VIRY.CZ

Chytil jsem nejakyho vira v RAR souboru kterej mi zablokoval antivirus. Antivirus NOD ani jinej nejde nainstalovat, ani spybot, defender - NIC!!!
Ani onecare.live nejde spustit... Vzdycky pri instalaci to hlasi chyby... neni platna aplikace typu Win32... nebo... informace instalatoru: "pri zapisu do souboru C: program files/ESET....Nod32 antivirus... eamon.sys doslo k chybe. Presvedcte se, zda mate pristup do adresare".
Proste nemuzu nainstalovat ani spustit zadnej antivir nebo antispyware aby mi vycistil pocitac!!!!


Ani wind. update nejde.. furt to pise nejaky chyby a explorer se ruzne spomaluje pomalu nacita stranky!!

Prosim pommoooooc!!!

ten soubor obsahoval todle:
http://www.virustotal.com/cs/analisis/8 ... 1265194612

podla NOD-u mas Win32/Packed.Themida
restartuj do nudzoveho rezimu a vytvor log RSIT

Logfile of random's system information tool 1.06 (written by random/random)
Run by MM at 2010-02-03 14:21:34
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 52 GB (22%) free of 238 GB
Total RAM: 767 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:24:53, on 27.4.2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16827)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\RUNDLL32.EXE
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\DVDRAMSV.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\taskmgr.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\Program Files\eMule\emule.exe
C:\Documents and Settings\MM\Plocha\P2PTurbo.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Spyware Terminator\sp_rsser.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\MM\Plocha\antiviry\RSIT.exe
C:\Program Files\trend micro\MM.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: taskmgr.exe.lnk = C:\WINDOWS\system32\taskmgr.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resour ... se5483.cab
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} (Java Runtime Environment 1.6.0) - http://dl8-cdn-09.sun.com/s/ESD7/JSCDL/ ... 586-jc.cab
O23 - Service: DVD-RAM_Service - Matsushita Electric Industrial Co., Ltd. - C:\WINDOWS\system32\DVDRAMSV.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\Program Files\Spyware Terminator\sp_rsser.exe

--
End of file - 4827 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll [2009-01-26 1879896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}]
Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-02 279664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.5.4723.1820\swg.dll [2010-02-02 812528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}]
EpsonToolBandKicker Class - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{EE5D279F-081B-4404-994D-C6B60AAEBA6D} - EPSON Web-To-Page - C:\Program Files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll [2005-02-22 368640]
{9421DD08-935F-4701-A9CA-22DF90AC4EA6} - Easy Photo Print - C:\Program Files\Epson Software\Easy Photo Print\EPTBL.dll [2008-04-02 266240]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2010-02-02 279664]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-10-07 13574144]
"nwiz"=nwiz.exe /install []
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-10-07 86016]
"EEventManager"=C:\PROGRA~1\EPSONS~1\EVENTM~1\EEventManager.exe [2008-05-07 591696]
"Google Quick Search Box"=C:\Program Files\Google\Quick Search Box\GoogleQuickSearchBox.exe [2009-09-12 122368]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"EPSON PX700W Series"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIENE.EXE [2008-04-07 188928]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [2004-06-23 840192]
"SpybotSD TeaTimer"=C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe [2010-02-03 2144088]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE

C:\Documents and Settings\MM\Nabídka Start\Programy\Po spuštění
taskmgr.exe.lnk - C:\WINDOWS\system32\taskmgr.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 265096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLUA"=0

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=149
"NoToolbarCustomize"=0
"NoBandCustomize"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Program Files\FreeRapiD-0.82\FreeRapid-0.82\frd.exe"="C:\Program Files\FreeRapiD-0.82\FreeRapid-0.82\frd.exe:*:Enabled:frd.exe"
"C:\Program Files\sdc221\StrongDC.exe"="C:\Program Files\sdc221\StrongDC.exe:*:Enabled:StrongDC.exe"
"C:\WINDOWS\system32\sessmgr.exe"="C:\WINDOWS\system32\sessmgr.exe:*:Disabled:@xpsp2res.dll,-22019"
"C:\Program Files\eMule\emule.exe"="C:\Program Files\eMule\emule.exe:*:Enabled:eMule"
"C:\Program Files\uTorrent\utorrent.exe"="C:\Program Files\uTorrent\utorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Disabled:VLC media player"
"C:\TEMP\Rar$EX01.156\StrongDC.exe"="C:\TEMP\Rar$EX01.156\StrongDC.exe:*:Enabled:StrongDC++"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

======List of files/folders created in the last 1 months======

2016-09-04 21:26:23 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2010-02-03 12:53:24 ----D---- C:\Program Files\Spybot - Search & Destroy
2010-02-03 12:53:24 ----D---- C:\Documents and Settings\All Users\Data aplikací\Spybot - Search & Destroy
2010-02-03 11:07:02 ----A---- C:\WINDOWS\system32\ban_list.txt
2010-02-03 11:03:42 ----A---- C:\WINDOWS\ban_list.txt
2010-02-03 11:03:17 ----HD---- C:\Documents and Settings\MM\Data aplikací\m
2010-02-03 11:01:02 ----HD---- C:\Documents and Settings\MM\Data aplikací\drivers
2010-02-03 10:50:10 ----D---- C:\Program Files\AVISplitter
2010-02-03 10:34:57 ----D---- C:\Program Files\bobyte
2010-01-13 14:37:21 ----A---- C:\WINDOWS\imsins.BAK
2010-01-13 14:37:09 ----HDC---- C:\WINDOWS\$NtUninstallKB972270$
2010-01-10 09:25:49 ----D---- C:\Program Files\GNU
2010-01-05 15:50:55 ----D---- C:\Documents and Settings\MM\Data aplikací\Mp3tag
2010-01-05 15:50:46 ----D---- C:\Program Files\Mp3tag
2010-01-04 12:41:11 ----D---- C:\Documents and Settings\MM\Data aplikací\Real
2010-01-04 12:39:20 ----A---- C:\WINDOWS\system32\rmoc3260.dll
2010-01-04 12:39:20 ----A---- C:\WINDOWS\system32\pndx5032.dll
2010-01-04 12:39:20 ----A---- C:\WINDOWS\system32\pndx5016.dll
2010-01-04 12:39:20 ----A---- C:\WINDOWS\system32\pncrt.dll
2010-01-04 12:39:16 ----A---- C:\WINDOWS\system32\unrar.dll
2010-01-04 12:39:15 ----A---- C:\WINDOWS\avisplitter.ini
2010-01-04 12:39:13 ----A---- C:\WINDOWS\system32\yv12vfw.dll
2010-01-04 12:39:12 ----A---- C:\WINDOWS\system32\xvidvfw.dll
2010-01-04 12:39:12 ----A---- C:\WINDOWS\system32\xvidcore.dll
2010-01-04 12:39:05 ----A---- C:\WINDOWS\system32\qt-dx331.dll
2010-01-04 12:39:05 ----A---- C:\WINDOWS\system32\dpl100.dll
2010-01-04 12:38:48 ----A---- C:\WINDOWS\system32\divx.dll
2010-01-04 12:38:43 ----A---- C:\WINDOWS\system32\ff_vfw.dll.manifest
2010-01-04 12:38:43 ----A---- C:\WINDOWS\system32\ff_vfw.dll
2010-01-04 12:38:36 ----D---- C:\Program Files\K-Lite Codec Pack
2010-01-04 11:58:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple Computer
2010-01-04 11:58:14 ----D---- C:\Program Files\QT Lite
2010-01-04 11:46:18 ----D---- C:\Documents and Settings\MM\Data aplikací\GRETECH
2010-01-04 11:45:01 ----D---- C:\Program Files\GRETECH

======List of files/folders modified in the last 1 months======

2010-02-03 14:21:41 ----D---- C:\Program Files\trend micro
2010-02-03 14:17:45 ----D---- C:\TEMP
2010-02-03 14:11:10 ----SHD---- C:\WINDOWS\Installer
2010-02-03 14:11:09 ----D---- C:\Config.Msi
2010-02-03 14:11:08 ----D---- C:\Program Files
2010-02-03 14:00:09 ----SD---- C:\Documents and Settings\All Users\Data aplikací\Microsoft
2010-02-03 14:00:09 ----D---- C:\WINDOWS\pchealth
2010-02-03 13:49:28 ----D---- C:\Program Files\Windows Live Safety Center
2010-02-03 13:48:35 ----HD---- C:\WINDOWS\inf
2010-02-03 13:45:51 ----SD---- C:\WINDOWS\Downloaded Program Files
2010-02-03 13:45:50 ----D---- C:\WINDOWS\system32\CatRoot2
2010-02-03 13:32:40 ----D---- C:\WINDOWS
2010-02-03 13:29:11 ----D---- C:\WINDOWS\system32\config
2010-02-03 13:03:41 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-02-03 12:59:03 ----D---- C:\WINDOWS\system32\drivers
2010-02-03 12:09:39 ----D---- C:\WINDOWS\Temp
2010-02-03 12:09:38 ----D---- C:\WINDOWS\LastGood
2010-02-03 11:09:39 ----D---- C:\WINDOWS\system32
2010-02-03 11:03:43 ----D---- C:\Documents and Settings\MM\Data aplikací\uTorrent
2010-02-02 09:04:03 ----D---- C:\Documents and Settings\MM\Data aplikací\foobar2000
2010-02-02 08:21:05 ----SD---- C:\WINDOWS\Tasks
2010-02-02 08:20:47 ----D---- C:\Program Files\Google
2010-01-28 01:37:31 ----D---- C:\Program Files\Common Files\Adobe
2010-01-28 01:37:30 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2010-01-22 20:48:20 ----D---- C:\Program Files\Internet Explorer
2010-01-22 20:47:56 ----D---- C:\WINDOWS\ie8updates
2010-01-22 20:47:39 ----HD---- C:\WINDOWS\$hf_mig$
2010-01-16 15:49:36 ----AC---- C:\WINDOWS\cdplayer.ini
2010-01-05 01:17:46 ----AC---- C:\WINDOWS\system32\MRT.exe
2010-01-04 12:32:23 ----D---- C:\Program Files\Windows Media Player
2010-01-04 11:13:58 ----D---- C:\audiograbber
2010-01-04 11:10:21 ----D---- C:\WINDOWS\Help
2010-01-04 11:06:41 ----D---- C:\WINDOWS\Debug
2010-01-04 11:04:19 ----D---- C:\WINDOWS\system32\CatRoot
2010-01-04 10:54:04 ----AC---- C:\WINDOWS\win.ini
2010-01-04 10:49:27 ----AC---- C:\WINDOWS\system.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R1 meiudf;meiudf; C:\WINDOWS\System32\Drivers\meiudf.sys [2003-10-24 90416]
R1 sK9Ou0s;sK9Ou0s; \??\C:\WINDOWS\system32\srosa2.sys []
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2002-04-01 4816]
R3 bcm4sbxp;Broadcom 440x 10/100 Integrated Controller XP Driver; C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys [2007-01-30 45568]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-10-07 6133856]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2004-01-13 612032]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys []
S2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 DVD-RAM_Service;DVD-RAM_Service; C:\WINDOWS\system32\DVDRAMSV.exe [2003-05-23 106496]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-24 935208]
R2 UMWdf;Windows User Mode Driver Framework; C:\WINDOWS\system32\wdfmgr.exe [2004-08-11 38912]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-02-02 135664]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; c:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-09-12 182768]
S3 idsvc;Windows CardSpace; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
S4 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-10-07 163908]

-----------------EOF-----------------

JaRon píše:podla NOD-u mas Win32/Packed.Themida
restartuj do nudzoveho rezimu a vytvor log RSIT

no ja ho vytvoril v normalnim rezimu. mam teda ho vytvorit i v nouzovym jaron????

toto vykonaj ak pojde v normal, ak nie tak v nudzovom:
Presun ComboFix
na plochu (ak tam este nie je)

otvor si Poznamkovy blok - notepad

do neho zkopiruj skript z nasledujiceho okna:
uloz vytvoreny textovy soubor ako CFScript.txt na plochu

po ulozeni uchop vytvoreny skript lavym tlacitkom mysi a presun ho nad ikonu Combofixu, nad nim skript upust:



po aplikacii by mal vzniknut dalsi log, ten vloz sem

Nejde mi to - hlasi to C: plocha.. combofx neni platna aplikace typu Win32... a do nouzovyho rezimu mi to nejde prepnout!!

POMOOOOOC!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! TEBO TEN POCITAC UZ KOPNU!!!

pouzi Avenger - jeho script:
Drivers to delete:
sK9Ou0s

Files to delete:
C:\WINDOWS\system32\srosa2.sys

avenger mi taky nesel nainstalovat.
ten soubor jsem smazal rucne.. staci to?

ted ale antivir aj. taky nejde nainstalovat... mam nejdriv restartovat pocitac? anebo co mam delat ted?

ano restartuj PC - ak aj potom bude problem so spustenim CF, skus obnovu systemu k datumu pred zavirenim

JaRon píše:ano restartuj PC - ak aj potom bude problem so spustenim CF, skus obnovu systemu k datumu pred zavirenim

restartoval jsem a pocitac obnovit nejde - zkousel jsem to az do zari 2009 a porad to pise ze stav obnovit nejde protoze na pc nebyly nainstal. zadny programy (coz byly). Navic tam skakaly ruzny hlasky o obnove DLL knihoven. Zkousel sem i oscanovat PC ruznejma ONLINE antivirama (microsoft online, eset,..), ale bud to vubec nejde nebo to za par vterin oskenuje jen par souboru a kontrola skonci.

pouzi SDFix v nudzovom rezime - zajtra budeme pokracovat

u tech online antiviru to vetsinou nechce stahovat databaze. ted to zkousim skenovat online pandasecurity, ale melo by to trvat asi hodinu, tak uvidim... pokud to zase nejak neplanovite neskonci.

jeste predtoim se mi podarilo stahnout a nainstalovat dva antiviry, ty neco nasly dva smejdy ale nesly vymazat (musel bych ty antiviry koupit) tak sem je smazal rucne

nouzovej rezim nejde spustit.. zkousel sem to 20x, vzdycky po F8 a najeti na "nouzovej rezim" + enter ten system nakonec prejde na normalni windows