VIRY.CZ

Dobry vecer kamarat mi doniesol starsi stolovy PC s tymto virusom policia SR, PC pouziva prevazne na emaily a office, do pc sa nieje mozne dostat beznym sposobom spustenia win xp a ani v safe mode ako administrator alebo ani ako user. chcel som urobit log z rsit v safe mode ale nie je to mozne, este podotknem ze PC je odpojeny od internetu, pisem z druheho pocitaca a rsit je na usb kluci pripojenom v zavirenom pc, dalej nepomoze v safe mode ani obnova systemu naspat, pri nabiehani skoci obrazovka policia SR, je prosim nejaka moznost tento vir z pc dostat prec. dakujem za Vasu pomoc a prajem prijemny vecer.

Zdravim

Zkuste udelat FRST http://forum.viry.cz/viewtopic.php?f=13&t=130781

Dakujem za pomoc, tu je log a zavireny pc som vypol, este sa chcem opitat nehrozi ze cez USB disk sa prenesie vir aj na moj pc kedze ho pouzivam aj v zavirenom aj v mojom pc?

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-07-2013
Ran by Administrator (administrator) on 02-07-2013 21:30:41
Running from F:\
Microsoft Windows XP Service Pack 2 (X86) OS Language: English(US)
Internet Explorer Version 6
Boot Mode: Safe Mode (minimal)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [281768 2011-04-21] (Avira GmbH)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [159744 2005-10-26] (Sony Ericsson Mobile Communications AB)
HKLM\...\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe [x]
HKU\Milan\...\Run: [CTFMON.EXE] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\qeoio.dat,FG00 [ 2013-06-11] (Microsoft Corporation)
HKU\Milan\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-08-04] (Microsoft Corporation)
HKU\Milan\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Milan\Application Data\skype.dat <==== ATTENTION
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> c:\docume~1\alluse~1\applic~1\qeoio.dat ()
Startup: C:\Documents and Settings\Administrator.PC-4\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> c:\docume~1\alluse~1\applic~1\qeoio.dat ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Utility.lnk
ShortcutTarget: Wireless Utility.lnk -> C:\Program Files\EDIMAX\Common\RaUI.exe (Edimax Technology Co., Ltd)
Startup: C:\Documents and Settings\Milan\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\qeoio.dat ()
Startup: C:\Documents and Settings\Milan\Start Menu\Programs\Startup\Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk
ShortcutTarget: Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope value is missing.
BHO: Podpora odkazu pro Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL (Microsoft Corporation)
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL (Microsoft Corporation)
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value -
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
ShellExecuteHooks: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2210608 2006-10-27] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1

========================== Services (Whitelisted) =================

S2 AntiVirSchedulerService; C:\Program Files\Avira\AntiVir Desktop\sched.exe [136360 2011-04-21] (Avira GmbH)
S4 AntiVirService; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [269480 2011-11-12] (Avira GmbH)
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\qeoio.dat [159744 2013-06-11] ()

==================== Drivers (Whitelisted) ====================

S2 AegisP; C:\Windows\System32\DRIVERS\AegisP.sys [21361 2012-01-02] (Cisco Systems, Inc.)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [138192 2011-11-12] (Avira GmbH)
S3 ctljystk; C:\Windows\System32\DRIVERS\ctljystk.sys [3712 2001-08-17] (Creative Technology Ltd.)
S3 emu10k; C:\Windows\System32\drivers\emu10k1m.sys [283904 2001-08-17] (Creative Technology Ltd.)
S3 emu10k1; C:\Windows\System32\drivers\ctlfacem.sys [6912 2001-08-17] (Creative Technology Ltd.)
S3 RT73; C:\Windows\System32\DRIVERS\rt73.sys [459520 2008-01-15] (Ralink Technology, Corp.)
S3 Secdrv; C:\Windows\System32\DRIVERS\secdrv.sys [27440 2004-08-04] ()
S3 sfman; C:\Windows\System32\drivers\sfmanm.sys [36480 2001-08-17] (Creative Technology Ltd.)
S1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2010-06-17] (Avira GmbH)
S3 trid3d; C:\Windows\System32\DRIVERS\trid3dm.sys [222336 2001-08-17] (Trident Microsystems Inc.)
S3 VIAudio; C:\Windows\System32\drivers\ac97via.sys [84480 2004-08-04] (VIA Technologies, Inc.)
S3 w200bus; C:\Windows\System32\DRIVERS\w200bus.sys [61504 2006-11-07] (MCCI)
S4 IntelIde; No ImagePath
U1 WS2IFSL;

========================== Drivers MD5 =======================

C:\Windows\System32\DRIVERS\ACPI.sys A10C7534F7223F4A73A948967D00E69B
C:\Windows\System32\Drivers\ACPIEC.sys 9859C0F6936E723E4892D7141B1327D5
C:\Windows\System32\drivers\aec.sys 841F385C6CFAF66B58FBD898722BB4F0
C:\Windows\System32\DRIVERS\AegisP.sys 023867B6606FBABCDD52E089C4A507DA
C:\Windows\System32\drivers\afd.sys 5AC495F4CB807B2B98AD2AD591E6D92E
C:\Windows\System32\DRIVERS\asyncmac.sys 02000ABF34AF4C218C35D257024807D6
C:\Windows\System32\DRIVERS\atapi.sys CDFE4411A69C224BD1D11B2DA92DAC51
C:\Windows\System32\DRIVERS\atmarpc.sys EC88DA854AB7D7752EC8BE11A741BB7F
C:\Windows\System32\DRIVERS\audstub.sys D9F724AA26C010A217C97606B160ED68
C:\Windows\System32\DRIVERS\avipbb.sys 0F78D3DAE6DEDD99AE54C9491C62ADF2
C:\Windows\System32\Drivers\Beep.sys DA1F27D85E0D1525F6621372E7B685E9
C:\Windows\System32\Drivers\cbidf2k.sys 90A673FC8E12A79AFBED2576F6A7AAF9
C:\Windows\System32\Drivers\Cdaudio.sys C1B486A7658353D33A10CC15211A873B
C:\Windows\System32\Drivers\Cdfs.sys CD7D5152DF32B47F4E36F710B35AAE02
C:\Windows\System32\DRIVERS\cdrom.sys AF9C19B3100FE010496B1A27181FBF72
C:\Windows\System32\DRIVERS\ctljystk.sys 71007BD2E1E26927FE3E4EB00C0BEEDF
C:\Windows\System32\DRIVERS\disk.sys 00CA44E4534865F8A3B64F7C0984BFF0
C:\Windows\System32\drivers\dmboot.sys C0FBB516E06E243F0CF31F597E7EBF7D
C:\Windows\System32\drivers\dmio.sys F5E7B358A732D09F4BCF2824B88B9E28
C:\Windows\System32\drivers\dmload.sys E9317282A63CA4D188C0DF5E09C6AC5F
C:\Windows\System32\drivers\DMusic.sys A6F881284AC1150E37D9AE47FF601267
C:\Windows\System32\drivers\drmkaud.sys 1ED4DBBAE9F5D558DBBA4CC450E3EB2E
C:\Windows\System32\drivers\emu10k1m.sys 01F83E1B5DCE05F5CB7D99113CA9E890
C:\Windows\System32\drivers\ctlfacem.sys 7FFA171CCE6A8BFC774862A578BA39A2
C:\Windows\System32\Drivers\Fastfat.sys 3117F595E9615E04F05A54FC15A03B20
C:\Windows\System32\DRIVERS\fdc.sys CED2E8396A8838E59D8FD529C680E02C
C:\Windows\System32\Drivers\Fips.sys E153AB8A11DE5452BCF5AC7652DBF3ED
C:\Windows\System32\DRIVERS\flpydisk.sys 0DD1DE43115B93F4D85E889D7A86F548
C:\Windows\System32\DRIVERS\fltMgr.sys 157754F0DF355A9E0A6F54721914F9C6
C:\Windows\System32\Drivers\Fs_Rec.sys 3E1E2BD4F39B0E2B7DC4F4D2BCC2779A
C:\Windows\System32\DRIVERS\ftdisk.sys 6AC26732762483366C3969C9E4D2259D
C:\Windows\System32\DRIVERS\gameenum.sys 5F92FD09E5610A5995DA7D775EADCD12
C:\Windows\System32\DRIVERS\msgpc.sys C0F1D4A21DE5A415DF8170616703DEBF
C:\Windows\System32\DRIVERS\hidusb.sys 1DE6783B918F540149AA69943BDFEBA8
C:\Windows\System32\Drivers\HTTP.sys C19B522A9AE0BBC3293397F3055E80A1
C:\Windows\System32\DRIVERS\i8042prt.sys 5502B58EEF7486EE6F93F3F164DCB808
C:\Windows\System32\DRIVERS\imapi.sys F8AA320C6A0409C0380E5D8A99D76EC6
C:\Windows\System32\DRIVERS\Ip6Fw.sys 4448006B6BC60E6C027932CFC38D6855
C:\Windows\System32\DRIVERS\ipfltdrv.sys 731F22BA402EE4B62748ADAF6363C182
C:\Windows\System32\DRIVERS\ipinip.sys E1EC7F5DA720B640CD8FB8424F1B14BB
C:\Windows\System32\DRIVERS\ipnat.sys B5A8E215AC29D24D60B4D1250EF05ACE
C:\Windows\System32\DRIVERS\ipsec.sys 64537AA5C003A6AFEEE1DF819062D0D1
C:\Windows\System32\DRIVERS\irenum.sys 50708DAA1B1CBB7D6AC1CF8F56A24410
C:\Windows\System32\DRIVERS\isapnp.sys E504F706CCB699C2596E9A3DA1596E87
C:\Windows\System32\DRIVERS\kbdclass.sys EBDEE8A2EE5393890A1ACEE971C4C246
C:\Windows\System32\DRIVERS\kbdhid.sys E182FA8E49E8EE41B4ADC53093F3C7E6
C:\Windows\System32\drivers\kmixer.sys D93CAD07C5683DB066B0B2D2D3790EAD
C:\Windows\System32\Drivers\KSecDD.sys EB7FFE87FD367EA8FCA0506F74A87FBB
C:\Windows\System32\Drivers\mnmdd.sys 4AE068242760A1FB6E1A44BF4E16AFA6
C:\Windows\System32\Drivers\Modem.sys 6FC6F9D7ACC36DCA9B914565A3AEDA05
C:\Windows\System32\DRIVERS\mouclass.sys 34E1F0031153E491910E12551400192C
C:\Windows\System32\DRIVERS\mouhid.sys B1C303E17FB9D46E87A98E4BA6769685
C:\Windows\System32\Drivers\MountMgr.sys 65653F3B4477F3C63E68A9659F85EE2E
C:\Windows\System32\DRIVERS\mrxdav.sys 46EDCC8F2DB2F322C24F48785CB46366
C:\Windows\System32\DRIVERS\mrxsmb.sys 1FD607FC67F7F7C633C3DA65BFC53D18
C:\Windows\System32\Drivers\Msfs.sys 561B3A4333CA2DBDBA28B5B956822519
C:\Windows\System32\drivers\MSKSSRV.sys AE431A8DD3C1D0D0610CDBAC16057AD0
C:\Windows\System32\drivers\MSPCLOCK.sys 13E75FEF9DFEB08EEDED9D0246E1F448
C:\Windows\System32\drivers\MSPQM.sys 1988A33FF19242576C3D0EF9CE785DA7
C:\Windows\System32\DRIVERS\mssmbios.sys 469541F8BFD2B32659D5D463A6714BCE
C:\Windows\System32\Drivers\Mup.sys 82035E0F41C2DD05AE41D27FE6CF7DE1
C:\Windows\System32\Drivers\NDIS.sys 558635D3AF1C7546D26067D5D9B6959E
C:\Windows\System32\DRIVERS\ndistapi.sys 08D43BBDACDF23F34D79E44ED35C1B4C
C:\Windows\System32\DRIVERS\ndisuio.sys 34D6CD56409DA9A7ED573E1C90A308BF
C:\Windows\System32\DRIVERS\ndiswan.sys 0B90E255A9490166AB368CD55A529893
C:\Windows\System32\Drivers\NDProxy.sys 59FC3FB44D2669BC144FD87826BB571F
C:\Windows\System32\DRIVERS\netbios.sys 3A2ACA8FC1D7786902CA434998D7CEB4
C:\Windows\System32\DRIVERS\netbt.sys 0C80E410CD2F47134407EE7DD19CC86B
C:\Windows\System32\Drivers\Npfs.sys 4F601BCB8F64EA3AC0994F98FED03F8E
C:\Windows\System32\Drivers\Ntfs.sys B78BE402C3F63DD55521F73876951CDD
C:\Windows\System32\Drivers\Null.sys 73C1E1F395918BC2C6DD67AF7591A3AD
C:\Windows\System32\DRIVERS\nv4_mini.sys 2B298519EDBFCF451D43E0F1E8F1006D
C:\Windows\System32\DRIVERS\nwlnkflt.sys B305F3FAD35083837EF46A0BBCE2FC57
C:\Windows\System32\DRIVERS\nwlnkfwd.sys C99B3415198D1AAB7227F2C88FD664B9
C:\Windows\System32\DRIVERS\parport.sys 29744EB4CE659DFE3B4122DEB45BC478
C:\Windows\System32\Drivers\PartMgr.sys 3334430C29DC338092F79C38EF7B4CD0
C:\Windows\System32\Drivers\ParVdm.sys 70E98B3FD8E963A6A46A2E6247E0BEA1
C:\Windows\System32\DRIVERS\pci.sys 8086D9979234B603AD5BC2F5D890B234
C:\Windows\System32\Drivers\Pcmcia.sys 82A087207DECEC8456FBE8537947D579
C:\Windows\System32\DRIVERS\raspptp.sys 1C5CC65AAC0783C344F16353E60B72AC
C:\Windows\System32\DRIVERS\processr.sys 0D97D88720A4087EC93AF7DBB303B30A
C:\Windows\System32\DRIVERS\psched.sys 48671F327553DCF1D27F6197F622A668
C:\Windows\System32\DRIVERS\ptilink.sys 80D317BD1C3DBC5D4FE7B1678C60CADD
C:\Windows\System32\Drivers\PxHelp20.sys 86724469CD077901706854974CD13C3E
C:\Windows\System32\DRIVERS\rasacd.sys FE0D99D6F31E4FAD8159F690D68DED9C
C:\Windows\System32\DRIVERS\rasl2tp.sys 98FAEB4A4DCF812BA1C6FCA4AA3E115C
C:\Windows\System32\DRIVERS\raspppoe.sys 7306EEED8895454CBED4669BE9F79FAA
C:\Windows\System32\DRIVERS\raspti.sys FDBB1D60066FCFBB7452FD8F9829B242
C:\Windows\System32\DRIVERS\rdbss.sys 29D66245ADBA878FFF574CD66ABD2884
C:\Windows\System32\DRIVERS\RDPCDD.sys 4912D5B403614CE99C28420F75353332
C:\Windows\System32\DRIVERS\rdpdr.sys A2CAE2C60BC37E0751EF9DDA7CEAF4AD
C:\Windows\System32\Drivers\RDPWD.sys D4F5643D7714EF499AE9527FDCD50894
C:\Windows\System32\DRIVERS\redbook.sys B31B4588E4086D8D84ADBF9845C2402B
C:\Windows\System32\DRIVERS\rt73.sys C7BCF9808E2A1B4CABE16FF7FBCE5FAB
C:\Windows\System32\DRIVERS\secdrv.sys D26E26EA516450AF9D072635C60387F4
C:\Windows\System32\DRIVERS\serenum.sys A2D868AEEFF612E70E213C451A70CAFB
C:\Windows\System32\DRIVERS\serial.sys CD9404D115A00D249F70A371B46D5A26
C:\Windows\System32\Drivers\Sfloppy.sys 0D13B6DF6E9E101013A7AFB0CE629FE0
C:\Windows\System32\drivers\sfmanm.sys 0B1A5E9CACB5CDD54A2815107BD7C772
C:\Windows\System32\drivers\splitter.sys 8E186B8F23295D1E42C573B82B80D548
C:\Windows\System32\DRIVERS\sr.sys E41B6D037D6CD08461470AF04500DC24
C:\Windows\System32\DRIVERS\srv.sys 20B7E396720353E4117D64D9DCB926CA
C:\Windows\System32\DRIVERS\ssmdrv.sys A36EE93698802CD899F98BFD553D8185
C:\Windows\System32\DRIVERS\swenum.sys 03C1BAE4766E2450219D20B993D6E046
C:\Windows\System32\drivers\swmidi.sys 94ABC808FC4B6D7D2BBF42B85E25BB4D
C:\Windows\System32\drivers\sysaudio.sys 650AD082D46BAC0E64C9C0E0928492FD
C:\Windows\System32\DRIVERS\tcpip.sys 9F4B36614A0FC234525BA224957DE55C
C:\Windows\System32\Drivers\TDPIPE.sys 38D437CF2D98965F239B0ABCD66DCB0F
C:\Windows\System32\Drivers\TDTCP.sys ED0580AF02502D00AD8C4C066B156BE9
C:\Windows\System32\DRIVERS\termdd.sys A540A99C281D933F3D69D55E48727F47
C:\Windows\System32\DRIVERS\trid3dm.sys 8DFD837A98A4A6C581214FA358430837
C:\Windows\System32\Drivers\Udfs.sys 12F70256F140CD7D52C58C7048FDE657
C:\Windows\System32\DRIVERS\update.sys AFF2E5045961BBC0A602BB6F95EB1345
C:\Windows\System32\DRIVERS\usbccgp.sys BFFD9F120CC63BCBAA3D840F3EEF9F79
C:\Windows\System32\DRIVERS\usbhub.sys C72F40947F92CEA56A8FB532EDF025F1
C:\Windows\System32\DRIVERS\USBSTOR.SYS 6CD7B22193718F1D17A47A1CD6D37E75
C:\Windows\System32\DRIVERS\usbuhci.sys F8FD1400092E23C8F2F31406EF06167B
C:\Windows\System32\drivers\vga.sys 8A60EDD72B4EA5AEA8202DAF0E427925
C:\Windows\System32\DRIVERS\viaagp.sys D92E7C8A30CFD14D8E15B5F7F032151B
C:\Windows\System32\DRIVERS\viaide.sys 59CB1338AD3654417BEA49636457F65D
C:\Windows\System32\drivers\ac97via.sys 819BF44085104BE6527B86A88ACF856B
C:\Windows\System32\Drivers\VolSnap.sys EE4660083DEBA849FF6C485D944B379B
C:\Windows\System32\DRIVERS\w200bus.sys 34923E278EAC7DDCEA717AE1FCF592F6
C:\Windows\System32\DRIVERS\wanarp.sys 984EF0B9788ABF89974CFED4BFBAACBC
C:\Windows\System32\drivers\wdmaud.sys 2797F33EBF50466020C430EE4F037933
C:\Windows\System32\DRIVERS\WudfPf.sys F15FEAFFFBB3644CCC80C5DA584E6311
C:\Windows\System32\DRIVERS\wudfrd.sys 28B524262BCE6DE1F7EF9F510BA3985B

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-07-02 21:29 - 2013-07-02 21:29 - 00000000 ____D C:\FRST
2013-07-02 21:23 - 2013-07-02 21:23 - 00000062 __ASH C:\Documents and Settings\Administrator.PC-4.000\Local Settings\desktop.ini
2013-07-02 21:23 - 2013-07-02 21:23 - 00000020 __ASH C:\Documents and Settings\Administrator.PC-4.000\ntuser.ini
2013-07-02 21:23 - 2001-09-11 02:31 - 00000062 __ASH C:\Documents and Settings\Administrator.PC-4.000\Application Data\desktop.ini
2013-07-02 20:58 - 2013-07-02 20:58 - 00000062 __ASH C:\Documents and Settings\Administrator.PC-4\Local Settings\desktop.ini
2013-07-02 20:58 - 2013-07-02 20:58 - 00000020 __ASH C:\Documents and Settings\Administrator.PC-4\ntuser.ini
2013-07-02 20:58 - 2001-09-11 02:31 - 00000062 __ASH C:\Documents and Settings\Administrator.PC-4\Application Data\desktop.ini
2013-07-02 20:50 - 2013-07-02 20:50 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-07-02 20:50 - 2013-07-02 20:50 - 00000020 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-02 20:50 - 2001-09-11 02:31 - 00000062 __ASH C:\Documents and Settings\Administrator\Application Data\desktop.ini
2013-06-11 12:04 - 2013-04-06 18:25 - 00726464 ____A (Enigma Software Group USA, LLC.) C:\Documents and Settings\Milan\Desktop\SpyHunter-Installer.exe
2013-06-11 09:47 - 2013-07-02 20:59 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt
2013-06-11 09:47 - 2013-06-11 09:47 - 00003038 ____A C:\Documents and Settings\All Users\Application Data\oioeq.js
2013-06-11 09:45 - 2013-07-02 21:00 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\oioeq.pad
2013-06-11 09:44 - 2013-06-11 09:44 - 00159744 ____A C:\Documents and Settings\All Users\Application Data\qeoio.dat
2013-06-11 09:44 - 2013-06-11 09:44 - 00033280 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe
2013-06-06 09:27 - 2013-06-09 10:50 - 00000004 ____A C:\Documents and Settings\Milan\Application Data\skype.ini

==================== One Month Modified Files and Folders ========

2013-07-02 21:29 - 2013-07-02 21:29 - 00000000 ____D C:\FRST
2013-07-02 21:23 - 2013-07-02 21:23 - 00000062 __ASH C:\Documents and Settings\Administrator.PC-4.000\Local Settings\desktop.ini
2013-07-02 21:23 - 2013-07-02 21:23 - 00000020 __ASH C:\Documents and Settings\Administrator.PC-4.000\ntuser.ini
2013-07-02 21:23 - 2011-07-23 13:57 - 00000062 __ASH C:\Documents and Settings\NetworkService\Local Settings\desktop.ini
2013-07-02 21:00 - 2013-06-11 09:45 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\oioeq.pad
2013-07-02 20:59 - 2013-06-11 09:47 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt
2013-07-02 20:58 - 2013-07-02 20:58 - 00000062 __ASH C:\Documents and Settings\Administrator.PC-4\Local Settings\desktop.ini
2013-07-02 20:58 - 2013-07-02 20:58 - 00000020 __ASH C:\Documents and Settings\Administrator.PC-4\ntuser.ini
2013-07-02 20:55 - 2011-07-23 13:58 - 00000062 __ASH C:\Documents and Settings\Milan\Local Settings\desktop.ini
2013-07-02 20:50 - 2013-07-02 20:50 - 00000062 __ASH C:\Documents and Settings\Administrator\Local Settings\desktop.ini
2013-07-02 20:50 - 2013-07-02 20:50 - 00000020 __ASH C:\Documents and Settings\Administrator\ntuser.ini
2013-07-02 20:44 - 2011-07-23 13:57 - 00000062 __ASH C:\Documents and Settings\LocalService\Local Settings\desktop.ini
2013-07-02 20:44 - 2011-07-23 13:57 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-07-02 20:42 - 2013-05-30 15:02 - 00018576 ____A C:\Windows\WindowsUpdate.log
2013-07-02 20:42 - 2011-07-23 13:58 - 00000178 ___SH C:\Documents and Settings\Milan\ntuser.ini
2013-07-02 20:42 - 2011-07-23 13:57 - 00032584 ____A C:\Windows\SchedLgU.Txt
2013-07-02 20:34 - 2004-08-04 03:07 - 00002228 ____A C:\Windows\System32\wpa.dbl
2013-06-11 09:47 - 2013-06-11 09:47 - 00003038 ____A C:\Documents and Settings\All Users\Application Data\oioeq.js
2013-06-11 09:44 - 2013-06-11 09:44 - 00159744 ____A C:\Documents and Settings\All Users\Application Data\qeoio.dat
2013-06-11 09:44 - 2013-06-11 09:44 - 00033280 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe
2013-06-11 09:41 - 2012-10-25 05:48 - 00001744 ____A C:\Windows\System32\d3d9caps.dat
2013-06-09 10:50 - 2013-06-06 09:27 - 00000004 ____A C:\Documents and Settings\Milan\Application Data\skype.ini
2013-06-03 14:07 - 2011-08-08 19:14 - 00000000 ____D C:\Documents and Settings\Milan\My Documents\Preberanie

Files to move or delete:
====================
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk
C:\Documents and Settings\Administrator.PC-4\Start Menu\Programs\Startup\msconfig.lnk
C:\Documents and Settings\Milan\Application Data\skype.dat
C:\Documents and Settings\Milan\Application Data\skype.ini
C:\Documents and Settings\Milan\Start Menu\Programs\Startup\msconfig.lnk

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2004-08-04 03:07] - [2004-08-04 03:07] - 1032192 ____A (Microsoft Corporation) a0732187050030ae399b241436565e64

C:\Windows\System32\winlogon.exe
[2004-08-04 03:07] - [2004-08-04 03:07] - 0502272 ____A (Microsoft Corporation) 01c3346c241652f43aed8e2149881bfe

C:\Windows\System32\svchost.exe
[2004-08-04 03:07] - [2004-08-04 03:07] - 0014336 ____A (Microsoft Corporation) 8f078ae4ed187aaabc0a305146de6716

C:\Windows\System32\services.exe
[2004-08-04 03:07] - [2004-08-04 03:07] - 0108032 ____A (Microsoft Corporation) c6ce6eec82f187615d1002bb3bb50ed4

C:\Windows\System32\User32.dll
[2004-08-04 03:07] - [2004-08-04 03:07] - 0577024 ____A (Microsoft Corporation) c72661f8552ace7c5c85e16a3cf505c4

C:\Windows\System32\userinit.exe
[2004-08-04 03:07] - [2004-08-04 03:07] - 0024576 ____A (Microsoft Corporation) 39b1ffb03c2296323832acbae50d2aff

C:\Windows\System32\Drivers\volsnap.sys
[2004-08-04 03:07] - [2004-08-04 03:07] - 0052352 ___AC (Microsoft Corporation) ee4660083deba849ff6c485d944b379b

==================== End Of Log ============================

Jeste jsem nikde nezaznamenal verzi, ktera by napadala flash disky

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [31016 2006-10-27] (Microsoft Corporation)
HKLM\...\Run: [] [x]
HKLM\...\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [159744 2005-10-26] (Sony Ericsson Mobile Communications AB)
HKLM\...\Run: [Regedit32] C:\WINDOWS\system32\regedit.exe [x]
HKU\Milan\...\Run: [CTFMON.EXE] C:\DOCUME~1\ALLUSE~1\APPLIC~1\rundll32.exe C:\DOCUME~1\ALLUSE~1\APPLIC~1\qeoio.dat,FG00 [ 2013-06-11] (Microsoft Corporation)
HKU\Milan\...\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background [ 2004-08-04] (Microsoft Corporation)
HKU\Milan\...\Winlogon: [Shell] explorer.exe,C:\Documents and Settings\Milan\Application Data\skype.dat <==== ATTENTION
Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> c:\docume~1\alluse~1\applic~1\qeoio.dat ()
Startup: C:\Documents and Settings\Administrator.PC-4\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> c:\docume~1\alluse~1\applic~1\qeoio.dat ()
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
ShortcutTarget: Adobe Reader Speed Launch.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
ShortcutTarget: Adobe Reader Synchronizer.lnk -> C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe ()
Startup: C:\Documents and Settings\Milan\Start Menu\Programs\Startup\msconfig.lnk
ShortcutTarget: msconfig.lnk -> C:\DOCUME~1\ALLUSE~1\APPLIC~1\qeoio.dat ()
Startup: C:\Documents and Settings\Milan\Start Menu\Programs\Startup\Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk
ShortcutTarget: Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk -> C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
URLSearchHook: ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope value is missing.
Handler: ipp - No CLSID Value -
Handler: msdaipp - No CLSID Value - 
S2 winmgmt; C:\DOCUME~1\ALLUSE~1\APPLIC~1\qeoio.dat [159744 2013-06-11] ()
S4 IntelIde; No ImagePath
U1 WS2IFSL;
2013-06-11 09:47 - 2013-07-02 20:59 - 00000000 ____A C:\Documents and Settings\All Users\Application Data\as98213.txt
2013-06-11 09:47 - 2013-06-11 09:47 - 00003038 ____A C:\Documents and Settings\All Users\Application Data\oioeq.js
2013-06-11 09:45 - 2013-07-02 21:00 - 95023320 ___AT C:\Documents and Settings\All Users\Application Data\oioeq.pad
2013-06-11 09:44 - 2013-06-11 09:44 - 00159744 ____A C:\Documents and Settings\All Users\Application Data\qeoio.dat
2013-06-11 09:44 - 2013-06-11 09:44 - 00033280 ____A (Microsoft Corporation) C:\Documents and Settings\All Users\Application Data\rundll32.exe
2013-06-06 09:27 - 2013-06-09 10:50 - 00000004 ____A C:\Documents and Settings\Milan\Application Data\skype.ini
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk
C:\Documents and Settings\Administrator.PC-4\Start Menu\Programs\Startup\msconfig.lnk
C:\Documents and Settings\Milan\Application Data\skype.dat
C:\Documents and Settings\Milan\Application Data\skype.ini
C:\Documents and Settings\Milan\Start Menu\Programs\Startup\msconfig.lnk

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Pocas fixu vyskocila tato chyba:

Line 13877 (File F:/FRST.exe)
Error:Subscript used with non-Array variable

a FRST sa ukoncil a zostal iba prikazovy riadok DOS

Tezko soudit co vse udelal

Bezny rezim nefunguje??

Pouzijte HitmanPro dle tohoto navodu (snad nebude problem s anglictinou) http://www.bleepingcomputer.com/virus-r ... ransomware

takze system som spustil beznym rezimom a na usb disku nasiel aj log Fixlog.txt , ktory prikladam aby ste videli co FRST fixoval a taktiez prikladam log z RSIT, podotykam ze pc stale nebol pripojeny na internet, nabehol normalne a aj som ho uz vypol. dufam ze logy pomozu a chcem sa spitat mam urobit aj cistenie podla tohoto co ste mi doporucil? je to v anglictine ale co som pozeral za pomoci translatora zvladnut by sa to dalo, ale radsej bych sa do toho nepustal, kazdopadne dam na Vasu radu, co bude lepsie a ucinnejsie.

http://www.bleepingcomputer.com/virus-r ... ransomware

tu su logy:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 02-07-2013
Ran by Administrator at 2013-07-02 22:11:48 Run:1
Running from F:\
Boot Mode: Safe Mode (minimal)

==============================================

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\GrooveMonitor => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Sony Ericsson PC Suite => Value deleted successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Regedit32 => Value deleted successfully.
HKU\Milan\Software\Microsoft\Windows\CurrentVersion\Run\\CTFMON.EXE => Value deleted successfully.
HKU\Milan\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value deleted successfully.
HKU\Milan\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully.
c:\docume~1\alluse~1\applic~1\qeoio.dat => Moved successfully.
C:\Documents and Settings\Administrator.PC-4\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully.
c:\docume~1\alluse~1\applic~1\qeoio.dat not found.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk => Moved successfully.
C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe => Moved successfully.
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk => Moved successfully.
C:\Program Files\Adobe\Reader 8.0\Reader\AdobeCollabSync.exe => Moved successfully.
C:\Documents and Settings\Milan\Start Menu\Programs\Startup\msconfig.lnk => Moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\qeoio.dat not found.
C:\Documents and Settings\Milan\Start Menu\Programs\Startup\Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk not found.
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE => Moved successfully.
Default URLSearchHook was restored successfully .
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
HKCR\PROTOCOLS\Handler\Handler: ipp - No CLSID Value - => Key not found.
HKCR\PROTOCOLS\Handler\Handler: msdaipp - No CLSID Value - => Key not found.
winmgmt => Service restored successfully.
IntelIde => Service deleted successfully.
U1 WS2IFSL; => Service not found.
C:\Documents and Settings\All Users\Application Data\as98213.txt => Moved successfully.
C:\Documents and Settings\All Users\Application Data\oioeq.js => Moved successfully.
C:\Documents and Settings\All Users\Application Data\oioeq.pad => Moved successfully.
C:\Documents and Settings\All Users\Application Data\qeoio.dat => File/Directory not found.
C:\Documents and Settings\All Users\Application Data\rundll32.exe => Moved successfully.

a log z rsit:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Milan at 2013-07-02 22:57:35
Microsoft Windows XP Professional Service Pack 2
System drive C: has 2 GB (16%) free of 10 GB
Total RAM: 503 MB (43% free)

HijackThis download failed

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2011-04-21 281768]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Wireless Utility.lnk - C:\Program Files\EDIMAX\Common\RaUI.exe

C:\Documents and Settings\Milan\Start Menu\Programs\Startup
Výrezy obrazovky a spuštení aplikace OneNote 2007.lnk - C:\FRST\Quarantine\ONENOTEM.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL [2006-10-27 2210608]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE"="C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook"
"C:\Program Files\Microsoft Office\Office12\GROOVE.EXE"="C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove"
"C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE"="C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"C:\WINDOWS\system32\svchost.exe"="C:\WINDOWS\system32\svchost.exe:*:Enabled:Microsoft Office"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e35a17c1-a64a-11d5-9449-806d6172696f}]
shell\AutoRun\command - E:\setup.exe

======List of files/folders created in the last 1 months======

2013-07-02 22:57:47 ----D---- C:\Program Files\trend micro
2013-07-02 22:57:35 ----D---- C:\rsit
2013-07-02 21:29:59 ----D---- C:\FRST
2013-07-02 20:49:43 ----A---- C:\WINDOWS\ntbtlog.txt
2013-06-06 09:27:38 ----A---- C:\Documents and Settings\Milan\Application Data\skype.ini

======List of files/folders modified in the last 1 months======

2013-07-02 22:57:47 ----RD---- C:\Program Files
2013-07-02 22:55:02 ----D---- C:\WINDOWS\system32\CatRoot2
2013-07-02 21:32:54 ----D---- C:\WINDOWS
2013-07-02 21:23:44 ----D---- C:\Documents and Settings
2013-07-02 20:42:46 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-07-02 20:35:08 ----D---- C:\WINDOWS\Temp
2013-06-11 09:42:06 ----D---- C:\WINDOWS\Prefetch
2013-06-11 09:41:25 ----D---- C:\WINDOWS\system32

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.7.5.0; C:\WINDOWS\system32\DRIVERS\AegisP.sys [2012-01-02 21361]
R3 ctljystk;Creative SBLive! Gameport; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
R3 emu10k;Creative SB Live! (WDM); C:\WINDOWS\system32\drivers\emu10k1m.sys [2001-08-17 283904]
R3 emu10k1;Creative Interface Manager Driver (WDM); C:\WINDOWS\system32\drivers\ctlfacem.sys [2001-08-17 6912]
R3 sfman;Creative SoundFont Manager Driver (WDM); C:\WINDOWS\system32\drivers\sfmanm.sys [2001-08-17 36480]
R3 trid3d;trid3d; C:\WINDOWS\system32\DRIVERS\trid3dm.sys [2001-08-17 222336]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2004-08-04 57600]
R3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2004-08-03 26496]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2004-08-04 20480]
R3 VIAudio;VIA AC'97 Audio Controller (WDM); C:\WINDOWS\system32\drivers\ac97via.sys [2004-08-04 84480]
S1 avipbb;avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [2011-11-12 138192]
S1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2004-08-03 14848]
S1 ssmdrv;ssmdrv; C:\WINDOWS\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
S3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2001-08-17 9600]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2004-08-04 1897408]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\WINDOWS\system32\DRIVERS\rt73.sys [2008-01-15 459520]
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2004-08-03 31616]
S3 w200bus;Sony Ericsson W200 driver (WDM); C:\WINDOWS\system32\DRIVERS\w200bus.sys [2006-11-07 61504]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2006-10-27 65824]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-22 117144]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2004-08-04 14336]
S4 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2011-11-12 269480]

-----------------EOF-----------------

FRST udelalo vse co melo

Doinstalujte ServicePack3 - resi mnoho chyb a problemu

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

Ulozte nejlepe na plochu
Ukoncete vsechny programy
Kliknete na Prohledat
Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

Zdravim, chcem sa spitat a ked aktualizujem Win na SP 3, nespomali to PC? Nakolko je to stary pc iba RAM 500 a procesor tiez nie je vykonny, uz sa mi stalo kedysi ked som starsi PC dal na SP 3 uplne zamrzol musel som ho vratit naspat.

Dalej obcas pri spusteni PC zacne modra obrazovka s kontrolov disku CHKDSK, je moze ze uz je disk poskodeny? Mozem pouzit na kontrolu disku program HD Tune? Dakujem.Tu je log z adwCleaneru:

# AdwCleaner v2.304 - Logfile created 07/04/2013 at 19:07:41
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Milan - PC-4
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milan\Desktop\adwcleaner.exe
# Option [Search]

***** [Services] *****

***** [Files / Folders] *****

Folder Found : C:\Program Files\FunWebProducts

***** [Registry] *****

Key Found : HKLM\SOFTWARE\Classes\S
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v21.0 (sk)

File : C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\15ih5q35.default\prefs.js

/!\ Cannot open file /!\

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [1085 octets] - [04/07/2013 19:07:41]

########## EOF - C:\AdwCleaner[R1].txt - [1145 octets] ##########

Spustte znovu AdwCleaner

Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Smazat
PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

Udelejte CDI dle kolegy

MiliNess píše:Stáhni CrystalDiskInfo, v nabídce Úpravy zvol Kopírovat a obsah schránky sem vlož pomocí Ctrl+V.

Otestujte HD pomoci HD Tune http://www.stahuj.centrum.cz/utility_a_ ... g/hd-tune/

Udelejte testy Benchmark a Error Scan - dejte screeny
Dejte screen ze zalozky Health
Scree udelate kdyz klilknete na tu modrou disketku a pak jej sem dejte dle tohoto navdou http://forum.viry.cz/viewtopic.php?f=11&t=14114 - zajima Vas jen cast "zaslani na forum" samozrejme

Bez SP3 je PC velmi nezabezpecen a velmi zranitelny. na rychlost by to nemelo mit vliv

Zdravim tu su vysledky, este mam dotaz nemoze nieco branit v pc nastaveni tychto programov? Nainstaloval som novu mozilu firefox, ktora nejde nastavit, zmenim domovsku stranku, umiestnenie stahovania suborov, po zavreti mozily sa vsetko vrati na povodne nastavenia.
Nainstaloval som Aviru, vse ok instalacia, ale ked sa ma avira zaregistrovat alebo aktulaizovat databaza, proste nejde, avira je v pc v liste stale s krizikom a nejde v nastaveni spustit. Nechraneny, antivirus je vypnuty: Spustit a nejde a vyriesit vsetko tiez nejde ked sa klikne, nic sa nedeje, myslel som ze to robi ked nie je nainstalovany netframework, nainstaloval som a aj tak to robi, neviete prosim kde moze byt chyba? nie je potrebny SP 3 na avast? Dakujem

Tato chyba skoci pri registracii avastu:

Modul AAVM zistil chybu pri praci s RPC.

tu su logy s adwcleaner a screeny

http://i42.tinypic.com/302b060.jpg
http://i41.tinypic.com/10nrzh4.jpg
http://i40.tinypic.com/357lgk4.jpg

-------------

# AdwCleaner v2.304 - Logfile created 07/06/2013 at 00:07:39
# Updated 03/07/2013 by Xplode
# Operating system : Microsoft Windows XP Service Pack 2 (32 bits)
# User : Milan - PC-4
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Milan\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2900.2180

[OK] Registry is clean.

-\\ Mozilla Firefox v22.0 (sk)

File : C:\Documents and Settings\Milan\Application Data\Mozilla\Firefox\Profiles\15ih5q35.default\prefs.js

/!\ Cannot open file /!\

-\\ Google Chrome v [Unable to get version]

File : C:\Documents and Settings\Milan\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[S1].txt - [1002 octets] - [06/07/2013 00:07:39]

########## EOF - C:\AdwCleaner[S1].txt - [1062 octets] ##########

--------------

----------------------------------------------------------------------------
CrystalDiskInfo 5.0.0 (C) 2008-2012 hiyohiyo
Crystal Dew World : http://crystalmark.info/
----------------------------------------------------------------------------

OS : Windows XP Professional SP2 [5.1 Build 2600] (x86)
Date : 2013/07/06 0:16:02

-- Controller Map ----------------------------------------------------------
+ VIA Bus Master IDE Controller [ATA]
+ Primary IDE Channel (0)
- WDC WD300AB-00BVA0
+ Secondary IDE Channel (1)
- ATAPI-CD ROM-DRIVE-52MAX

-- Disk List ---------------------------------------------------------------
(1) WDC WD300AB-00BVA0 : 30,0 GB [0/0/0, pd1]

----------------------------------------------------------------------------
(1) WDC WD300AB-00BVA0
----------------------------------------------------------------------------
Model : WDC WD300AB-00BVA0
Firmware : 21.01H21
Serial Number : WD-WMA7H1367693
Disk Size : 30,0 GB (8,4/30,0/----)
Buffer Size : 2048 KB
Queue Depth : 1
# of Sectors : 58633344
Rotation Rate : Neznámy údaj
Interface : Parallel ATA
Major Version : ATA/ATAPI-5
Minor Version : ----
Transfer Mode : Ultra DMA/100
Power On Hours : 10653 hod.
Power On Count : 29173 krát
Temparature : Neznámy údaj
Health Status : Dobrý
Features : S.M.A.R.T., AAM
APM Level : ----
AAM Level : 80FEh [OFF]

-- S.M.A.R.T. --------------------------------------------------------------
ID Cur Wor Thr RawValues(6) Attribute Name
01 200 181 _51 000000000000 Počet chyb čtení
03 129 111 _21 000000000795 Čas na roztočení ploten
04 _71 _71 _40 000000007440 Počet spuštění/zastavení
05 200 200 112 000000000000 Počet přemapovaných sektorů
07 100 253 _51 000000000000 Počet chybných hledání
09 _86 _86 __0 00000000299D Hodin v činnosti
0A 100 100 _51 000000000000 Počet opakovaných pokusů o roztočení ploten
0B 100 100 _51 000000000000 Počet pokusů o překalibrování
0C _71 _71 __0 0000000071F5 Počet cyklů zapnutí zařízení
C4 200 200 __0 000000000000 Počet udalostí s číslem realokování sektorů
C5 200 200 __0 000000000000 Počet podezřelých sektorů
C6 200 200 __0 000000000000 Počet neopravitelných sektorů
C7 200 253 __0 000000000000 Počet chyb v kontrolním součtu UltraDMA
C8 200 200 _51 000000000000 Počet chyb při zápisu sektorů

-- IDENTIFY_DEVICE ---------------------------------------------------------
0 1 2 3 4 5 6 7 8 9
000: 427A 3FFF 0000 0010 E100 003F 003F 0010 0000 000E
010: 5744 2D57 4D41 3748 3133 3639 3639 3300 0000 0000
020: 0003 1000 0028 3231 2E30 3231 3231 5744 4320 5744
030: 3330 3041 422D 3030 4256 2020 2020 2020 2020 2020
040: 2020 2020 2020 2020 2020 2020 2020 8010 0000 2F00
050: 4001 0280 0000 0007 3FFF 003F 003F FC10 00FB 0110
060: AC80 037E 0000 0007 0003 0078 0078 0078 0078 0000
070: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
080: 003E 0000 346B 4301 4000 0001 0001 4000 203F 0000
090: 0000 0000 0000 604B 80FE 0000 0000 0000 0000 0000
100: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
110: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
120: 0000 0000 0000 0000 0000 0000 0000 0000 0001 0000
130: 0000 0000 0000 0029 0000 0000 0000 0000 0000 0000
140: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
150: 0000 0000 0000 0000 0000 0000 0000 0000 0000 001F
160: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
170: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
180: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
190: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
200: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
210: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
220: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
230: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
240: 0000 0000 0000 0000 0000 0000 0000 0000 0000 0000
250: 0000 0000 0000 0000 0000 A568

SP3 urcite nainstalujte, resi mnoho chyb a problemu

To udelejte hnedka.

Na ty chybky mrknem, havet nam to tam asi pekne naborila.

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

mam dat najprv SP 3 alebo pouzit najprv combofix?

Nejprve SP3 a pak az CF

Pri instalaciu SP 3 vyhodilu tuto chybu, co dalej?

http://oi41.tinypic.com/118zm20.jpg

VIRY.CZ

Vir policia SR

Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR

Re: Vir policia SR