VIRY.CZ

Zrus USBFIX,zatvor, odstrel..
Restartuj pocitac do nudzoveho rezimu so sietou a spust to tam,

rozpisal by si mi to trochu viac

takéto veci nerobim často, na samotné zatvorenie mi nereaguje musim asi spraviť tvrdý reštart alebo vyberiem baterku z notebooku

Pravy klik na hlavnu listu,dole na spodku ta tenka lista.
Vyber spravca uloh>zalozka Aplikacia>>oznac USBFIX a klikni na UKONCIT, ak nereaguje tak to ukonc viackrat.

ja nemam tam vôbec nič

ani ikony ani spodnú lištu iba ten USBFIX

všetko okolo je prázdne

nemám kde kliknuť

No nic, Podrz ccc5 sekund Vypinac Notebooku, a vypne sa natvrdo, pockaj chvilku, ccc10 sekund a zapni, rovno nabootuj do nudzoveho rezimu so sietou, >>>pri starte mackat F-8, a potom v meny vybrat nudzovy rezim so sietou, a spust USBFIX tam.

okk podarilo sa isť do núdzového režimu v sieti

teraz idem spustiť ten USBFIX

ale ešte pred tým sa chcem spýtať v tom návode usbfix tak tam sú 2 odkazy na ten USBFIX

jeden čo som stiahol tak bol taký ako v návode

a ten druhý link tak tam je iná verzia tak ktorý teraz použiť ?

Prvy link je na stranke kolegu, kludne to pouzi, druhy link je na stranke autora,
Pouzi ten co mas stiahnute.

tak použijem ten čo je v návode

no aj podľa neho som išiel idem to zapnuť

no tak som zapol

dal som "DELETION"

potom ma vyzvalo na pripojenie všetkych USB daj som "OK"

následne vyskočila táto tabuľka:

UsbFix is going to stop the not vitla processes
Please Register your current work.

Thank you

Mám dať "OK" alebo to zavrieť ??


lebo vtedy ked som dal "OK" tak to skočilo na 14 % a zamrzlo to

Nespraví to aj teraz ?

ah,jo,,jasne ze ok, vtedy to bolo vtedy, teraz je teraz, preto sme isli tu do nudzaku, cece rob uz nieco, preto ze tu budem stebou do polnoci.

už sa to tam hýbe

takže tu je ten log:

############################## | UsbFix V 7.134 | [Deletion]

User: Admin1 (Administrator) # ADMIN-1
Updated 06/09/2013 by El Desaparecido
Started at 16:02:38 | 21/05/2014

Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net

PC: Acer (Aspire 5536 ) (X86-based PC)
CPU: AMD Athlon(tm) X2 Dual-Core QL-64 (2100)
RAM -> [Total : 2814 | Free : 2487]
BIOS: Ver 1.00PARTTBL
BOOT: Fail-safe with network boot

OS: Systém Microsoft Windows XP Professional (5.1.2600 32-Bit) # Service Pack 3
WB: Windows Internet Explorer 7.0.5730.13

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 78 Gb (23 Mb free - 30%) [] # NTFS
D:\ -> Fixed drive # 145 Gb (25 Mb free - 17%) [] # NTFS
E:\ -> CD-ROM
I:\ -> Removable drive # 7 Gb (7 Mb free - 100%) [KINGSTON] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [RTHDCPL] - RTHDCPL.EXE
HKLM\SOFTWARE | Run : [Alcmtr] - ALCMTR.EXE
HKLM\SOFTWARE | Run : [AzMixerSel] - C:\Program Files\Realtek\Audio\Drivers\AzMixerSel.exe
HKLM\SOFTWARE | Run : [avgnt] - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [zrkqkaskft] - wscript.exe //B "C:\DOCUME~1\Admin1\LOCALS~1\Temp\zrkqkaskft.vbs"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-20\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE
HKU\S-1-5-21-1715567821-776561741-682003330-1003\SOFTWARE | Run : [Google Update] - "C:\Documents and Settings\Admin1\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
HKU\S-1-5-21-1715567821-776561741-682003330-1003\SOFTWARE | Run : [ctfmon.exe] - C:\WINDOWS\system32\ctfmon.exe
HKU\S-1-5-21-1715567821-776561741-682003330-1003\SOFTWARE | Run : [zrkqkaskft] - wscript.exe //B "C:\DOCUME~1\Admin1\LOCALS~1\Temp\zrkqkaskft.vbs"
HKU\S-1-5-18\SOFTWARE | Run : [CTFMON.EXE] - C:\WINDOWS\system32\CTFMON.EXE

################## | Stopped processes |

Stopped! C:\WINDOWS\Explorer.EXE (1012)

################## | Files # Infected Folders |

Deleted ! I:\zrkqkaskft.vbs
Deleted ! C:\DOCUME~1\Admin1\LOCALS~1\Temp\zrkqkaskft.vbs
Deleted ! I:\TR -štátnica FINAL - 2014.lnk
Deleted ! I:\Zameranie OPP.lnk
Deleted ! C:\Documents and Settings\Admin1\Nabídka Start\Programy\Po spuštění\zrkqkaskft.vbs
Deleted ! C:\DOCUME~1\Admin1\LOCALS~1\Temp\RtkBtMnt.exe

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|zrkqkaskft
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|zrkqkaskft

################## | Mountpoints2 |


################## | Listing |

[02/08/2011 - 09:11:42 | N | 0] C:\AUTOEXEC.BAT
[21/05/2014 - 01:41:53 | AD ] C:\autorun.inf
[02/02/2013 - 19:28:08 | N | 223] C:\boot.ini
[25/10/2001 - 16:00:00 | N | 4952] C:\Bootfont.bin
[16/05/2014 - 14:52:00 | D ] C:\Config.Msi
[02/08/2011 - 09:11:42 | N | 0] C:\CONFIG.SYS
[15/12/2013 - 13:39:14 | N | 0] C:\Cookies
[02/08/2011 - 09:16:43 | D ] C:\Documents and Settings
[02/08/2011 - 09:11:42 | N | 0] C:\IO.SYS
[02/08/2011 - 09:11:42 | N | 0] C:\MSDOS.SYS
[02/08/2011 - 12:26:55 | RHD ] C:\MSOCache
[03/08/2004 - 22:38:34 | N | 47564] C:\NTDETECT.COM
[02/08/2011 - 21:06:02 | N | 250576] C:\ntldr
[21/05/2014 - 15:55:57 | ASH | 2145386496] C:\pagefile.sys
[21/05/2014 - 14:07:27 | D ] C:\Program Files
[02/08/2011 - 12:55:14 | SHD ] C:\RECYCLER
[02/08/2013 - 17:31:21 | D ] C:\Ross-Tech
[07/01/2012 - 19:24:41 | D ] C:\SmartSound Software
[21/05/2014 - 02:58:01 | SHD ] C:\System Volume Information
[04/08/2011 - 19:53:52 | D ] C:\Tecar Forum
[23/11/2013 - 21:58:05 | D ] C:\totalcmd
[21/05/2014 - 16:14:04 | D ] C:\UsbFix
[21/05/2014 - 14:33:40 | N | 4187] C:\UsbFix [Clean 1] ADMIN-1.txt
[21/05/2014 - 16:14:42 | A | 4223] C:\UsbFix [Clean 2] ADMIN-1.txt
[21/05/2014 - 15:56:06 | D ] C:\WINDOWS
[01/05/2012 - 08:45:19 | D ] D:\ariva
[21/05/2014 - 01:41:53 | RASHD ] D:\autorun.inf
[31/07/2013 - 10:33:53 | D ] D:\Dokumenty
[14/10/2013 - 21:27:08 | D ] D:\ETKA 2014 INSTAL
[28/12/2011 - 23:04:08 | D ] D:\etka 7.3
[21/05/2014 - 14:31:18 | D ] D:\Filmy
[09/05/2013 - 09:49:50 | D ] D:\Konex
[10/03/2014 - 14:39:18 | D ] D:\Music
[13/11/2012 - 15:58:12 | D ] D:\Obrázky
[16/04/2014 - 09:27:47 | D ] D:\OCTAVIA TDI
[30/11/2013 - 20:44:48 | D ] D:\Ostatné
[14/03/2014 - 17:32:22 | D ] D:\Programy
[02/08/2011 - 12:55:14 | SHD ] D:\RECYCLER
[21/05/2014 - 04:54:45 | SHD ] D:\System Volume Information
[21/05/2014 - 00:54:48 | N | 1829197] I:\TR -štátnica FINAL - 2014.docx
[16/05/2014 - 13:14:58 | N | 62464] I:\Zameranie OPP.doc

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
I:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net |

dobre, uz by si mal vidiet normalne svoje subory, restart do normalneho Windows, a das log z tohto programu.
http://forum.viry.cz/viewtopic.php?f=24 ... 2#p1250282

tým programom máš na mysli tento :

Stažení Farbar Recovery Scan Tool

Ano, ano,,,rob co je tam napisane.