VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Policejní vir, nový

https://forum.viry.cz:443/viewtopic.php?t=130844

Stránka 1 z 1

Policejní vir, nový

Napsal: 10 čer 2013 22:59
od damates
Dobrý den,
teď jsem se dostal k PC kde se nachází policejní vir.

Je na něm Win7 64bit.
Podařilo se mi dostat do nouzového systému s příkazovým řádkem.
je to stejný případ jako
zde
Provedl jsem scan pomocí Farbar Recovery Scan Tool
Můžete mi prosím poradit co a jak dál?
Moc děkuji
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 10-06-2013 03
Ran by Mandy (administrator) on 10-06-2013 23:36:41
Running from G:\
Windows 7 Professional Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 9
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [11545192 2010-11-02] (Realtek Semiconductor)
HKLM\...\Run: [Cmaudio8788] C:\Windows\syswow64\RunDll32.exe C:\Windows\Syswow64\cmicnfgp.dll,CMICtrlWnd [8769536 2011-05-12] (C-Media Corporation)
HKLM\...\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe Envoke [200704 2008-07-11] ()
HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice [4035152 2011-09-22] (ESET)
HKLM\...\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h [9577680 2012-11-08] (COMODO)
HKLM\...\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe Envoke [282112 2008-07-11] ()
HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [3994960 2011-11-17] (O&O Software GmbH)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM\...\RunOnce: [*WerKernelReporting] %SYSTEMROOT%\SYSTEM32\WerFault.exe -k -rq [415232 2009-07-14] (Microsoft Corporation)
HKCU\...\Run: [OscarEditor] "C:\Program Files (x86)\OSCAR Editor X7\OscarEditor.exe" Minimum [3340288 2012-03-20] ()
HKCU\...\Run: [Voobly] "C:\Program Files (x86)\Voobly\voobly.exe" --startup [135168 2012-07-19] (Voobly)
HKCU\...\Run: [ESL Wire] "C:\Program Files\EslWire\wire.exe" --tray [4211712 2013-05-16] (Turtle Entertainment GmbH)
HKCU\...\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun [18642024 2013-02-28] (Skype Technologies S.A.)
HKCU\...\Run: [fcbbddddebsacfsfdsf] "C:\ProgramData\fcbbddddebsacfsfdsf.exe" [87040 2013-06-10] ()
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Mandy\AppData\Roaming\skype.dat [98304 2011-11-17] () <==== ATTENTION
MountPoints2: {65e15c97-7820-11e1-9b74-f46d04e5a5a0} - H:\racer.exe
HKLM-x32\...\Run: [gbrspcontrol] "C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" -controlservice -slave [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
HKU\Default\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\Default User\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
HKU\UpdatusUser\...\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun [x]
AppInit_DLLs: C:\Windows\system32\guard64.dll [390392 2012-11-08] (COMODO)
IMEO\nvstlink.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\nvstview.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
IMEO\teamviewer.exe: [Debugger] "C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe"
Startup: C:\ProgramData\Start Menu\Programs\Startup\GamePark klient 2.lnk
ShortcutTarget: GamePark klient 2.lnk -> C:\Program Files\GamePark2\gpcl.exe (Allstar Group, s.r.o.)
Startup: C:\ProgramData\Start Menu\Programs\Startup\Start GeekBuddy.lnk
ShortcutTarget: Start GeekBuddy.lnk -> C:\Program Files (x86)\Comodo\GeekBuddy\launcher.exe (Comodo Security Solutions Inc.)
Startup: C:\Users\Mandy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\hamachi.lnk
ShortcutTarget: hamachi.lnk -> C:\Program Files (x86)\Hamachi\hamachi.exe (LogMeIn Inc.)
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
HKCU SearchScopes: DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={se ... chr-comodo
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={se ... chr-comodo
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
BHO-x32: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\..\Interfaces\{61446E01-EF4E-4BCF-839D-FEE606BD3E64}: [NameServer]8.26.56.26,156.154.70.22

FireFox:
========
FF ProfilePath: C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default
FF SelectedSearchEngine: ICQ Search
FF Homepage: hxxp://www.google.cz/
FF Keyword.URL: google.cz
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll ()
FF Plugin: @java.com/DTPlugin,version=10.4.0 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.4.0 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 - C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF Plugin-x32: @esn/esnlaunch,version=1.110.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=1.138.0 - C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll No File
FF Plugin-x32: @esn/esnlaunch,version=2.1.3 - C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF Plugin-x32: @idsoftware.com/QuakeLive - C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=10.4.1 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.4.1 - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @nitropdf.com/NitroPDF - C:\Program Files (x86)\Nitro PDF\Professional 7\npnitromozilla.dll ( )
FF Plugin-x32: @nvidia.com/3DVision - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF Plugin-x32: @pandonetworks.com/PandoWebPlugin - C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF Plugin-x32: @videolan.org/vlc,version=2.0.6 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Extension: Click&Clean - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\clickclean@hotcleaner.com
FF Extension: Český slovník pro kontrolu pravopisu - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\cs@dictionaries.addons.mozilla.org
FF Extension: Better Battlelog (BBLog) - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\jid1-qQSMEVsYTOjgYA@jetpack
FF Extension: autorefresh - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\autorefresh@plugin.xpi
FF Extension: optimizegoogle - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\optimizegoogle@optimizegoogle.com.xpi
FF Extension: No Name - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\{54BB9F3F-07E5-486c-9B39-C7398B99391C}.xpi
FF Extension: No Name - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi
FF Extension: No Name - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF Extension: No Name - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
FF Extension: No Name - C:\Users\Mandy\AppData\Roaming\Mozilla\Firefox\Profiles\3ipht6gm.default\Extensions\{EF522540-89F5-46b9-B6FE-1829E2B572C6}.xpi

==================== Services (Whitelisted) =================

S2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe [918144 2010-11-03] ()
S2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
S2 AsSysCtrlService; C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe [586880 2010-10-21] ()
S2 CLPSLauncher; C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe [70344 2013-04-17] (Comodo Security Solutions Inc.)
S2 cmdAgent; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2828408 2012-11-08] (COMODO)
S2 ekrn; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [974944 2011-09-22] (ESET)
S2 EslWireHelper; C:\Program Files\EslWire\service\WireHelperSvc.exe [663056 2013-05-16] ()
S2 GeekBuddyRSP; C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [1851088 2013-04-17] (Comodo Security Solutions, Inc.)
S2 NitroDriverReadSpool2; C:\Program Files\Common Files\Nitro PDF\Professional\7.0\NitroPDFDriverService2x64.exe [341792 2011-12-20] (Nitro PDF Software)
S3 npggsvc; C:\Windows\SysWow64\GameMon.des [5124464 2012-12-16] (INCA Internet Co., Ltd.)
S2 OODefragAgent; C:\Program Files\OO Software\Defrag\oodag.exe [3273552 2011-11-17] (O&O Software GmbH)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2012-04-26] ()
S2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2123584 2011-12-14] (TuneUp Software)
S3 TunngleService; C:\Program Files (x86)\Tunngle\TnglCtrl.exe [745368 2012-11-26] (Tunngle.net GmbH)

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S1 AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [14464 2010-08-03] ()
S1 CFRMD; C:\Windows\SysWow64\DRIVERS\CFRMD.sys [37976 2012-09-03] (Windows (R) Win 7 DDK provider)
S1 cmdGuard; C:\Windows\System32\DRIVERS\cmdguard.sys [584056 2012-11-08] (COMODO)
S1 cmdHlp; C:\Windows\System32\DRIVERS\cmdhlp.sys [38144 2012-11-08] (COMODO)
S3 cmudaxp; C:\Windows\System32\drivers\cmudaxp.sys [2725376 2011-03-10] (C-Media Inc)
S2 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [202576 2011-08-09] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [146432 2011-08-04] (ESET)
S2 epfwwfpr; C:\Windows\System32\DRIVERS\epfwwfpr.sys [137144 2011-08-04] (ESET)
S3 ESLvnic1; C:\Windows\System32\DRIVERS\ESLvnic.sys [25528 2011-11-28] (Turtle Entertainment GmbH)
S2 ESLWireAC; C:\Windows\system32\drivers\ESLWireACD.sys [160784 2012-12-17] (<Turtle Entertainment>)
S1 inspect; C:\Windows\System32\DRIVERS\inspect.sys [94288 2012-11-08] (COMODO)
S3 MHIKEY10; C:\Windows\System32\Drivers\MHIKEY10x64.sys [60288 2010-09-15] (Generic USB smartcard reader)
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
S3 RTCore64; C:\Program Files (x86)\MSI Afterburner\RTCore64.sys [14648 2010-05-27] ()
S3 tap0901t; C:\Windows\System32\DRIVERS\tap0901t.sys [31232 2009-09-16] (Tunngle.net)
S3 tizeqdrv; C:\Users\Mandy\AppData\Roaming\TZAC2\tizeq64.sys [171704 2013-03-02] ()
S3 tizeqdrv; C:\Users\Mandy\AppData\Roaming\TZAC2\tizeq64.sys [171704 2013-03-02] ()
S3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
S3 TKCtrl; C:\Windows\system32\TKCtrl2k64.sys [87872 2012-07-03] (INCA Internet Co., Ltd.)
S3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
S3 TKFsAvM; C:\Windows\system32\TKFsAv64.sys [139136 2012-12-26] (INCA Internet Co., Ltd.)
S3 TKFsFtM; C:\Windows\system32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.)
S3 TKFsFtM; C:\Windows\system32\TKFsFt64.sys [23392 2012-11-06] (INCA Internet Co., Ltd.)
S1 TKFWFV; C:\Windows\System32\TKFWFV64.sys [34400 2011-03-29] (INCA Internet Co., Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
S3 TKFWVT; C:\Windows\system32\TKFWVT64.sys [183112 2012-10-23] (INCA Internet Co.,Ltd.)
S3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
S3 TkIdsVt; C:\Windows\system32\TkIdsVt64.sys [99168 2012-07-31] (INCA Internet Co.,Ltd.)
S3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
S3 TKPcFt; C:\Windows\system32\TKPcFtCb64.sys [29024 2012-11-06] (INCA Internet Co., Ltd.)
S3 TuneUpUtilitiesDrv; C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [11856 2011-12-12] (TuneUp Software)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)
S1 CFRMD; system32\DRIVERS\CFRMD.sys [x]
S3 LVPr2M64; system32\DRIVERS\LVPr2M64.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-10 23:36 - 2013-06-10 23:36 - 00000000 ____D C:\FRST
2013-05-23 21:14 - 2013-05-24 17:22 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-05-23 15:07 - 2013-06-10 23:31 - 00000004 ____A C:\Users\Mandy\AppData\Roaming\skype.ini
2013-05-23 14:20 - 2013-05-23 14:21 - 00000000 ___RD C:\Users\Mandy\Desktop\ 
2013-05-23 14:20 - 2013-05-23 14:20 - 00000000 ____A C:\Users\Mandy\Desktop\error cesta.TXT
2013-05-21 14:27 - 2013-05-21 14:27 - 00002043 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-20 18:29 - 2013-06-10 22:44 - 00087040 ____A C:\ProgramData\fcbbddddebsacfsfdsf.exe
2013-05-20 18:28 - 2013-05-20 18:28 - 00070618 ____A C:\Users\Mandy\Downloads\fotos95-lol.zip
2013-05-19 19:24 - 2013-05-19 19:24 - 00000000 ____D C:\ProgramData\id Software
2013-05-19 19:23 - 2013-05-19 19:23 - 02095104 ____A C:\Users\Mandy\Downloads\QuakeLiveNP_520.msi
2013-05-18 19:16 - 2013-05-18 19:16 - 00000000 ____A C:\Users\Mandy\Desktop\Nový textový dokument (2).TXT
2013-05-15 15:10 - 2013-05-15 15:10 - 00007263 ____A C:\Users\Mandy\Downloads\Paradox.rar
2013-05-14 20:47 - 2013-05-14 20:48 - 00441184 ____A C:\Windows\Minidump\051413-19796-01.dmp
2013-05-11 21:12 - 2013-05-11 21:12 - 00005624 ____A C:\Users\Mandy\Downloads\1314562330_LLL_cHoObiE_adroits.rar
2013-05-11 18:34 - 2013-05-11 18:34 - 00012522 ____A C:\Users\Mandy\Downloads\qLimAxzU.rar

==================== One Month Modified Files and Folders =======

2013-06-10 23:36 - 2013-06-10 23:36 - 00000000 ____D C:\FRST
2013-06-10 23:35 - 2009-07-14 17:18 - 00631276 ____A C:\Windows\System32\perfh005.dat
2013-06-10 23:35 - 2009-07-14 17:18 - 00121930 ____A C:\Windows\System32\perfc005.dat
2013-06-10 23:35 - 2009-07-14 07:13 - 01470298 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-10 23:31 - 2013-05-23 15:07 - 00000004 ____A C:\Users\Mandy\AppData\Roaming\skype.ini
2013-06-10 23:31 - 2012-01-17 23:51 - 01480866 ____A C:\Windows\System32\oodbs.lor
2013-06-10 23:30 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-10 23:30 - 2009-07-14 06:51 - 00098896 ____A C:\Windows\setupact.log
2013-06-10 23:04 - 2012-11-29 20:05 - 00000000 ____D C:\Users\Mandy\AppData\Roaming\Hamachi
2013-06-10 23:04 - 2012-02-09 21:04 - 00000000 ____D C:\Users\Mandy\AppData\Local\ESL Wire Game Client
2013-06-10 23:01 - 2012-01-15 20:01 - 01065825 ____A C:\Windows\WindowsUpdate.log
2013-06-10 22:54 - 2009-07-14 06:45 - 00025552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-10 22:54 - 2009-07-14 06:45 - 00025552 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 22:44 - 2013-05-20 18:29 - 00087040 ____A C:\ProgramData\fcbbddddebsacfsfdsf.exe
2013-05-24 17:22 - 2013-05-23 21:14 - 00000000 ___AD C:\Kaspersky Rescue Disk 10.0
2013-05-24 02:02 - 2012-01-29 16:49 - 00000000 ____D C:\Program Files (x86)\GamePark
2013-05-23 18:13 - 2012-04-04 13:07 - 00000914 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-23 16:22 - 2012-01-19 10:30 - 00000000 ____D C:\Users\Mandy\AppData\Roaming\Skype
2013-05-23 15:06 - 2012-01-17 23:54 - 00155252 ____A C:\Windows\PFRO.log
2013-05-23 14:46 - 2012-01-26 23:02 - 00000000 ____D C:\Users\Mandy\AppData\Roaming\Nitro PDF
2013-05-23 14:21 - 2013-05-23 14:20 - 00000000 ___RD C:\Users\Mandy\Desktop\ 
2013-05-23 14:20 - 2013-05-23 14:20 - 00000000 ____A C:\Users\Mandy\Desktop\error cesta.TXT
2013-05-22 20:31 - 2012-01-31 22:46 - 00000000 ____D C:\Users\Mandy\AppData\Roaming\TS3Client
2013-05-22 19:54 - 2012-01-19 00:13 - 00281768 ____A C:\Windows\SysWOW64\PnkBstrB.xtr
2013-05-22 19:54 - 2012-01-18 23:03 - 00281768 ____A C:\Windows\SysWOW64\PnkBstrB.exe
2013-05-22 19:53 - 2012-01-18 23:03 - 00271200 ____A C:\Windows\SysWOW64\PnkBstrB.ex0
2013-05-21 14:27 - 2013-05-21 14:27 - 00002043 ____A C:\Users\Public\Desktop\GeekBuddy.lnk
2013-05-21 14:27 - 2012-05-14 11:47 - 00000000 ____D C:\Program Files\COMODO
2013-05-20 19:33 - 2012-04-10 15:43 - 00000000 ____D C:\Users\Mandy\AppData\Roaming\Xfire
2013-05-20 18:28 - 2013-05-20 18:28 - 00070618 ____A C:\Users\Mandy\Downloads\fotos95-lol.zip
2013-05-20 18:13 - 2012-05-02 20:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-20 14:22 - 2012-10-20 11:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-05-19 21:18 - 2012-02-11 17:40 - 00000000 ____D C:\Users\Mandy\AppData\Roaming\HLSW
2013-05-19 19:24 - 2013-05-19 19:24 - 00000000 ____D C:\ProgramData\id Software
2013-05-19 19:23 - 2013-05-19 19:23 - 02095104 ____A C:\Users\Mandy\Downloads\QuakeLiveNP_520.msi
2013-05-19 16:48 - 2012-01-16 00:14 - 00000000 ____D C:\Users\Mandy\AppData\Roaming\XnView
2013-05-18 19:16 - 2013-05-18 19:16 - 00000000 ____A C:\Users\Mandy\Desktop\Nový textový dokument (2).TXT
2013-05-17 14:34 - 2012-10-19 18:53 - 00000779 ____A C:\Users\Public\Desktop\ESL Wire.lnk
2013-05-17 14:34 - 2012-02-09 21:04 - 00000000 ____D C:\Program Files\EslWire
2013-05-15 18:47 - 2012-04-10 15:43 - 00000000 ____D C:\ProgramData\Xfire
2013-05-15 15:10 - 2013-05-15 15:10 - 00007263 ____A C:\Users\Mandy\Downloads\Paradox.rar
2013-05-14 20:48 - 2013-05-14 20:47 - 00441184 ____A C:\Windows\Minidump\051413-19796-01.dmp
2013-05-14 20:47 - 2012-02-01 14:25 - 00000000 ____D C:\Windows\Minidump
2013-05-14 20:13 - 2012-04-04 13:07 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-05-14 20:13 - 2012-01-15 21:31 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-05-13 19:41 - 2012-01-19 10:22 - 00000000 ____D C:\Users\Mandy\AppData\Local\PMB Files
2013-05-13 19:41 - 2012-01-19 10:22 - 00000000 ____D C:\ProgramData\PMB Files
2013-05-11 21:12 - 2013-05-11 21:12 - 00005624 ____A C:\Users\Mandy\Downloads\1314562330_LLL_cHoObiE_adroits.rar
2013-05-11 18:34 - 2013-05-11 18:34 - 00012522 ____A C:\Users\Mandy\Downloads\qLimAxzU.rar

Files to move or delete:
====================
C:\ProgramData\fcbbddddebsacfsfdsf.exe
C:\Users\Mandy\AppData\Roaming\skype.dat
C:\Users\Mandy\AppData\Roaming\skype.ini

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-05-14 20:01

==================== End Of Log ============================

Re: Policejní vir, nový

Napsal: 10 čer 2013 23:40
od vyosek
Zdravim :)

:arrow: Tvorba fixlistu pro FRST
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    HKCU\...\Run: [fcbbddddebsacfsfdsf] "C:\ProgramData\fcbbddddebsacfsfdsf.exe" [87040 2013-06-10] ()
HKCU\...\Winlogon: [Shell] explorer.exe,C:\Users\Mandy\AppData\Roaming\skype.dat [98304 2011-11-17] () <==== ATTENTION 
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://us.yahoo.com?fr=fp-comodo
URLSearchHook: (No Name) - {687578b9-7132-4a7a-80e4-30ee31099e03} - No File
HKCU SearchScopes: DefaultScope {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
SearchScopes: HKCU - {8EEAC88A-079B-4b2c-80C1-7836F79EB40A} URL = http://us.search.yahoo.com/search?p={searchTerms}&fr=chr-comodo
FF SelectedSearchEngine: ICQ Search
2013-05-23 15:07 - 2013-06-10 23:31 - 00000004 ____A C:\Users\Mandy\AppData\Roaming\skype.ini
2013-05-20 18:29 - 2013-06-10 22:44 - 00087040 ____A C:\ProgramData\fcbbddddebsacfsfdsf.exe
2013-05-20 18:28 - 2013-05-20 18:28 - 00070618 ____A C:\Users\Mandy\Downloads\fotos95-lol.zip
C:\Users\Mandy\AppData\Roaming\skype.dat
  • Ulozte vytvoreny TXT jako fixlist.txt
  • Presunte vytvoreny log na flashku k FRST
:arrow: Spustte znovu FRST.exe na tom poskozenem PC
  • Kliknete na Fix
  • Probehne oprava a na flash disku se vytvori log Fixlog.txt
:arrow: Pokuste se nastartovat do bezneho rezimu

Re: Policejní vir, nový

Napsal: 11 čer 2013 00:24
od damates
Systém se spustil do běžného režimu bez komplikací.

Teď když to vidim co tam bratr stihl za rok napatlat, bude nejideálnější naprostý reinstal systému a všech aplikací.
Asi následné čištění nebude potřeba.
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 10-06-2013 03
Ran by Mandy at 2013-06-11 01:05:11 Run:1
Running from G:\
Boot Mode: Safe Mode (minimal)
==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\fcbbddddebsacfsfdsf => Value deleted successfully.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks\\\{687578b9-7132-4a7a-80e4-30ee31099e03} => Value deleted successfully.
HKCR\CLSID\{687578b9-7132-4a7a-80e4-30ee31099e03} => Key not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\\DefaultScope => Value was restored successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ => Key deleted successfully.
HKCR\CLSID\ => Unable to delete key
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\ => Key not found.
HKCR\CLSID\ => Unable to delete key
Firefox SelectedSearchEngine deleted successfully.
C:\Users\Mandy\AppData\Roaming\skype.ini => Moved successfully.
C:\ProgramData\fcbbddddebsacfsfdsf.exe => Moved successfully.
C:\Users\Mandy\Downloads\fotos95-lol.zip => Moved successfully.
C:\Users\Mandy\AppData\Roaming\skype.dat => Moved successfully.

==== End of Fixlog ====
Děkuji za tvůj čas a zkušenosti, sám bych to nezvládnul

Re: Policejní vir, nový

Napsal: 11 čer 2013 07:00
od vyosek
Tak jak, date se do reinstalu, nebo to vycistime, nemyslim ze to bude nejak extra tezke...

Re: Policejní vir, nový

Napsal: 11 čer 2013 14:09
od damates
Teď alespoň můžu začít zálohovat.
Bude lepší reinstal, 4 roky se celej systém zanese hodně a nejen havětí.Mladej se alespoň něco novýho naučí.
Průběžně se to čistilo, ale zas to chce nějakou reorganizaci

Děkuju moc :) Za váš čas a že se alespoň ted dostanu do systému, z consolového okna by ta záloha byla nadlouho

Re: Policejní vir, nový

Napsal: 11 čer 2013 17:52
od vyosek
Nemate zac, rad jsem pomohl :worship: Zase nekdy Obrázek

A na zaklade Pravidla o zamykani temat :lock:
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz