Přikládám log dle návodu. Jinak pc má nyní problém s restatem. Při odstraňování položek nalezených v MBAM chtěl tento program provést restart. Ten se však nezdařil a pc se nacházelo v jakémsi mezistavu kdy pc stále běžel, ale monitor byl bez signálu. Provedl jsem tedy restart tlačítkem na skříni pc - až na třetí zmáčknutí pc naběhl. Myslím, že ale nešlo o korektní restart /jeden z programů, který po zapnutí pc vypínám na liště "programy po zapnutí" byl stále vypnutý - při skutečném restartu se znovu na liště objeví. Zároveň se tímto "restartem-nerestartem" na modemu vypnulo připojení k síti. Modem jsem musel restatovat. Toto se opakovalo při každém pokusu o restart zadaný přes windows. Zkoušel jsem to asi 2x. Pro jistotu jsem ještě nakonec zkusil úplné vypnutí pc přes windows. To fungovalo v pořádku a pc se po opětovném zapnutí připojil přes modem k internetu.
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 14-02-2015
Ran by Pavel (administrator) on OP on 15-02-2015 12:08:38
Running from C:\Documents and Settings\Pavel\Plocha
Loaded Profiles: Pavel & NeroMediaHomeUser.4 (Available profiles: Pavel & Mirka & Anička & NeroMediaHomeUser.4 & Administrator)
Platform: Microsoft Windows XP Home Edition Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Creative Technology Ltd) C:\Program Files\Creative\Shared Files\CTAudSvc.exe
(Google Inc.) C:\Program Files\Google\Update\1.3.26.9\GoogleCrashHandler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
(Nero AG) C:\Program Files\Nero\Update\NASvc.exe
(Malwarebytes Corporation) C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
(Nero AG) C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe
(PixArt Imaging Incorporation) C:\WINDOWS\Pixart\Pac7302\Monitor.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Intel Corporation) C:\WINDOWS\system32\igfxtray.exe
(Intel Corporation) C:\WINDOWS\system32\hkcmd.exe
(Intel Corporation) C:\WINDOWS\system32\igfxpers.exe
(Intel Corporation) C:\WINDOWS\system32\igfxsrvc.exe
(Canon Inc.) C:\Program Files\Canon\CAL\CALMAIN.exe
(Microsoft Corporation) C:\Program Files\Messenger\msmsgs.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\21.6.0.32\nis.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe
==================== Registry (Whitelisted) ==================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [AMBDef] => C:\WINDOWS\AMBDef.exe [53248 2008-01-24] (Creative Technology Ltd.)
HKLM\...\Run: [UpdReg] => C:\WINDOWS\UpdReg.EXE [90112 2000-05-11] (Creative Technology Ltd.)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [PAC7302_Monitor] => C:\WINDOWS\PixArt\PAC7302\Monitor.exe [319488 2006-11-03] (PixArt Imaging Incorporation)
HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [4826904 2014-10-30] (Piriform Ltd)
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-790525478-1417001333-839522115-1008\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... earchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> C:\Program Files\Norton Internet Security\Engine\21.6.0.32\IPS\IPSBHO.DLL (Symantec Corporation)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> &Adresa - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\coIEPlg.dll (Symantec Corporation)
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://windowsupdate.microsoft.com/wind ... 0534727796
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 0535043984
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
FireFox:
========
FF Plugin: @Google.com/GoogleEarthPlugin -> C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF Plugin: @palmsource.com/installer,version=1.0 -> C:\PROGRA~1\Palm\PACKAG~1\NPInstal.dll ()
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.26.9\npGoogleUpdate3.dll (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn
FF Extension: Norton Toolbar - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\coFFPlgn [2015-02-15]
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2013-10-17]
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF
FF Extension: Norton Vulnerability Protection - C:\Documents and Settings\All Users\Data aplikací\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_21.1.0.18\IPSFF [2013-11-17]
Chrome:
=======
CHR HomePage: Default -> hxxp://www.searchnu.com/419
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=cr ... earchTerms}
CHR DefaultSuggestURL: Default ->
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\40.0.2214.111\pdf.dll ()
CHR Plugin: (Adobe Acrobat) - C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll (Adobe Systems Inc.)
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npdrmv2.dll (Microsoft Corporation)
CHR Plugin: (Windows Media Player Plug-in Dynamic Link Library) - C:\Program Files\Windows Media Player\npdsplay.dll (Microsoft Corporation (written by Digital Renaissance Inc.))
CHR Plugin: (Microsoft® DRM) - C:\Program Files\Windows Media Player\npwmsdrm.dll (Microsoft Corporation)
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll No File
CHR Profile: C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default
CHR Extension: (Dokumenty Google) - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-02-13]
CHR Extension: (Disk Google) - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-02-13]
CHR Extension: (YouTube) - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-02-13]
CHR Extension: (Vyhledávání Google) - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-02-13]
CHR Extension: (Norton Security Toolbar) - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2013-04-20]
CHR Extension: (Peněženka Google) - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (Gmail) - C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-02-13]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\21.6.0.32\Exts\Chrome.crx [2014-10-03]
========================== Services (Whitelisted) =================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
R2 CCALib8; C:\Program Files\Canon\CAL\CALMAIN.exe [96341 2006-03-30] (Canon Inc.) [File not signed]
S3 Creative Audio Engine Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2013-02-10] (Creative Labs) [File not signed]
R2 CTAudSvcService; C:\Program Files\Creative\Shared Files\CTAudSvc.exe [307200 2009-02-23] (Creative Technology Ltd) [File not signed]
S3 IDriverT; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [69632 2005-04-04] (Macrovision Corporation) [File not signed]
R2 MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
R2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [769432 2012-07-13] (Nero AG)
R2 NeroMediaHomeService.4; C:\Program Files\Nero\Nero MediaHome 4\NMMediaServerService.exe [517416 2010-10-29] (Nero AG)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\21.6.0.32\NIS.exe [276376 2014-09-21] (Symantec Corporation)
S3 Sound Blaster X-Fi MB Licensing Service; C:\Program Files\Common Files\Creative Labs Shared\Service\XMBLicensing.exe [79360 2013-02-10] (Creative Labs) [File not signed]
==================== Drivers (Whitelisted) ====================
(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)
S3 akshasp; C:\WINDOWS\System32\DRIVERS\akshasp.sys [327168 2006-11-22] (Aladdin Knowledge Systems Ltd.)
S3 aksusb; C:\WINDOWS\System32\DRIVERS\aksusb.sys [100096 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 AMBFilt; C:\WINDOWS\System32\drivers\AMBFilt.sys [1656960 2009-06-26] (Creative)
R3 ASAPIW2k; C:\WINDOWS\System32\drivers\ASAPIW2k.sys [11264 2004-03-10] (Pinnacle Systems GmbH) [File not signed]
R1 BHDrvx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\BASHDefs\20150203.001\BHDrvx86.sys [1164504 2015-02-03] (Symantec Corporation)
S3 CCDECODE; C:\WINDOWS\System32\DRIVERS\CCDECODE.sys [17024 2008-04-13] (Microsoft Corporation)
R1 ccSet_NIS; C:\WINDOWS\system32\drivers\NIS\1506000.020\ccSetx86.sys [127064 2013-09-26] (Symantec Corporation)
R1 cdrblock; C:\WINDOWS\System32\DRIVERS\cdrblock.sys [27704 2008-05-30] (Canopus Co,. Ltd.)
R1 dtsoftbus01; C:\WINDOWS\System32\DRIVERS\dtsoftbus01.sys [242240 2013-02-14] (DT Soft Ltd)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [378672 2014-12-11] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [111408 2014-12-11] (Symantec Corporation)
R2 Hardlock; C:\WINDOWS\system32\drivers\hardlock.sys [693760 2006-11-22] (Aladdin Knowledge Systems Ltd.)
R3 IDSxpx86; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\IPSDefs\20150213.001\IDSxpx86.sys [475792 2015-02-06] (Symantec Corporation)
S3 k750bus; C:\WINDOWS\System32\DRIVERS\k750bus.sys [55216 2005-06-03] (MCCI)
S3 k750mdfl; C:\WINDOWS\System32\DRIVERS\k750mdfl.sys [6576 2005-06-03] (MCCI)
S3 k750mdm; C:\WINDOWS\System32\DRIVERS\k750mdm.sys [89872 2005-06-03] (MCCI)
S3 k750mgmt; C:\WINDOWS\System32\DRIVERS\k750mgmt.sys [81728 2005-06-03] (MCCI)
S3 k750obex; C:\WINDOWS\System32\DRIVERS\k750obex.sys [79488 2005-06-03] (MCCI)
R3 MarvinBus; C:\WINDOWS\System32\DRIVERS\MarvinBus.sys [171520 2005-09-23] (Pinnacle Systems GmbH) [File not signed]
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [22856 2013-04-04] (Malwarebytes Corporation)
S3 MonFilt; C:\WINDOWS\System32\drivers\MonFilt.sys [1389056 2008-12-02] (Creative Technology Ltd.)
R3 NAVENG; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150214.001\NAVENG.SYS [95704 2015-01-20] (Symantec Corporation)
R3 NAVEX15; C:\Program Files\Norton Internet Security\NortonData\21.1.0.18\Definitions\VirusDefs\20150214.001\NAVEX15.SYS [1636696 2015-01-20] (Symantec Corporation)
S3 NdisIP; C:\WINDOWS\System32\DRIVERS\NdisIP.sys [10880 2008-04-13] (Microsoft Corporation)
R3 PAC7302; C:\WINDOWS\System32\DRIVERS\PAC7302.SYS [458112 2007-10-29] (PixArt Imaging Inc.)
R3 SRTSP; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SRTSP.SYS [664792 2014-08-26] (Symantec Corporation)
R1 SRTSPX; C:\WINDOWS\system32\drivers\NIS\1506000.020\SRTSPX.SYS [32984 2014-08-26] (Symantec Corporation)
R0 SymDS; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMDS.SYS [367704 2013-09-10] (Symantec Corporation)
R0 SymEFA; C:\WINDOWS\System32\drivers\NIS\1506000.020\SYMEFA.SYS [936152 2014-03-04] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT.SYS [142936 2013-11-16] (Symantec Corporation)
R1 SymIRON; C:\WINDOWS\system32\drivers\NIS\1506000.020\Ironx86.SYS [209624 2014-08-06] (Symantec Corporation)
R1 SYMTDI; C:\WINDOWS\System32\Drivers\NIS\1506000.020\SYMTDI.SYS [423256 2014-02-18] (Symantec Corporation)
R3 VIAHdAudAddService; C:\WINDOWS\System32\drivers\viahduaa.sys [1617408 2009-11-25] (VIA Technologies, Inc.)
S3 AsrCDDrv; \??\C:\WINDOWS\system32\Drivers\AsrCDDrv.sys [X]
S4 IntelIde; No ImagePath
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-14] (Microsoft Corporation)
U1 WS2IFSL; No ImagePath
==================== NetSvcs (Whitelisted) ===================
(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)
==================== One Month Created Files and Folders ========
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 12:08 - 2015-02-15 12:09 - 00019063 _____ () C:\Documents and Settings\Pavel\Plocha\FRST.txt
2015-02-15 12:04 - 2015-02-15 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe
2015-02-15 11:44 - 2015-02-15 11:44 - 01125888 _____ (Farbar) C:\Documents and Settings\Pavel\Plocha\frst.exe
2015-02-15 01:04 - 2015-02-15 11:45 - 02995200 ____H () C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp
2015-02-14 17:53 - 2015-02-14 17:53 - 00000000 ____D () C:\Documents and Settings\Pavel\Data aplikací\Malwarebytes
2015-02-14 17:51 - 2015-02-14 17:51 - 00000784 _____ () C:\Documents and Settings\All Users\Plocha\Malwarebytes Anti-Malware.lnk
2015-02-14 17:50 - 2015-02-14 17:51 - 00000000 ____D () C:\Program Files\Malwarebytes' Anti-Malware
2015-02-14 17:50 - 2015-02-14 17:51 - 00000000 ____D () C:\Documents and Settings\All Users\Nabídka Start\Programy\Malwarebytes' Anti-Malware
2015-02-14 17:50 - 2015-02-14 17:50 - 00000000 ____D () C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2015-02-14 17:50 - 2013-04-04 14:50 - 00022856 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-02-14 15:38 - 2015-02-15 12:08 - 00000000 ____D () C:\FRST
2015-02-14 12:50 - 2015-02-14 12:50 - 00000000 __SHD () C:\Documents and Settings\Administrator\PrivacIE
2015-02-14 12:47 - 2015-02-14 12:47 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Adobe
2015-02-14 12:46 - 2015-02-14 12:47 - 00001813 _____ () C:\Documents and Settings\Administrator\Plocha\Google Chrome.lnk
2015-02-14 12:46 - 2015-02-14 12:46 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Adobe
2015-02-14 12:42 - 2015-02-14 12:43 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google
2015-02-14 12:42 - 2015-02-14 12:42 - 00000000 ____D () C:\Documents and Settings\Administrator\Data aplikací\Google
2015-02-14 12:20 - 2015-02-14 12:20 - 00005120 _____ () C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-02-12 13:47 - 2015-02-12 13:47 - 00454656 _____ () C:\Documents and Settings\Pavel\Plocha\A150210_VEN_024_DANE_2014C.XLS
==================== One Month Modified Files and Folders =======
(If an entry is included in the fixlist, the file\folder will be moved.)
2015-02-15 12:10 - 2014-01-31 11:51 - 00000000 ____D () C:\Documents and Settings\NeroMediaHomeUser.4\Local Settings\Temp
2015-02-15 12:09 - 2013-02-09 14:55 - 00000000 ____D () C:\Documents and Settings\Pavel\Local Settings\Temp
2015-02-15 12:08 - 2013-02-09 14:55 - 00000000 ____D () C:\Documents and Settings\Pavel\Plocha
2015-02-15 12:07 - 2013-02-09 14:55 - 00000000 ___HD () C:\Documents and Settings\Pavel\Local Settings\Data aplikací
2015-02-15 11:44 - 2013-02-13 07:34 - 00000940 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-02-15 11:25 - 2013-02-09 07:29 - 01121846 _____ () C:\WINDOWS\system32\PerfStringBackup.INI
2015-02-15 11:21 - 2013-02-09 14:46 - 01316639 _____ () C:\WINDOWS\WindowsUpdate.log
2015-02-15 11:20 - 2014-03-28 09:33 - 00000222 _____ () C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-15 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 11:20 - 2013-05-19 12:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-15 11:20 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-15 11:20 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-15 11:19 - 2013-02-09 14:50 - 00000006 ____H () C:\WINDOWS\Tasks\SA.DAT
2015-02-15 11:18 - 2013-02-09 14:50 - 00032462 _____ () C:\WINDOWS\SchedLgU.Txt
2015-02-15 11:17 - 2013-02-09 14:55 - 00000272 ___SH () C:\Documents and Settings\Pavel\ntuser.ini
2015-02-15 10:45 - 2013-12-12 22:20 - 00000000 __HDC () C:\WINDOWS\$NtUninstallKB2893294$
2015-02-15 10:29 - 2013-02-09 14:55 - 00000000 __RHD () C:\Documents and Settings\Pavel\Data aplikací
2015-02-15 01:14 - 2013-02-13 20:22 - 00000000 ____D () C:\Adobe1
2015-02-15 01:02 - 2013-02-14 20:51 - 00002561 _____ () C:\Documents and Settings\Pavel\Plocha\Microsoft Office Word 2003.lnk
2015-02-14 17:51 - 2013-02-09 07:29 - 00000000 ____D () C:\Documents and Settings\All Users\Plocha
2015-02-14 17:50 - 2013-02-09 07:29 - 00000000 __RHD () C:\Documents and Settings\All Users\Data aplikací
2015-02-14 17:50 - 2013-02-09 07:29 - 00000000 ___RD () C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-02-14 17:45 - 2014-03-01 18:33 - 00000000 ____D () C:\Documents and Settings\Pavel\Plocha\mon
2015-02-14 16:59 - 2014-04-29 10:14 - 00000178 ___SH () C:\Documents and Settings\Administrator\ntuser.ini
2015-02-14 15:40 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Local Settings\Temp
2015-02-14 12:50 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator
2015-02-14 12:49 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Oblíbené položky
2015-02-14 12:47 - 2014-04-29 10:14 - 00000000 ___HD () C:\Documents and Settings\Administrator\Local Settings\Data aplikací
2015-02-14 12:46 - 2014-04-29 10:14 - 00000000 __RHD () C:\Documents and Settings\Administrator\Data aplikací
2015-02-14 12:46 - 2014-04-29 10:14 - 00000000 ____D () C:\Documents and Settings\Administrator\Plocha
2015-02-14 12:42 - 2013-10-29 20:02 - 00001324 _____ () C:\WINDOWS\system32\d3d9caps.dat
2015-02-14 12:19 - 2013-05-16 09:52 - 00920671 _____ () C:\WINDOWS\setupapi.log
2015-02-14 10:05 - 2006-03-02 13:00 - 00002422 _____ () C:\WINDOWS\system32\wpa.dbl
2015-02-12 15:04 - 2013-08-14 08:51 - 00000000 ____D () C:\WINDOWS\system32\MRT
2015-02-12 14:56 - 2013-02-12 02:06 - 113756392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-02-12 14:55 - 2013-02-09 14:55 - 00000000 ____D () C:\Documents and Settings\Pavel
2015-02-10 22:14 - 2014-02-10 22:43 - 00000000 ____D () C:\Documents and Settings\Pavel\Plocha\Mirka
2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-02-07 02:46 - 2013-02-13 08:12 - 00000178 ___SH () C:\Documents and Settings\Anička\ntuser.ini
2015-02-07 02:46 - 2013-02-13 08:12 - 00000000 ____D () C:\Documents and Settings\Anička
2015-02-06 19:58 - 2013-02-13 08:12 - 00000000 ____D () C:\Documents and Settings\Anička\Local Settings\Temp
2015-02-06 16:01 - 2013-04-25 15:56 - 00000000 ____D () C:\Documents and Settings\Anička\Local Settings\Data aplikací\Conduit
2015-02-06 16:01 - 2013-02-13 08:12 - 00000000 __RHD () C:\Documents and Settings\Anička\Data aplikací
2015-02-05 19:08 - 2013-04-23 13:20 - 00000000 ____D () C:\Documents and Settings\Pavel\Local Settings\Data aplikací\Conduit
2015-02-05 18:20 - 2013-02-13 07:26 - 00701616 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2015-02-05 18:20 - 2013-02-13 07:26 - 00071344 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2015-01-28 19:54 - 2013-02-13 08:12 - 00000000 ____D () C:\Documents and Settings\Anička\Plocha
==================== Files in the root of some directories =======
2013-02-13 23:44 - 2014-12-08 20:08 - 0033280 _____ () C:\Documents and Settings\Pavel\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Files to move or delete:
====================
C:\Documents and Settings\Pavel\WindowsXP-KB936929-SP3-x86-CSY.exe
Some content of TEMP:
====================
C:\Documents and Settings\Pavel\Local Settings\Temp\AUMgr.exe
C:\Documents and Settings\Pavel\Local Settings\Temp\GLF78.tmp.tbMovi.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\installhelper.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\NEW9A.tmp.exe
C:\Documents and Settings\Pavel\Local Settings\Temp\SkypeSetup.exe
C:\Documents and Settings\Pavel\Local Settings\Temp\SRAssetsHelper.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\tbMov0.dll
C:\Documents and Settings\Pavel\Local Settings\Temp\Welcome.exe
==================== Bamital & volsnap Check =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===
==================== Drive and Memory info ===================
==================== MBR and Partition Table ==================
==================== Scheduled Tasks (whitelisted) ==================
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
==================== Alternate Data Streams (whitelisted) ==================
==================== Security Center ==================
AV: Norton Internet Security (Disabled - Up to date) {E10A9785-9598-4754-B552-92431C1C35F8}
FW: Norton Internet Security (Disabled) {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)
***** Velikost "Plochy" *****
Velikost slozky "C:\Documents and Settings\Pavel\Plocha" je 3647 MB.
***** Startup Programs *****
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
"C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
"C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HDAudDeck
C:\Program Files\VIA\VIAudioi\HDADeck\HDeck.exe 1 [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
"C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions [x]
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^HD Writer.lnk
C:\PROGRA~1\COMMON~1\PANASO~1\HDWRIT~1\HDWRIT~1.EXE
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Nabdka Start^Programy^Po sputn^HotSync Manager.lnk
C:\PROGRA~1\Palm\Hotsync.exe
***** Firewall rules *****
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"="C:\\Program Files\\Bonjour\\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\\Program Files\\Liquid.6\\Program\\RM.exe"="C:\\Program Files\\Liquid.6\\Program\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Liquid.6\\Program\\Studiou.mod"="C:\\Program Files\\Liquid.6\\Program\\Studiou.mod:*:Enabled:Liquid"
"C:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe"="C:\\Program Files\\Nero\\Nero 12\\Nero BackItUp\\BackItUp.exe:*:Enabled:Nero BackItUp"
"C:\\Program Files\\Nero\\KM\\KwikMedia.exe"="C:\\Program Files\\Nero\\KM\\KwikMedia.exe:*:Enabled:Nero Kwik Media"
"C:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe"="C:\\Program Files\\Nero\\Nero MediaHome 4\\NMMediaServerService.exe:*:Enabled:Nero MediaHome 4"
"C:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe"="C:\\Program Files\\Pinnacle\\Studio 15\\Programs\\RM.exe:*:Enabled:Render Manager"
"C:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe"="C:\\Program Files\\Pinnacle\\Studio 15\\Programs\\Studio.exe:*:Enabled:Studio"
"C:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe"="C:\\Program Files\\Pinnacle\\Studio 15\\Programs\\umi.exe:*:Enabled:umi"
"C:\\Program Files\\Skype\\Phone\\Skype.exe"="C:\\Program Files\\Skype\\Phone\\Skype.exe:*:Enabled:Skype"
"C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"="C:\\Program Files\\Google\\Chrome\\Application\\chrome.exe:*:Enabled:Google Chrome"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP"="1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007"
"2869:TCP"="2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008"
***** System Restore *****
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000
==================== End Of Log ==============================
==================== End Of Log ============================
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zamknuté pc -policie - výkupné
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: zamknuté pc -policie - výkupné
Příloha Addition
- Přílohy
-
- Addition.rar
- zazipovaný Addition
- (8.9 KiB) Staženo 47 x
Re: zamknuté pc -policie - výkupné
Tvorba fixlistu pro FRST
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
Start CloseProcesses: CreateRestorePoint: HKLM\...\Run: [] => [X] HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG) HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.) HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [ASRockOCTuner] => [X] HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation) HKU\S-1-5-21-790525478-1417001333-839522115-1008\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32 HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32 HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32 HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32 HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32 URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-1008] ATTENTION ==> Default URLSearchHook is missing. SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms} SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms} SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL = SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms} Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) CHR HomePage: Default -> hxxp://www.searchnu.com/419 CHR DefaultSearchKeyword: Default -> search-results.com CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=cr ... 2024605&q={searchTerms} CHR DefaultSuggestURL: Default -> CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path DisableService: NAUpdate DisableService: NeroMediaHomeService.4 2015-02-15 12:08 - 2015-02-15 12:09 - 00019063 _____ () C:\Documents and Settings\Pavel\Plocha\FRST.txt 2015-02-15 12:04 - 2015-02-15 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe 2015-02-15 01:04 - 2015-02-15 11:45 - 02995200 ____H () C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp 2015-02-15 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2015-02-15 11:20 - 2013-05-19 12:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log 2015-02-15 11:20 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log 2015-02-15 11:20 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite Hosts: EmptyTemp: Reboot: End- Ulozte vytvoreny TXT jako fixlist.txt
- Presunte vytvoreny fixlist vedle FRST
Spustte znovu FRST.exe
- Kliknete na Fix
- Probehne oprava a vytvori log Fixlog.txt
Restart PC a dejte mi sem fixlog.txt"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: zamknuté pc -policie - výkupné
Při provádění tohoto postupu po kliku na fix se program rozjel, pak ale napsal vytváří se bod obnovení počkejte několik minut, pak ale přestal odpovídat a zcela zatuhl. Nešlo ani pomocí CTRL+ALT+DEL a správy procesů přerušit proces. Musel jsem restartovat pomocí tlačítka na skříni. Teď se tedy asi pokusím postup zopakovat.
Re: zamknuté pc -policie - výkupné
Zkuste, pripadne pouzijte tento upraveny skript
Kód: Vybrat vše
Start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-790525478-1417001333-839522115-1008\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR HomePage: Default -> hxxp://www.searchnu.com/419
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=cr ... 2024605&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
DisableService: NAUpdate
DisableService: NeroMediaHomeService.4
2015-02-15 12:08 - 2015-02-15 12:09 - 00019063 _____ () C:\Documents and Settings\Pavel\Plocha\FRST.txt
2015-02-15 12:04 - 2015-02-15 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe
2015-02-15 01:04 - 2015-02-15 11:45 - 02995200 ____H () C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp
2015-02-15 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 11:20 - 2013-05-19 12:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-15 11:20 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-15 11:20 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
Hosts:
EmptyTemp:
Reboot:"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zamknuté pc -policie - výkupné
Ještě takto: Ačkoli proces nedoběhl a zatuhnul viz. předchozí popis, na začátku akce se vytvořil fixlog jehož výpis ještě přikládám. ALe jak říkám nedoběhlo to korektně - tak nevím.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
Ran by Pavel at 2015-02-15 17:04:12 Run:1
Running from C:\Documents and Settings\Pavel\Plocha
Loaded Profiles: Pavel & NeroMediaHomeUser.4 (Available profiles: Pavel & Mirka & Anička & NeroMediaHomeUser.4 & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-790525478-1417001333-839522115-1008\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR HomePage: Default -> hxxp://www.searchnu.com/419
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=cr ... 2024605&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
DisableService: NAUpdate
DisableService: NeroMediaHomeService.4
2015-02-15 12:08 - 2015-02-15 12:09 - 00019063 _____ () C:\Documents and Settings\Pavel\Plocha\FRST.txt
2015-02-15 12:04 - 2015-02-15 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe
2015-02-15 01:04 - 2015-02-15 11:45 - 02995200 ____H () C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp
2015-02-15 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 11:20 - 2013-05-19 12:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-15 11:20 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-15 11:20 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
Ran by Pavel at 2015-02-15 17:04:12 Run:1
Running from C:\Documents and Settings\Pavel\Plocha
Loaded Profiles: Pavel & NeroMediaHomeUser.4 (Available profiles: Pavel & Mirka & Anička & NeroMediaHomeUser.4 & Administrator)
Boot Mode: Normal
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-790525478-1417001333-839522115-1008\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR HomePage: Default -> hxxp://www.searchnu.com/419
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=cr ... 2024605&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
DisableService: NAUpdate
DisableService: NeroMediaHomeService.4
2015-02-15 12:08 - 2015-02-15 12:09 - 00019063 _____ () C:\Documents and Settings\Pavel\Plocha\FRST.txt
2015-02-15 12:04 - 2015-02-15 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe
2015-02-15 01:04 - 2015-02-15 11:45 - 02995200 ____H () C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp
2015-02-15 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 11:20 - 2013-05-19 12:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-15 11:20 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-15 11:20 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
Hosts:
EmptyTemp:
Reboot:
End
*****************
Processes closed successfully.
Re: zamknuté pc -policie - výkupné
Neprobehlo to, pouzijte ten upraveny skript
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zamknuté pc -policie - výkupné
Tak ani s upraveným skriptem to nejde. Proces se rozjede, objeví se nápis, že probíhá a že mám čekat, ale v tu chvíli to zatuhne, teploměr se přestane pohybovat a pak už se neděje nic - vždycky čekám min. půl hodiny, jestli se to nerozjede. Ale nerozjede. Vždy to končí restartem. Nevím. že by antivir ten proces blokoval? To mě ale nepřijde pravděpodobné, ani se neobjeví žádná hláška. Vůbec netuším, čím by to mohlo být.
Re: zamknuté pc -policie - výkupné
Že by to přece jen Norton blokoval? V příloze posílám výpis z historie.
Re: zamknuté pc -policie - výkupné
Tak ne. Zkusil jsem to spustit s vypnutým antivirem a stejný výsledek. Zase to zamrzlo.
Re: zamknuté pc -policie - výkupné
Zkuste jeste v nouzovem rezimu...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zamknuté pc -policie - výkupné
Ano, v nouzovém režimu to proběhlo:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
Ran by Administrator at 2015-02-15 22:37:50 Run:5
Running from C:\Documents and Settings\Pavel\Plocha
Loaded Profiles: Administrator (Available profiles: Pavel & Mirka & Anička & NeroMediaHomeUser.4 & Administrator)
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-790525478-1417001333-839522115-1008\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR HomePage: Default -> hxxp://www.searchnu.com/419
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=cr ... 2024605&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
DisableService: NAUpdate
DisableService: NeroMediaHomeService.4
2015-02-15 12:08 - 2015-02-15 12:09 - 00019063 _____ () C:\Documents and Settings\Pavel\Plocha\FRST.txt
2015-02-15 12:04 - 2015-02-15 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe
2015-02-15 01:04 - 2015-02-15 11:45 - 02995200 ____H () C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp
2015-02-15 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 11:20 - 2013-05-19 12:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-15 11:20 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-15 11:20 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
Hosts:
EmptyTemp:
Reboot:
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nero MediaHome 4 => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
Error setting Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@Nero.com/KM" => Key deleted successfully.
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) not found.
Chrome HomePage not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
Chrome DefaultSuggestURL not detected.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
NAUpdate service was disabled
NeroMediaHomeService.4 service was disabled
C:\Documents and Settings\Pavel\Plocha\FRST.txt => Moved successfully.
C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe => Moved successfully.
C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\wiadebug.log => Moved successfully.
C:\WINDOWS\wiaservc.log => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job not found.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite => Key Deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 22:39:05 ====
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 14-02-2015
Ran by Administrator at 2015-02-15 22:37:50 Run:5
Running from C:\Documents and Settings\Pavel\Plocha
Loaded Profiles: Administrator (Available profiles: Pavel & Mirka & Anička & NeroMediaHomeUser.4 & Administrator)
Boot Mode: Safe Mode (minimal)
==============================================
Content of fixlist:
*****************
Start
CloseProcesses:
HKLM\...\Run: [] => [X]
HKLM\...\Run: [Nero MediaHome 4] => C:\Program Files\Nero\Nero MediaHome 4\NeroMediaHome.exe [5178664 2010-10-29] (Nero AG)
HKLM\...\Run: [QuickTime Task] => C:\Program Files\QuickTime\qttask.exe [413696 2008-09-06] (Apple Inc.)
HKU\S-1-5-19\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-20\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [ASRockOCTuner] => [X]
HKU\S-1-5-21-790525478-1417001333-839522115-1004\...\Run: [MSMSGS] => C:\Program Files\Messenger\msmsgs.exe [1695232 2008-04-14] (Microsoft Corporation)
HKU\S-1-5-21-790525478-1417001333-839522115-1008\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\S-1-5-18\...\Run: [Exetender] => "C:\Program Files\FantastiGames\GPlayer.exe" /runonstartup
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.symantec.com/redirects/secur ... =21.6.0.32
URLSearchHook: [S-1-5-21-790525478-1417001333-839522115-1008] ATTENTION ==> Default URLSearchHook is missing.
SearchScopes: HKLM -> DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKLM -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} URL =
SearchScopes: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> {9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} URL = http://dts.search-results.com/sr?src=ie ... 2024605&q={searchTerms}
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-790525478-1417001333-839522115-1004 -> No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455}
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
CHR HomePage: Default -> hxxp://www.searchnu.com/419
CHR DefaultSearchKeyword: Default -> search-results.com
CHR DefaultSearchURL: Default -> http://dts.search-results.com/sr?src=cr ... 2024605&q={searchTerms}
CHR DefaultSuggestURL: Default ->
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - No Path
DisableService: NAUpdate
DisableService: NeroMediaHomeService.4
2015-02-15 12:08 - 2015-02-15 12:09 - 00019063 _____ () C:\Documents and Settings\Pavel\Plocha\FRST.txt
2015-02-15 12:04 - 2015-02-15 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe
2015-02-15 01:04 - 2015-02-15 11:45 - 02995200 ____H () C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp
2015-02-15 11:20 - 2013-06-21 16:27 - 00000914 _____ () C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-02-15 11:20 - 2013-05-19 12:48 - 00000159 _____ () C:\WINDOWS\wiadebug.log
2015-02-15 11:20 - 2013-05-19 12:48 - 00000049 _____ () C:\WINDOWS\wiaservc.log
2015-02-15 11:20 - 2013-02-13 07:34 - 00000936 _____ () C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-02-08 15:05 - 2014-03-28 09:33 - 00000216 _____ () C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task
DeleteKey: HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite
Hosts:
EmptyTemp:
Reboot:
*****************
Processes closed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Nero MediaHome 4 => Value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\QuickTime Task => Value not found.
HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\ASRockOCTuner => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\MSMSGS => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Run\\Exetender => Value not found.
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page => Value not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Main\\Search Page => Error setting value.
HKU\S-1-5-21-790525478-1417001333-839522115-1008\Software\Microsoft\Internet Explorer\Main\\Start Page => Error setting value.
Error setting Default URLSearchHook.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => Value was restored successfully.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419}" => Key deleted successfully.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKCR\CLSID\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} => Key not found.
HKCR\CLSID\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2419} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Value not found.
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => Key not found.
HKU\S-1-5-21-790525478-1417001333-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D4027C7F-154A-4066-A1AD-4243D8127440} => Value not found.
HKCR\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440} => Key not found.
"HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKCR\CLSID\{6A060448-60F9-11D5-A6CD-0002B31F7455}" => Key deleted successfully.
"HKLM\Software\MozillaPlugins\@Nero.com/KM" => Key deleted successfully.
FF Plugin: @Nero.com/KM -> C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) not found.
Chrome HomePage not detected.
Chrome DefaultSearchKeyword not detected.
Chrome DefaultSearchURL not detected.
Chrome DefaultSuggestURL not detected.
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => Key deleted successfully.
NAUpdate service was disabled
NeroMediaHomeService.4 service was disabled
C:\Documents and Settings\Pavel\Plocha\FRST.txt => Moved successfully.
C:\Documents and Settings\Pavel\Plocha\frstlauncher.exe => Moved successfully.
C:\Documents and Settings\Pavel\Plocha\~WRL1076.tmp => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => Moved successfully.
C:\WINDOWS\wiadebug.log => Moved successfully.
C:\WINDOWS\wiaservc.log => Moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
C:\WINDOWS\Tasks\Adobe Flash Player Updater.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job not found.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job not found.
C:\WINDOWS\Tasks\Přihlášení k oznamování konce poskytování služeb pro Microsoft Windows XP.job => Moved successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task => Key Deleted successfully.
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sony Ericsson PC Suite => Key Deleted successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.
EmptyTemp: => Removed 5.5 GB temporary data.
The system needed a reboot.
==== End of Fixlog 22:39:05 ====
Re: zamknuté pc -policie - výkupné
Fajn, jak se chova PC???
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: zamknuté pc -policie - výkupné
Vypadá to dobře. Funkce restartu funguje také jak má. Co se tedy s pc dělo? Šlo o vir?
Přispějete na provoz fóra?