Policejní virus

[krysarr]

Dobrý den,
dnes jsem do notebooku chytil policejní virus. Bylo to v prohlížeči Google Chrome, anonymní režim, který potom nešel zavřít, ani nešel počítač restartovat, proto jsem ho natvrdo vypnul.
Po restartu jsem zkusil v Nouzovém režimu vrátit Bod obnovy, ale žádný jsem nenašel.
Od restartu nebyl notebook pro jistotu připojen k internetu.

Spustil jsem normální režim a projel notebook Avastem-kompletní test systému (poslední aktualizace dnes ráno) - nic nenašel.

Potřeboval bych hlavně vědět, co nemám dělat, co je riskantní? Notebook je stále pro jistotu nepřipojen k síti.
Mohu si udělat zálohu dat na flash disk nebo riskuji, že i data budou prolezlá virem?

A samozřejmě se chci zeptat, jaký postup zvolit pro vyléčení.

Moc děkuji!

[vyosek]

Zdravim

Zkuste tento postup http://forum.viry.cz/viewtopic.php?f=13&t=133100 a polecime to...

[krysarr]

Děkuji za odpověď, ale potřeboval bych ještě vědět, zda je bezpečnější připojit notebook k internetu (a stáhnout scanovací programy podle vašich instrukcí) nebo vše dělat přes flash disk.
Nemám vůbec tušení, co ten virus umí a trochu se bojím spouštět prohlížeč...
Díky!

[vyosek]

Klidne muzete pres flash disk

Ono zalezi jaka je to verze, je jich strasne moc a nelze takto na dalko rict...

[krysarr]

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-03-2014
Ran by EEE 1225B II (administrator) on EEE1225BII-PC on 27-03-2014 21:50:13
Running from C:\Users\EEE 1225B II\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: English(US)
Internet Explorer Version 10
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
(AMD) C:\windows\system32\atiesrxx.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\windows\system32\WLANExt.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
() C:\windows\SysWOW64\AsusService.exe
(Foxit Corporation) C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
(Trend Micro Inc.) C:\Program Files\Trend Micro\Titanium\TiResumeSrv.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe
(AMD) C:\windows\system32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(COMODO) C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe
(AsusTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe
(Neobyte Solutions) C:\Program Files (x86)\Titan Backup\TitanBackup.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe
(ASUS) C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Ghisler Software GmbH) C:\Program Files (x86)\totalcmd\TOTALCMD.EXE
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe
(Adobe Systems, Inc.) C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_77.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2832168 2011-09-30] (Synaptics Incorporated)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-21] (Alcor Micro Corp.)
HKLM\...\Run: [Trend Micro Client Framework] - C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [192520 2010-10-12] (Trend Micro Inc.)
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [12632168 2011-07-20] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] - C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [7138816 2012-04-08] (Broadcom Corporation)
HKLM\...\Run: [COMODO Internet Security] - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [9577680 2012-11-08] (COMODO)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SuperHybridEngine] - C:\Program Files (x86)\ASUS\SHE\SuperHybridEngine.exe [425400 2011-08-01] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [iSeriesCharge] - C:\Program Files (x86)\ASUS\USBChargeSetting\iSeriesCharge.exe [96176 2011-08-22] (AsusTek Computer Inc.)
HKLM-x32\...\Run: [HotkeyService] - C:\Program Files (x86)\ASUS\HotkeyService\HotkeyService.exe [1263024 2011-08-09] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [HotkeyMon] - C:\Program Files (x86)\ASUS\HotkeyService\HotKeyMon.exe [101800 2011-08-09] (ASUSTeK Computer Inc.)
HKLM-x32\...\Run: [CapsHook] - C:\Program Files (x86)\ASUS\CapsHook\CapsHook.exe [445344 2010-11-15] (ASUS)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3567800 2013-11-05] (AVAST Software)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-08-30] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\...\Run: [Titan Backup] - C:\Program Files (x86)\Titan Backup\Launcher.exe [142784 2008-07-08] (Neobyte Solutions)
HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\...\MountPoints2: {0358a878-81ae-11e1-834f-742f68d7b7e4} - E:\AutoRun.exe
HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\...\MountPoints2: {624f2b5e-334e-11e3-918a-c860001ba1f0} - E:\AutoRun.exe
AppInit_DLLs: C:\windows\system32\guard64.dll => C:\windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
AppInit_DLLs-x32: C:\windows\SysWOW64\guard32.dll => C:\windows\SysWOW64\guard32.dll [301264 2012-11-08] (COMODO)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
BHO-x32: TmIEPlugInBHO Class - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
BHO-x32: SteadyVideoBHO Class - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: TmBpIeBHO Class - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Handler: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - No File
Handler: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.)
Handler: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.)
Handler-x32: cdo - {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Program Files (x86)\Common Files\Microsoft Shared\Web Folders\PKMCDO.DLL (Microsoft Corporation)
Handler-x32: http\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: http\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: https\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\0x00000001 - {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: msdaipp\oledb - {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
Handler-x32: tmbp - {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.)
Handler-x32: tmpx - {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.)
Filter: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/mp4 - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Filter-x32: video/x-flv - {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37
Tcpip\..\Interfaces\{13869DA2-1BAC-4D88-B7F5-7D08F938E794}: [NameServer]160.218.161.60 194.228.211.33

FireFox:
========
FF ProfilePath: C:\Users\EEE 1225B II\AppData\Roaming\Mozilla\Firefox\Profiles\h4sos9wp.default
FF Homepage: seznam.cz
FF Plugin: @adobe.com/FlashPlayer - C:\windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.51.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.30214.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\EEE 1225B II\AppData\Roaming\Mozilla\Firefox\Profiles\h4sos9wp.default\searchplugins\zbocz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\mapy-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\slunecnice-cz.xml
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2014-03-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2014-03-19]
FF Extension: Java Console - C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2014-03-19]
FF HKLM-x32\...\Firefox\Extensions: [{22C7F6C6-8D67-4534-92B5-529A0EC09405}] - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\
FF Extension: Trend Micro NSC Firefox Extension - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ []
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2012-04-08]

Chrome:
=======
CHR Extension: (Google Wallet) - C:\Users\EEE 1225B II\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-09-06]

==================== Services (Whitelisted) =================

R2 AsusService; C:\windows\SysWOW64\AsusService.exe [224680 2011-08-09] ()
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-10-21] (AVAST Software)
R2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
S3 DCDhcpService; C:\Program Files\WiSharing\DCDhcpService.exe [108544 2011-09-16] (Atheros Communication Inc.)
R2 FoxitCloudUpdateService; C:\Program Files (x86)\Foxit Software\Foxit Reader\Foxit Cloud\FCUpdateService.exe [239680 2014-02-19] (Foxit Corporation)
R2 TiMiniService; C:\Program Files\Trend Micro\Titanium\TiMiniService.exe [241488 2010-09-17] (Trend Micro Inc.)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5821952 2012-04-08] (Broadcom Corporation)
S3 Amsp; "C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000 [X]

==================== Drivers (Whitelisted) ====================

R0 AiDriver; C:\Windows\System32\DRIVERS\AiDriver.sys [14464 2010-05-20] (ASUSTek Computer Inc.)
R1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2011-02-09] ()
R2 aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [38984 2013-10-21] (AVAST Software)
R2 aswMonFlt; C:\windows\system32\drivers\aswMonFlt.sys [84328 2013-10-21] (AVAST Software)
R1 aswRdr; C:\windows\system32\drivers\aswRdr2.sys [92544 2013-10-21] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-10-21] ()
R1 aswSnx; C:\windows\system32\drivers\aswSnx.sys [1032416 2013-10-21] (AVAST Software)
R1 aswSP; C:\windows\system32\drivers\aswSP.sys [409832 2013-10-21] (AVAST Software)
R1 aswTdi; C:\windows\system32\drivers\aswTdi.sys [65264 2013-10-21] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-10-21] ()
R1 ATKWMIACPIIO; C:\Program Files (x86)\ASUS\ATK WMIACPI\epcwmiacpi64.sys [17536 2011-09-07] (ASUS)
R1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
R1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 Huawei; C:\Windows\System32\DRIVERS\ewdcsc.sys [32768 2010-10-08] (Huawei Tech. Co., Ltd.)
R1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
R3 kbfiltr; C:\Windows\System32\DRIVERS\kbfiltr.sys [15416 2009-07-20] ( )
R3 rtsuvc; C:\Windows\System32\DRIVERS\rtsuvc.sys [8213992 2011-11-22] (Realtek Semiconductor Corp.)
R1 tmactmon; C:\Windows\System32\DRIVERS\tmactmon.sys [90704 2010-09-17] (Trend Micro Inc.)
R1 tmcomm; C:\Windows\System32\DRIVERS\tmcomm.sys [144464 2010-09-17] (Trend Micro Inc.)
R1 tmevtmgr; C:\Windows\System32\DRIVERS\tmevtmgr.sys [67664 2010-09-17] (Trend Micro Inc.)
R2 tmtdi; C:\Windows\System32\DRIVERS\tmtdi.sys [105552 2010-09-17] (Trend Micro Inc.)
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-27 21:50 - 2014-03-27 21:50 - 00018389 _____ () C:\Users\EEE 1225B II\Desktop\FRST.txt
2014-03-27 21:49 - 2014-03-27 21:50 - 00000000 ____D () C:\FRST
2014-03-27 21:48 - 2014-03-27 21:48 - 02157056 _____ (Farbar) C:\Users\EEE 1225B II\Desktop\FRST64.exe
2014-03-27 21:48 - 2014-03-27 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\EEE 1225B II\Desktop\FRSTLauncher.exe
2014-03-27 08:26 - 2014-03-27 08:26 - 00839120 _____ () C:\windows\Minidump\032714-23540-01.dmp
2014-03-21 14:23 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-21 14:17 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\EEE 1225B II\AppData\Roaming\Foxit Software
2014-03-21 14:16 - 2014-03-21 14:16 - 00002054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-19 10:05 - 2014-03-19 10:06 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-13 09:21 - 2014-03-13 09:21 - 00571208 _____ () C:\windows\Minidump\031314-25178-01.dmp
2014-03-12 08:08 - 2014-02-23 09:13 - 02241536 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2014-03-12 08:08 - 2014-02-23 09:13 - 01365504 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2014-03-12 08:08 - 2014-02-23 09:13 - 00051712 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2014-03-12 08:08 - 2014-02-23 09:12 - 00603136 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2014-03-12 08:08 - 2014-02-23 09:12 - 00197120 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 03960320 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 02648576 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 00855552 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 00526336 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 00136704 _____ (Microsoft Corporation) C:\windows\system32\iesysprep.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 00067072 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 00053760 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2014-03-12 08:08 - 2014-02-23 09:11 - 00039936 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2014-03-12 08:08 - 2014-02-23 07:54 - 01767936 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2014-03-12 08:08 - 2014-02-23 07:54 - 01140736 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 13761024 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 02877952 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 02049024 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00690688 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00493056 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00391168 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00163840 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00109056 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesysprep.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00061440 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00039936 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2014-03-12 08:08 - 2014-02-23 07:53 - 00033280 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2014-03-12 08:08 - 2014-02-23 07:35 - 02706432 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2014-03-12 08:08 - 2014-02-23 07:31 - 02706432 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2014-03-12 08:07 - 2014-02-23 09:12 - 19273216 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2014-03-12 08:07 - 2014-02-23 09:11 - 15404032 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2014-03-12 08:07 - 2014-02-23 07:53 - 14358016 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2014-03-12 08:03 - 2014-02-07 02:23 - 03156480 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2014-03-12 08:03 - 2014-02-04 03:32 - 01424384 _____ (Microsoft Corporation) C:\windows\system32\WindowsCodecs.dll
2014-03-12 08:03 - 2014-02-04 03:32 - 00624128 _____ (Microsoft Corporation) C:\windows\system32\qedit.dll
2014-03-12 08:03 - 2014-02-04 03:04 - 01230336 _____ (Microsoft Corporation) C:\windows\SysWOW64\WindowsCodecs.dll
2014-03-12 08:03 - 2014-02-04 03:04 - 00509440 _____ (Microsoft Corporation) C:\windows\SysWOW64\qedit.dll
2014-03-12 08:03 - 2014-01-29 03:32 - 00484864 _____ (Microsoft Corporation) C:\windows\system32\wer.dll
2014-03-12 08:03 - 2014-01-29 03:06 - 00381440 _____ (Microsoft Corporation) C:\windows\SysWOW64\wer.dll
2014-03-12 08:03 - 2014-01-28 03:32 - 00228864 _____ (Microsoft Corporation) C:\windows\system32\wwansvc.dll
2014-03-05 13:06 - 2014-03-24 09:28 - 00004204 _____ () C:\windows\PFRO.log
2014-03-04 12:40 - 2014-03-04 12:40 - 00571192 _____ () C:\windows\Minidump\030414-22245-01.dmp
2014-03-04 11:27 - 2014-03-04 11:27 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-27 09:22 - 2014-02-27 09:22 - 00571208 _____ () C:\windows\Minidump\022714-24273-01.dmp
2014-02-26 07:42 - 2014-02-26 07:42 - 00914440 _____ () C:\windows\Minidump\022614-24585-01.dmp

==================== One Month Modified Files and Folders =======

2014-03-27 21:50 - 2014-03-27 21:50 - 00018389 _____ () C:\Users\EEE 1225B II\Desktop\FRST.txt
2014-03-27 21:50 - 2014-03-27 21:49 - 00000000 ____D () C:\FRST
2014-03-27 21:48 - 2014-03-27 21:48 - 02157056 _____ (Farbar) C:\Users\EEE 1225B II\Desktop\FRST64.exe
2014-03-27 21:48 - 2014-03-27 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\EEE 1225B II\Desktop\FRSTLauncher.exe
2014-03-27 21:45 - 2012-04-09 11:08 - 01801388 _____ () C:\windows\WindowsUpdate.log
2014-03-27 21:31 - 2012-04-08 19:51 - 00000964 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-27 21:04 - 2012-11-16 11:59 - 00000830 _____ () C:\windows\Tasks\Adobe Flash Player Updater.job
2014-03-27 19:23 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-27 19:23 - 2009-07-14 05:45 - 00018736 ____H () C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-27 19:19 - 2012-04-08 19:51 - 00000960 _____ () C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-27 19:14 - 2014-02-18 09:49 - 00007604 _____ () C:\windows\setupact.log
2014-03-27 19:14 - 2009-07-14 06:08 - 00000006 ____H () C:\windows\Tasks\SA.DAT
2014-03-27 17:33 - 2013-08-16 06:35 - 00017920 _____ () C:\windows\SysWOW64\rpcnetp.exe
2014-03-27 16:47 - 2013-08-16 06:36 - 00017920 _____ () C:\windows\SysWOW64\rpcnetp.dll
2014-03-27 16:45 - 2013-08-16 06:35 - 00017920 _____ () C:\windows\system32\rpcnetp.exe
2014-03-27 13:57 - 2012-04-10 17:29 - 00000000 ____D () C:\Users\EEE 1225B II\AppData\Roaming\vlc
2014-03-27 11:36 - 2012-05-30 09:46 - 00000000 ____D () C:\Program Files (x86)\JDownloader
2014-03-27 08:34 - 2011-02-17 00:13 - 00732938 _____ () C:\windows\system32\perfh015.dat
2014-03-27 08:34 - 2011-02-17 00:13 - 00156258 _____ () C:\windows\system32\perfc015.dat
2014-03-27 08:34 - 2009-07-14 06:13 - 01672274 _____ () C:\windows\system32\PerfStringBackup.INI
2014-03-27 08:26 - 2014-03-27 08:26 - 00839120 _____ () C:\windows\Minidump\032714-23540-01.dmp
2014-03-27 08:26 - 2014-02-20 13:29 - 554312876 _____ () C:\windows\MEMORY.DMP
2014-03-27 08:26 - 2012-04-25 10:58 - 00000000 ____D () C:\windows\Minidump
2014-03-24 09:28 - 2014-03-05 13:06 - 00004204 _____ () C:\windows\PFRO.log
2014-03-24 09:27 - 2012-04-26 09:12 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-03-21 15:43 - 2012-05-03 07:19 - 00000000 ____D () C:\Program Files (x86)\Titan Backup
2014-03-21 14:23 - 2014-03-21 14:23 - 00000000 ____D () C:\Users\Public\Foxit Software
2014-03-21 14:23 - 2014-03-21 14:17 - 00000000 ____D () C:\Users\EEE 1225B II\AppData\Roaming\Foxit Software
2014-03-21 14:16 - 2014-03-21 14:16 - 00002054 _____ () C:\Users\Public\Desktop\Foxit Reader.lnk
2014-03-21 14:16 - 2014-03-21 14:16 - 00000000 ____D () C:\Program Files (x86)\Foxit Software
2014-03-19 10:06 - 2014-03-19 10:05 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-03-19 08:10 - 2013-09-04 07:04 - 00000000 ____D () C:\windows\system32\MRT
2014-03-19 08:01 - 2012-04-10 08:21 - 90015360 _____ (Microsoft Corporation) C:\windows\system32\MRT.exe
2014-03-17 10:00 - 2013-09-16 10:45 - 00001172 _____ () C:\Users\EEE 1225B II\Desktop\ENGLISH to JoyFlash.lnk
2014-03-13 09:21 - 2014-03-13 09:21 - 00571208 _____ () C:\windows\Minidump\031314-25178-01.dmp
2014-03-13 08:05 - 2009-07-14 05:45 - 00305968 _____ () C:\windows\system32\FNTCACHE.DAT
2014-03-12 11:15 - 2012-05-30 08:08 - 00000000 ____D () C:\Users\EEE 1225B II\AppData\Roaming\dvdcss
2014-03-12 11:04 - 2012-11-16 11:59 - 00003768 _____ () C:\windows\System32\Tasks\Adobe Flash Player Updater
2014-03-12 11:04 - 2012-04-17 14:05 - 00692616 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2014-03-12 11:04 - 2011-12-13 02:32 - 00071048 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-03-12 09:33 - 2010-08-12 13:07 - 00000000 ____D () C:\windows\panther
2014-03-12 09:31 - 2013-03-19 08:24 - 00000000 ____D () C:\Program Files\Microsoft Silverlight
2014-03-12 09:31 - 2013-03-19 08:24 - 00000000 ____D () C:\Program Files (x86)\Microsoft Silverlight
2014-03-06 09:31 - 2012-07-06 13:23 - 00004182 _____ () C:\windows\System32\Tasks\avast! Emergency Update
2014-03-05 10:56 - 2012-04-10 14:04 - 00000000 ____D () C:\Program Files\Canon
2014-03-04 12:40 - 2014-03-04 12:40 - 00571192 _____ () C:\windows\Minidump\030414-22245-01.dmp
2014-03-04 11:27 - 2014-03-04 11:27 - 00000000 ____H () C:\windows\system32\Drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
2014-02-27 09:22 - 2014-02-27 09:22 - 00571208 _____ () C:\windows\Minidump\022714-24273-01.dmp
2014-02-26 07:42 - 2014-02-26 07:42 - 00914440 _____ () C:\windows\Minidump\022614-24585-01.dmp

Some content of TEMP:
====================
C:\Users\EEE 1225B II\AppData\Local\Temp\Foxit Reader Updater.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-03-12 21:57

==================== End Of Log ============================

[vyosek]

Odinstalujte Trend Micro Titanium

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  Start
  HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
  HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\...\MountPoints2: {0358a878-81ae-11e1-834f-742f68d7b7e4} - E:\AutoRun.exe
  HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\...\MountPoints2: {624f2b5e-334e-11e3-918a-c860001ba1f0} - E:\AutoRun.exe
  
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
  HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
  SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
  
  2014-03-27 21:48 - 2014-03-27 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\EEE 1225B II\Desktop\FRSTLauncher.exe
  
  Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
  
  AlternateDataStreams: C:\ProgramData\TEMP:7204B89D
  
  Hosts:
  CMD: shutdown /r /f /t 2
  
  End

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny fixlist vedle FRST

Spustte znovu FRST.exe

• Kliknete na Fix
• Probehne oprava a vytvori log Fixlog.txt

Restart PC a dejte mi sem fixlog.txt

[krysarr]

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by EEE 1225B II at 2014-03-28 08:40:16 Run:1
Running from C:\Users\EEE 1225B II\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\...\MountPoints2: {0358a878-81ae-11e1-834f-742f68d7b7e4} - E:\AutoRun.exe
HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\...\MountPoints2: {624f2b5e-334e-11e3-918a-c860001ba1f0} - E:\AutoRun.exe

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
HKCU\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://eeepc.asus.com
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://eeepc.asus.com
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

2014-03-27 21:48 - 2014-03-27 21:48 - 00112640 _____ (forum.viry.cz) C:\Users\EEE 1225B II\Desktop\FRSTLauncher.exe

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

AlternateDataStreams: C:\ProgramData\TEMP:7204B89D

Hosts:
CMD: shutdown /r /f /t 2

End
*****************

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => Value deleted successfully.
HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0358a878-81ae-11e1-834f-742f68d7b7e4} => Key deleted successfully.
HKCR\CLSID\{0358a878-81ae-11e1-834f-742f68d7b7e4} => Key not found.
HKU\S-1-5-21-3247902455-2049553406-3951886904-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{624f2b5e-334e-11e3-918a-c860001ba1f0} => Key deleted successfully.
HKCR\CLSID\{624f2b5e-334e-11e3-918a-c860001ba1f0} => Key not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Secondary Start Pages => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value deleted successfully.
C:\Users\EEE 1225B II\Desktop\FRSTLauncher.exe => Moved successfully.
C:\windows\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\ProgramData\TEMP => ":7204B89D" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========


========= End of CMD: =========


==== End of Fixlog ====

[vyosek]

Jak se chova PC, policejni mrcha se objevuje??

[krysarr]

Zatím to vypadá dobře. Zkusil jsem spustit Firefox i Chrome včetně anonym. režimů a nikde nic.

Mohu si být jistý, že nejsou napadeny dokumenty, obrázky, hudba...?

Díky moc!

[vyosek]

Dokumenty by napadeny byt nemely, na toto se policejni virus nezameruje - spise mu jde jen o blokaci a snahu o to, aby uzivatel zaplatil "za odblokovani"

Tak jeste uklidime

T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

[krysarr]

Vše jsem provedl v pořádku, děkuji!

Ale mám ještě jeden dotaz: Nejde mi vytvořit bod obnovení. Hlásí to ERROR 0x81000202. Zkoušel jsem řešení z internetu, ale zatím jsem nenašel nic funkčního.
Může to souviset s tím virem nebo je to prostě náhoda?

Děkuji

[cernohous13]

Zdravím a omlouvám se za vlez

Máš tam nějaké záznamy o BSOD

Dej si do http://forum.viry.cz/viewforum.php?f=66
zaRARovaný obsah složky C:\windows\Minidump

[krysarr]

Já vím, už jsem to řešil tady:
http://forum.viry.cz/viewtopic.php?f=66 ... 04&start=0

Bohužel se to nepovedlo nijak vymyslet, takže jsem se s tím smířil.
Teď BSOD už nevídám, ale notebook se "jen" zasekne, když ho chci vypnout. Stává se to většinou po připojení externího zobrazovacího zařízení (projektor), ale jen některého typu. Nevyznám se v tom

Mám zkusit založit nový topic v BSOD sekci nebo pokračovat v tom starém?

[vyosek]

S temi BSOD uz asi toho moc nenadelame jak psal kolega MiliNess - ten tomu opravdu rozumi

Co se tyce obnovy systemu - zkusime opravit

Stahnete Service Repair http://kb.eset.com/library/ESET/KB%20Te ... Repair.exe

• Ulozte nejlepe na Plochu
• Spustte a potvrdte Yes abyste potvrdil reinstalaci sluzeb
• Nasledne kliknutim na Yes potvrdte restart PC
• Na Plose vznikne slozka CC Support, najdete tam log SvcRepair.txt - mel by byt CC Support\Logs\SvcRepair.txt - vlozte mi jej sem

[krysarr]

Log Opened: 2014-03-31 @ 10:45:27
10:45:27 - -----------------
10:45:27 - | Begin Logging |
10:45:27 - -----------------
10:45:27 - Fix started on a WIN_7 X64 computer
10:45:27 - Prep in progress. Please Wait.
10:46:29 - Prep complete
10:46:29 - Repairing Services Now. Please wait...
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\BITS.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Performance>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\BITS>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\iphlpsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo\{FA88062C-9A61-4C1E-AC45-7143F8F01AAD}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap\{8AD2FB26-F91E-44F1-9B24-3C0AE56C9CE0}>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\Isatap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters\IPHTTPS>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\Interfaces>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc\config>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\iphlpsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\MpsSvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\Teredo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\RPC-EPMap>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSOut>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\IPTLSIn>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords\DHCP>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters\PortKeywords>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\MpsSvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\SharedAccess.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Static>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch2>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Epoch>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\StandardProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\PublicProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\FirewallRules>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile\Logging>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy\DomainProfile>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults\FirewallPolicy>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess\Defaults>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\SharedAccess>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\WinDefend.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo\0>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\TriggerInfo>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\WinDefend>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wscsvc.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wscsvc>

SetACL finished successfully.
INFO: The restore action ignores the object name parameter (paths are read from the backup file). However, other actions that require the object name may be combined with -restore.
INFORMATION: Input file for restore operation opened: '.\Win7\wuauserv.sddl'
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Security>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv\Parameters>
INFORMATION: Restoring SD of: <machine\System\CurrentControlset\Services\wuauserv>

SetACL finished successfully.
10:49:35 - Services Repair Complete.
10:50:06 - Reboot Initiated
---------------------------------------------





Bod obnovy stále nelze vytvořit.