-02 16:37:03 ----D---- C:\WINDOWS\Prefetch
2012-07-27 13:40:13 ----A---- C:\WINDOWS\wincmd.ini
2012-07-27 11:30:21 ----D---- C:\WINDOWS\system32
2012-07-25 12:56:07 ----RD---- C:\Program Files
2012-07-25 12:44:50 ----D---- C:\Documents and Settings
2012-07-21 20:21:27 ----D---- C:\WINDOWS\SoftwareDistribution
2012-07-21 20:21:27 ----D---- C:\WINDOWS\Debug
2012-07-21 14:29:52 ----D---- C:\Program Files\Mozilla Firefox
2012-07-21 14:29:37 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-07-20 20:24:24 ----SD---- C:\WINDOWS\Tasks
2012-07-17 21:40:01 ----HD---- C:\WINDOWS\inf
2012-07-17 21:40:00 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-07-17 21:39:29 ----HD---- C:\WINDOWS\$hf_mig$
2012-07-17 21:36:49 ----A---- C:\WINDOWS\system32\MRT.exe
2012-07-17 21:35:04 ----D---- C:\WINDOWS\system32\CatRoot2
2012-07-12 14:03:24 ----D---- C:\WINDOWS\system32\mui
2012-07-12 14:02:36 ----D---- C:\WINDOWS\system32\CatRoot
2012-07-12 12:30:54 ----D---- C:\Documents and Settings\Admin\Data aplikací\Skype
2012-07-12 12:23:11 ----D---- C:\Program Files\Messenger
2012-07-12 12:12:55 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-07-12 12:11:47 ----D---- C:\Program Files\Emilka Holubová - Montezumův poklad
2012-07-04 09:36:09 ----D---- C:\Documents and Settings\Admin\Data aplikací\skypePM
2012-07-03 18:21:28 ----A---- C:\WINDOWS\system32\aswBoot.exe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 sisagp;SiS AGP Filter; C:\WINDOWS\System32\DRIVERS\SISAGPX.sys [2003-02-20 36608]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-08-08 158272]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2010-08-08 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-08-08 581984]
R1 aswRdr;aswRdr; C:\WINDOWS\system32\drivers\aswRdr.sys [2012-07-03 35928]
R1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2002-09-23 12032]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\System32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Aavmker4;avast! Asynchronous Virus Monitor; C:\WINDOWS\system32\drivers\Aavmker4.sys [2012-07-03 25256]
S1 aswKbd;aswKbd; C:\WINDOWS\system32\drivers\aswKbd.sys [2012-02-23 24408]
S1 aswSnx;aswSnx; C:\WINDOWS\system32\drivers\aswSnx.sys [2012-07-03 721000]
S1 aswSP;aswSP; C:\WINDOWS\system32\drivers\aswSP.sys [2012-07-03 353688]
S1 aswTdi;avast! Network Shield Support; C:\WINDOWS\system32\drivers\aswTdi.sys [2012-07-03 54232]
S2 AMON;AMON; \??\C:\WINDOWS\system32\drivers\amon.sys []
S2 aswFsBlk;aswFsBlk; C:\WINDOWS\system32\drivers\aswFsBlk.sys [2012-07-03 21256]
S2 aswMon2;avast! Standard Shield Support; C:\WINDOWS\system32\drivers\aswMon2.sys [2012-07-03 97608]
S3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-08-08 160288]
S3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2003-06-19 752764]
S3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2008-05-12 3007488]
S3 CCDECODE;Dekodér Closed Caption; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2008-04-14 17024]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2008-04-14 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2008-04-14 85248]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2008-04-14 10880]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2009-05-29 47360]
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2008-04-14 11136]
S3 snpstd;VideoCAM Messenger; C:\WINDOWS\system32\DRIVERS\snpstd.sys [2004-06-25 331008]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2008-04-14 15232]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\System32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 WSTCODEC;Dálnopisný kodek světového standardu; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2008-04-14 19200]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 661008]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-08-08 2480048]
S2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2008-05-12 540672]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2008-05-12 593920]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-07-03 44808]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-03 135664]
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2012-04-05 153376]
S2 lxcz_device;lxcz_device; C:\WINDOWS\system32\lxczcoms.exe [2007-02-09 537520]
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2001-02-23 270336]
S2 NOD32krn;NOD32 Kernel Service; C:\Program Files\Eset\nod32krn.exe []
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-04-03 135664]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-21 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2009-02-04 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Jehuda · #3 Příspěvek od **Jehuda** » 02 srp 2012 15:57

Tak jednalo se o maleware gen. Víc nezjistím, mimo jiné je narušený i Avast. Odmítá kontrolu po restartu, neaktualizuje se a při kopírování záznamu o virech se seknul.

Jehuda · #4 Příspěvek od **Jehuda** » 02 srp 2012 16:36

Omlouvám se, psal jsem trochu ve spěchu a zmatečně. Není to moje PC ale mého tchána takže na závady teprve přicházím a pokusím se to nějak rozumně popsat.
PC normálně zapnu a windows běží bez problému. Asi před 2-3 týdny tchánovi Avast nahlásil nějakého vira a on jej přesunul do truhly. Poté dělal test Avastem při běhu windows a žádný další vir nebyl nalezen. Nyní je stav takový, že při psaní e-mailu není možné připojit přílohu. Mozila zamrzne a nejde nijak vypnout. Dále když v nabídce start dá vypnout počítač, tak probíhá ukládání dat a pak zůstane na obrazovce jen nápis vypínání a PC se nevypne. Dále se už nějakou dobu neaktualizuje Avast, při naplánování testu po restaru se při zapnutí PC normálně rozjedou windows a test se nekoná. Při pokusu zkopírování posledních událostí z Avastu se Avast kousne a nejde vypnout. Nyní se pokouším nainstalovat Aviru a projet systém jiným antivirem ale stále probíhá instalace a nijak nekončí. Log se mi podařilo udělat až ve stavu nouze. Prosím o pomoc, děkuji

Jehuda · #5 Příspěvek od **Jehuda** » 02 srp 2012 16:38

Kód: Vybrat vše

MBRScan v1.1.1

OS             : Windows XP Home Service Pack 3 (32 bit)
PROCESSOR      : x86 Family 6 Model 8 Stepping 1, AuthenticAMD
BOOT           : Normal Boot
DATE           : 2012/08/02 (ISO 8601) at 17:37:36
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __ST380023A (3.53)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : YES
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	74.53 Go  [Fixed] ==> Unknown MBR Code

MBR_MD5   : 68FC7E885DFEC0FDC4294BC2CEB27A6C
MBR_SHA1  : 4934AEE2D7929F94169331E37DDE98638856D5FD

Device\Harddisk0\Partition1	74.52 Go  	0x07 NTFS / HPFS __ BOOTABLE __
________________________________________________________________________________

############################### Additional scan ################################

SystemStartOptions : FASTDETECT  NOEXECUTE=OPTIN

________________________________________________________________________________

_______MBR   \Device\Harddisk0\DR0  

0x00000000   E8 12 01 B9 F0 01 BE 10 7C BF 10 06 57 F3 A4 C3   è..¹ð.¾.|¿..Wó¤Ã
0x00000010   8B 4E 14 83 F9 0E 75 08 8D 5E 07 43 02 07 E2 FB   .N..ù.u..^.C..âû
0x00000020   8C 56 0C 8C 56 0E 75 69 8A 56 10 84 D2 79 62 E8   .V..V.ui.V..Òybè
0x00000030   F6 00 BB AA 55 CD 13 72 6F 3B 5E 5C 75 6A D1 E9   ö.»ªUÍ.ro;^\ujÑé
0x00000040   73 66 B4 42 C6 46 02 01 EB 66 89 B6 F6 FE 8A 44   sf´BÆF..ëf.¶öþ.D
0x00000050   04 84 C0 74 0F 3C 05 74 0B 3C 0F 74 07 8A 14 80   ..Àt.<.t.<.t....
0x00000060   E2 80 75 CB 83 C6 10 06 C4 5C 08 89 5E 08 8C 46   â.uË.Æ..Ä\..^..F
0x00000070   0A 07 FE 8E F9 FE 75 D2 B0 31 C6 46 D7 50 88 46   ..þ.ùþuÒ°1ÆF×P.F
0x00000080   D4 BE 6A 07 AC 84 C0 74 08 B4 0E B3 07 CD 10 EB   Ô¾j.¬.Àt.´.³.Í.ë
0x00000090   F3 E8 81 00 88 46 11 BE AE 07 3C 05 75 C6 CD 16   óè...F.¾®.<.uÆÍ.
0x000000A0   33 D2 89 56 08 89 56 0A E8 7D 00 72 1B B8 01 02   3Ò.V..V.è}.r.¸..
0x000000B0   BF 05 00 8B DC 56 50 50 32 E4 CD 13 58 8B F5 CD   ¿...ÜVPP2äÍ.X.õÍ
0x000000C0   13 58 5E 73 03 4F 75 EB B0 32 72 B2 40 8A 66 11   .X^s.Ouë°2r²@.f.
0x000000D0   9E 7B 04 C6 47 02 0E 72 35 75 0C 88 57 40 C4 4E   .{.ÆG..r5u..W@ÄN
0x000000E0   08 89 4F 1C 8C 47 1E 79 06 8A 4E 12 88 4F 25 80   ..O..G.y..N..O%.
0x000000F0   C7 02 81 7F FE 55 AA 75 85 81 7F FA CD 19 75 09   Ç...þUªu...úÍ.u.
0x00000100   C6 47 FA E9 C7 47 FB 94 88 E8 1C 00 FF E4 74 CE   ÆGúéÇGû..è...ätÎ
0x00000110   88 57 24 EB C9 5D 33 C0 8E D8 8E C0 8E D0 BC 00   .W$ëÉ]3À.Ø.À.Ð¼.
0x00000120   7C 55 BD A2 07 FC FB C3 B4 08 52 06 CD 13 07 72   |U½¢.üûÃ´.R.Í..r
0x00000130   33 33 DB 8A DE 8B 46 0A 33 D2 83 E1 3F F7 F1 91   33Û.Þ.F.3Ò.á?÷ñ.
0x00000140   97 8B 46 08 F7 F7 42 87 CA 3B DA 72 17 43 F7 F3   ..F.÷÷B.Ê;Úr.C÷ó
0x00000150   8A F2 86 C5 D1 E8 D1 E8 0A C8 D0 CC D0 CC 0A F4   .ò.ÅÑèÑè.ÈÐÌÐÌ.ô
0x00000160   84 E4 74 02 B4 41 5B 8A D3 C3 0D 0A 4D 42 52 20   .ät.´A[.ÓÃ..MBR 
0x00000170   45 72 72 6F 72 20 00 0D 0A 00 72 65 73 73 20 61   Error ....ress a
0x00000180   6E 79 20 6B 65 79 20 74 6F 20 62 6F 6F 74 20 66   ny key to boot f
0x00000190   72 6F 6D 20 66 6C 6F 70 70 79 2E 2E 2E 00 00 00   rom floppy......
0x000001A0   00 00 10 00 01 00 00 7C 00 00 4F 42 3B 00 00 00   .......|..OB;...
0x000001B0   00 00 80 00 00 A6 0E 00 BF 0B BF 0B 00 00 80 01   .....¦..¿.¿.....
0x000001C0   01 00 07 FE FF FF 3F 00 00 00 C1 A5 50 09 00 00   ...þ..?...Á¥P...
0x000001D0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001E0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00   ................
0x000001F0   00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 AA   ..............Uª

__________________________16_BIT_ASM_CODE
   
0x0000    e8 1201         CALL 0x115   
0x0003    b9 f001         MOV CX, 0x1f0   
0x0006    be 107c         MOV SI, 0x7c10   
0x0009    bf 1006         MOV DI, 0x610   
0x000C    57              PUSH DI   
0x000D    f3 a4           REP MOVSB   
0x000F    c3              RET   
0x0010    8b4e 14         MOV CX, [BP+0x14]   
0x0013    83f9 0e         CMP CX, 0xe   
0x0016    75 08           JNZ 0x20   
0x0018    8d5e 07         LEA BX, [BP+0x7]   
0x001B    43              INC BX   
0x001C    0207            ADD AL, [BX]   
0x001E    e2 fb           LOOP 0x1b   
0x0020    8c56 0c         MOV WORD [BP+0xc], SS   
0x0023    8c56 0e         MOV WORD [BP+0xe], SS   
0x0026    75 69           JNZ 0x91   
0x0028    8a56 10         MOV DL, [BP+0x10]   
0x002B    84d2            TEST DL, DL   
0x002D    79 62           JNS 0x91   
0x002F    e8 f600         CALL 0x128   
0x0032    bb aa55         MOV BX, 0x55aa   
0x0035    cd 13           INT 0x13   
0x0037    72 6f           JB 0xa8   
0x0039    3b5e 5c         CMP BX, [BP+0x5c]   
0x003C    75 6a           JNZ 0xa8   
0x003E    d1e9            SHR CX, 0x1   
0x0040    73 66           JAE 0xa8   
0x0042    b4 42           MOV AH, 0x42   
0x0044    c646 02 01      MOV BYTE [BP+0x2], 0x1   
0x0048    eb 66           JMP 0xb0   
0x004A    89b6 f6fe       MOV [BP-0x10a], SI   
0x004E    8a44 04         MOV AL, [SI+0x4]   
0x0051    84c0            TEST AL, AL   
0x0053    74 0f           JZ 0x64   
0x0055    3c 05           CMP AL, 0x5   
0x0057    74 0b           JZ 0x64   
0x0059    3c 0f           CMP AL, 0xf   
0x005B    74 07           JZ 0x64   
0x005D    8a14            MOV DL, [SI]   
0x005F    80e2 80         AND DL, 0x80   
0x0062    75 cb           JNZ 0x2f   
0x0064    83c6 10         ADD SI, 0x10   
0x0067    06              PUSH ES   
0x0068    c45c 08         LES BX, WORD [SI+0x8]   
0x006B    895e 08         MOV [BP+0x8], BX   
0x006E    8c46 0a         MOV WORD [BP+0xa], ES   
0x0071    07              POP ES   
0x0072    fe8e f9fe       DEC BYTE [BP-0x107]   
0x0076    75 d2           JNZ 0x4a   
0x0078    b0 31           MOV AL, 0x31   
0x007A    c646 d7 50      MOV BYTE [BP-0x29], 0x50   
0x007E    8846 d4         MOV [BP-0x2c], AL   
0x0081    be 6a07         MOV SI, 0x76a   
0x0084    ac              LODSB   
0x0085    84c0            TEST AL, AL   
0x0087    74 08           JZ 0x91   
0x0089    b4 0e           MOV AH, 0xe   
0x008B    b3 07           MOV BL, 0x7   
0x008D    cd 10           INT 0x10   
0x008F    eb f3           JMP 0x84   
0x0091    e8 8100         CALL 0x115   
0x0094    8846 11         MOV [BP+0x11], AL   
0x0097    be ae07         MOV SI, 0x7ae   
0x009A    3c 05           CMP AL, 0x5   
0x009C    75 c6           JNZ 0x64   
0x009E    cd 16           INT 0x16   
0x00A0    33d2            XOR DX, DX   
0x00A2    8956 08         MOV [BP+0x8], DX   
0x00A5    8956 0a         MOV [BP+0xa], DX   
0x00A8    e8 7d00         CALL 0x128   
0x00AB    72 1b           JB 0xc8   
0x00AD    b8 0102         MOV AX, 0x201   
0x00B0    bf 0500         MOV DI, 0x5   
0x00B3    8bdc            MOV BX, SP   
0x00B5    56              PUSH SI   
0x00B6    50              PUSH AX   
0x00B7    50              PUSH AX   
0x00B8    32e4            XOR AH, AH   
0x00BA    cd 13           INT 0x13   
0x00BC    58              POP AX   
0x00BD    8bf5            MOV SI, BP   
0x00BF    cd 13           INT 0x13   
0x00C1    58              POP AX   
0x00C2    5e              POP SI   
0x00C3    73 03           JAE 0xc8   
0x00C5    4f              DEC DI   
0x00C6    75 eb           JNZ 0xb3   
0x00C8    b0 32           MOV AL, 0x32   
0x00CA    72 b2           JB 0x7e   
0x00CC    40              INC AX   
0x00CD    8a66 11         MOV AH, [BP+0x11]   
0x00D0    9e              SAHF   
0x00D1    7b 04           JNP 0xd7   
0x00D3    c647 02 0e      MOV BYTE [BX+0x2], 0xe   
0x00D7    72 35           JB 0x10e   
0x00D9    75 0c           JNZ 0xe7   
0x00DB    8857 40         MOV [BX+0x40], DL   
0x00DE    c44e 08         LES CX, WORD [BP+0x8]   
0x00E1    894f 1c         MOV [BX+0x1c], CX   
0x00E4    8c47 1e         MOV WORD [BX+0x1e], ES   
0x00E7    79 06           JNS 0xef   
0x00E9    8a4e 12         MOV CL, [BP+0x12]   
0x00EC    884f 25         MOV [BX+0x25], CL   
0x00EF    80c7 02         ADD BH, 0x2   
0x00F2    817f fe 55aa    CMP WORD [BX-0x2], 0xaa55   
0x00F7    75 85           JNZ 0x7e   
0x00F9    817f fa cd19    CMP WORD [BX-0x6], 0x19cd   
0x00FE    75 09           JNZ 0x109   
0x0100    c647 fa e9      MOV BYTE [BX-0x6], 0xe9   
0x0104    c747 fb 9488    MOV WORD [BX-0x5], 0x8894   
0x0109    e8 1c00         CALL 0x128   
0x010C    ffe4            JMP SP   
0x010E    74 ce           JZ 0xde   
0x0110    8857 24         MOV [BX+0x24], DL   
0x0113    eb c9           JMP 0xde   
0x0115    5d              POP BP   
0x0116    33c0            XOR AX, AX   
0x0118    8ed8            MOV DS, AX   
0x011A    8ec0            MOV ES, AX   
0x011C    8ed0            MOV SS, AX   
0x011E    bc 007c         MOV SP, 0x7c00   
0x0121    55              PUSH BP   
0x0122    bd a207         MOV BP, 0x7a2   
0x0125    fc              CLD   
0x0126    fb              STI   
0x0127    c3              RET   
0x0128    b4 08           MOV AH, 0x8   
0x012A    52              PUSH DX   
0x012B    06              PUSH ES   
0x012C    cd 13           INT 0x13   
0x012E    07              POP ES   
0x012F    72 33           JB 0x164   
0x0131    33db            XOR BX, BX   
0x0133    8ade            MOV BL, DH   
0x0135    8b46 0a         MOV AX, [BP+0xa]   
0x0138    33d2            XOR DX, DX   
0x013A    83e1 3f         AND CX, 0x3f   
0x013D    f7f1            DIV CX   
0x013F    91              XCHG CX, AX   
0x0140    97              XCHG DI, AX   
0x0141    8b46 08         MOV AX, [BP+0x8]   
0x0144    f7f7            DIV DI   
0x0146    42              INC DX   
0x0147    87ca            XCHG DX, CX   
0x0149    3bda            CMP BX, DX   
0x014B    72 17           JB 0x164   
0x014D    43              INC BX   
0x014E    f7f3            DIV BX   
0x0150    8af2            MOV DH, DL   
0x0152    86c5            XCHG CH, AL   
0x0154    d1e8            SHR AX, 0x1   
0x0156    d1e8            SHR AX, 0x1   
0x0158    0ac8            OR CL, AL   
0x015A    d0cc            ROR AH, 0x1   
0x015C    d0cc            ROR AH, 0x1   
0x015E    0af4            OR DH, AH   
0x0160    84e4            TEST AH, AH   
0x0162    74 02           JZ 0x166   
0x0164    b4 41           MOV AH, 0x41   
0x0166    5b              POP BX   
0x0167    8ad3            MOV DL, BL   
0x0169    c3              RET   
0x016A    0d 0a4d         OR AX, 0x4d0a   
0x016D    42              INC DX   
0x016E    52              PUSH DX   
0x016F    2045 72         AND [DI+0x72], AL   
0x0172    72 6f           JB 0x1e3   
0x0174    72 20           JB 0x196   
0x0176    000d            ADD [DI], CL   
0x0178    0a00            OR AL, [BX+SI]   
0x017A    72 65           JB 0x1e1   
0x017C    73 73           JAE 0x1f1   
0x017E    2061 6e         AND [BX+DI+0x6e], AH   
0x0181    79 20           JNS 0x1a3   
0x0183    6b65 79 20      IMUL SP, [DI+0x79], 0x20   
0x0187    74 6f           JZ 0x1f8   
0x0189    2062 6f         AND [BP+SI+0x6f], AH   
0x018C    6f              OUTSW   
0x018D    74 20           JZ 0x1af   
0x018F    66              DB 0x66   
0x018F    66 72 6f        JB 0x201   
0x0192    6d              INSW   
0x0193    2066 6c         AND [BP+0x6c], AH   
0x0196    6f              OUTSW   
0x0197    70 70           JO 0x209   
0x0199    79 2e           JNS 0x1c9   
0x019B    2e              DB 0x2e   
0x019C    2e 0000         ADD CS:[BX+SI], AL   
0x019F    0000            ADD [BX+SI], AL   
0x01A1    0010            ADD [BX+SI], DL   
0x01A3    0001            ADD [BX+DI], AL   
0x01A5    0000            ADD [BX+SI], AL   
0x01A7    7c 00           JL 0x1a9   
0x01A9    004f 42         ADD [BX+0x42], CL   
0x01AC    3b00            CMP AX, [BX+SI]   
0x01AE    0000            ADD [BX+SI], AL   
0x01B0    0000            ADD [BX+SI], AL   
0x01B2    8000 00         ADD BYTE [BX+SI], 0x0   
0x01B5    a6              CMPSB   
0x01B6    0e              PUSH CS   
0x01B7    00bf 0bbf       ADD [BX-0x40f5], BH   
0x01BB    0b00            OR AX, [BX+SI]   
0x01BD    0080 0101       ADD [BX+SI+0x101], AL   
0x01C1    0007            ADD [BX], AL   
0x01C3    fe              DB 0xfe   
0x01C4    ff              DB 0xff   
0x01C5    ff              DB 0xff   
0x01C6    3f              AAS   
0x01C7    0000            ADD [BX+SI], AL   
0x01C9    00c1            ADD CL, AL   
0x01CB    a5              MOVSW   
0x01CC    50              PUSH AX   
0x01CD    0900            OR [BX+SI], AX   
0x01CF    0000            ADD [BX+SI], AL   
0x01D1    0000            ADD [BX+SI], AL   
0x01D3    0000            ADD [BX+SI], AL   
0x01D5    0000            ADD [BX+SI], AL   
0x01D7    0000            ADD [BX+SI], AL   
0x01D9    0000            ADD [BX+SI], AL   
0x01DB    0000            ADD [BX+SI], AL   
0x01DD    0000            ADD [BX+SI], AL   
0x01DF    0000            ADD [BX+SI], AL   
0x01E1    0000            ADD [BX+SI], AL   
0x01E3    0000            ADD [BX+SI], AL   
0x01E5    0000            ADD [BX+SI], AL   
0x01E7    0000            ADD [BX+SI], AL   
0x01E9    0000            ADD [BX+SI], AL   
0x01EB    0000            ADD [BX+SI], AL   
0x01ED    0000            ADD [BX+SI], AL   
0x01EF    0000            ADD [BX+SI], AL   
0x01F1    0000            ADD [BX+SI], AL   
0x01F3    0000            ADD [BX+SI], AL   
0x01F5    0000            ADD [BX+SI], AL   
0x01F7    0000            ADD [BX+SI], AL   
0x01F9    0000            ADD [BX+SI], AL   
0x01FB    0000            ADD [BX+SI], AL   
0x01FD    0055 aa         ADD [DI-0x56], DL

Jehuda · #6 Příspěvek od **Jehuda** » 02 srp 2012 16:46

Tak a s ComboFixem to bude asi trochu horší. Spustil jsem ho ale udělal asi jen polovinu práce, to modré okno se mi už neukázalo a taky jsem zjistil, že když kliknu na tento počítač tak se mi žádný z disků neukáže. Jen ta ikona prohledávací svítilny lítá z jedné strany na druhou u čehož by se možná dalo i dobře usnout

Jehuda · #7 Příspěvek od **Jehuda** » 02 srp 2012 17:18

Do prčic, já to o tom nouzovém režimu přehlídnul. Jdu na to ještě jednou a tentokrát ve stavu nouze.

Jehuda · #8 Příspěvek od **Jehuda** » 02 srp 2012 17:57

Takže tady je ten ComboFix:
Mám dále provést to s OTLPEnet?

ComboFix 12-07-31.03 - Admin 02.08.2012 18:45:50.1.1 - x86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.3.1250.420.1029.18.767.586 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Plocha\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: avast! Antivirus *Disabled* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Dokumenty\~WRL1248.tmp
c:\documents and settings\Admin\WINDOWS
c:\documents and settings\Studio\StudioCZ.plg
c:\windows\IsUn0405.exe
c:\windows\system32\_000125_.tmp.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-07-02 do 2012-08-02 )))))))))))))))))))))))))))))))
.
.
2012-08-02 16:12 . 2012-08-02 16:12 -------- d-----w- C:\avast! sandbox
2012-08-02 15:11 . 2012-08-02 15:11 -------- d-----w- C:\4b6fb6cd2fd237ed3ac8dae9
2012-08-02 15:03 . 2012-08-02 15:03 -------- d-----w- C:\ea5dd4601458142f77a162
2012-07-25 10:56 . 2012-07-25 10:56 -------- d-----w- c:\documents and settings\Admin\Local Settings\Data aplikací\Ashampoo Photo Optimizer
2012-07-25 10:56 . 2012-07-25 10:56 -------- d-----w- c:\program files\Ashampoo
2012-07-25 10:44 . 2012-08-02 16:51 -------- d-----w- c:\documents and settings\Studio
2012-07-17 18:09 . 2012-07-17 18:20 -------- d-sh--w- c:\documents and settings\All Users\Data aplikací\{32364CEA-7855-4A3C-B674-53D8E9B97936}
2012-07-17 18:09 . 2012-07-17 18:09 -------- d--h--w- c:\documents and settings\All Users\Data aplikací\Common Files
2012-07-15 07:03 . 2012-07-24 13:11 -------- d-----w- c:\documents and settings\Admin\Data aplikací\.minecraft
2012-07-12 10:25 . 2012-07-12 10:30 -------- d-----w- c:\program files\CCleaner
2012-07-12 10:16 . 2012-07-12 10:16 -------- d-----w- c:\program files\xpantispy
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 16:21 . 2010-08-08 14:47 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-07-03 16:21 . 2011-07-27 18:55 721000 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-07-03 16:21 . 2010-08-08 14:47 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-07-03 16:21 . 2010-08-08 14:47 353688 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-07-03 16:21 . 2010-08-08 14:47 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-07-03 16:21 . 2010-08-08 14:47 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-07-03 16:21 . 2010-08-08 14:47 89624 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-07-03 16:21 . 2010-08-08 14:47 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-07-03 16:21 . 2010-08-08 14:46 41224 ----a-w- c:\windows\avastSS.scr
2012-07-03 16:21 . 2010-08-08 14:46 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-06-23 06:25 . 2012-05-01 06:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 06:25 . 2011-08-11 06:40 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-13 13:55 . 2002-09-23 12:00 1866112 ----a-w- c:\windows\system32\win32k.sys
2012-06-05 15:49 . 2007-05-15 13:43 1372672 ----a-w- c:\windows\system32\msxml6.dll
2012-06-05 15:49 . 2002-09-23 12:00 1172480 ----a-w- c:\windows\system32\msxml3.dll
2012-06-04 04:32 . 2002-09-23 12:00 152576 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuaucpl.cpl.mui
2012-06-02 13:19 . 2009-08-06 17:24 22552 ----a-w- c:\windows\system32\wucltui.dll.mui
2012-06-02 13:19 . 2010-08-07 19:07 219160 ----a-w- c:\windows\system32\wuaucpl.cpl
2012-06-02 13:19 . 2004-08-11 07:34 329240 ----a-w- c:\windows\system32\wucltui.dll
2012-06-02 13:19 . 2004-08-11 07:34 210968 ----a-w- c:\windows\system32\wuweb.dll
2012-06-02 13:19 . 2010-08-07 18:46 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 13:19 . 2009-08-06 17:24 18456 ----a-w- c:\windows\system32\wuaueng.dll.mui
2012-06-02 13:19 . 2009-08-06 17:24 15384 ----a-w- c:\windows\system32\wuapi.dll.mui
2012-06-02 13:19 . 2005-05-26 02:16 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 13:19 . 2004-08-11 07:34 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 13:19 . 2002-09-23 12:00 97304 ----a-w- c:\windows\system32\cdm.dll
2012-06-02 13:19 . 2004-08-11 07:34 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 13:19 . 2010-08-07 18:46 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-05-31 13:22 . 2002-09-23 12:00 602112 ----a-w- c:\windows\system32\crypt32.dll
2012-05-15 15:36 . 2002-09-23 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2012-05-05 03:14 . 2002-09-23 12:00 2194816 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-05 03:14 . 2002-09-20 17:12 2071296 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-07-21 12:29 . 2011-10-13 17:44 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-03 16:21 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiSUSBRG"="c:\windows\SiSUSBrg.exe" [2002-07-12 106496]
"SmartRAM"="c:\program files\IObit\Advanced WindowsCare V2\MemCleaner.exe" [2007-10-29 662016]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-01-21 61440]
"SoundMan"="SOUNDMAN.EXE" [2003-06-10 55296]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2009-11-26 5129128]
"Služba Acronis Scheduler2"="c:\program files\Common Files\Acronis\Plán2\schedhlp.exe" [2009-11-26 361976]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-07-03 4273976]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0auto_reactivate \\?\Volume{3a771385-a262-11df-9b10-806d6172696f}\bootwiz\asrm.bin
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\WINDOWS\\system32\\lxczcoms.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Windows Commander\\WINCMD32.EXE"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015
"1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016
"500:UDP"= 500:UDP:@xpsp2res.dll,-22017
.
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [8.8.2010 17:40 911680]
S1 aswKbd;aswKbd;c:\windows\system32\drivers\aswKbd.sys [25.2.2012 18:04 24408]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [27.7.2011 20:55 721000]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [8.8.2010 16:47 353688]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5;c:\program files\IObit\Advanced SystemCare 5\ASCService.exe [1.6.2012 12:38 913792]
S2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [8.8.2010 17:40 2480048]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [8.8.2010 16:47 21256]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [3.4.2010 17:19 135664]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [1.5.2012 8:13 250056]
S3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [8.8.2010 17:40 160288]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [3.4.2010 17:19 135664]
S3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [6.5.2012 16:17 113120]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [29.5.2009 12:42 47360]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-08-02 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\Alwil Software\Avast5\AvastEmUpdate.exe [2012-07-03 16:21]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 15:19]
.
2012-08-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-03 15:19]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2529008
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&s ... f8&oe=utf8
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
LSP: c:\windows\system32\imon.dll
TCP: DhcpNameServer = 192.168.100.100
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\fkia5xm4.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2529008&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2529008&SearchSource=2&q=
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-08-02 18:51
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(612)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'winlogon.exe'(1308)
c:\windows\system32\Ati2evxx.dll
.
Celkový čas: 2012-08-02 18:54:00
ComboFix-quarantined-files.txt 2012-08-02 16:53
.
Před spuštěním: Volných bajtů: 50 819 067 904
Po spuštění: Volných bajtů: 52 410 224 640
.
WindowsXP-KB310994-SP2-Home-BootDisk-CSY.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn
.
- - End Of File - - 90287FE2FF012104657D30F732C30A31

Jehuda · #9 Příspěvek od **Jehuda** » 02 srp 2012 18:14

To mne taky napadlo, jenomže zálohu jsem tchánovi prováděl už asi před 10 měsíci a od té doby se mnoho změnilo.

Jehuda · #10 Příspěvek od **Jehuda** » 02 srp 2012 18:37

Tak jsem nabootoval z cd, spustil OTLPE a do bileho pole zkopiroval data. Po te jsem klikl na Run Scan a nyni program pracuje.

Jehuda · #11 Příspěvek od **Jehuda** » 02 srp 2012 18:50

Mam LOG, jak y nej mam udelat zip prilohu? Zatim jsem ho ulozil do dokumentu. Mam tedy vypnout PC, nabootovat klasicky windows a pak udelat ve winraru archiv a prilozit ho?

Jehuda · #12 Příspěvek od **Jehuda** » 02 srp 2012 19:05

Ufff, dalo mi to trochu zabrat

OTL.7z: (75.78 KiB) Staženo 59 x

Jehuda · #13 Příspěvek od **Jehuda** » 02 srp 2012 19:28

Tak ti tak nějak nevím jak to otestovat na tom virustotalu. Kde ten soubor najdu k připojení na stránkách VirusTotalu

Jehuda · #14 Příspěvek od **Jehuda** » 02 srp 2012 19:35

Tak jsem si už mezi tím poradil. U všech antivirů negativní takže OK. Nyní se podívám na ten eset a iobit

Jehuda · #15 Příspěvek od **Jehuda** » 02 srp 2012 19:47

Tak složku s Iobit jsem smazal. Ale nic z toho mi Revo uninstaler neukázal jako nainstalované. Každopádně všechno tohle může být smazáno. Akorát nevím jak to co nejbezpečněji udělat.

VIRY.CZ

Problém s virem PC nejde vypnout

Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout

Re: Problém s virem PC nejde vypnout