VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

vir na flešce

https://forum.viry.cz:443/viewtopic.php?t=133810

Stránka 3 z 4

Re: vir na flešce

Napsal: 03 lis 2013 13:52
od robert.halas
ComboFix 13-11-03.02 - Acer 03.11.2013 13:37:24.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3956.2670 [GMT 1:00]
Spuštěný z: c:\stah\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Acer\AppData\Roaming\update_tc\update.exe
c:\windows\SwSys1.bmp
c:\windows\SwSys2.bmp
c:\windows\SysWow64\tmp6375.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Windows Internet Name Service
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-03 do 2013-11-03 )))))))))))))))))))))))))))))))
.
.
2013-11-03 12:45 . 2013-08-19 22:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3FD8F235-83B1-4F85-AB3B-9B73C5ACE21D}\mpengine.dll
2013-11-03 10:48 . 2013-11-03 10:49 -------- d-----w- C:\AdwCleaner
2013-11-03 10:38 . 2013-11-03 10:38 -------- d-----w- c:\windows\ERUNT
2013-11-03 10:36 . 2013-11-03 10:36 -------- d-----w- c:\users\Acer\AppData\Roaming\AVAST Software
2013-11-03 10:35 . 2013-11-03 10:35 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-03 10:35 . 2013-11-03 10:35 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-03 10:35 . 2013-11-03 10:35 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-03 10:35 . 2013-11-03 10:35 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-03 10:35 . 2013-11-03 10:35 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-03 10:35 . 2013-11-03 10:35 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-03 10:35 . 2013-11-03 10:35 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-03 10:35 . 2013-11-03 10:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-03 10:35 . 2013-11-03 10:35 43152 ----a-w- c:\windows\avastSS.scr
2013-11-03 10:35 . 2013-11-03 10:35 -------- d-----w- c:\program files\AVAST Software
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- C:\rsit
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- c:\program files\trend micro
2013-11-03 08:48 . 2013-11-03 08:54 -------- d-----w- C:\UsbFix
2013-11-02 17:05 . 2013-11-02 17:05 388096 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-02 17:05 . 2013-11-02 17:05 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-02 16:37 . 2013-11-02 16:37 -------- d-----w- c:\users\Acer\AppData\Local\GHISLER
2013-11-01 19:46 . 2013-11-01 19:46 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\program files (x86)\Eidos
2013-10-20 10:39 . 2013-10-20 10:47 -------- d-----w- c:\program files (x86)\Vietcong2
2013-10-20 10:37 . 2013-10-20 10:37 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2013-10-19 12:21 . 2013-10-19 12:29 -------- d-----w- c:\program files (x86)\LCP
2013-10-19 12:21 . 2013-10-19 12:21 26624 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{1EFAF492-9A3B-48C3-9349-234B146FDA46}\Icon1EFAF492.exe
2013-10-18 16:15 . 2013-11-02 15:51 -------- d-----w- c:\users\Acer\AppData\Local\download.am-data
2013-10-18 16:15 . 2013-10-18 16:15 -------- d-----w- c:\program files (x86)\Download.am
2013-10-18 13:58 . 2013-10-18 13:58 -------- d-----w- C:\Games
2013-10-12 15:43 . 2013-10-12 15:43 -------- d-----w- c:\program files (x86)\Cenega Czech
2013-10-12 11:41 . 2013-10-12 11:49 -------- d-----w- c:\users\Acer\AppData\Local\Floorball League
2013-10-12 11:41 . 2013-10-12 11:41 -------- d-----w- c:\program files (x86)\Prodigium Game Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-03 10:35 . 2013-03-08 08:12 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-12 11:43 . 2013-05-12 14:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-12 11:43 . 2013-05-12 14:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-10-12 09:01 . 2013-08-08 15:42 4464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2013-09-25 08:47 . 2013-07-25 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-25 08:47 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-24 07:53 . 2013-07-18 17:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-24 07:52 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-22 16:33 . 2013-09-22 16:33 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2013-09-22 16:33 . 2013-09-22 16:33 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2013-08-31 10:16 . 2013-08-31 10:16 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-08-30 08:36 . 2013-08-30 08:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-30 08:36 . 2013-08-30 08:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-30 08:31 . 2013-08-30 08:31 86016 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-30 08:31 . 2013-08-30 08:31 816640 ----a-w- c:\windows\system32\jscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-08-30 08:31 . 2013-08-30 08:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 248320 ----a-w- c:\windows\system32\ieui.dll
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 237056 ----a-w- c:\windows\system32\url.dll
2013-08-30 08:31 . 2013-08-30 08:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-08-30 08:31 . 2013-08-30 08:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 17830400 ----a-w- c:\windows\system32\mshtml.dll
2013-08-30 08:31 . 2013-08-30 08:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-08-30 08:31 . 2013-08-30 08:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-08-30 08:29 . 2013-08-30 08:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-30 08:29 . 2013-08-30 08:29 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-30 08:29 . 2013-08-30 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-30 08:29 . 2013-08-30 08:29 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-30 08:29 . 2013-08-30 08:29 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-30 08:29 . 2013-08-30 08:29 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-30 08:29 . 2013-08-30 08:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-30 08:29 . 2013-08-30 08:29 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-30 08:28 . 2013-08-30 08:28 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-30 08:28 . 2013-08-30 08:28 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-19 22:46 . 2013-08-30 08:36 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEB1A84-B8AC-4F73-8BE4-A2469DCCC832}\mpengine.dll
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-03 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 tor;Tor Win32 Service;c:\program files (x86)\Tor\tor.exe;c:\program files (x86)\Tor\tor.exe [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2013-11-01 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-22 16:09]
.
2013-11-03 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job
- c:\users\Acer\AppData\Local\Google\Update\GoogleUpdate.exe [2013-05-22 16:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-03 10:35 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"rqcqyuxmeb"="wscript.exe" [2009-07-14 168960]
"pstfsvapsu"="wscript.exe" [2009-07-14 168960]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 10.132.12.33 10.132.12.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-Printsrv - c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
AddRemove-MixiDJ chrome Toolbar - c:\users\Acer\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:f8,18,33,6b,da,3f,88,bf,3e,d0,d5,0d,00,b0,2b,e3,31,40,d3,25,80,32,22,
07,d3,4b,0b,49,f3,54,2a,0b,c3,f4,8d,7d,95,73,68,3a,1e,16,64,9c,96,dc,9a,90,\
"??"=hex:13,84,26,0d,e6,e0,d3,09,2c,a0,1a,d8,08,6a,dd,6c
.
[HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\License information*]
"datasecu"=hex:dd,99,61,1e,d6,75,99,bb,d4,3c,e3,4d,95,f4,1e,1d,3e,95,87,b9,c1,
98,08,60,bc,e1,04,cb,a7,a0,d9,83,16,75,88,67,46,3e,83,cf,ed,94,cc,cd,8b,e5,\
"rkeysecu"=hex:92,3d,d7,e7,0d,c8,84,39,50,97,8d,fa,b4,af,b4,78
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-03 13:50:53 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-03 12:50
.
Před spuštěním: Volných bajtů: 76 976 504 832
Po spuštění: Volných bajtů: 76 755 107 840
.
- - End Of File - - C00B344E62A5E1323A3EC75EDF74C10E
A36C5E4F47E84449FF07ED3517B43A31

Re: vir na flešce

Napsal: 03 lis 2013 14:00
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Folder::
C:\Program Files (x86)\IObit
C:\Program Files (x86)\IObit Apps Toolbar
c:\program files (x86)\Tor

Driver::
tor

Collect::
C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs
C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"rqcqyuxmeb"=-
"pstfsvapsu"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=""

RegNull::
[HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
[HKEY_USERS\S-1-5-21-8095715-4125419755-1740114249-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: vir na flešce

Napsal: 03 lis 2013 14:08
od robert.halas
Když napíšu v Pátek do tohoto fora tak mi pomužete i s netbookem

Re: vir na flešce

Napsal: 03 lis 2013 14:12
od vyosek
Jasne, nebude problem :)

Klidne mi i napiste mail :wink:

Re: vir na flešce

Napsal: 03 lis 2013 14:21
od robert.halas
Jsem rád že tomu někdo rozumy musel bych letet do pc opravni a no to nemam čas

Re: vir na flešce

Napsal: 03 lis 2013 14:22
od robert.halas
ComboFix 13-11-03.02 - Acer 03.11.2013 14:07:02.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3956.2801 [GMT 1:00]
Spuštěný z: c:\users\Acer\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Acer\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Tor
c:\program files (x86)\Tor\tor.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_tor
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-10-03 do 2013-11-03 )))))))))))))))))))))))))))))))
.
.
2013-11-03 13:17 . 2013-08-19 22:46 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E5701396-1AA4-44DE-8E90-E8263BF890FA}\mpengine.dll
2013-11-03 13:13 . 2013-11-03 13:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-11-03 10:48 . 2013-11-03 10:49 -------- d-----w- C:\AdwCleaner
2013-11-03 10:38 . 2013-11-03 10:38 -------- d-----w- c:\windows\ERUNT
2013-11-03 10:36 . 2013-11-03 10:36 -------- d-----w- c:\users\Acer\AppData\Roaming\AVAST Software
2013-11-03 10:35 . 2013-11-03 10:35 65264 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-11-03 10:35 . 2013-11-03 10:35 205320 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2013-11-03 10:35 . 2013-11-03 10:35 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2013-11-03 10:35 . 2013-11-03 10:35 1032416 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-11-03 10:35 . 2013-11-03 10:35 409832 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-11-03 10:35 . 2013-11-03 10:35 84328 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-11-03 10:35 . 2013-11-03 10:35 38984 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-11-03 10:35 . 2013-11-03 10:35 92544 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-11-03 10:35 . 2013-11-03 10:35 43152 ----a-w- c:\windows\avastSS.scr
2013-11-03 10:35 . 2013-11-03 10:35 -------- d-----w- c:\program files\AVAST Software
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- C:\rsit
2013-11-03 09:14 . 2013-11-03 09:14 -------- d-----w- c:\program files\trend micro
2013-11-03 08:48 . 2013-11-03 08:54 -------- d-----w- C:\UsbFix
2013-11-02 17:05 . 2013-11-02 17:05 388096 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-11-02 17:05 . 2013-11-02 17:05 -------- d-----w- c:\program files (x86)\Trend Micro
2013-11-02 16:37 . 2013-11-02 16:37 -------- d-----w- c:\users\Acer\AppData\Local\GHISLER
2013-11-01 19:46 . 2013-11-01 19:46 -------- d-----w- c:\windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 19:28 . 2013-11-01 19:28 -------- d-----w- c:\program files (x86)\Eidos
2013-10-20 10:39 . 2013-10-20 10:47 -------- d-----w- c:\program files (x86)\Vietcong2
2013-10-20 10:37 . 2013-10-20 10:37 98304 ----a-w- c:\windows\SysWow64\CmdLineExt.dll
2013-10-19 12:21 . 2013-10-19 12:29 -------- d-----w- c:\program files (x86)\LCP
2013-10-19 12:21 . 2013-10-19 12:21 26624 ----a-r- c:\users\Acer\AppData\Roaming\Microsoft\Installer\{1EFAF492-9A3B-48C3-9349-234B146FDA46}\Icon1EFAF492.exe
2013-10-18 16:15 . 2013-11-02 15:51 -------- d-----w- c:\users\Acer\AppData\Local\download.am-data
2013-10-18 16:15 . 2013-10-18 16:15 -------- d-----w- c:\program files (x86)\Download.am
2013-10-18 13:58 . 2013-10-18 13:58 -------- d-----w- C:\Games
2013-10-12 15:43 . 2013-10-12 15:43 -------- d-----w- c:\program files (x86)\Cenega Czech
2013-10-12 11:41 . 2013-10-12 11:49 -------- d-----w- c:\users\Acer\AppData\Local\Floorball League
2013-10-12 11:41 . 2013-10-12 11:41 -------- d-----w- c:\program files (x86)\Prodigium Game Studios
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-11-03 10:35 . 2013-03-08 08:12 334648 ----a-w- c:\windows\system32\aswBoot.exe
2013-10-12 11:43 . 2013-05-12 14:20 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-10-12 11:43 . 2013-05-12 14:20 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-10-12 09:01 . 2013-08-08 15:42 4464 ----a-w- c:\windows\SysWow64\ealregsnapshot1.reg
2013-09-25 08:47 . 2013-07-25 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2013-09-25 08:47 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-09-24 07:53 . 2013-07-18 17:46 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2013-09-24 07:52 . 2013-07-18 17:46 282296 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2013-09-22 16:33 . 2013-09-22 16:33 82432 ----a-w- c:\windows\SysWow64\msxml4r.dll
2013-09-22 16:33 . 2013-09-22 16:33 1233920 ----a-w- c:\windows\SysWow64\msxml4.dll
2013-08-31 10:16 . 2013-08-31 10:16 2250024 ----a-w- c:\windows\SysWow64\pbsvc.exe
2013-08-30 08:36 . 2013-08-30 08:36 1888768 ----a-w- c:\windows\system32\WMVDECOD.DLL
2013-08-30 08:36 . 2013-08-30 08:36 1620992 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 2048 ----a-w- c:\windows\system32\tzres.dll
2013-08-30 08:31 . 2013-08-30 08:31 96768 ----a-w- c:\windows\system32\mshtmled.dll
2013-08-30 08:31 . 2013-08-30 08:31 86016 ----a-w- c:\windows\system32\jsproxy.dll
2013-08-30 08:31 . 2013-08-30 08:31 816640 ----a-w- c:\windows\system32\jscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 729088 ----a-w- c:\windows\system32\msfeeds.dll
2013-08-30 08:31 . 2013-08-30 08:31 599040 ----a-w- c:\windows\system32\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-08-30 08:31 . 2013-08-30 08:31 248320 ----a-w- c:\windows\system32\ieui.dll
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2013-08-30 08:31 . 2013-08-30 08:31 237056 ----a-w- c:\windows\system32\url.dll
2013-08-30 08:31 . 2013-08-30 08:31 2312704 ----a-w- c:\windows\system32\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 2147840 ----a-w- c:\windows\system32\iertutil.dll
2013-08-30 08:31 . 2013-08-30 08:31 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2013-08-30 08:31 . 2013-08-30 08:31 17830400 ----a-w- c:\windows\system32\mshtml.dll
2013-08-30 08:31 . 2013-08-30 08:31 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-08-30 08:31 . 2013-08-30 08:31 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-08-30 08:31 . 2013-08-30 08:31 1392128 ----a-w- c:\windows\system32\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 1346560 ----a-w- c:\windows\system32\urlmon.dll
2013-08-30 08:31 . 2013-08-30 08:31 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2013-08-30 08:31 . 2013-08-30 08:31 10926080 ----a-w- c:\windows\system32\ieframe.dll
2013-08-30 08:29 . 2013-08-30 08:29 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-08-30 08:29 . 2013-08-30 08:29 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-08-30 08:29 . 2013-08-30 08:29 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 3968960 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-08-30 08:29 . 2013-08-30 08:29 3913664 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-08-30 08:29 . 2013-08-30 08:29 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-08-30 08:29 . 2013-08-30 08:29 243712 ----a-w- c:\windows\system32\wow64.dll
2013-08-30 08:29 . 2013-08-30 08:29 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-08-30 08:29 . 2013-08-30 08:29 1732032 ----a-w- c:\windows\system32\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-08-30 08:29 . 2013-08-30 08:29 1292192 ----a-w- c:\windows\SysWow64\ntdll.dll
2013-08-30 08:29 . 2013-08-30 08:29 663552 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1217024 ----a-w- c:\windows\system32\rpcrt4.dll
2013-08-30 08:29 . 2013-08-30 08:29 1910208 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-08-30 08:29 . 2013-08-30 08:29 39936 ----a-w- c:\windows\system32\drivers\tssecsrv.sys
2013-08-30 08:28 . 2013-08-30 08:28 224256 ----a-w- c:\windows\system32\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 175104 ----a-w- c:\windows\SysWow64\wintrust.dll
2013-08-30 08:28 . 2013-08-30 08:28 1472512 ----a-w- c:\windows\system32\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2013-08-30 08:28 . 2013-08-30 08:28 139776 ----a-w- c:\windows\system32\cryptnet.dll
2013-08-30 08:28 . 2013-08-30 08:28 1166848 ----a-w- c:\windows\SysWow64\crypt32.dll
2013-08-30 08:28 . 2013-08-30 08:28 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2013-08-19 22:46 . 2013-08-30 08:36 9515512 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AAEB1A84-B8AC-4F73-8BE4-A2469DCCC832}\mpengine.dll
2013-08-07 02:22 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2013-11-03 3568312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys;c:\windows\SYSNATIVE\drivers\aswFsBlk.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys;c:\windows\SYSNATIVE\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys;c:\windows\SYSNATIVE\DRIVERS\k57nd60a.sys [x]
.
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2013-11-03 10:35 326944 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-22 323584]
"Printsrv"="c:\windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
mDefault_Page_URL = hxxp://www.google.com
TCP: DhcpNameServer = 10.132.12.33 10.132.12.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-MixiDJ chrome Toolbar - c:\users\Acer\AppData\Roaming\BabSolution\Shared\GUninstaller.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Celkový čas: 2013-11-03 14:21:29 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-11-03 13:21
ComboFix2.txt 2013-11-03 12:50
.
Před spuštěním: Volných bajtů: 76 817 645 568
Po spuštění: Volných bajtů: 76 527 046 656
.
- - End Of File - - AAF6099E6E6B01971CF4787597C15FA3
A36C5E4F47E84449FF07ED3517B43A31

Re: vir na flešce

Napsal: 03 lis 2013 14:23
od vyosek
:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: Dejte log dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=133100

Re: vir na flešce

Napsal: 03 lis 2013 14:39
od robert.halas
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 31-10-2013
Ran by Acer (administrator) on ACER-PC on 03-11-2013 14:37:00
Running from C:\Users\Acer\Desktop
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Normal

==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corporation) c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
(forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [9643552 2009-12-10] (Realtek Semiconductor)
HKLM\...\Run: [AmIcoSinglun64] - C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)
HKLM\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs
HKLM-x32\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3568312 2013-11-03] (AVAST Software)
BootExecute:

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKCU - {128A1E86-FD6E-43BF-9577-FEC73DBAB60F} URL = http://www.zbozi.cz/?q={searchTerms}&r= ... arch_13415
SearchScopes: HKCU - {25E69E2D-FDD7-40A0-84BB-73303C373F85} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {481042A4-1ACF-482F-9A5A-B57C7B2AA1AD} URL = http://slovnik.seznam.cz/?q={searchTerm ... arch_13415
SearchScopes: HKCU - {558B527B-44F8-4AFF-8DB5-AA90F70E23E7} URL = http://www.novinky.cz/hledej?w={searchT ... arch_13415
SearchScopes: HKCU - {6B4B7FDE-D486-4C11-A417-73C9F15047A6} URL = http://search.yahoo.com/search?fr=chr-g ... earchTerms}
SearchScopes: HKCU - {6E33BAB8-AEEC-4653-A1F8-0787FBCA66C9} URL = http://encyklopedie.seznam.cz/search?q= ... arch_13415
SearchScopes: HKCU - {6E734CF0-03AA-4CE9-960A-CCAE44748A35} URL = http://www.mapy.cz/?query={searchTerms} ... arch_13415
SearchScopes: HKCU - {79CFF18F-0DE2-48C9-995E-1442B054A541} URL = http://www.firmy.cz/?q={searchTerms}&so ... arch_13415
SearchScopes: HKCU - {EE53340A-C3F3-4DD6-8148-AC1CA9306B5B} URL = http://tv.seznam.cz/hledej?w={searchTer ... arch_13415
BHO: avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Tcpip\Parameters: [DhcpNameServer] 10.132.12.33 10.132.12.1

Chrome:
=======
CHR HomePage: hxxp://www.seznam.cz/?clid=13415
CHR Extension: (Seznam Li\u0161ti\u010Dka - Email) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bgjpfhpjcgdppjbgnpnjllokbmcdllig\1.3.13_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Slovn\u00EDk) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blmojkbhnkkphngknkmgccmlenfaelkd\1.2.13_0
CHR Extension: (avast! Online Security) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\9.0.2005.45_0
CHR Extension: (Seznam Li\u0161ti\u010Dka - Rychl\u00E1 volba) - C:\Users\Acer\AppData\Local\Google\Chrome\User Data\Default\Extensions\olfeabkoenfaoljndfecamgilllcpiak\1.5.14_0
CHR HKLM-x32\...\Chrome\Extension: [caodggjhipefhiblmgbchfkehoofabbh] - C:\Program Files\Instair\Instair.crx
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

==================== Services (Whitelisted) =================

S4 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-22] (Adobe Systems)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2013-11-03] (AVAST Software)
S4 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-09-24] ()

==================== Drivers (Whitelisted) ====================

R2 aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [38984 2013-11-03] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [84328 2013-11-03] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [92544 2013-11-03] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65776 2013-11-03] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1032416 2013-11-03] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [409832 2013-11-03] (AVAST Software)
R1 aswTdi; C:\Windows\system32\drivers\aswTdi.sys [65264 2013-11-03] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [205320 2013-11-03] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [311968 2013-07-21] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [283200 2013-03-13] (DT Soft Ltd)
R2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43168 2013-06-20] ()
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2009-07-14] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-11-03 14:36 - 2013-11-03 14:36 - 00000000 ____D C:\FRST
2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2013-11-03 14:31 - 2013-11-03 14:32 - 01957098 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
2013-11-03 11:38 - 2013-11-03 11:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 11:36 - 2013-11-03 11:36 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-03 11:36 - 2013-11-03 11:36 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2013-11-03 11:35 - 2013-11-03 11:35 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-03 11:35 - 2013-11-03 11:35 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-03 11:35 - 2013-11-03 11:35 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-03 10:14 - 2013-11-03 10:14 - 00000000 ____D C:\Program Files\trend micro
2013-11-02 19:35 - 2013-11-02 19:42 - 00002561 _____ C:\Windows\diagwrn.xml
2013-11-02 19:35 - 2013-11-02 19:42 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-02 17:37 - 2013-11-02 17:37 - 00000000 ____D C:\Users\Acer\AppData\Local\GHISLER
2013-11-01 20:48 - 2013-11-01 20:48 - 00000000 ____D C:\Users\Acer\Documents\Eidos
2013-11-01 20:46 - 2013-11-01 20:46 - 00000000 ____D C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 20:28 - 2013-11-01 20:28 - 00000000 ____D C:\Program Files (x86)\Eidos
2013-10-29 19:42 - 2013-10-29 19:42 - 00000000 ____D C:\Users\Acer\Documents\FLiNGTrainer
2013-10-20 11:44 - 2013-10-20 11:44 - 00001919 _____ C:\Users\Acer\Desktop\Vietcong 2.lnk
2013-10-20 11:44 - 2013-10-20 11:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vietcong 2
2013-10-20 11:39 - 2013-10-20 11:47 - 00000000 ____D C:\Program Files (x86)\Vietcong2
2013-10-20 11:37 - 2013-10-20 11:37 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-10-19 14:12 - 2013-10-19 14:12 - 00000166 _____ C:\Windows\SysWOW64\queries-02.cache
2013-10-19 13:21 - 2013-10-19 13:29 - 00000000 ____D C:\Program Files (x86)\LCP
2013-10-19 13:21 - 2013-10-19 13:21 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCP
2013-10-18 17:16 - 2013-10-18 17:18 - 00000000 ____D C:\Users\Acer\Downloads\Download.am
2013-10-18 17:15 - 2013-11-02 16:51 - 00000000 ____D C:\Users\Acer\AppData\Local\download.am-data
2013-10-18 17:15 - 2013-10-18 17:15 - 00001041 _____ C:\Users\Acer\Desktop\Download.am.lnk
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-10-18 14:58 - 2013-10-18 14:58 - 00000769 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Games
2013-10-13 09:35 - 2013-10-13 09:35 - 00000970 _____ C:\Users\Public\Desktop\Vietcong - Fist Alpha.lnk
2013-10-13 09:35 - 2013-10-13 09:35 - 00000936 _____ C:\Users\Public\Desktop\Vietcong.lnk
2013-10-12 16:43 - 2013-10-12 16:43 - 00000000 ____D C:\Program Files (x86)\Cenega Czech
2013-10-12 12:43 - 2013-10-12 12:43 - 00002193 _____ C:\Users\Public\Desktop\Floorball League.lnk
2013-10-12 12:41 - 2013-10-12 12:49 - 00000000 ____D C:\Users\Acer\AppData\Local\Floorball League
2013-10-12 12:41 - 2013-10-12 12:41 - 00000000 ____D C:\Program Files (x86)\Prodigium Game Studios
2013-10-12 10:05 - 2013-10-12 11:29 - 00000000 ____D C:\Users\Acer\Documents\NHL09
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\Hammerfall-Threshold-2006
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\[2007] After Forever
2013-10-06 14:10 - 2013-11-02 21:08 - 00000000 ____D C:\Users\Acer\Desktop\maiden
2013-10-06 13:57 - 2013-10-06 14:07 - 00000000 ____D C:\Users\Acer\Desktop\manowar 2002
2013-10-05 20:42 - 2013-10-19 14:12 - 00000065 _____ C:\Windows\SysWOW64\cache.00

==================== One Month Modified Files and Folders =======

2013-11-03 14:36 - 2013-11-03 14:36 - 00000000 ____D C:\FRST
2013-11-03 14:35 - 2013-03-13 16:36 - 00000000 ____D C:\stah
2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2013-11-03 14:32 - 2013-11-03 14:31 - 01957098 _____ (Farbar) C:\Users\Acer\Desktop\FRST64.exe
2013-11-03 14:30 - 2013-09-26 18:44 - 00000000 ____D C:\Windows\Minidump
2013-11-03 14:28 - 2013-03-07 16:47 - 00000000 ____D C:\Users\Acer
2013-11-03 14:25 - 2009-07-14 05:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-11-03 14:25 - 2009-07-14 05:45 - 00021472 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-11-03 14:21 - 2013-03-07 16:37 - 01774794 _____ C:\Windows\WindowsUpdate.log
2013-11-03 14:17 - 2009-07-14 03:34 - 00000215 _____ C:\Windows\system.ini
2013-11-03 14:16 - 2013-08-30 17:52 - 00036018 _____ C:\Windows\PFRO.log
2013-11-03 14:16 - 2013-08-30 11:24 - 00001421 _____ C:\Windows\setupact.log
2013-11-03 14:16 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-11-03 14:16 - 2009-07-14 03:34 - 55586816 _____ C:\Windows\system32\config\software.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 18087936 _____ C:\Windows\system32\config\system.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 00290816 _____ C:\Windows\system32\config\default.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 00098304 _____ C:\Windows\system32\config\sam.bak
2013-11-03 14:16 - 2009-07-14 03:34 - 00028672 _____ C:\Windows\system32\config\security.bak
2013-11-03 13:50 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Default
2013-11-03 13:43 - 2013-09-26 18:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\update_tc
2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
2013-11-03 11:38 - 2013-11-03 11:38 - 00000000 ____D C:\Windows\ERUNT
2013-11-03 11:36 - 2013-11-03 11:36 - 00001926 _____ C:\Users\Public\Desktop\avast! Free Antivirus.lnk
2013-11-03 11:36 - 2013-11-03 11:36 - 00000000 ____D C:\Users\Acer\AppData\Roaming\AVAST Software
2013-11-03 11:35 - 2013-11-03 11:35 - 01032416 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSnx.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00409832 _____ (AVAST Software) C:\Windows\system32\Drivers\aswSP.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00205320 _____ C:\Windows\system32\Drivers\aswVmm.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00092544 _____ (AVAST Software) C:\Windows\system32\Drivers\aswRdr2.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00084328 _____ (AVAST Software) C:\Windows\system32\Drivers\aswMonFlt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065776 _____ C:\Windows\system32\Drivers\aswRvrt.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00065264 _____ (AVAST Software) C:\Windows\system32\Drivers\aswTdi.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00043152 _____ (AVAST Software) C:\Windows\avastSS.scr
2013-11-03 11:35 - 2013-11-03 11:35 - 00038984 _____ (AVAST Software) C:\Windows\system32\Drivers\aswFsBlk.sys
2013-11-03 11:35 - 2013-11-03 11:35 - 00003924 _____ C:\Windows\System32\Tasks\avast! Emergency Update
2013-11-03 11:35 - 2013-11-03 11:35 - 00000000 ____D C:\Program Files\AVAST Software
2013-11-03 11:35 - 2013-03-08 09:12 - 00334648 _____ (AVAST Software) C:\Windows\system32\aswBoot.exe
2013-11-03 11:34 - 2013-03-08 09:10 - 00000000 ____D C:\ProgramData\AVAST Software
2013-11-03 11:25 - 2013-03-13 08:21 - 00000000 ____D C:\Program Files (x86)\programy
2013-11-03 10:14 - 2013-11-03 10:14 - 00000000 ____D C:\Program Files\trend micro
2013-11-03 09:54 - 2013-05-19 06:37 - 00000000 ___RD C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
2013-11-03 09:48 - 2010-11-21 10:27 - 00666444 _____ C:\Windows\system32\perfh005.dat
2013-11-03 09:48 - 2010-11-21 10:27 - 00140108 _____ C:\Windows\system32\perfc005.dat
2013-11-03 09:48 - 2009-07-14 06:13 - 01576554 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-03 09:38 - 2013-03-13 15:59 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Skype
2013-11-02 21:08 - 2013-10-06 14:10 - 00000000 ____D C:\Users\Acer\Desktop\maiden
2013-11-02 19:42 - 2013-11-02 19:35 - 00002561 _____ C:\Windows\diagwrn.xml
2013-11-02 19:42 - 2013-11-02 19:35 - 00001908 _____ C:\Windows\diagerr.xml
2013-11-02 19:35 - 2013-08-30 11:24 - 00000000 _____ C:\Windows\setuperr.log
2013-11-02 19:30 - 2013-08-17 15:55 - 00000000 ____D C:\Program Files (x86)\PES 13
2013-11-02 18:09 - 2013-05-26 18:21 - 00000000 ____D C:\Program Files\Instair
2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HiJackThis
2013-11-02 18:05 - 2013-11-02 18:05 - 00000000 ____D C:\Program Files (x86)\Trend Micro
2013-11-02 17:37 - 2013-11-02 17:37 - 00000000 ____D C:\Users\Acer\AppData\Local\GHISLER
2013-11-02 16:55 - 2013-08-01 17:07 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Seznam.cz
2013-11-02 16:54 - 2013-08-15 16:25 - 00000000 ____D C:\Program Files (x86)\Steam
2013-11-02 16:51 - 2013-10-18 17:15 - 00000000 ____D C:\Users\Acer\AppData\Local\download.am-data
2013-11-01 22:12 - 2013-08-01 08:45 - 00000000 ____D C:\Users\Acer\AppData\Roaming\BitTorrent
2013-11-01 20:48 - 2013-11-01 20:48 - 00000000 ____D C:\Users\Acer\Documents\Eidos
2013-11-01 20:46 - 2013-11-01 20:46 - 00000000 ____D C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 20:45 - 2013-08-31 09:47 - 00148628 _____ C:\Windows\DirectX.log
2013-11-01 20:28 - 2013-11-01 20:28 - 00000000 ____D C:\Program Files (x86)\Eidos
2013-11-01 20:28 - 2013-03-08 09:19 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2013-11-01 20:26 - 2013-08-08 16:31 - 00000000 ____D C:\Users\Acer\AppData\Local\Downloaded Installations
2013-10-29 19:42 - 2013-10-29 19:42 - 00000000 ____D C:\Users\Acer\Documents\FLiNGTrainer
2013-10-29 08:46 - 2013-05-29 15:40 - 00000000 ____D C:\Users\Acer\AppData\Local\CrashDumps
2013-10-20 11:47 - 2013-10-20 11:39 - 00000000 ____D C:\Program Files (x86)\Vietcong2
2013-10-20 11:45 - 2013-03-14 10:46 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2013-10-20 11:44 - 2013-10-20 11:44 - 00001919 _____ C:\Users\Acer\Desktop\Vietcong 2.lnk
2013-10-20 11:44 - 2013-10-20 11:44 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Vietcong 2
2013-10-20 11:37 - 2013-10-20 11:37 - 00098304 _____ (Sony DADC Austria AG.) C:\Windows\SysWOW64\CmdLineExt.dll
2013-10-19 14:12 - 2013-10-19 14:12 - 00000166 _____ C:\Windows\SysWOW64\queries-02.cache
2013-10-19 14:12 - 2013-10-05 20:42 - 00000065 _____ C:\Windows\SysWOW64\cache.00
2013-10-19 13:29 - 2013-10-19 13:21 - 00000000 ____D C:\Program Files (x86)\LCP
2013-10-19 13:21 - 2013-10-19 13:21 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LCP
2013-10-18 17:18 - 2013-10-18 17:16 - 00000000 ____D C:\Users\Acer\Downloads\Download.am
2013-10-18 17:15 - 2013-10-18 17:15 - 00001041 _____ C:\Users\Acer\Desktop\Download.am.lnk
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Download.am
2013-10-18 17:15 - 2013-10-18 17:15 - 00000000 ____D C:\Program Files (x86)\Download.am
2013-10-18 15:37 - 2013-03-13 09:01 - 00002354 _____ C:\Users\Acer\Desktop\Google Chrome.lnk
2013-10-18 15:26 - 2013-05-22 17:09 - 00003930 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA
2013-10-18 15:26 - 2013-05-22 17:09 - 00003534 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core
2013-10-18 14:58 - 2013-10-18 14:58 - 00000769 _____ C:\Users\Public\Desktop\World of Tanks.lnk
2013-10-18 14:58 - 2013-10-18 14:58 - 00000000 ____D C:\Games
2013-10-18 14:58 - 2013-04-20 15:11 - 00000000 ___HD C:\Windows\msdownld.tmp
2013-10-13 09:35 - 2013-10-13 09:35 - 00000970 _____ C:\Users\Public\Desktop\Vietcong - Fist Alpha.lnk
2013-10-13 09:35 - 2013-10-13 09:35 - 00000936 _____ C:\Users\Public\Desktop\Vietcong.lnk
2013-10-12 16:43 - 2013-10-12 16:43 - 00000000 ____D C:\Program Files (x86)\Cenega Czech
2013-10-12 12:49 - 2013-10-12 12:41 - 00000000 ____D C:\Users\Acer\AppData\Local\Floorball League
2013-10-12 12:43 - 2013-10-12 12:43 - 00002193 _____ C:\Users\Public\Desktop\Floorball League.lnk
2013-10-12 12:43 - 2013-05-12 15:20 - 00122904 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\system32\OpenAL32.dll
2013-10-12 12:43 - 2013-05-12 15:20 - 00109080 _____ (Portions (C) Creative Labs Inc. and NVIDIA Corp.) C:\Windows\SysWOW64\OpenAL32.dll
2013-10-12 12:41 - 2013-10-12 12:41 - 00000000 ____D C:\Program Files (x86)\Prodigium Game Studios
2013-10-12 11:29 - 2013-10-12 10:05 - 00000000 ____D C:\Users\Acer\Documents\NHL09
2013-10-12 10:01 - 2013-08-08 16:42 - 00004464 _____ C:\Windows\SysWOW64\ealregsnapshot1.reg
2013-10-12 09:57 - 2013-03-23 19:02 - 00000000 ____D C:\Program Files (x86)\EA Sports
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\Hammerfall-Threshold-2006
2013-10-06 14:41 - 2013-10-06 14:41 - 00000000 ____D C:\Users\Acer\Desktop\[2007] After Forever
2013-10-06 14:07 - 2013-10-06 13:57 - 00000000 ____D C:\Users\Acer\Desktop\manowar 2002

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-10-29 16:50




===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:465.66 GB) (Free:78.41 GB) NTFS

Available physical RAM: 2484.75 MB
Total physical RAM: 3956.44 MB
Percentage of memory in use: 37%

==================== MBR and Partition Table ==================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 6C54A05B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=466 GB) - (Type=07 NTFS)

==================== Scheduled Tasks (whitelisted) ==================


==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 28_09_2013 (06)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Acer\Desktop" je 10765 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: vir na flešce

Napsal: 03 lis 2013 15:09
od vyosek
:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    Start
HKLM\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2013-11-03 13:43 - 2013-09-26 18:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\update_tc

Hosts:

End
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny fixlist vedle FRST
:arrow: Spustte znovu FRST.exe
  • Kliknete na Fix
  • Probehne oprava a vytvori log Fixlog.txt
:arrow: Restart PC a dejte mi sem fixlog.txt

Re: vir na flešce

Napsal: 03 lis 2013 15:18
od robert.halas
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 31-10-2013
Ran by Acer at 2013-11-03 15:12:03 Run:1
Running from C:\Users\Acer\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
Start
HKLM\...\Run: [Printsrv] - c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

CHR HKLM-x32\...\Chrome\Extension: [hbcennhacfaagdopikcegfcobcadeocj] - C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [icdlfehblmklkikfigmjhbmmpmkmpooj] - C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx
CHR HKLM-x32\...\Chrome\Extension: [mhkaekfpcppmmioggniknbnbdbcigpkk] - C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx
CHR HKLM-x32\...\Chrome\Extension: [pfndaklgolladniicklehhancnlgocpp] - C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx

2013-11-03 13:25 - 2013-11-03 13:25 - 00000000 ____D C:\Users\Acer\Desktop\rkill
2013-11-02 18:05 - 2013-11-02 18:05 - 00002971 _____ C:\Users\Acer\Desktop\HiJackThis.lnk
2013-11-03 14:34 - 2013-11-03 14:34 - 00112128 _____ (forum.viry.cz) C:\Users\Acer\Desktop\FRSTLauncher.exe
2013-11-03 13:43 - 2013-09-26 18:43 - 00000000 ____D C:\Users\Acer\AppData\Roaming\update_tc

Hosts:

End
*****************

HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Printsrv => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value was restored successfully.
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => Value was restored successfully.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\hbcennhacfaagdopikcegfcobcadeocj => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saebay_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\icdlfehblmklkikfigmjhbmmpmkmpooj => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\errorassistant_1.1.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mhkaekfpcppmmioggniknbnbdbcigpkk => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\coupons_2.4.crx" => File/Directory not found.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pfndaklgolladniicklehhancnlgocpp => Key deleted successfully.
"C:\Program Files (x86)\Common Files\Spigot\GC\saamazon_1.0.crx" => File/Directory not found.
C:\Users\Acer\Desktop\rkill => Moved successfully.
C:\Users\Acer\Desktop\HiJackThis.lnk => Moved successfully.
C:\Users\Acer\Desktop\FRSTLauncher.exe => Moved successfully.
C:\Users\Acer\AppData\Roaming\update_tc => Moved successfully.
C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

==== End of Fixlog ====

Re: vir na flešce

Napsal: 03 lis 2013 15:18
od vyosek
Fajn, jak se chova nas pacient a flash disk??

Re: vir na flešce

Napsal: 03 lis 2013 15:20
od robert.halas
furt kdyz zapnu flašku furt se mi objevuje zastupce
nemam treba formatovat flešku

Re: vir na flešce

Napsal: 03 lis 2013 15:26
od robert.halas
Jsi borec!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Stačilo pouze avastem projet soubor a naformatovat a uz to běží
Fakt jsi borec

Re: vir na flešce

Napsal: 03 lis 2013 15:30
od robert.halas
mám dnes poslední otázku a to jestli mužu smazat ti soubory.

Re: vir na flešce

Napsal: 03 lis 2013 15:40
od robert.halas
Üž musil jed tak naschle v pátek
Všechny časy jsou v UTC+01:00
Stránka 3 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz