VIRY.CZ

Dobry den stal se mi virus ceska policie.... Drive mi sel odstranit obnovenim systemu ale ted se mi tam dal znova a uz to nejde, nevytvori se pristupovy bod a ani nejde vytvorit protoze ve vlastnostech systemu proste nemam"ochrana systemu" prosim poradte.

Vítám tě u nás

Zkusíme zatím úspěšný návod kolegy

vyosek píše: Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

• Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

• Zadejte prikaz notepad a odenterujte
• Otevre se poznamkovy blok (notepad)
• Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic kde je FRST ulozeny
• Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
• Zavrete notepad krizkem

Ted si ziskame log

• Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
• Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
• Spusti se FRST
• Spuste prohledavani kliknutim na Scan
• Po chvili se vytvori na flash disku log FRST.exe
• Ten mi sem vlozte pres zdravy PC

děkuju moc, už jsem to všechno provedl a mam ten soubor, co dál? komu kdyžtaak odeslat? nebo co s tím?

Zdravim

Jednorazove zaskocim, log vlozte sem jako obcash prispevku (stejne jako pripadne dalsi logy ktere budete postupne ziskavat)

tady je http://leteckaposta.cz/744125257 protože .txt sem nějak nejde :/

Dejte jej sem JAKO OBSAH = kopirovat, vlozit...pokud je moc dlouhy, tak rozdelit do vice prispevku...

Pripona txt je z bezpecnostnich duvodu zablokovana...

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 12-06-2013 03
Ran by Tropic (administrator) on 12-06-2013 19:51:40
Running from H:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: Czech
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Processes (Whitelisted) =================

(Microsoft Corporation) C:\Windows\system32\cmd.exe

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe [2097960 2010-04-23] (Synaptics Incorporated)
HKLM\...\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s [6245408 2010-05-26] (Realtek Semiconductor)
HKLM\...\Run: [BTMTrayAgent] rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp [24783624 2010-06-10] (Motorola, Inc.)
HKLM\...\Run: [HPWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe 120 C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe /hidden [363064 2010-06-18] (Hewlett-Packard Company)
HKLM\...\Run: [M-Audio Taskbar Icon] C:\Windows\system32\M-AudioTaskBarIcon.exe [749576 2009-06-22] (Avid Technology, Inc.)
HKCU\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKCU\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2736128 2010-05-19] (Hewlett-Packard Company)
HKCU\...\Run: [Advanced SystemCare 4] "C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe" [412560 2011-05-28] (IObit)
HKCU\...\Run: [Gadwin PrintScreen] C:\Program Files (x86)\Gadwin Systems\PrintScreen\PrintScreen.exe /nosplash [487424 2010-10-14] (Gadwin Systems, Inc)
HKCU\...\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun [4910912 2011-08-02] (DT Soft Ltd)
HKCU\...\Run: [WebcamMaxAutoRun] "C:\Program Files (x86)\WebcamMax\WebcamMax.exe" -a [6043888 2010-05-19] (CoolwareMax)
HKCU\...\Run: [Facebook Update] "C:\Users\Tropic\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver [138096 2013-04-15] (Facebook Inc.)
HKCU\...\Run: [RegClean Expert Scheduler] "C:\Program Files (x86)\Registry Clean Expert\RCHelper.exe" /startup [605464 2012-11-01] (iExpert Software)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\ioel.dat,XFG00 [135168 2013-06-11] (Microsoft Corporation) <===== ATTENTION
HKCU\...\Policies\system: [DisableLockWorkstation] 0
HKCU\...\Policies\system: [DisableTaskMgr] 0
HKCU\...\Policies\system: [DisableChangePassword] 0
MountPoints2: F - F:\AutoRun.exe
MountPoints2: {239ac0f2-c96f-11e0-a5be-3c4a924e9f8e} - F:\AutoRun.exe
MountPoints2: {2e5b2934-f8ca-11e0-a2ce-3c4a924e9f8e} - F:\autoplay.exe
MountPoints2: {2e5b294d-f8ca-11e0-a2ce-3c4a924e9f8e} - G:\autoplay.exe
HKLM-x32\...\Run: [HP Quick Launch] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [602680 2010-07-02] (Hewlett-Packard Company)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [35760 2009-12-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [948672 2009-12-11] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [248552 2010-05-14] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [421888 2010-11-29] (Apple Inc.)
HKLM-x32\...\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe [2345592 2012-08-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [] [x]
HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
HKLM-x32\...\Run: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [54576 2009-11-18] (Hewlett-Packard)
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59280 2012-05-30] (Apple Inc.)
HKLM-x32\...\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe" [421776 2012-06-07] (Apple Inc.)
HKU\Default\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
HKU\Default User\...\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\DOCK\HPAdvisorDock.exe [1712184 2010-02-09] ()
Startup: C:\ProgramData\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
Startup: C:\Users\Tropic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
ShortcutTarget: OpenOffice.org 3.2.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
Startup: C:\Users\Tropic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\ioel.dat (Microsoft Corporation)
BootExecute: autocheck autochk * C:\PROGRA~2\AVG\AVG10\avgchsva.exe /syncC:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm
HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
URLSearchHook: (No Name) - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - No File
URLSearchHook: (No Name) - {cc376ed9-9e09-4b39-bad5-083d151eaa86} - No File
SearchScopes: HKLM - {9AD61490-3275-44CA-AA92-87C2C459C6D7} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
HKLM-x32 SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2239085
SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 - {9AD61490-3275-44CA-AA92-87C2C459C6D7} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2239085
HKCU SearchScopes: DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={159F ... 2011-11-28 16:55:57&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {23DCDCC9-7A3B-4DE8-B39A-0A213E721AF8} URL = http://search.freecause.com/search?ourm ... earchTerms}
SearchScopes: HKCU - {8557A2BB-0CCA-4DA2-8BEE-E2A1975E3BBB} URL = http://www.webhledani.cz/results.aspx?i ... earchTerms}
SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={159F ... 2011-11-28 16:55:57&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
SearchScopes: HKCU - {9AD61490-3275-44CA-AA92-87C2C459C6D7} URL = http://cs.wikipedia.org/wiki/Special:Se ... earchTerms}
SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.as ... =CT2239085
BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: freevideomaster Toolbar - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files (x86)\freevideomaster\tbfree.dll (Conduit Ltd.)
BHO-x32: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll (Hewlett-Packard Co.)
BHO-x32: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension32.dll ()
BHO-x32: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO-x32: Pazera Toolbar BHO - {1B169632-4FA6-4BE0-B980-460B5BF7FD08} - C:\Program Files (x86)\Pazera Toolbar\Toolbar.dll ()
BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
BHO-x32: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
BHO-x32: GamePlayLabsBHO Class - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Users\Tropic\AppData\Local\GamePlayLabs Plugin\BHO.dll No File
BHO-x32: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
BHO-x32: DCA BHO - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files (x86)\Common Files\FreeCause\DCA\dca-bho.dll (Compete, Inc.)
BHO-x32: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
Toolbar: HKLM-x32 - freevideomaster Toolbar - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files (x86)\freevideomaster\tbfree.dll (Conduit Ltd.)
Toolbar: HKLM-x32 - Pazera Toolbar - {093B3D46-0F87-44CF-B44B-79537F1597E5} - C:\Program Files (x86)\Pazera Toolbar\Toolbar.dll ()
Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
Toolbar: HKCU - No Name - {01DFD24D-73EB-497F-8DFD-7EA79365AF4A} - No File
Toolbar: HKCU - No Name - {093B3D46-0F87-44CF-B44B-79537F1597E5} - No File
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
Handler-x32: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\15.2.0\ViProtocol.dll (AVG Secure Search)
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1

==================== Services (Whitelisted) =================

S2 AdvancedSystemCareService; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [353168 2011-05-28] (IObit)
S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
S2 AVGIDSAgent; C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe [7391072 2012-01-31] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe [269520 2011-02-08] (AVG Technologies CZ, s.r.o.)
S2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [27192 2010-07-02] ()
S2 IMPI Updater; C:\Program Files\IMPI\ExtensionUpdaterService.exe [185856 2013-02-05] ()
S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]

==================== Drivers (Whitelisted) ====================

S3 AVGIDSDriver; C:\Windows\System32\DRIVERS\AVGIDSDriver.Sys [118864 2011-05-27] (AVG Technologies CZ, s.r.o. )
R0 AVGIDSEH; C:\Windows\System32\DRIVERS\AVGIDSEH.Sys [26704 2011-02-22] (AVG Technologies CZ, s.r.o. )
S3 AVGIDSFilter; C:\Windows\System32\DRIVERS\AVGIDSFilter.Sys [29264 2011-02-10] (AVG Technologies CZ, s.r.o. )
S1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [312160 2012-11-12] (AVG Technologies CZ, s.r.o.)
S1 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [41552 2011-03-01] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [37456 2011-03-16] (AVG Technologies CZ, s.r.o.)
S1 Avgtdia; C:\Windows\System32\DRIVERS\avgtdia.sys [377936 2011-04-05] (AVG Technologies CZ, s.r.o.)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [45856 2013-05-20] (AVG Technologies)
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [270912 2011-11-02] (DT Soft Ltd)
S3 MAUSBMICRO; C:\Windows\System32\DRIVERS\MAudioMicro.sys [185864 2009-06-22] (Avid Technology, Inc.)
S3 MAUSBPRODUCER; C:\Windows\System32\DRIVERS\MAudioProducer.sys [185864 2009-06-22] (Avid Technology, Inc.)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [18232 2011-02-23] ()
S2 Aspi32; System32\drivers\aspi32.sys [x]
S3 Huawei; system32\DRIVERS\ewdcsc.sys [x]
S3 hwdatacard; system32\DRIVERS\ewusbmdm.sys [x]
S3 hwusbdev; system32\DRIVERS\ewusbdev.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-12 19:51 - 2013-06-12 19:51 - 00000000 ____D C:\FRST
2013-06-12 09:11 - 2013-06-12 09:11 - 00000000 __SHD C:\found.000
2013-06-11 22:57 - 2013-06-11 23:21 - 95023320 ___AT C:\ProgramData\leoi.pad
2013-06-11 22:57 - 2013-06-11 22:57 - 95023320 ___AT C:\ProgramData\otof0r.pad
2013-06-11 22:57 - 2013-06-11 22:57 - 00135168 ____A (Microsoft Corporation) C:\ProgramData\r0foto.dat
2013-06-11 22:57 - 2013-06-11 22:57 - 00135168 ____A (Microsoft Corporation) C:\ProgramData\ioel.dat
2013-06-11 22:57 - 2013-06-11 22:57 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-11 22:57 - 2013-06-11 22:57 - 00002621 ____A C:\ProgramData\leoi.js
2013-06-11 22:57 - 2013-06-11 22:57 - 00000150 ____A C:\ProgramData\leoi.reg
2013-06-11 22:57 - 2013-06-11 22:57 - 00000055 ____A C:\ProgramData\leoi.bat
2013-06-11 21:38 - 2013-06-11 21:38 - 00001570 ____A C:\Users\Tropic\Desktop\občanka.txt
2013-06-10 21:55 - 2013-06-10 21:56 - 00000000 ____D C:\Users\Tropic\Desktop\jij
2013-06-10 21:54 - 2013-06-10 21:55 - 16526432 ____A C:\Users\Tropic\Desktop\prilohy_543.zip
2013-06-09 08:47 - 2013-06-11 23:21 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-09 08:47 - 2013-06-09 09:00 - 95023320 ___AT C:\ProgramData\mj1z6of.pad
2013-06-09 08:47 - 2013-06-09 08:47 - 95023320 ___AT C:\ProgramData\ejolofd.pad
2013-06-09 08:47 - 2013-06-09 08:47 - 00137216 ____A (Microsoft Corporation) C:\ProgramData\fo6z1jm.dat
2013-06-09 08:47 - 2013-06-09 08:47 - 00137216 ____A (Microsoft Corporation) C:\ProgramData\dfoloje.dat
2013-06-05 15:15 - 2013-06-05 15:16 - 29639510 ____A C:\Users\Tropic\Desktop\khkhgjg-mix.wav
2013-06-04 22:20 - 2013-06-06 22:33 - 00000000 ____D C:\Users\Tropic\Desktop\makám kurva!
2013-06-04 22:15 - 2013-06-11 23:19 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-05-29 22:58 - 2013-05-29 23:05 - 25431308 ____A C:\Users\Tropic\Desktop\fakin.wav
2013-05-21 23:41 - 2013-05-21 23:42 - 00000000 ____D C:\Users\Tropic\AppData\Local\{53A36CC2-54D2-46D9-A9F3-A2BB36A53B63}
2013-05-21 20:26 - 2013-05-21 20:26 - 23933480 ____A C:\Users\Tropic\Desktop\untitled.wav

==================== One Month Modified Files and Folders =======

2013-06-12 19:51 - 2013-06-12 19:51 - 00000000 ____D C:\FRST
2013-06-12 19:47 - 2010-08-15 07:48 - 00640422 ____A C:\Windows\System32\perfh005.dat
2013-06-12 19:47 - 2010-08-15 07:48 - 00127076 ____A C:\Windows\System32\perfc005.dat
2013-06-12 19:47 - 2009-07-14 07:13 - 01499262 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 16:28 - 2010-08-17 04:51 - 01340636 ____A C:\Windows\WindowsUpdate.log
2013-06-12 09:11 - 2013-06-12 09:11 - 00000000 __SHD C:\found.000
2013-06-11 23:21 - 2013-06-11 22:57 - 95023320 ___AT C:\ProgramData\leoi.pad
2013-06-11 23:21 - 2013-06-09 08:47 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-11 23:20 - 2011-03-27 20:45 - 00000000 ____D C:\Users\Tropic\AppData\Local\GamePlayLabs Plugin
2013-06-11 23:19 - 2013-06-04 22:15 - 00000350 ____A C:\Windows\Tasks\AVG-Secure-Search-Update_JUNE2013_TB_rmv.job
2013-06-11 23:17 - 2009-07-14 07:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-11 23:17 - 2009-07-14 06:51 - 00181956 ____A C:\Windows\setupact.log
2013-06-11 22:57 - 2013-06-11 22:57 - 95023320 ___AT C:\ProgramData\otof0r.pad
2013-06-11 22:57 - 2013-06-11 22:57 - 00135168 ____A (Microsoft Corporation) C:\ProgramData\r0foto.dat
2013-06-11 22:57 - 2013-06-11 22:57 - 00135168 ____A (Microsoft Corporation) C:\ProgramData\ioel.dat
2013-06-11 22:57 - 2013-06-11 22:57 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-11 22:57 - 2013-06-11 22:57 - 00002621 ____A C:\ProgramData\leoi.js
2013-06-11 22:57 - 2013-06-11 22:57 - 00000150 ____A C:\ProgramData\leoi.reg
2013-06-11 22:57 - 2013-06-11 22:57 - 00000055 ____A C:\ProgramData\leoi.bat
2013-06-11 21:38 - 2013-06-11 21:38 - 00001570 ____A C:\Users\Tropic\Desktop\občanka.txt
2013-06-11 20:46 - 2013-04-15 20:41 - 00000932 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3324916824-4260146805-1856180507-1000UA.job
2013-06-11 20:46 - 2013-04-15 20:41 - 00000910 ____A C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3324916824-4260146805-1856180507-1000Core.job
2013-06-11 20:17 - 2011-02-03 15:55 - 00000000 ____D C:\Windows\System32\Drivers\AVG
2013-06-11 06:39 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-11 06:39 - 2009-07-14 06:45 - 00023248 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-10 21:56 - 2013-06-10 21:55 - 00000000 ____D C:\Users\Tropic\Desktop\jij
2013-06-10 21:55 - 2013-06-10 21:54 - 16526432 ____A C:\Users\Tropic\Desktop\prilohy_543.zip
2013-06-09 19:05 - 2010-08-17 04:53 - 00000000 ____D C:\ProgramData\FLEXnet
2013-06-09 19:05 - 2009-07-14 05:20 - 00000000 ____D C:\Windows\registration
2013-06-09 10:00 - 2013-04-20 12:39 - 00000000 ____D C:\Users\Tropic\Desktop\hhds
2013-06-09 09:59 - 2013-02-09 01:15 - 00000000 ____D C:\Users\Tropic\Desktop\brázky
2013-06-09 09:06 - 2011-01-11 20:45 - 00000000 ____D C:\users\Tropic
2013-06-09 09:00 - 2013-06-09 08:47 - 95023320 ___AT C:\ProgramData\mj1z6of.pad
2013-06-09 08:47 - 2013-06-09 08:47 - 95023320 ___AT C:\ProgramData\ejolofd.pad
2013-06-09 08:47 - 2013-06-09 08:47 - 00137216 ____A (Microsoft Corporation) C:\ProgramData\fo6z1jm.dat
2013-06-09 08:47 - 2013-06-09 08:47 - 00137216 ____A (Microsoft Corporation) C:\ProgramData\dfoloje.dat
2013-06-06 22:33 - 2013-06-04 22:20 - 00000000 ____D C:\Users\Tropic\Desktop\makám kurva!
2013-06-05 15:33 - 2013-04-18 21:29 - 00000000 ____D C:\Users\Tropic\Desktop\muscle
2013-06-05 15:16 - 2013-06-05 15:15 - 29639510 ____A C:\Users\Tropic\Desktop\khkhgjg-mix.wav
2013-06-04 22:15 - 2011-11-28 17:56 - 00000000 ____D C:\Program Files (x86)\AVG Secure Search
2013-05-29 23:05 - 2013-05-29 22:58 - 25431308 ____A C:\Users\Tropic\Desktop\fakin.wav
2013-05-29 15:18 - 2011-08-12 22:30 - 00000000 ____D C:\Users\Tropic\Documents\PrintScreen Files
2013-05-27 22:20 - 2013-04-27 23:22 - 00000000 ____D C:\Users\Tropic\Desktop\fight
2013-05-26 19:13 - 2011-11-29 18:58 - 00000336 ____A C:\Windows\Tasks\HPCeeScheduleForTropic.job
2013-05-21 23:42 - 2013-05-21 23:41 - 00000000 ____D C:\Users\Tropic\AppData\Local\{53A36CC2-54D2-46D9-A9F3-A2BB36A53B63}
2013-05-21 20:26 - 2013-05-21 20:26 - 23933480 ____A C:\Users\Tropic\Desktop\untitled.wav
2013-05-20 21:55 - 2012-09-04 06:25 - 00045856 ____A (AVG Technologies) C:\Windows\System32\Drivers\avgtpx64.sys
2013-05-19 23:40 - 2011-12-31 13:31 - 00000000 ____D C:\ProgramData\HP

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\Users\Public\gta_sa.exe
C:\ProgramData\dfoloje.dat
C:\ProgramData\ejolofd.pad
C:\ProgramData\fo6z1jm.dat
C:\ProgramData\ioel.dat
C:\ProgramData\leoi.bat
C:\ProgramData\leoi.pad
C:\ProgramData\leoi.reg
C:\ProgramData\mj1z6of.pad
C:\ProgramData\otof0r.pad
C:\ProgramData\r0foto.dat

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2013-06-03 00:28

==================== End Of Log ============================

co ted?

Chtel jsem to nechat na kolegovi, temata si neprebirame, ale kdyz jste online, tak o kousicek popojedem

Dejte mi par minut nez napisi skript na vycisteni

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~3\rundll32.exe C:\PROGRA~3\ioel.dat,XFG00 [135168 2013-06-11] (Microsoft Corporation) <===== ATTENTION
  HKCU\...\Policies\system: [DisableLockWorkstation] 0
  HKCU\...\Policies\system: [DisableTaskMgr] 0
  HKCU\...\Policies\system: [DisableChangePassword] 0
  HKLM-x32\...\Run: [] [x]
  HKLM-x32\...\Run: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe" [1561768 2012-05-04] (Ask)
  HKLM-x32\...\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" [1226928 2013-05-20] (AVG Secure Search)
  Startup: C:\Users\Tropic\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
  ShortcutTarget: regmonstd.lnk -> C:\PROGRA~3\ioel.dat (Microsoft Corporation)
  HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.forumswatcher.com/search.htm
  HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
  HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
  HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
  HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
  URLSearchHook: (No Name) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - No File
  URLSearchHook: (No Name) - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - No File
  URLSearchHook: (No Name) - {cc376ed9-9e09-4b39-bad5-083d151eaa86} - No File
  SearchScopes: HKLM - {9AD61490-3275-44CA-AA92-87C2C459C6D7} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
  HKLM-x32 SearchScopes: DefaultScope {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2239085
  SearchScopes: HKLM-x32 - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
  SearchScopes: HKLM-x32 - {9AD61490-3275-44CA-AA92-87C2C459C6D7} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
  SearchScopes: HKLM-x32 - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2239085
  HKCU SearchScopes: DefaultScope {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={159F3A7F-5AA4-4B2B-9C7A-4034EF54C54C}&mid=a0864d3361a447d69e8ded03d4aa767d-254dc9b8b8b3f1f72fd4cf971448c0dfa1911f22&lang=cz&ds=AVG&pr=pa&d=2011-11-28 16:55:57&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
  SearchScopes: HKCU - {23DCDCC9-7A3B-4DE8-B39A-0A213E721AF8} URL = http://search.freecause.com/search?ourm ... e=63263&p={searchTerms}
  SearchScopes: HKCU - {8557A2BB-0CCA-4DA2-8BEE-E2A1975E3BBB} URL = http://www.webhledani.cz/results.aspx?i=42&tp=ie&q={searchTerms}
  SearchScopes: HKCU - {95B7759C-8C7F-4BF1-B163-73684A933233} URL = http://isearch.avg.com/search?cid={159F3A7F-5AA4-4B2B-9C7A-4034EF54C54C}&mid=a0864d3361a447d69e8ded03d4aa767d-254dc9b8b8b3f1f72fd4cf971448c0dfa1911f22&lang=cz&ds=AVG&pr=pa&d=2011-11-28 16:55:57&v=14.2.0.1&pid=avg&sg=&sap=dsp&q={searchTerms}
  SearchScopes: HKCU - {9AD61490-3275-44CA-AA92-87C2C459C6D7} URL = http://cs.wikipedia.org/wiki/Special:Search?search={searchTerms}
  SearchScopes: HKCU - {afdbddaa-5d3f-42ee-b79c-185a7020515b} URL = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2239085
  BHO: IMPI - {17E113E6-CD0E-4045-B154-65F0E57959EF} - C:\Program Files\IMPI\Extension64.dll ()
  BHO: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
  BHO-x32: freevideomaster Toolbar - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files (x86)\freevideomaster\tbfree.dll (Conduit Ltd.)
  BHO-x32: Pazera Toolbar BHO - {1B169632-4FA6-4BE0-B980-460B5BF7FD08} - C:\Program Files (x86)\Pazera Toolbar\Toolbar.dll ()
  BHO-x32: AVG Safe Search - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
  BHO-x32: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
  BHO-x32: GamePlayLabsBHO Class - {984A9162-8891-4D19-8CFE-17648BB4E1EC} - C:\Users\Tropic\AppData\Local\GamePlayLabs Plugin\BHO.dll No File
  BHO-x32: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  Toolbar: HKLM-x32 - Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
  Toolbar: HKLM-x32 - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
  Toolbar: HKLM-x32 - AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\15.2.0.5\AVG Secure Search_toolbar.dll (AVG Secure Search)
  Toolbar: HKLM-x32 - freevideomaster Toolbar - {01dfd24d-73eb-497f-8dfd-7ea79365af4a} - C:\Program Files (x86)\freevideomaster\tbfree.dll (Conduit Ltd.)
  Toolbar: HKLM-x32 - Pazera Toolbar - {093B3D46-0F87-44CF-B44B-79537F1597E5} - C:\Program Files (x86)\Pazera Toolbar\Toolbar.dll ()
  Toolbar: HKCU - No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
  Toolbar: HKCU - No Name - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No File
  Toolbar: HKCU - No Name - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No File
  Toolbar: HKCU - No Name - {01DFD24D-73EB-497F-8DFD-7EA79365AF4A} - No File
  Toolbar: HKCU - No Name - {093B3D46-0F87-44CF-B44B-79537F1597E5} - No File
  S3 AVG Security Toolbar Service; C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe [167264 2011-11-10] ()
  S2 vToolbarUpdater15.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.2.0\ToolbarUpdater.exe [1015984 2013-05-20] (AVG Secure Search)
  2013-06-12 09:11 - 2013-06-12 09:11 - 00000000 __SHD C:\found.000
  C:\Program Files (x86)\Common Files\AVG Secure Search
  C:\Program Files (x86)\Pazera Toolbar
  C:\Program Files (x86)\AVG Secure Search
  C:\Program Files (x86)\Ask.com
  C:\ProgramData\rundll32.exe
  C:\Users\Public\gta_sa.exe
  C:\ProgramData\dfoloje.dat
  C:\ProgramData\ejolofd.pad
  C:\ProgramData\fo6z1jm.dat
  C:\ProgramData\ioel.dat
  C:\ProgramData\leoi.bat
  C:\ProgramData\leoi.pad
  C:\ProgramData\leoi.reg
  C:\ProgramData\mj1z6of.pad
  C:\ProgramData\otof0r.pad
  C:\ProgramData\r0foto.dat
  

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

Takže co mám kopírovat, uložím jako fixlist.txt a pak v poznámkovém bloku spustim?

Omlouvam se, nedal jsem vse do code (zeleny text), nyni je to OK...

Usnadnim Vam to pac jsem tam udelal chybku - stahnete tento soubor http://leteckaposta.cz/296545447 ulozte primo na flash disk

Spustte znovu FRST.exe na tom poskozenem PC jako minule

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Poznamkovy blok spoustet nemusite jen spustite FRST a kliknete na fix - on si sam naste ten fixlist a provede prikazy z nej

Po restartu nechte PC nabehnout do bezneho rezimu

děkuju a tohle už odstraní virus takže nebude potřeba obnova systému?

Ano, tohle odstrani to nejhorsi, ze se pak dostanete do normalniho rezimu, kde se to docisti...

Obnova nebude treba

Super, běží děkuju! a co ten log z RSIT, mam také udělat? popř. jak?