Zavirovaný PC a flashky

Zpráva

#16 Příspěvek od **cernohous13** » 06 črc 2014 07:35

Zapoj do PC všechny používané USB klíče (flashky, ext. disky apod.)
Stáhni a ulož na plochu UsbFix zde http://en.kioskea.net/download/download-24089-usbfix - návod zde: http://www.viry.cz/forum/viewtopic.php?f=24&t=102308

Spusť a klikni na Deletion

Po dokončení sem vlož log, pokud se sám neotevře, najdeš jej zde C:\UsbFix.txt

wosicz · #17 Příspěvek od **wosicz** » 06 črc 2014 07:53

############################## | UsbFix V 7.171 | [Clean]

User: Jaroslav (Administrator) # POKOJIK
Updated 18/05/2014 by El Desaparecido - SosVirus
Started at 08:47:49 | 06/07/2014

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://en.kioskea.net/forum/viruses-security-7
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

PC: ASRock (G41M-S3)
CPU: Intel(R) Core(TM)2 Duo CPU E7500 @ 2.93GHz
RAM -> [Total : 3518 Mo| Free : 1946 Mo]
Bios: American Megatrends Inc.
Boot: Normal boot

OS: Microsoft® Windows Vista™ Home Premium (6.0.6002 32-Bit) Service Pack 2
WB: Windows Internet Explorer : 8.0.6001.19401
WB: Google Chrome : 35.0.1916.153

SC: Security Center [Enabled]
WU: Windows Update [Enabled]
AV: AVG AntiVirus Free Edition 2014 [(!) Disabled | Updated]
AS: Windows Defender [(!) Disabled | Updated]
AS: AVG AntiVirus Free Edition 2014 [(!) Disabled | Updated]
FW: Windows FireWall [Enabled]

C:\ (%SystemDrive%) -> Fixed drive # 239 Gb (48 Mb free - 20%) [System] # NTFS
D:\ -> Fixed drive # 227 Gb (125 Mb free - 55%) [Data] # NTFS
E:\ -> CD-ROM
J:\ -> CD-ROM
K:\ -> CD-ROM
L:\ -> CD-ROM
M:\ -> CD-ROM
N:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [PENDRIVE] # FAT32
O:\ -> Removable drive # 2 Gb (2 Mb free - 99%) [] # FAT

################## | Stopped processes |

C:\Windows\System32\atiesrxx.exe (ID: 1292|ParentID: 932)
C:\Windows\System32\SLsvc.exe (ID: 1548|ParentID: 932)
C:\Windows\System32\atieclxx.exe (ID: 1620|ParentID: 1292|SYSTEM)
C:\Windows\explorer.exe (ID: 124|ParentID: 1988|Jaroslav)
C:\Windows\System32\spoolsv.exe (ID: 468|ParentID: 932|SYSTEM)
C:\Windows\System32\taskeng.exe (ID: 480|ParentID: 1356|SYSTEM)
C:\Windows\System32\taskeng.exe (ID: 2136|ParentID: 1356|Jaroslav)
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 2304|ParentID: 932|SYSTEM)
C:\Program Files\AVG\AVG2014\avgwdsvc.exe (ID: 2352|ParentID: 932|SYSTEM)
C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe (ID: 2388|ParentID: 932|SYSTEM)
C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe (ID: 2976|ParentID: 932|SYSTEM)
C:\Windows\System32\IoctlSvc.exe (ID: 3056|ParentID: 932|SYSTEM)
C:\Windows\System32\SearchIndexer.exe (ID: 3208|ParentID: 932|SYSTEM)
C:\Program Files\Malwarebytes Anti-Malware\mbam.exe (ID: 3328|ParentID: 2744|Jaroslav)
C:\Windows\System32\WUDFHost.exe (ID: 3348|ParentID: 1344|LOCAL SERVICE)
C:\Program Files\QuickTime\QTTask.exe (ID: 3804|ParentID: 124|Jaroslav)
C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe (ID: 3812|ParentID: 124|Jaroslav)
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (ID: 3820|ParentID: 124|Jaroslav)
C:\Windows\RtHDVCpl.exe (ID: 3956|ParentID: 124|Jaroslav)
C:\Program Files\AVG\AVG2014\avgui.exe (ID: 3972|ParentID: 124|Jaroslav)
C:\Windows\ehome\ehtray.exe (ID: 3980|ParentID: 124|Jaroslav)
C:\Program Files\DAEMON Tools Lite\DTLite.exe (ID: 3992|ParentID: 124|Jaroslav)
C:\Program Files\Steam\Steam.exe (ID: 4000|ParentID: 124|Jaroslav)
C:\Program Files\Skype\Phone\Skype.exe (ID: 4032|ParentID: 124|Jaroslav)
C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe (ID: 4052|ParentID: 124|Jaroslav)
C:\Program Files\RALINK\Common\RaUI.exe (ID: 2280|ParentID: 124|Jaroslav)
C:\Windows\ehome\ehmsas.exe (ID: 3156|ParentID: 1108|Jaroslav)
C:\Program Files\Common Files\Steam\SteamService.exe (ID: 1796|ParentID: 932|SYSTEM)
C:\Windows\System32\SearchProtocolHost.exe (ID: 5052|ParentID: 3208|SYSTEM)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 3112|ParentID: 124|Jaroslav)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 4276|ParentID: 3112|Jaroslav)
C:\Program Files\Google\Chrome\Application\chrome.exe (ID: 5728|ParentID: 3112|Jaroslav)

################## | Autorun |

N:\tmpB549.lnk -> N:\Hack.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\Hack.lnk -> N:\bygnssroft.vbs - VirusTotal - (1/53)
N:\maya2.lnk -> N:\Hack.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\fatii.lnk -> N:\zineb.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\swjykewdjn.lnk -> N:\zineb.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)
N:\tmpC06C.lnk -> N:\tmpC1C1.tmp.vbs - (SHA1: E800BE94FAEBF520FD6600AB0AB55AAF64F65BC6)
N:\cqxqjtcyil.lnk -> N:\mifwnxrkkw.vbs - (SHA1: 857220001D97B15B8F96F2406EC5A8CD567555DD)
N:\tmpD563.lnk -> N:\zineb.vbs - (SHA1: 1C89BDD497F06B6A93CFD24B95717A57495FA7FE)

################## | Generic Research |

Deleted ! C:\Users\Jaroslav\AppData\Roaming\tmpB549.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\bygnssroft.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\cqxqjtcyil.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ojxerkoomt.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\swjykewdjn.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmp1286.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpD563.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tmpF72A.tmp.vbs
Not deleted ! N:\ojxerkoomt.vbs
Not deleted ! N:\tmpC1C1.tmp.vbs
Not deleted ! N:\cqxqjtcyil.vbs
Not deleted ! N:\tmp1286.tmp.vbs
Not deleted ! N:\swjykewdjn.vbs
Not deleted ! N:\bygnssroft.vbs
Not deleted ! N:\zineb.vbs
Not deleted ! N:\tmpD563.tmp.vbs
Not deleted ! N:\fatii.vbs
Not deleted ! N:\mifwnxrkkw.vbs
Not deleted ! N:\sbmevtjvqr.vbs
Not deleted ! N:\tmpF72A.tmp.vbs
Not deleted ! N:\tmpC06C.tmp.vbs
Not deleted ! N:\zypkinsgzm.vbs
Not deleted ! N:\tmpB549.tmp.vbs
Not deleted ! N:\maya2.vbs
Not deleted ! N:\Hack.vbs
Not deleted ! O:\tmpC1C1.tmp.vbs
Not deleted ! O:\mifwnxrkkw.vbs
Not deleted ! O:\zineb.vbs
Not deleted ! O:\cc.vbs
Not deleted ! O:\fatii.vbs
Not deleted ! O:\Hack.vbs
Not deleted ! O:\tmpB549.tmp.vbs
Not deleted ! O:\tmpC06C.tmp.vbs
Not deleted ! O:\ojxerkoomt.vbs
Not deleted ! O:\tmpF72A.tmp.vbs
Not deleted ! O:\swjykewdjn.vbs
Not deleted ! O:\tmp1286.tmp.vbs
Not deleted ! O:\tmpD563.tmp.vbs
Not deleted ! O:\sbmevtjvqr.vbs
Not deleted ! O:\bygnssroft.vbs
Not deleted ! O:\cqxqjtcyil.vbs
Not deleted ! O:\zypkinsgzm.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\bygnssroft.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\cqxqjtcyil.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\ojxerkoomt.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\swjykewdjn.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\tmp1286.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\tmpD563.tmp.vbs
Deleted ! C:\Users\Jaroslav\AppData\Local\Temp\tmpF72A.tmp.vbs
Deleted ! C:\ProgramData\startup.exe.tmp
Not deleted ! O:\cc.lnk
Not deleted ! D:\backups\backup-20140702-214257-158-cqxqjtcyil.vbs
Not deleted ! D:\backups\backup-20140702-214257-273-bygnssroft.vbs
Not deleted ! D:\backups\backup-20140702-214258-475-sbmevtjvqr.vbs
Not deleted ! D:\backups\backup-20140702-214258-788-ojxerkoomt.vbs
Not deleted ! D:\backups\backup-20140702-214259-118-tmpB549.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214259-615-tmp1286.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214259-808-swjykewdjn.vbs
Not deleted ! D:\backups\backup-20140702-214300-225-tmpD563.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214300-420-tmpC06C.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214300-779-tmpF72A.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214531-922-bygnssroft.vbs
Not deleted ! D:\backups\backup-20140702-214532-228-cqxqjtcyil.vbs
Not deleted ! D:\backups\backup-20140702-214533-148-ojxerkoomt.vbs
Not deleted ! D:\backups\backup-20140702-214533-959-swjykewdjn.vbs
Not deleted ! D:\backups\backup-20140702-214533-980-sbmevtjvqr.vbs
Not deleted ! D:\backups\backup-20140702-214534-155-tmpF72A.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-255-tmpC06C.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-397-tmpB549.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-665-tmpD563.tmp.vbs
Not deleted ! D:\backups\backup-20140702-214534-725-tmp1286.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-125-tmpC06C.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-186-tmpD563.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-187-cqxqjtcyil.vbs
Not deleted ! D:\backups\backup-20140702-215927-244-bygnssroft.vbs
Not deleted ! D:\backups\backup-20140702-215927-471-tmpF72A.tmp.vbs
Not deleted ! D:\backups\backup-20140702-215927-635-tmp1286.tmp.vbs
Not deleted ! D:\backups\backup-20140705-122933-233-tmpB549.tmp.vbs

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKCU\Software\1115e276bce63bb876700897eec682be
Deleted ! HKCU\Software\13603a3924dbc6e34aad317c792bf777
Deleted ! HKCU\Software\1ff6f5599bec1de4679ea3986dedecbb
Deleted ! HKCU\Software\2083d7476bfa49d1d0a23c1521b17b1c
Deleted ! HKCU\Software\2876100a7a65146307ea64b38e8168b2
Deleted ! HKCU\Software\377f7af313f50051964a6a79266dd3f2
Deleted ! HKCU\Software\39d3f79b4647f591e9ed75c0ea686ce1
Deleted ! HKCU\Software\41adef35193af9c7dfa0d83d104fd4b2
Deleted ! HKCU\Software\4e87631609bc3b779afba9d966c8a46e
Deleted ! HKCU\Software\556ae9a87b9d03fc308da55a41fb2051
Deleted ! HKCU\Software\5720e0f0e5439773eb3f8f3c8e4682e2
Deleted ! HKCU\Software\5d132a58c964d93f0e2c5d3677b77dd0
Deleted ! HKCU\Software\620c405a1996ebad6b722a94ff64a3ab
Deleted ! HKCU\Software\6ce7fe29bbde9dda95a2682dafb589c8
Deleted ! HKCU\Software\767fe7a709b339c6654ee9f7d63b6741
Deleted ! HKCU\Software\78af3a6e36d915e3a7f07b4445f20a4e
Deleted ! HKCU\Software\85447ceae0c0ccbb7e9bfb18336e64e2
Deleted ! HKCU\Software\b43cd96410700cc6f304ef9ae8269bf9
Deleted ! HKCU\Software\e2c7788d8bbe87e19f4a16c516739d31
Deleted ! HKCU\Software\e97ce85fd98bfdae556d0283229fe1d5
Deleted ! HKCU\Software\ea1cb9e83f6b246592fd5c5f5c8a4403
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|bygnssroft
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|cqxqjtcyil
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|ojxerkoomt
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|swjykewdjn
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|tmp1286
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|tmpD563
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\Microsoft\Windows\CurrentVersion\Run|tmpF72A
Deleted ! HKCU|di
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{07ee5ac0-54e9-11e1-8f34-806e6f6e6963}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{610af009-c222-11df-b0f5-002421aade90}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{803aecc5-ec9a-11e2-8d65-806e6f6e6963}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{b924d119-2e47-11e3-a0c8-bc5ff4032359}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{bd14658f-11e3-11e0-943d-002421aade90}
Deleted ! HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\Software\.\.\.\.\Mountpoints2\{e51e307e-a88e-11df-9e47-002421aade90}

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKCU\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKCU\..\Run : [Steam] "C:\Program Files\Steam\steam.exe" -silent
04 - HKCU\..\Run : [AVG-Secure-Search-Update_0614a] C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe /PROMPT /mid=9eb46cab341847d2941b6d16b2e7caaa-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0614a
04 - HKLM\..\Run : [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
04 - HKLM\..\Run : [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
04 - HKLM\..\Run : [VMonitorVMUVC] "C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe" VMUVC
04 - HKLM\..\Run : [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
04 - HKLM\..\Run : [IgfxTray] C:\Windows\system32\igfxtray.exe
04 - HKLM\..\Run : [HotKeysCmds] C:\Windows\system32\hkcmd.exe
04 - HKLM\..\Run : [Persistence] C:\Windows\system32\igfxpers.exe
04 - HKLM\..\Run : [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
04 - HKLM\..\Run : [RtHDVCpl] RtHDVCpl.exe
04 - HKLM\..\Run : [AVG_UI] "C:\Program Files\AVG\AVG2014\avgui.exe" /TRAYONLY
04 - HKU\S-1-5-19\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-19\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-20\..\Run : [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem
04 - HKU\S-1-5-20\..\Run : [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [ehTray.exe] C:\Windows\ehome\ehTray.exe
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [Steam] "C:\Program Files\Steam\steam.exe" -silent
04 - HKU\S-1-5-21-2740782119-3764180284-3873852215-1001\..\Run : [AVG-Secure-Search-Update_0614a] C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe /PROMPT /mid=9eb46cab341847d2941b6d16b2e7caaa-ad1491be2ce6c122f6b66faa90e70c2decf7d34c /CMPID=0614a

################## | UsbFix - Information |

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.

Info (Fr) : http://www.sosvirus.net/infection-dinihou-vous-explique-son-fonctionnement-t4852.html
Info (Fr) : http://www.sosvirus.net/les-infections-via-usb-t4948.html

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[06/07/2014 - 06:37:24 | N | 22 Ko] - C:\MBAM_1.txt
[06/07/2014 - 07:06:34 | N | 2 Ko] - C:\MBAM_2.txt
[06/07/2014 - 07:39:00 | N | 1 Ko] - C:\MBAM_3.txt
[06/07/2014 - 08:20:33 | N | 1 Ko] - C:\avenger.txt
[18/09/2006 - 23:43:37 | N | 0 Ko] - C:\config.sys
[14/09/2009 - 17:55:08 | RASH | 0 Ko] - C:\IO.SYS
[14/09/2009 - 17:55:08 | RASH | 0 Ko] - C:\MSDOS.SYS
[06/07/2014 - 08:20:52 | ASH | 3910032 Ko] - C:\pagefile.sys
[12/06/2009 - 21:49:41 | N | 0 Ko] - C:\RHDSetup.log
[09/09/2012 - 09:46:14 | N | 0 Ko] - C:\user.js
[03/09/2009 - 15:22:14 | SHD] - C:\$Recycle.Bin
[18/09/2006 - 23:43:36 | A | 0 Ko] - C:\autoexec.bat
[08/06/2009 - 17:02:24 | RAS | 8 Ko] - C:\BOOTSECT.BAK
[21/01/2008 - 04:32:31 | D] - C:\PerfLogs
[10/04/2009 - 23:36:38 | RASH | 325 Ko] - C:\bootmgr
[08/06/2009 - 16:43:13 | SHD] - C:\Boot
[12/06/2009 - 21:48:30 | D] - C:\Intel
[03/09/2009 - 15:09:47 | SHD] - C:\Documents and Settings
[04/09/2009 - 09:46:13 | RHD] - C:\MSOCache
[21/04/2013 - 19:02:19 | D] - C:\tp
[22/06/2013 - 16:52:48 | D] - C:\Temp
[30/11/2013 - 14:28:52 | D] - C:\asasins 2
[15/05/2014 - 15:15:48 | D] - C:\Users
[02/07/2014 - 18:55:09 | D] - C:\$AVG
[03/07/2014 - 20:46:46 | D] - C:\Games
[05/07/2014 - 07:12:07 | D] - C:\Windows
[05/07/2014 - 12:31:31 | D] - C:\rsit
[05/07/2014 - 18:04:31 | SHD] - C:\System Volume Information
[06/07/2014 - 07:25:11 | D] - C:\Program Files
[06/07/2014 - 08:21:18 | D] - C:\Avenger
[06/07/2014 - 08:46:33 | D] - C:\UsbFix
[06/07/2014 - 08:51:11 | HD] - C:\ProgramData

################## | D:\ - Fixed drive (NTFS) |

[05/07/2014 - 07:37:29 | N | 9 Ko] - D:\hijackthis.log
[02/07/2014 - 18:46:26 | N | 146868 Ko | VirusTotal - (0/36)] - D:\avg_free_x86_all_2014_4569a7320.exe
[02/07/2014 - 21:27:11 | N | 380 Ko | VirusTotal - (1/54)] - D:\HijackThis.exe
[05/07/2014 - 12:21:29 | N | 764 Ko | VirusTotal - (3/48)] - D:\RSIT.exe
[05/07/2014 - 14:52:02 | N | 10044 Ko | VirusTotal - (0/54)] - D:\mbam-setup-1.75.0.1300.exe
[06/07/2014 - 08:18:47 | N | 714 Ko | VirusTotal - (8/54)] - D:\avenger.exe
[06/07/2014 - 08:43:35 | N | 2979 Ko | VirusTotal - (3/54)] - D:\UsbFix-7.171.exe
[03/09/2009 - 15:34:03 | SHD] - D:\$RECYCLE.BIN
[02/07/2014 - 20:49:11 | N | 757 Ko] - D:\Autorun Shortcut USB_Virus_Remover V1.0.5.exe.7z
[04/09/2009 - 18:13:24 | D] - D:\MRAVENCI
[04/09/2009 - 18:14:52 | D] - D:\moorhuhn
[04/09/2009 - 18:16:03 | D] - D:\KOULOVANÁ
[04/09/2009 - 18:16:35 | D] - D:\Funny Furries 2 Xmas
[04/09/2009 - 18:26:12 | D] - D:\ÚDRŽBA
[04/09/2009 - 18:28:15 | D] - D:\Noid'99
[05/09/2009 - 07:14:52 | D] - D:\LIDULA
[15/10/2009 - 17:45:04 | D] - D:\PŘEBRAT A SMAZAT
[15/01/2010 - 20:17:49 | D] - D:\POKUS
[09/02/2010 - 18:23:03 | D] - D:\POŠTA
[28/12/2010 - 12:50:58 | D] - D:\Mafia 1
[19/03/2012 - 19:41:20 | D] - D:\reslists
[19/03/2012 - 19:41:20 | D] - D:\mediabrowser
[19/03/2012 - 19:41:20 | D] - D:\gldrv
[27/03/2012 - 16:57:59 | D] - D:\Mirror´s Edge
[07/05/2012 - 11:23:40 | D] - D:\Program Files
[12/05/2012 - 08:42:38 | D] - D:\java
[27/06/2012 - 23:53:58 | D] - D:\TeamSpeak3
[19/09/2012 - 17:34:30 | D] - D:\1MOJE
[19/09/2012 - 18:30:50 | D] - D:\FOTKY
[19/09/2012 - 18:39:30 | D] - D:\MP3
[21/12/2012 - 20:39:10 | D] - D:\Mafie2
[02/03/2013 - 11:54:59 | SHD] - D:\System Volume Information
[31/03/2013 - 16:13:46 | D] - D:\Lego Star Wars - The Complete Saga
[24/05/2013 - 17:12:52 | D] - D:\Metro 2033
[24/05/2013 - 17:29:34 | D] - D:\metro
[10/06/2013 - 16:17:03 | D] - D:\StepMania
[22/06/2013 - 17:17:16 | D] - D:\Oblivion
[23/06/2013 - 11:55:02 | D] - D:\Mafia 2 CZ
[06/07/2013 - 09:58:17 | D] - D:\platform
[21/08/2013 - 14:52:47 | D] - D:\db07c335984b887d14e03dbb
[26/10/2013 - 15:07:17 | D] - D:\nelze smazat 1
[15/12/2013 - 12:59:48 | D] - D:\asasins
[27/06/2014 - 19:28:18 | D] - D:\HyperCam3
[03/07/2014 - 21:57:05 | D] - D:\$AVG
[05/07/2014 - 12:29:33 | D] - D:\backups

################## | N:\ - Removable drive (FAT32) |

[27/06/2014 - 14:29:50 | N | 29 Ko | VirusTotal - (0/52)] - N:\mifwnxrkkw.vbs
[28/06/2014 - 13:09:44 | N | 29 Ko | VirusTotal - (0/52)] - N:\zypkinsgzm.vbs
[28/06/2014 - 18:01:54 | N | 29 Ko | VirusTotal - (0/52)] - N:\Hack.vbs
[28/06/2014 - 18:30:36 | N | 29 Ko | VirusTotal - (0/52)] - N:\fatii.vbs
[28/06/2014 - 18:32:48 | N | 179 Ko | VirusTotal - (0/52)] - N:\tmpC06C.tmp.vbs
[28/06/2014 - 18:56:46 | N | 179 Ko | VirusTotal - (0/52)] - N:\tmpB549.tmp.vbs
[28/06/2014 - 19:30:18 | N | 29 Ko | VirusTotal - (0/52)] - N:\zineb.vbs
[28/06/2014 - 20:31:52 | N | 170 Ko | VirusTotal - (0/52)] - N:\tmpC1C1.tmp.vbs
[29/06/2014 - 15:08:00 | N | 29 Ko | VirusTotal - (0/52)] - N:\tmpD563.tmp.vbs
[29/06/2014 - 15:19:44 | N | 29 Ko | VirusTotal - (0/52)] - N:\swjykewdjn.vbs
[29/06/2014 - 15:20:14 | N | 29 Ko | VirusTotal - (0/52)] - N:\ojxerkoomt.vbs
[29/06/2014 - 15:20:16 | N | 29 Ko | VirusTotal - (0/52)] - N:\tmp1286.tmp.vbs
[29/06/2014 - 15:27:56 | N | 29 Ko | VirusTotal - (0/52)] - N:\bygnssroft.vbs
[29/06/2014 - 15:43:50 | N | 29 Ko | VirusTotal - (0/52)] - N:\cqxqjtcyil.vbs
[29/06/2014 - 17:15:56 | N | 29 Ko | VirusTotal - (0/52)] - N:\tmpF72A.tmp.vbs
[29/06/2014 - 17:32:24 | N | 29 Ko | VirusTotal - (0/52)] - N:\sbmevtjvqr.vbs
[02/07/2014 - 21:50:48 | N | 29 Ko | VirusTotal - (0/52)] - N:\maya2.vbs
[02/07/2014 - 21:59:46 | N | 1 Ko] - N:\tmpB549.lnk
[02/07/2014 - 21:59:46 | N | 1 Ko] - N:\Hack.lnk
[02/07/2014 - 21:59:48 | N | 1 Ko] - N:\maya2.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\fatii.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\swjykewdjn.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpC06C.lnk
[02/07/2014 - 21:59:52 | N | 0 Ko] - N:\mifwnxrkkw.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\cqxqjtcyil.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpD563.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpF72A.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\zypkinsgzm.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\bygnssroft.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\zineb.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\ojxerkoomt.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmp1286.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\tmpC1C1.lnk
[02/07/2014 - 21:59:52 | N | 1 Ko] - N:\sbmevtjvqr.lnk

################## | O:\ - Removable drive (FAT) |

[27/06/2014 - 14:29:50 | N | 29 Ko | VirusTotal - (0/52)] - O:\mifwnxrkkw.vbs
[27/06/2014 - 20:52:30 | N | 14 Ko | VirusTotal - (0/52)] - O:\cc.vbs
[28/06/2014 - 13:09:44 | N | 29 Ko | VirusTotal - (0/52)] - O:\zypkinsgzm.vbs
[28/06/2014 - 18:01:54 | N | 29 Ko | VirusTotal - (0/52)] - O:\Hack.vbs
[28/06/2014 - 18:30:36 | N | 29 Ko | VirusTotal - (0/52)] - O:\fatii.vbs
[28/06/2014 - 18:32:48 | N | 179 Ko | VirusTotal - (0/52)] - O:\tmpC06C.tmp.vbs
[28/06/2014 - 18:56:46 | N | 179 Ko | VirusTotal - (0/52)] - O:\tmpB549.tmp.vbs
[28/06/2014 - 19:30:18 | N | 29 Ko | VirusTotal - (0/52)] - O:\zineb.vbs
[28/06/2014 - 20:31:52 | N | 170 Ko | VirusTotal - (0/52)] - O:\tmpC1C1.tmp.vbs
[29/06/2014 - 15:08:00 | N | 29 Ko | VirusTotal - (0/52)] - O:\tmpD563.tmp.vbs
[29/06/2014 - 15:19:44 | N | 29 Ko | VirusTotal - (0/52)] - O:\swjykewdjn.vbs
[29/06/2014 - 15:20:14 | N | 29 Ko | VirusTotal - (0/52)] - O:\ojxerkoomt.vbs
[29/06/2014 - 15:20:16 | N | 29 Ko | VirusTotal - (0/52)] - O:\tmp1286.tmp.vbs
[29/06/2014 - 15:27:56 | N | 29 Ko | VirusTotal - (0/52)] - O:\bygnssroft.vbs
[29/06/2014 - 15:43:50 | N | 29 Ko | VirusTotal - (0/52)] - O:\cqxqjtcyil.vbs
[29/06/2014 - 17:15:56 | N | 29 Ko | VirusTotal - (0/52)] - O:\tmpF72A.tmp.vbs
[29/06/2014 - 17:32:24 | N | 29 Ko | VirusTotal - (0/52)] - O:\sbmevtjvqr.vbs
[02/07/2014 - 21:03:06 | N | 1 Ko] - O:\LAN_Vista64_Vista(6218)(G41).lnk
[02/07/2014 - 21:03:06 | N | 1 Ko] - O:\System Volume Information.lnk
[02/07/2014 - 21:03:14 | N | 1 Ko] - O:\swjykewdjn.lnk
[02/07/2014 - 21:03:14 | N | 1 Ko] - O:\tmp1286.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\tmpC06C.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\tmpD563.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\cc.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\ojxerkoomt.lnk
[02/07/2014 - 21:03:16 | N | 1 Ko] - O:\tmpC1C1.lnk
[02/07/2014 - 21:03:18 | N | 0 Ko] - O:\Hack.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\tmpF72A.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\tmpB549.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\fatii.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\sbmevtjvqr.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\mifwnxrkkw.lnk
[02/07/2014 - 21:03:18 | N | 1 Ko] - O:\zineb.lnk
[10/07/2009 - 09:57:44 | D] - O:\LAN_Vista64_Vista(6218)(G41)
[15/06/2014 - 12:04:56 | SHD] - O:\System Volume Information

################## | Vaccin |

D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
N:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
O:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

#18 Příspěvek od **cernohous13** » 06 črc 2014 09:28

Máš na těch fleškách nějaká důležitá osobní data? raději bych je zálohoval a flešky formátoval

dej nový RSIT

wosicz · #19 Příspěvek od **wosicz** » 06 črc 2014 09:49

Jednu už jsem dřív ze zoufalství zformátoval (nepomohlo) a data na té druhé taky milerád obětuju

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jaroslav at 2014-07-06 10:47:36
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 48 GB (20%) free of 245 GB
Total RAM: 3518 MB (56% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AVG_SYS_TASK_0614a.job
C:\Windows\tasks\AVG_SYS_TASK_0614a_DELETE.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Windows\tasks\User_Feed_Synchronization-{49A7E43B-9A23-4068-B1F9-40921DB3FE45}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-09-03 68480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94EB70E2-6354-86EF-F995-2666FEB90BF6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2010-11-29 421888]
"VMonitorVMUVC"=C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [2008-08-29 143360]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-09-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-09-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-09-09 154136]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-06-17 5179408]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""= []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"ASRockIES"= []
"zASRockInstantBoot"= []
"Steam"=C:\Program Files\Steam\steam.exe [2014-06-30 1753280]
"Clownfish"= []
"AVG-Secure-Search-Update_0614a"=C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe [2014-06-19 2726936]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
C:\Program Files\Ask.com\Updater\Updater.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-09-02 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-07-06 08:45:19 ----D---- C:\UsbFix
2014-07-06 08:20:32 ----N---- C:\avenger.txt
2014-07-06 08:20:32 ----D---- C:\Avenger
2014-07-06 07:39:00 ----N---- C:\MBAM_3.txt
2014-07-06 07:06:34 ----N---- C:\MBAM_2.txt
2014-07-06 06:37:24 ----N---- C:\MBAM_1.txt
2014-07-06 06:25:21 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 14:52:51 ----D---- C:\Users\Jaroslav\AppData\Roaming\Malwarebytes
2014-07-05 14:52:36 ----D---- C:\ProgramData\Malwarebytes
2014-07-05 14:52:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-07-05 12:31:27 ----D---- C:\rsit
2014-07-05 12:31:27 ----D---- C:\Program Files\trend micro
2014-07-05 09:40:06 ----D---- C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a
2014-07-05 09:39:52 ----D---- C:\ProgramData\Avg_Update_0614a
2014-07-02 18:58:27 ----D---- C:\Users\Jaroslav\AppData\Roaming\AVG2014
2014-07-02 18:57:46 ----D---- C:\Users\Jaroslav\AppData\Roaming\TuneUp Software
2014-07-02 18:55:08 ----D---- C:\ProgramData\AVG2014
2014-07-02 18:55:08 ----D---- C:\$AVG
2014-07-02 18:53:59 ----D---- C:\Program Files\AVG
2014-07-02 18:52:45 ----HD---- C:\ProgramData\Common Files
2014-07-02 18:52:45 ----D---- C:\ProgramData\MFAData
2014-06-28 13:05:24 ----D---- C:\ProgramData\Isolated Storage
2014-06-28 09:40:11 ----D---- C:\Windows\system32\RTCOM
2014-06-27 20:50:18 ----A---- C:\Windows\system32\RtNicProp32.dll
2014-06-27 18:03:17 ----D---- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

======List of files/folders modified in the last 1 months======

2014-07-06 10:47:37 ----D---- C:\Windows\Prefetch
2014-07-06 10:42:34 ----SHD---- C:\System Volume Information
2014-07-06 10:42:25 ----D---- C:\Windows\Temp
2014-07-06 08:51:27 ----D---- C:\Windows\System32
2014-07-06 08:51:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-06 08:51:11 ----HD---- C:\ProgramData
2014-07-06 08:22:09 ----D---- C:\Users\Jaroslav\AppData\Roaming\DAEMON Tools Lite
2014-07-06 08:21:35 ----D---- C:\Users\Jaroslav\AppData\Roaming\Skype
2014-07-06 08:21:29 ----D---- C:\Program Files\Steam
2014-07-06 08:20:32 ----D---- C:\Windows\system32\drivers
2014-07-06 07:25:11 ----D---- C:\Windows\inf
2014-07-06 07:25:11 ----D---- C:\Program Files
2014-07-06 06:51:27 ----D---- C:\Windows\Tasks
2014-07-06 06:51:27 ----D---- C:\Windows\system32\Tasks
2014-07-05 09:12:51 ----D---- C:\Program Files\Common Files\Steam
2014-07-05 07:12:07 ----D---- C:\Windows
2014-07-05 07:06:53 ----SHD---- C:\Windows\Installer
2014-07-03 21:45:21 ----D---- C:\ProgramData\Wincert
2014-07-03 21:43:35 ----D---- C:\Program Files\InstallConverter bundle uninstaller
2014-07-03 20:46:46 ----D---- C:\Games
2014-06-28 09:40:02 ----D---- C:\Windows\system32\catroot2
2014-06-27 20:50:35 ----D---- C:\Windows\system32\catroot
2014-06-27 20:50:17 ----HD---- C:\Program Files\InstallShield Installation Information
2014-06-27 19:43:16 ----D---- C:\Program Files\Common Files
2014-06-27 19:42:43 ----D---- C:\Program Files\Electronic Arts
2014-06-27 19:41:41 ----D---- C:\Program Files\Activision
2014-06-27 19:13:48 ----HD---- C:\Program Files\Temp
2014-06-27 19:13:43 ----D---- C:\Program Files\Realtek
2014-06-27 19:13:38 ----A---- C:\Windows\DIFxAPI.dll
2014-06-27 18:07:50 ----D---- C:\ProgramData\AVAST Software
2014-06-27 18:05:20 ----D---- C:\Program Files\PCDApp
2014-06-23 17:36:29 ----D---- C:\Users\Jaroslav\AppData\Roaming\vlc
2014-06-23 12:57:54 ----D---- C:\Program Files\Supporter
2014-06-23 12:32:43 ----SD---- C:\Windows\system32\Microsoft
2014-06-23 06:39:03 ----D---- C:\Users\Jaroslav\AppData\Roaming\.minecraft
2014-06-22 21:19:39 ----D---- C:\Program Files\Common Files\InstallShield
2014-06-22 20:16:30 ----D---- C:\ProgramData\Razer
2014-06-22 20:14:52 ----A---- C:\Windows\disney.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 13832]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-16 242240]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\Windows\system32\DRIVERS\AegisP.sys [2009-10-10 20747]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 23256]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-07-06 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-17 140288]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 aklw824i;aklw824i; C:\Windows\system32\drivers\aklw824i.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6032.sys [2008-04-15 224384]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-09-02 2472448]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt73.sys [2006-03-08 255232]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 VMUVC;Vimicro Camera Service VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [2010-04-29 254720]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC; C:\Windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-03 65640]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
S2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
S2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
S2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-06-30 542400]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#20 Příspěvek od **cernohous13** » 06 črc 2014 14:59

Stáhni OTM z jednoho odkazu a rozbal nejlépe na plochu.
http://oldtimer.geekstogo.com/OTM.exe
http://www.itxassociates.com/OT-Tools/OTM.exe

Spusť program „OTM.exe“ (pro Vistu a Win7 – pravým a „Run As Administrator“).
Do okna pod žlutou čáru vlož celý text zeleným písmem ze „Scriptu“

Klikni na červené „MoveIt!“

Při nabídce restartu „YES“
a log potom najdeš v C:\_OTM\MovedFiles\ - dej mi ho sem na kontrolu

Script OTM

Kód: Vybrat vše

:Commands
[emptytemp]
[emptyflash]
[emptyjava]
[clearallrestorepoints]

:Files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp /s
C:\Windows\tasks\AVG_SYS_TASK_0614a.job
C:\Windows\tasks\AVG_SYS_TASK_0614a_DELETE.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\RegistryBooster.job
C:\Program Files\Ask.com
C:\UsbFix
C:\avenger.txt
C:\MBAM_3.txt
C:\MBAM_2.txt
C:\MBAM_1.txt

:Reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=-
"Adobe ARM"=-
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
""=-
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]-
"ASRockIES"=-
"zASRockInstantBoot"=-
"Clownfish"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ApnUpdater]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLS"=""
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{07ee5ac0-54e9-11e1-8f34-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{610af009-c222-11df-b0f5-002421aade90}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{803aecc5-ec9a-11e2-8d65-806e6f6e6963}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b924d119-2e47-11e3-a0c8-bc5ff4032359}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{bd14658f-11e3-11e0-943d-002421aade90}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e51e307e-a88e-11df-9e47-002421aade90}]

:Services

wosicz · #21 Příspěvek od **wosicz** » 06 črc 2014 15:38

Hm, tak hlásím nestandardní chování

Ten OTM se mi nedařilo spustit, místo toho vždycky zmizel, tak jsem ho stáhnul a hned překopčil na plochu, spustil jako administrátor, kopnul tam ten skript a hle - objevila se mi tapeta na ploše a jinak z ní vše zmizelo. NIc se nestalo, tudíž není ani log.

EDIT - asi mi to sabotoval AVG, takže ho zas vypnu

wosicz · #22 Příspěvek od **wosicz** » 06 črc 2014 15:50

Tak se mi to podařilo rozjet, pak se PC sám restartoval a přesto nemám žádný log, jen prázdnou složku

#23 Příspěvek od **cernohous13** » 06 črc 2014 16:33

Zkus to v nouzovém režimu

wosicz · #24 Příspěvek od **wosicz** » 06 črc 2014 16:47

Žádná změna, jen se mě to tentokrát zeptalo na restart, jinak log není.

#25 Příspěvek od **cernohous13** » 06 črc 2014 16:51

Pokud v C:\_OTM\MovedFiles\ nic není dej mi log RSIT

wosicz · #26 Příspěvek od **wosicz** » 06 črc 2014 16:55

Logfile of random's system information tool 1.06 (written by random/random)
Run by Jaroslav at 2014-07-06 17:54:53
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 50 GB (20%) free of 245 GB
Total RAM: 3518 MB (64% free)

HijackThis download failed

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\User_Feed_Synchronization-{49A7E43B-9A23-4068-B1F9-40921DB3FE45}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Podpora odkazu pro Adobe PDF Reader - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2013-09-03 68480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pro přihlášení ke službě Windows Live - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{94EB70E2-6354-86EF-F995-2666FEB90BF6}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
10

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"VMonitorVMUVC"=C:\Program Files\Vimicro Corporation\VMUVC\VMonitor.exe [2008-08-29 143360]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-06-16 81920]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2008-09-09 150040]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2008-09-09 178712]
"Persistence"=C:\Windows\system32\igfxpers.exe [2008-09-09 154136]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2006-12-29 4317184]
"AVG_UI"=C:\Program Files\AVG\AVG2014\avgui.exe [2014-06-17 5179408]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"ASRockIES"= []
"zASRockInstantBoot"= []
"Steam"=C:\Program Files\Steam\steam.exe [2014-06-30 1753280]
"Clownfish"= []
"AVG-Secure-Search-Update_0614a"=C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a\AVG-Secure-Search-Update_0614a.exe [2014-06-19 2726936]
"ISUSPM Startup"=c:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-06-16 221184]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\Windows Live\Messenger\msnmsgr.exe [2008-12-02 3882312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-02-18 2221352]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Ralink Wireless Utility.lnk - C:\Program Files\RALINK\Common\RaUI.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2008-09-02 221184]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{b924d119-2e47-11e3-a0c8-bc5ff4032359}]
shell\AutoRun\command - J:\RunGame.exe

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2014-07-06 17:35:33 ----A---- C:\Windows\ntbtlog.txt
2014-07-06 16:25:45 ----D---- C:\_OTM
2014-07-06 08:20:32 ----D---- C:\Avenger
2014-07-06 06:25:21 ----D---- C:\Program Files\Malwarebytes Anti-Malware
2014-07-05 14:52:51 ----D---- C:\Users\Jaroslav\AppData\Roaming\Malwarebytes
2014-07-05 14:52:36 ----D---- C:\ProgramData\Malwarebytes
2014-07-05 14:52:35 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2014-07-05 12:31:27 ----D---- C:\rsit
2014-07-05 12:31:27 ----D---- C:\Program Files\trend micro
2014-07-05 09:40:06 ----D---- C:\Users\Jaroslav\AppData\Roaming\Avg_Update_0614a
2014-07-05 09:39:52 ----D---- C:\ProgramData\Avg_Update_0614a
2014-07-02 18:58:27 ----D---- C:\Users\Jaroslav\AppData\Roaming\AVG2014
2014-07-02 18:57:46 ----D---- C:\Users\Jaroslav\AppData\Roaming\TuneUp Software
2014-07-02 18:55:08 ----D---- C:\ProgramData\AVG2014
2014-07-02 18:55:08 ----D---- C:\$AVG
2014-07-02 18:53:59 ----D---- C:\Program Files\AVG
2014-07-02 18:52:45 ----HD---- C:\ProgramData\Common Files
2014-07-02 18:52:45 ----D---- C:\ProgramData\MFAData
2014-06-28 13:05:24 ----D---- C:\ProgramData\Isolated Storage
2014-06-28 09:40:11 ----D---- C:\Windows\system32\RTCOM
2014-06-27 20:50:18 ----A---- C:\Windows\system32\RtNicProp32.dll
2014-06-27 18:03:17 ----D---- C:\ProgramData\{83C3B2FD-37EA-4C06-A228-E9B5E32FF0B1}

======List of files/folders modified in the last 1 months======

2014-07-06 17:54:52 ----D---- C:\Windows\Temp
2014-07-06 17:44:56 ----D---- C:\Windows\Prefetch
2014-07-06 17:44:45 ----D---- C:\Program Files\Steam
2014-07-06 17:35:33 ----D---- C:\Windows
2014-07-06 16:43:01 ----D---- C:\Windows\Tasks
2014-07-06 16:42:24 ----SHD---- C:\Windows\Installer
2014-07-06 16:41:47 ----SHD---- C:\System Volume Information
2014-07-06 08:51:27 ----D---- C:\Windows\System32
2014-07-06 08:51:27 ----A---- C:\Windows\system32\PerfStringBackup.INI
2014-07-06 08:51:11 ----HD---- C:\ProgramData
2014-07-06 08:22:09 ----D---- C:\Users\Jaroslav\AppData\Roaming\DAEMON Tools Lite
2014-07-06 08:21:35 ----D---- C:\Users\Jaroslav\AppData\Roaming\Skype
2014-07-06 08:20:32 ----D---- C:\Windows\system32\drivers
2014-07-06 07:25:11 ----D---- C:\Windows\inf
2014-07-06 07:25:11 ----D---- C:\Program Files
2014-07-06 06:51:27 ----D---- C:\Windows\system32\Tasks
2014-07-05 09:12:51 ----D---- C:\Program Files\Common Files\Steam
2014-07-03 21:45:21 ----D---- C:\ProgramData\Wincert
2014-07-03 21:43:35 ----D---- C:\Program Files\InstallConverter bundle uninstaller
2014-07-03 20:46:46 ----D---- C:\Games
2014-06-28 09:40:02 ----D---- C:\Windows\system32\catroot2
2014-06-27 20:50:35 ----D---- C:\Windows\system32\catroot
2014-06-27 20:50:17 ----HD---- C:\Program Files\InstallShield Installation Information
2014-06-27 19:43:16 ----D---- C:\Program Files\Common Files
2014-06-27 19:42:43 ----D---- C:\Program Files\Electronic Arts
2014-06-27 19:41:41 ----D---- C:\Program Files\Activision
2014-06-27 19:13:48 ----HD---- C:\Program Files\Temp
2014-06-27 19:13:43 ----D---- C:\Program Files\Realtek
2014-06-27 19:13:38 ----A---- C:\Windows\DIFxAPI.dll
2014-06-27 18:07:50 ----D---- C:\ProgramData\AVAST Software
2014-06-27 18:05:20 ----D---- C:\Program Files\PCDApp
2014-06-23 17:36:29 ----D---- C:\Users\Jaroslav\AppData\Roaming\vlc
2014-06-23 12:57:54 ----D---- C:\Program Files\Supporter
2014-06-23 12:32:43 ----SD---- C:\Windows\system32\Microsoft
2014-06-23 06:39:03 ----D---- C:\Users\Jaroslav\AppData\Roaming\.minecraft
2014-06-22 21:19:39 ----D---- C:\Program Files\Common Files\InstallShield
2014-06-22 20:16:30 ----D---- C:\ProgramData\Razer
2014-06-22 20:14:52 ----A---- C:\Windows\disney.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AsrAppCharger;AsrAppCharger; C:\Windows\system32\DRIVERS\AsrAppCharger.sys [2010-06-11 13832]
R1 Avgdiskx;AVG Disk Driver; C:\Windows\system32\DRIVERS\avgdiskx.sys [2014-06-17 121624]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdriverx.sys [2014-06-17 199960]
R1 AVGIDSShim;AVGIDSShim; C:\Windows\system32\DRIVERS\avgidsshimx.sys [2014-06-17 21272]
R1 Avgldx86;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx86.sys [2014-06-17 188696]
R1 Avgtdix;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdix.sys [2014-06-17 197400]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-12-16 242240]
R2 AegisP;AEGIS Protocol (IEEE 802.1x) v3.4.3.0; C:\Windows\system32\DRIVERS\AegisP.sys [2009-10-10 20747]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-07-02 4994048]
R3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-01-02 1668456]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2014-05-12 23256]
R3 MBAMSwissArmy;MBAMSwissArmy; \??\C:\Windows\system32\drivers\MBAMSwissArmy.sys [2014-07-06 110296]
R3 MBAMWebAccessControl;MBAMWebAccessControl; \??\C:\Windows\system32\drivers\mwac.sys [2014-05-12 51928]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2009-03-17 140288]
R3 StillCam;Ovladač digitálního fotoaparátu pro sériový port; C:\Windows\system32\DRIVERS\serscan.sys [2008-01-21 9216]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
R3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]
S3 a4rr2d3n;a4rr2d3n; C:\Windows\system32\drivers\a4rr2d3n.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 e1yexpress;Intel(R) Gigabit Network Connections Driver; C:\Windows\system32\DRIVERS\e1y6032.sys [2008-04-15 224384]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2008-09-02 2472448]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 RT73;RT73 USB Wireless LAN Card Driver; C:\Windows\system32\DRIVERS\rt73.sys [2006-03-08 255232]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
S3 VMUVC;Vimicro Camera Service VMUVC; C:\Windows\System32\Drivers\VMUVC.sys [2010-04-29 254720]
S3 vvftUVC;Vimicro Camera Filter Service VMUVC; C:\Windows\system32\drivers\vvftUVC.sys [2008-07-01 398720]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
S4 WmiAcpi;Microsoft Windows Management Interface for ACPI; C:\Windows\system32\drivers\wmiacpi.sys [2008-01-21 11264]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-09-03 65640]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-07-02 176128]
R2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2014\avgwdsvc.exe [2014-06-17 289328]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes Anti-Malware\mbamservice.exe [2014-05-12 860472]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes Anti-Malware\mbamscheduler.exe [2014-05-12 1809720]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe [2008-02-18 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\system32\IoctlSvc.exe [2006-12-19 81920]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2014-06-30 542400]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2014\avgidsagent.exe [2014-06-27 3241488]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-10-23 172192]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-14 257712]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-11 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#27 Příspěvek od **cernohous13** » 06 črc 2014 17:03

Podařilo se ti formátovat ty flešky?

Dej mi ještě nový log UsbFix

wosicz · #28 Příspěvek od **wosicz** » 06 črc 2014 17:31

Při 98% vyběhla hláška nějak související s tím _OTM a USBfix se ukončil. Opět bez logu. Jak se toho _OTM bezpečně zbavím?

Jinak flashky jsou zformátovaný a zdají se prázdný, tak snad..

#29 Příspěvek od **cernohous13** » 06 črc 2014 17:52

Spusť opět OTM -> CleanUp! - odinstaluje a vyčistí po sobě.

Jestli jsou flešky čisté tak už můžeme uklízet

wosicz · #30 Příspěvek od **wosicz** » 06 črc 2014 18:13

Takže _OTM je fuč, zkusil jsem znova UsbFix a opět vyběhla podobná hláška, tentokrát:

Line 35582 (File "C:\UsbFix\UsbFix.exe"):
Error: Subscript used non-accessible variable.

Jakože chtěl zkontrolovat sám sebe a to nelze? No to je jedno. Hlavně už nikde nic nenašel. Teda aspoň do těch zkontrolovaných 98%.

Podíval jsem se ještě na ta místa, kde se mi ta havěť ukazovala a nikde nic, ani AVG nic nehlásí, tak snad už je PC zdravej

VIRY.CZ

Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky

Re: Zavirovaný PC a flashky