ComboFix 14-08-06.02 - pc 09.08.2014 21:14:44.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4094.1488 [GMT 2:00]
Spuštěný z: c:\users\pc\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pc\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-07-09 do 2014-08-09 )))))))))))))))))))))))))))))))
.
.
2014-08-09 19:20 . 2014-08-09 19:20 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-08-09 09:40 . 2010-08-30 06:34 536576 ----a-w- c:\windows\SysWow64\sqlite3.dll
2014-08-09 09:40 . 2014-08-09 09:41 -------- d-----w- C:\AdwCleaner
2014-08-07 14:29 . 2014-08-07 14:29 -------- d-sh--w- c:\windows\system32\%APPDATA%
2014-08-07 13:26 . 2014-08-07 13:26 -------- d-----w- c:\program files (x86)\trend micro
2014-08-07 13:25 . 2014-08-07 13:27 -------- d-----w- c:\program files\trend micro
2014-08-07 13:25 . 2014-08-07 13:25 -------- d-----w- C:\rsit
2014-08-05 14:10 . 2014-08-05 14:10 -------- d-----w- c:\program files\Google
2014-07-31 13:10 . 2014-07-31 15:06 -------- d-----w- c:\users\pc\AppData\Roaming\G001
2014-07-23 16:51 . 2014-07-23 16:51 -------- d-----w- c:\users\pc\AppData\Local\G001
2014-07-12 17:54 . 2014-07-12 17:54 -------- d-----w- c:\users\pc\AppData\Roaming\IDM
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-09 19:22 . 2013-08-17 06:25 25640 ----a-w- c:\windows\gdrv.sys
2014-08-07 14:39 . 2013-08-17 06:26 30528 ----a-w- c:\windows\GVTDrv64.sys
2014-08-07 14:37 . 2014-06-01 16:09 55808 ---h--w- c:\users\pc\AppData\Roaming\ntuser.dat
2014-07-08 18:16 . 2013-08-17 08:29 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-07-08 18:16 . 2013-08-17 08:29 699056 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-06-01 15:01 . 2013-08-25 15:55 25640 ----a-w- c:\windows\etdrv.sys
2014-05-14 16:40 . 2014-05-14 16:40 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:38 1720976 ----a-w- c:\progra~2\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-07-30 55360]
"HydraVisionDesktopManager"="c:\program files (x86)\ATI Technologies\HydraVision\HydraDM.exe" [2013-03-28 389120]
"Viber"="c:\users\pc\AppData\Local\Viber\Viber.exe" [2013-07-31 912904]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2010-01-19 43632]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-20 106496]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-04-17 767200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"884621673"="c:\progra~3\msfidbh.exe" [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe regsvr.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
R2 AODDriver4.3;AODDriver4.3;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 AODDriver;AODDriver;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys;c:\program files (x86)\Gigabyte\ET6\amd64\AODDriver.sys [x]
R3 AVEO;USB2.0 PC Camera;c:\windows\system32\DRIVERS\AVEOdcnt.sys;c:\windows\SYSNATIVE\DRIVERS\AVEOdcnt.sys [x]
R3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe;c:\program files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.exe [x]
R3 etdrv;etdrv;c:\windows\etdrv.sys;c:\windows\etdrv.sys [x]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys;c:\windows\GVTDrv64.sys [x]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [x]
R3 RTCore64;RTCore64;c:\program files (x86)\MSI Afterburner\RTCore64.sys;c:\program files (x86)\MSI Afterburner\RTCore64.sys [x]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AppleCharger.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [x]
S2 JMB36X;JMB36X;c:\windows\SysWOW64\XSrvSetup.exe;c:\windows\SysWOW64\XSrvSetup.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys;c:\windows\SYSNATIVE\drivers\npf.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-07-22 03:16 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.125\Installer\chrmstp.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2012-10-01 19:37 2322576 ----a-w- c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-06 10144288]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 81.200.48.55 81.200.48.11
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
DPF: {45830FF9-D9E6-4F41-86ED-B266933D8E90} - hxxp://94.229.82.168:8081/RtspVaPgDec.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Notify-rchokoe - c:\users\pc\AppData\Local\rchokoe.dll
Notify-rckonne - c:\users\pc\AppData\Local\rckonne.dll
Notify-soikles - c:\users\pc\AppData\Local\soikles.dll
AddRemove-DownLite - c:\program files (x86)\DownLite\uninstall.exe
AddRemove-Guard.Mail.ru - c:\program files (x86)\Guard-ICQ\GuardICQ.exe
AddRemove-hosts - c:\program files (x86)\hosts\Uninstall.exe
AddRemove-ShadowExplorer_is1 - c:\program files (x86)\ShadowExplorer\unins000.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_14_0_0_145_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\progra~2\Raptr\raptr.exe
c:\progra~2\Raptr\raptr_im.exe
.
**************************************************************************
.
Celkový čas: 2014-08-09 21:26:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-08-09 19:26
ComboFix2.txt 2014-08-09 08:02
ComboFix3.txt 2014-08-08 14:38
.
Před spuštěním: 1 775 628 288
Po spuštění: 1 756 708 864
.
- - End Of File - - B3E75186F029A6E8FC8FE807A48A2115
A36C5E4F47E84449FF07ED3517B43A31
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
USB disk - změna souboru
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: USB disk - změna souboru
Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu
- Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
- Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize
Kód: Vybrat vše
:services BBUpdate :reg [HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] "Shell"="explorer.exe" [HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run] "884621673"=- [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Viber"=- :files regsvr.exe /s c:\progra~3\msfidbh.exe c:\users\pc\AppData\Roaming\Fuituf c:\windows\SysWow64\sqlite3.dll %windir%\system32\*.tmp.dll /s %windir%\system32\SET*.tmp /s %windir%\*.tmp :commands [RESETHOSTS] [EMPTYTEMP] [EMPTYFLASH] [EMPTYJAVA]- Nasledne kliknete na Opravit
- PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: USB disk - změna souboru
provedeno:
All processes killed
========== SERVICES/DRIVERS ==========
Service BBUpdate stopped successfully!
Service BBUpdate deleted successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\\884621673 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Viber deleted successfully.
========== FILES ==========
File move failed. \Users\pc\Desktop\zaloha HTC karta\regsvr.exe scheduled to be moved on reboot.
File\Folder c:\progra~3\msfidbh.exe not found.
File\Folder c:\users\pc\AppData\Roaming\Fuituf not found.
c:\windows\SysWow64\sqlite3.dll moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5963546 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 233959556 bytes
->Flash cache emptied: 2399 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 105906 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 229,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: pc
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: pc
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 08102014_075315
Files\Folders moved on Reboot...
File move failed. \Users\pc\Desktop\zaloha HTC karta\regsvr.exe scheduled to be moved on reboot.
File move failed. C:\Users\pc\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
All processes killed
========== SERVICES/DRIVERS ==========
Service BBUpdate stopped successfully!
Service BBUpdate deleted successfully!
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\"Shell"|"explorer.exe" /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run\\884621673 deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Viber deleted successfully.
========== FILES ==========
File move failed. \Users\pc\Desktop\zaloha HTC karta\regsvr.exe scheduled to be moved on reboot.
File\Folder c:\progra~3\msfidbh.exe not found.
File\Folder c:\users\pc\AppData\Roaming\Fuituf not found.
c:\windows\SysWow64\sqlite3.dll moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: pc
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 5963546 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 233959556 bytes
->Flash cache emptied: 2399 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 136 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 105906 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 229,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: pc
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: pc
->Java cache emptied: 0 bytes
User: Public
Total Java Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 08102014_075315
Files\Folders moved on Reboot...
File move failed. \Users\pc\Desktop\zaloha HTC karta\regsvr.exe scheduled to be moved on reboot.
File move failed. C:\Users\pc\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Re: USB disk - změna souboru
Jak se chova PC??
Bohuzel ty soubory jsou jiz zrejme nenavratne ztraceny, alespon doposud neni znamy algoritmus na jejich desifrovani
Bohuzel ty soubory jsou jiz zrejme nenavratne ztraceny, alespon doposud neni znamy algoritmus na jejich desifrovani
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: USB disk - změna souboru
Po zapnutí windows ihned naběhne, žádné okna nevyskakujou, rychlé reakce, nic není zdlouhavé jak předtím. Dobrá práce. Díky.
Co ted s tim USB flash diskem, na kterém jsem měl fotky a ten vir mi pozměnil názvy a dal tam příponu .exe ?
Co ted s tim USB flash diskem, na kterém jsem měl fotky a ten vir mi pozměnil názvy a dal tam příponu .exe ?
Re: USB disk - změna souboru
Leda naformatovat, nebo pokud jej nutne nepotrebujete, tak je tam muzete nechat a doufat, ze se v budoucnu najde desifrovaci algoritmus"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: USB disk - změna souboru
No právě mě jde o to , že problémy jsem měl asi dva různé a to :
1. v PC zašifrované veškeré soubory .jpg, avi, doc, xls,... což způsobil ten vir CRYPTOWALL , který požaduje výkupné 500$ za dešifrování... což jak jsem se dočetl je nějaká nová verze cryptorockeru na který již je lék takže doufám , že i na ten můj se časem najde klíč.
2. no a druhá věc je ta o které jsem psal v tomto threadu a to, že když dám do PC USB flash disk tak se automaticky na něho nahrajou nějaké neznámé soubory a u těch souborů které tam byly se objeví připona .exe a nejde je otevřít. Myslím si , že soubory v těch složkách jsou v pořádku jen nevím jak je otevřít.
Moje otazka zní? Mohu ted takto nakažený flash disk připojit k počítači? Nemůže se ta havět s něho dostat zpět do PC?
1. v PC zašifrované veškeré soubory .jpg, avi, doc, xls,... což způsobil ten vir CRYPTOWALL , který požaduje výkupné 500$ za dešifrování... což jak jsem se dočetl je nějaká nová verze cryptorockeru na který již je lék takže doufám , že i na ten můj se časem najde klíč.
2. no a druhá věc je ta o které jsem psal v tomto threadu a to, že když dám do PC USB flash disk tak se automaticky na něho nahrajou nějaké neznámé soubory a u těch souborů které tam byly se objeví připona .exe a nejde je otevřít. Myslím si , že soubory v těch složkách jsou v pořádku jen nevím jak je otevřít.
Moje otazka zní? Mohu ted takto nakažený flash disk připojit k počítači? Nemůže se ta havět s něho dostat zpět do PC?
Re: USB disk - změna souboru
Se zasifrovanymi soubory ted nic nezmuzem I kdyz ted date do PC nejaky flash disk, tak se na nem soubory zasifruji?? Ty soubory s exe priponou jsou bud zasifrovane nebo je zmenila nejaka jina havet, jelikoz jste ji tam mel opravdu hooodne. Ale mrknem na to jeste Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)
- Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
- Spustte a kliknete na Deletion
- Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: USB disk - změna souboru
Projel jsem flashky tím USBfixem a už je vše v pořádku. Díky
Re: USB disk - změna souboru
Log z nej by prosim byl??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: USB disk - změna souboru
Určitě:
############################## | UsbFix V 7.177 | [Research]
User: pc (Administrator) # PC-PC
Updated 29/07/2014 by El Desaparecido - SosVirus
Started at 16:32:20 | 11/08/2014
Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
################## | System information |
MB: Gigabyte Technology Co., Ltd. (GA-870A-UD3)
CPU: AMD Phenom(tm) II X4 965 Processor
GC: AMD Radeon HD 6800 Series
RAM -> [Total : 4094 Mo | Free : 1924 Mo]
Bios: Award Software International, Inc.
Boot: Normal boot
OS: Microsoft™ Windows 7 Ultimate (6.1.7600 64-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 36.0.1985.125
################## | Security Information |
AS: Windows Defender [Enabled |(!) Outdated]
FW: Windows Firewall [(!) Disabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
################## | Disk Information |
C:\ (%SystemDrive%) -> Fixed disk # 195 Gb (1 Mb free - 1%) [] # NTFS
D:\ -> Fixed disk # 270 Gb (172 Mb free - 64%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (70 Mb free - 70%) [Rezervováno systémem] # NTFS
K:\ -> Removable disk # 15 Gb (2 Mb free - 13%) [ADATA UFD] # FAT32
################## | Autorun |
K:\Secret Folder.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Favourites.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Private.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Passwords.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Movies.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Music.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Search.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Pictures.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
04 - HKCU\..\Run : [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
04 - HKCU\..\Run : [Viber] "C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKLM\..\Run : [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
04 - HKLM\..\Run : [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\..\Run : [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
04 - HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\..\Run : [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
04 - HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\..\Run : [Viber] "C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
################## | Generic Research |
############################## | UsbFix V 7.177 | [Research]
User: pc (Administrator) # PC-PC
Updated 29/07/2014 by El Desaparecido - SosVirus
Started at 16:32:20 | 11/08/2014
Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/
################## | System information |
MB: Gigabyte Technology Co., Ltd. (GA-870A-UD3)
CPU: AMD Phenom(tm) II X4 965 Processor
GC: AMD Radeon HD 6800 Series
RAM -> [Total : 4094 Mo | Free : 1924 Mo]
Bios: Award Software International, Inc.
Boot: Normal boot
OS: Microsoft™ Windows 7 Ultimate (6.1.7600 64-Bit)
WB: Internet Explorer : 8.00.7600.16385
WB: Google Chrome : 36.0.1985.125
################## | Security Information |
AS: Windows Defender [Enabled |(!) Outdated]
FW: Windows Firewall [(!) Disabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]
################## | Disk Information |
C:\ (%SystemDrive%) -> Fixed disk # 195 Gb (1 Mb free - 1%) [] # NTFS
D:\ -> Fixed disk # 270 Gb (172 Mb free - 64%) [] # NTFS
G:\ -> Fixed disk # 100 Mb (70 Mb free - 70%) [Rezervováno systémem] # NTFS
K:\ -> Removable disk # 15 Gb (2 Mb free - 13%) [ADATA UFD] # FAT32
################## | Autorun |
K:\Secret Folder.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Favourites.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Private.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Passwords.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Movies.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Music.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Search.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
K:\Pictures.lnk -> K:\reogua.exe - (SHA1: C1949F791740A852F200BAF7973277492588964D)
################## | Regedit Run |
F2 - HKLM\..\Winlogon : [Shell] explorer.exe
F2 - [x64] HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
F2 - [x64] HKLM\..\Winlogon : [Userinit] C:\Windows\system32\userinit.exe,
04 - HKCU\..\Run : [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
04 - HKCU\..\Run : [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
04 - HKCU\..\Run : [Viber] "C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
04 - HKLM\..\Run : [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe
04 - HKLM\..\Run : [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
04 - HKLM\..\Run : [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
04 - HKLM\..\Run : [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
04 - [x64] HKLM\..\Run : [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s
04 - HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\..\Run : [Raptr] C:\PROGRA~2\Raptr\raptrstub.exe --startup
04 - HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\..\Run : [HydraVisionDesktopManager] "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
04 - HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\..\Run : [Viber] "C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
################## | Generic Research |
Re: USB disk - změna souboru
A log z Deletion??
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: USB disk - změna souboru
############################## | UsbFix V 7.134 | [Deletion]
User: pc (Administrator) # PC-PC
Updated 06/09/2013 by El Desaparecido
Started at 16:34:22 | 11/08/2014
Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net
PC: Gigabyte Technology Co., Ltd. (GA-870A-UD3) (x64-based PC)
CPU: AMD Phenom(tm) II X4 965 Processor (3400)
RAM -> [Total : 4094 | Free : 1941]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 195 Gb (1 Mb free - 1%) [] # NTFS
D:\ -> Fixed drive # 270 Gb (172 Mb free - 64%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 100 Mb (70 Mb free - 70%) [Rezervováno systémem] # NTFS
K:\ -> Removable drive # 15 Gb (2 Mb free - 13%) [ADATA UFD] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe
HKLM\SOFTWARE | Run : [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe
HKLM\SOFTWARE\wow6432Node | Run : [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE | Run : [Raptr] - C:\PROGRA~2\Raptr\raptrstub.exe --startup
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE | Run : [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE | Run : [Viber] - "C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE\wow6432Node | Run : [Etyhymgodyofb] - C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
################## | Stopped processes |
Stopped! C:\Windows\system32\atiesrxx.exe (852)
Stopped! C:\Windows\system32\atieclxx.exe (1124)
Stopped! C:\Windows\System32\spoolsv.exe (1388)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1736)
Stopped! C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (1768)
Stopped! C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE (1804)
Stopped! C:\Windows\SysWOW64\XSrvSetup.exe (1936)
Stopped! C:\Windows\system32\taskhost.exe (1960)
Stopped! C:\Windows\system32\taskeng.exe (2032)
Stopped! C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (1112)
Stopped! C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (1608)
Stopped! C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (1612)
Stopped! C:\Windows\SysWOW64\PnkBstrA.exe (2080)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2504)
Stopped! C:\Windows\System32\alg.exe (2880)
Stopped! C:\PROGRA~2\Raptr\raptr.exe (2456)
Stopped! C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (1404)
Stopped! C:\Users\pc\AppData\Local\Viber\Viber.exe (2532)
Stopped! C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (1724)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2596)
Stopped! C:\PROGRA~2\Raptr\raptr_im.exe (3160)
Stopped! C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (3572)
Stopped! C:\Windows\system32\SearchIndexer.exe (3624)
Stopped! C:\Program Files (x86)\Raptr\raptr_ep64.exe (3664)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (124)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (1676)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6784)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (9192)
Stopped! C:\Windows\system32\WUDFHost.exe (3124)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (7464)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (5524)
Stopped! C:\Windows\system32\taskmgr.exe (7716)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4132)
Stopped! C:\Windows\system32\SearchFilterHost.exe (4932)
################## | Files # Infected Folders |
Deleted ! K:\Secret Folder.lnk
Deleted ! K:\Favourites.lnk
Deleted ! K:\Private.lnk
Deleted ! K:\Passwords.lnk
Deleted ! K:\Movies.lnk
Deleted ! K:\Music.lnk
Deleted ! K:\Search.lnk
Deleted ! K:\Pictures.lnk
Deleted ! C:\Users\pc\AppData\Roaming\xv3sibokmdj3bkjeqyyw1ynpzftypci32
Deleted ! K:\sexy.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\Bogdan 18 guty.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\GUTY 11.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\krkonoše květen 2014.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\Love You.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\lysá 2013.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\mama 50.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\mix2008(guty).exe
Deleted ! K:\reogua.exe
Deleted ! K:\Foto M.exe
Deleted ! K:\lysá 2013.exe
Deleted ! K:\krkonoše 16.-18.5.2014.exe
Deleted ! K:\Love You.exe
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
################## | Mountpoints2 |
################## | Listing |
[09/08/2014 - 21:22:40 | SHD ] C:\$RECYCLE.BIN
[09/08/2014 - 11:41:44 | D ] C:\AdwCleaner
[28/07/2014 - 19:08:56 | D ] C:\AMD
[06/08/2014 - 20:06:37 | N | 0] C:\autoexec.bat
[20/11/2010 - 13:40:07 | RASH | 383786] C:\bootmgr
[09/08/2014 - 09:49:12 | N | 1204] C:\CF-Submit.htm
[09/08/2014 - 21:26:30 | N | 12577] C:\ComboFix.txt
[07/08/2014 - 15:54:41 | D ] C:\czshare
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[28/07/2014 - 19:31:36 | D ] C:\fotky notebook
[17/11/2013 - 20:04:04 | RD ] C:\MSOCache
[06/08/2014 - 21:34:16 | D ] C:\Notebook
[07/08/2014 - 15:52:56 | N | 0] C:\Nový textový dokument.txt
[10/08/2014 - 14:16:59 | ASH | 4292403200] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[31/07/2014 - 17:01:21 | D ] C:\Poker
[09/08/2014 - 09:54:34 | D ] C:\Program Files
[09/08/2014 - 11:42:38 | D ] C:\Program Files (x86)
[09/08/2014 - 11:42:38 | D ] C:\ProgramData
[09/08/2014 - 21:26:32 | D ] C:\Qoobox
[17/08/2013 - 08:15:32 | D ] C:\RaidTool
[17/08/2013 - 06:48:11 | D ] C:\Recovery
[31/07/2014 - 17:01:37 | D ] C:\Redbet
[07/08/2014 - 15:25:48 | D ] C:\rsit
[10/08/2014 - 14:17:14 | N | 144] C:\service.log
[08/08/2014 - 16:21:42 | SHD ] C:\System Volume Information
[31/07/2014 - 17:05:56 | D ] C:\Train Simulator 2014 Steam Edition
[11/08/2014 - 16:37:16 | D ] C:\UsbFix
[11/08/2014 - 16:37:28 | A | 7617] C:\UsbFix [Clean 1] PC-PC.txt
[31/07/2014 - 17:54:55 | D ] C:\Users
[09/08/2014 - 21:22:37 | D ] C:\Windows
[17/08/2013 - 07:29:15 | D ] C:\Windows.old
[10/08/2014 - 07:53:15 | D ] C:\_OTL
[14/06/2014 - 07:44:52 | D ] D:\$Recycle.Bin
[06/08/2014 - 19:12:14 | N | 66102] D:\445258-top_foto1-43nwb.jpg
[07/08/2014 - 15:48:58 | N | 54048] D:\Addition.txt
[09/08/2014 - 11:40:10 | N | 1366203] D:\adwcleaner_3.304.exe
[05/08/2014 - 16:01:59 | N | 4813544] D:\ccsetup416.exe
[28/07/2014 - 19:01:32 | N | 392216] D:\concept_panel.pdf
[28/07/2014 - 19:01:45 | N | 152179279] D:\Czech_Harem_1_part3.mp4
[07/08/2014 - 15:56:34 | N | 751688] D:\decrypt_harasom.exe
[28/07/2014 - 19:06:54 | N | 8196] D:\DECRYPT_INSTRUCTION.HTML
[28/07/2014 - 19:06:54 | N | 4142] D:\DECRYPT_INSTRUCTION.TXT
[28/07/2014 - 19:06:54 | N | 272] D:\DECRYPT_INSTRUCTION.URL
[14/07/2009 - 07:08:56 | SHD ] D:\Documents and Settings
[07/08/2014 - 15:48:58 | N | 66703] D:\FRST.txt
[07/08/2014 - 15:46:31 | N | 2094080] D:\FRST64.exe
[28/07/2014 - 16:27:16 | N | 1643096] D:\GPU-Z.0.7.8 (1).exe
[28/07/2014 - 16:26:48 | N | 1643096] D:\GPU-Z.0.7.8.exe
[28/07/2014 - 19:02:01 | N | 51480] D:\Grow Book.docx
[28/07/2014 - 19:02:10 | N | 2084073496] D:\hanb.avi
[09/08/2014 - 09:57:05 | ASH | 3219300352] D:\hiberfil.sys
[02/08/2014 - 11:53:12 | N | 243591168] D:\How.Not.to.Live.Your.Life.S01E01.DVDRip.XviD-AFFiNiTY.avi
[31/07/2014 - 19:01:26 | N | 49532] D:\Kaedra_13441.pdf
[17/07/2014 - 17:08:16 | N | 140924817] D:\Katy-B---Little-Red-(Deluxe-Edition)-[2014].zip
[28/07/2014 - 19:02:17 | N | 1964738584] D:\kjhgd.avi
[07/08/2014 - 18:29:17 | N | 13277273124] D:\maca+others.rar
[06/08/2014 - 19:42:35 | N | 17292760] D:\mbam-setup-2.0.2.1012.exe
[19/07/2014 - 19:48:41 | N | 850533414] D:\minula_nocicka.zip
[09/08/2014 - 21:40:23 | N | 1114578944] D:\Need.for.Speed.2014.BRRip.XviD.CZ.DABING.avi
[11/08/2014 - 16:30:59 | N | 1144875] D:\Nepotvrzeno 516050.crdownload
[31/07/2014 - 18:26:12 | D ] D:\Nová složka
[28/07/2014 - 19:02:25 | N | 854827032] D:\Ohledne minule noci CZ 2014.avi
[10/08/2014 - 07:52:36 | N | 602112] D:\OTL.exe
[09/08/2014 - 09:57:08 | N | 4292403200] D:\pagefile.sys
[28/07/2014 - 19:02:34 | N | 807192] D:\Pece a energetické hospodářství.pdf
[14/07/2009 - 05:20:08 | D ] D:\PerfLogs
[12/07/2014 - 20:07:29 | N | 52562464] D:\PokerStarsInstall (1).exe
[12/07/2014 - 20:01:47 | N | 41145374] D:\PokerStarsInstall.exe
[07/08/2014 - 15:54:00 | D ] D:\Program Files
[14/07/2009 - 06:57:06 | D ] D:\Program Files (x86)
[14/06/2014 - 07:43:12 | D ] D:\ProgramData
[28/07/2014 - 19:02:45 | N | 196120] D:\PROJEKT-GROWE-Zakladni-info.pdf
[31/07/2014 - 19:09:34 | N | 65384549] D:\projekt_GROWE (1).rar
[27/07/2014 - 12:50:13 | N | 65384549] D:\projekt_GROWE.rar
[28/07/2014 - 19:02:52 | N | 280] D:\RARBG.com.txt
[14/06/2014 - 07:43:13 | D ] D:\Recovery
[26/05/2014 - 09:28:50 | N | 7353] D:\reloaded.nfo
[08/08/2014 - 16:18:10 | N | 1944824] D:\rkill.com
[26/05/2014 - 11:55:29 | N | 7864823808] D:\rld-wadc.iso
[07/08/2014 - 15:25:36 | N | 832273] D:\RSITx64.exe
[28/07/2014 - 19:03:19 | N | 3360024] D:\SCARLET-návod-CZ+SK.pdf
[06/08/2014 - 20:04:09 | N | 728960] D:\sh-remover.exe
[06/08/2014 - 22:20:18 | N | 969845] D:\ShadowExplorer-0.9-setup.exe
[07/08/2014 - 15:39:55 | N | 167424] D:\SmallRegistryEditor1.3.1.12.exe
[28/07/2014 - 19:03:23 | N | 1333837848] D:\Spinavy trik - American.Hustle.2013.BDRip.XViD.MP3.CZ.avi
[19/07/2014 - 19:24:47 | N | 1326609257] D:\spinavy.zip
[06/08/2014 - 19:40:39 | N | 728960] D:\SpyHunter-Installer.exe
[28/07/2014 - 19:03:27 | D ] D:\Subs
[31/07/2014 - 19:06:54 | N | 889734] D:\SW_public.rar
[13/06/2014 - 19:44:34 | SHD ] D:\System Volume Information
[11/07/2014 - 21:51:48 | N | 131750720] D:\t.crdownload
[06/08/2014 - 19:54:39 | N | 27239623] D:\torbrowser-install-3.6.3_en-US.exe
[28/07/2014 - 19:04:27 | N | 935461124] D:\Trabantem až na konec světa (2014) CZ.avi
[01/08/2014 - 14:35:50 | N | 1298540078] D:\Trabantem Napříč Afrikou 2010 CZ [CSFD 90%].avi
[19/07/2014 - 19:24:56 | N | 927662345] D:\trabosek.zip
[11/08/2014 - 16:31:35 | N | 3863930] D:\UsbFix (1).exe
[11/08/2014 - 16:33:43 | N | 1144875] D:\UsbFix (2).exe
[28/07/2014 - 19:05:52 | D ] D:\Users
[06/08/2014 - 19:53:29 | N | 8885012] D:\vidalia-bundle-0.2.1.30-0.2.12.exe
[28/07/2014 - 19:06:54 | D ] D:\WATCH_DOGS
[12/07/2014 - 19:53:57 | N | 16487184] D:\WidevineMediaOptimizerChrome.exe
[04/08/2014 - 16:27:56 | D ] D:\Windows
[13/06/2014 - 20:34:29 | D ] D:\Windows.old
[30/07/2014 - 20:48:42 | N | 887289856] D:\Z cizího krev neteče .2013 DVDRip CZ Dabing.avi
[22/07/2014 - 15:52:47 | D ] D:\_projects
[01/06/2014 - 16:56:12 | D ] G:\$RECYCLE.BIN
[13/06/2014 - 20:42:32 | D ] G:\Boot
[20/11/2010 - 05:40:08 | RASH | 383786] G:\bootmgr
[28/07/2014 - 19:01:33 | N | 8728] G:\BOOTSECT.BAK
[14/06/2014 - 07:43:24 | N | 203464] G:\grldr
[24/02/2012 - 18:20:15 | SHD ] G:\System Volume Information
[14/06/2014 - 07:43:24 | N | 12] G:\win7.ld
[05/05/2013 - 14:51:34 | D ] K:\Foto M
[19/05/2014 - 16:48:54 | D ] K:\lysá 2013
[19/05/2014 - 16:41:40 | D ] K:\krkonoše 16.-18.5.2014
[07/08/2014 - 17:03:30 | N | 259470056] K:\krkonose.rar
[20/07/2013 - 14:46:02 | N | 2033820] K:\PANO_20130720_144526.jpg
[07/08/2014 - 17:01:34 | N | 139264] K:\PANO_20130720_144526.exe
[07/08/2014 - 17:01:34 | N | 139264] K:\Nude.exe
[07/08/2014 - 17:01:36 | N | 139264] K:\Sex.exe
[07/08/2014 - 17:01:38 | N | 139264] K:\Money.exe
[07/08/2014 - 17:05:06 | N | 118353114] K:\lysa.rar
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
K:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.sosvirus.net |
User: pc (Administrator) # PC-PC
Updated 06/09/2013 by El Desaparecido
Started at 16:34:22 | 11/08/2014
Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net
PC: Gigabyte Technology Co., Ltd. (GA-870A-UD3) (x64-based PC)
CPU: AMD Phenom(tm) II X4 965 Processor (3400)
RAM -> [Total : 4094 | Free : 1941]
BIOS: Award Modular BIOS v6.00PG
BOOT: Normal boot
OS: Microsoft Windows 7 Ultimate (6.1.7600 64-Bit) #
WB: Windows Internet Explorer 8.0.7600.16385
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AS: Windows Defender [Enabled | (!) Outdated]
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 195 Gb (1 Mb free - 1%) [] # NTFS
D:\ -> Fixed drive # 270 Gb (172 Mb free - 64%) [] # NTFS
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> Fixed drive # 100 Mb (70 Mb free - 70%) [Rezervováno systémem] # NTFS
K:\ -> Removable drive # 15 Gb (2 Mb free - 13%) [ADATA UFD] # FAT32
################## | El Desaparecido Section |
HKLM\SOFTWARE | Run : [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe
HKLM\SOFTWARE | Run : [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM\SOFTWARE\wow6432Node | Run : [JMB36X IDE Setup] - C:\Windows\RaidTool\xInsIDE.exe
HKLM\SOFTWARE\wow6432Node | Run : [NUSB3MON] - "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [APSDaemon] - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [StartCCC] - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE | Run : [Raptr] - C:\PROGRA~2\Raptr\raptrstub.exe --startup
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE | Run : [HydraVisionDesktopManager] - "C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe"
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE | Run : [Viber] - "C:\Users\pc\AppData\Local\Viber\Viber.exe" StartMinimized
HKU\S-1-5-21-2130395955-2633961165-1886433473-1001\SOFTWARE\wow6432Node | Run : [Etyhymgodyofb] - C:\Users\pc\AppData\Roaming\Fuituf\fiyri.exe
################## | Stopped processes |
Stopped! C:\Windows\system32\atiesrxx.exe (852)
Stopped! C:\Windows\system32\atieclxx.exe (1124)
Stopped! C:\Windows\System32\spoolsv.exe (1388)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (1736)
Stopped! C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (1768)
Stopped! C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE (1804)
Stopped! C:\Windows\SysWOW64\XSrvSetup.exe (1936)
Stopped! C:\Windows\system32\taskhost.exe (1960)
Stopped! C:\Windows\system32\taskeng.exe (2032)
Stopped! C:\Program Files (x86)\Google\Update\GoogleUpdate.exe (1112)
Stopped! C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe (1608)
Stopped! C:\Program Files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler64.exe (1612)
Stopped! C:\Windows\SysWOW64\PnkBstrA.exe (2080)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (2504)
Stopped! C:\Windows\System32\alg.exe (2880)
Stopped! C:\PROGRA~2\Raptr\raptr.exe (2456)
Stopped! C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (1404)
Stopped! C:\Users\pc\AppData\Local\Viber\Viber.exe (2532)
Stopped! C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (1724)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe (2596)
Stopped! C:\PROGRA~2\Raptr\raptr_im.exe (3160)
Stopped! C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM64.exe (3572)
Stopped! C:\Windows\system32\SearchIndexer.exe (3624)
Stopped! C:\Program Files (x86)\Raptr\raptr_ep64.exe (3664)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (124)
Stopped! C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe (1676)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (6784)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (9192)
Stopped! C:\Windows\system32\WUDFHost.exe (3124)
Stopped! C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (7464)
Stopped! C:\Program Files\Internet Explorer\iexplore.exe (5524)
Stopped! C:\Windows\system32\taskmgr.exe (7716)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4132)
Stopped! C:\Windows\system32\SearchFilterHost.exe (4932)
################## | Files # Infected Folders |
Deleted ! K:\Secret Folder.lnk
Deleted ! K:\Favourites.lnk
Deleted ! K:\Private.lnk
Deleted ! K:\Passwords.lnk
Deleted ! K:\Movies.lnk
Deleted ! K:\Music.lnk
Deleted ! K:\Search.lnk
Deleted ! K:\Pictures.lnk
Deleted ! C:\Users\pc\AppData\Roaming\xv3sibokmdj3bkjeqyyw1ynpzftypci32
Deleted ! K:\sexy.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\Bogdan 18 guty.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\GUTY 11.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\krkonoše květen 2014.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\Love You.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\lysá 2013.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\mama 50.exe
Deleted ! C:\Users\pc\Desktop\Nová složka\mix2008(guty).exe
Deleted ! K:\reogua.exe
Deleted ! K:\Foto M.exe
Deleted ! K:\lysá 2013.exe
Deleted ! K:\krkonoše 16.-18.5.2014.exe
Deleted ! K:\Love You.exe
(!) Temporary files deleted.
################## | Registry |
Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|DisableRegistryTools
################## | Mountpoints2 |
################## | Listing |
[09/08/2014 - 21:22:40 | SHD ] C:\$RECYCLE.BIN
[09/08/2014 - 11:41:44 | D ] C:\AdwCleaner
[28/07/2014 - 19:08:56 | D ] C:\AMD
[06/08/2014 - 20:06:37 | N | 0] C:\autoexec.bat
[20/11/2010 - 13:40:07 | RASH | 383786] C:\bootmgr
[09/08/2014 - 09:49:12 | N | 1204] C:\CF-Submit.htm
[09/08/2014 - 21:26:30 | N | 12577] C:\ComboFix.txt
[07/08/2014 - 15:54:41 | D ] C:\czshare
[14/07/2009 - 07:08:56 | SHD ] C:\Documents and Settings
[28/07/2014 - 19:31:36 | D ] C:\fotky notebook
[17/11/2013 - 20:04:04 | RD ] C:\MSOCache
[06/08/2014 - 21:34:16 | D ] C:\Notebook
[07/08/2014 - 15:52:56 | N | 0] C:\Nový textový dokument.txt
[10/08/2014 - 14:16:59 | ASH | 4292403200] C:\pagefile.sys
[14/07/2009 - 05:20:08 | D ] C:\PerfLogs
[31/07/2014 - 17:01:21 | D ] C:\Poker
[09/08/2014 - 09:54:34 | D ] C:\Program Files
[09/08/2014 - 11:42:38 | D ] C:\Program Files (x86)
[09/08/2014 - 11:42:38 | D ] C:\ProgramData
[09/08/2014 - 21:26:32 | D ] C:\Qoobox
[17/08/2013 - 08:15:32 | D ] C:\RaidTool
[17/08/2013 - 06:48:11 | D ] C:\Recovery
[31/07/2014 - 17:01:37 | D ] C:\Redbet
[07/08/2014 - 15:25:48 | D ] C:\rsit
[10/08/2014 - 14:17:14 | N | 144] C:\service.log
[08/08/2014 - 16:21:42 | SHD ] C:\System Volume Information
[31/07/2014 - 17:05:56 | D ] C:\Train Simulator 2014 Steam Edition
[11/08/2014 - 16:37:16 | D ] C:\UsbFix
[11/08/2014 - 16:37:28 | A | 7617] C:\UsbFix [Clean 1] PC-PC.txt
[31/07/2014 - 17:54:55 | D ] C:\Users
[09/08/2014 - 21:22:37 | D ] C:\Windows
[17/08/2013 - 07:29:15 | D ] C:\Windows.old
[10/08/2014 - 07:53:15 | D ] C:\_OTL
[14/06/2014 - 07:44:52 | D ] D:\$Recycle.Bin
[06/08/2014 - 19:12:14 | N | 66102] D:\445258-top_foto1-43nwb.jpg
[07/08/2014 - 15:48:58 | N | 54048] D:\Addition.txt
[09/08/2014 - 11:40:10 | N | 1366203] D:\adwcleaner_3.304.exe
[05/08/2014 - 16:01:59 | N | 4813544] D:\ccsetup416.exe
[28/07/2014 - 19:01:32 | N | 392216] D:\concept_panel.pdf
[28/07/2014 - 19:01:45 | N | 152179279] D:\Czech_Harem_1_part3.mp4
[07/08/2014 - 15:56:34 | N | 751688] D:\decrypt_harasom.exe
[28/07/2014 - 19:06:54 | N | 8196] D:\DECRYPT_INSTRUCTION.HTML
[28/07/2014 - 19:06:54 | N | 4142] D:\DECRYPT_INSTRUCTION.TXT
[28/07/2014 - 19:06:54 | N | 272] D:\DECRYPT_INSTRUCTION.URL
[14/07/2009 - 07:08:56 | SHD ] D:\Documents and Settings
[07/08/2014 - 15:48:58 | N | 66703] D:\FRST.txt
[07/08/2014 - 15:46:31 | N | 2094080] D:\FRST64.exe
[28/07/2014 - 16:27:16 | N | 1643096] D:\GPU-Z.0.7.8 (1).exe
[28/07/2014 - 16:26:48 | N | 1643096] D:\GPU-Z.0.7.8.exe
[28/07/2014 - 19:02:01 | N | 51480] D:\Grow Book.docx
[28/07/2014 - 19:02:10 | N | 2084073496] D:\hanb.avi
[09/08/2014 - 09:57:05 | ASH | 3219300352] D:\hiberfil.sys
[02/08/2014 - 11:53:12 | N | 243591168] D:\How.Not.to.Live.Your.Life.S01E01.DVDRip.XviD-AFFiNiTY.avi
[31/07/2014 - 19:01:26 | N | 49532] D:\Kaedra_13441.pdf
[17/07/2014 - 17:08:16 | N | 140924817] D:\Katy-B---Little-Red-(Deluxe-Edition)-[2014].zip
[28/07/2014 - 19:02:17 | N | 1964738584] D:\kjhgd.avi
[07/08/2014 - 18:29:17 | N | 13277273124] D:\maca+others.rar
[06/08/2014 - 19:42:35 | N | 17292760] D:\mbam-setup-2.0.2.1012.exe
[19/07/2014 - 19:48:41 | N | 850533414] D:\minula_nocicka.zip
[09/08/2014 - 21:40:23 | N | 1114578944] D:\Need.for.Speed.2014.BRRip.XviD.CZ.DABING.avi
[11/08/2014 - 16:30:59 | N | 1144875] D:\Nepotvrzeno 516050.crdownload
[31/07/2014 - 18:26:12 | D ] D:\Nová složka
[28/07/2014 - 19:02:25 | N | 854827032] D:\Ohledne minule noci CZ 2014.avi
[10/08/2014 - 07:52:36 | N | 602112] D:\OTL.exe
[09/08/2014 - 09:57:08 | N | 4292403200] D:\pagefile.sys
[28/07/2014 - 19:02:34 | N | 807192] D:\Pece a energetické hospodářství.pdf
[14/07/2009 - 05:20:08 | D ] D:\PerfLogs
[12/07/2014 - 20:07:29 | N | 52562464] D:\PokerStarsInstall (1).exe
[12/07/2014 - 20:01:47 | N | 41145374] D:\PokerStarsInstall.exe
[07/08/2014 - 15:54:00 | D ] D:\Program Files
[14/07/2009 - 06:57:06 | D ] D:\Program Files (x86)
[14/06/2014 - 07:43:12 | D ] D:\ProgramData
[28/07/2014 - 19:02:45 | N | 196120] D:\PROJEKT-GROWE-Zakladni-info.pdf
[31/07/2014 - 19:09:34 | N | 65384549] D:\projekt_GROWE (1).rar
[27/07/2014 - 12:50:13 | N | 65384549] D:\projekt_GROWE.rar
[28/07/2014 - 19:02:52 | N | 280] D:\RARBG.com.txt
[14/06/2014 - 07:43:13 | D ] D:\Recovery
[26/05/2014 - 09:28:50 | N | 7353] D:\reloaded.nfo
[08/08/2014 - 16:18:10 | N | 1944824] D:\rkill.com
[26/05/2014 - 11:55:29 | N | 7864823808] D:\rld-wadc.iso
[07/08/2014 - 15:25:36 | N | 832273] D:\RSITx64.exe
[28/07/2014 - 19:03:19 | N | 3360024] D:\SCARLET-návod-CZ+SK.pdf
[06/08/2014 - 20:04:09 | N | 728960] D:\sh-remover.exe
[06/08/2014 - 22:20:18 | N | 969845] D:\ShadowExplorer-0.9-setup.exe
[07/08/2014 - 15:39:55 | N | 167424] D:\SmallRegistryEditor1.3.1.12.exe
[28/07/2014 - 19:03:23 | N | 1333837848] D:\Spinavy trik - American.Hustle.2013.BDRip.XViD.MP3.CZ.avi
[19/07/2014 - 19:24:47 | N | 1326609257] D:\spinavy.zip
[06/08/2014 - 19:40:39 | N | 728960] D:\SpyHunter-Installer.exe
[28/07/2014 - 19:03:27 | D ] D:\Subs
[31/07/2014 - 19:06:54 | N | 889734] D:\SW_public.rar
[13/06/2014 - 19:44:34 | SHD ] D:\System Volume Information
[11/07/2014 - 21:51:48 | N | 131750720] D:\t.crdownload
[06/08/2014 - 19:54:39 | N | 27239623] D:\torbrowser-install-3.6.3_en-US.exe
[28/07/2014 - 19:04:27 | N | 935461124] D:\Trabantem až na konec světa (2014) CZ.avi
[01/08/2014 - 14:35:50 | N | 1298540078] D:\Trabantem Napříč Afrikou 2010 CZ [CSFD 90%].avi
[19/07/2014 - 19:24:56 | N | 927662345] D:\trabosek.zip
[11/08/2014 - 16:31:35 | N | 3863930] D:\UsbFix (1).exe
[11/08/2014 - 16:33:43 | N | 1144875] D:\UsbFix (2).exe
[28/07/2014 - 19:05:52 | D ] D:\Users
[06/08/2014 - 19:53:29 | N | 8885012] D:\vidalia-bundle-0.2.1.30-0.2.12.exe
[28/07/2014 - 19:06:54 | D ] D:\WATCH_DOGS
[12/07/2014 - 19:53:57 | N | 16487184] D:\WidevineMediaOptimizerChrome.exe
[04/08/2014 - 16:27:56 | D ] D:\Windows
[13/06/2014 - 20:34:29 | D ] D:\Windows.old
[30/07/2014 - 20:48:42 | N | 887289856] D:\Z cizího krev neteče .2013 DVDRip CZ Dabing.avi
[22/07/2014 - 15:52:47 | D ] D:\_projects
[01/06/2014 - 16:56:12 | D ] G:\$RECYCLE.BIN
[13/06/2014 - 20:42:32 | D ] G:\Boot
[20/11/2010 - 05:40:08 | RASH | 383786] G:\bootmgr
[28/07/2014 - 19:01:33 | N | 8728] G:\BOOTSECT.BAK
[14/06/2014 - 07:43:24 | N | 203464] G:\grldr
[24/02/2012 - 18:20:15 | SHD ] G:\System Volume Information
[14/06/2014 - 07:43:24 | N | 12] G:\win7.ld
[05/05/2013 - 14:51:34 | D ] K:\Foto M
[19/05/2014 - 16:48:54 | D ] K:\lysá 2013
[19/05/2014 - 16:41:40 | D ] K:\krkonoše 16.-18.5.2014
[07/08/2014 - 17:03:30 | N | 259470056] K:\krkonose.rar
[20/07/2013 - 14:46:02 | N | 2033820] K:\PANO_20130720_144526.jpg
[07/08/2014 - 17:01:34 | N | 139264] K:\PANO_20130720_144526.exe
[07/08/2014 - 17:01:34 | N | 139264] K:\Nude.exe
[07/08/2014 - 17:01:36 | N | 139264] K:\Sex.exe
[07/08/2014 - 17:01:38 | N | 139264] K:\Money.exe
[07/08/2014 - 17:05:06 | N | 118353114] K:\lysa.rar
################## | Vaccin |
C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
K:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.sosvirus.net |
Re: USB disk - změna souboru
Tak jeste uklidime 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
T-Cleaner http://vyosek.tym.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?