VIRY.CZ

Zdravim

... Dnes som opet nasiel doma PC zablokovane policajnim virusom....premyslal som ze budem pokracovat v predoslej teme ale to by bolo asi zbytone tak teda:
tento krat neviem spustit ani spravcu uloh takze zatial nemam ani log: hladam na cd hirens boot ze by mi mozno pomohol spravit log no nasiel som tuto na fore navody ktore funguju ten moj napad moze byt zly(na zablokovanom PC pri poslednom lieceni nefungoval RSIT ani po odvireni) .... tak teda radsej pockam na niekoho kto by mi bol ochotny pomoct..

este predom chcem napisat ze bohuzial nebudem moct byt nonstop pri PC takze ak by som neodpovedal odpoviem urcite i ked neskor

Zdravim

Postupujte dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=130781

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 12-06-2013 04
Ran by Hacker (administrator) on 13-06-2013 19:02:11
Running from L:\
Windows 7 Ultimate (X86) OS Language: 041B
Internet Explorer Version 8
Boot Mode: Safe Mode (minimal)

==================== Could not list processes ===============

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice [2029640 2009-05-14] (ESET)
HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\to1t1.dat,XFG00 [177152 2013-06-13] (Microsoft Corporation) <===== ATTENTION
BootExecute: autocheck autochk * OODBS

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.ph ... &ch_id=osd
BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
Tcpip\Parameters: [DhcpNameServer] 62.168.65.19 192.168.0.1

Chrome:
=======
CHR HomePage: hxxp://www.google.com
CHR DefaultSearchURL: (Google) - {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR Extension: (GamePlayLabs Plugin) - C:\Users\Hacker\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocphobfcfafpclibolpjdafgaffkaoci\1.0_0

========================== Services (Whitelisted) =================

S2 AsSysCtrlService; C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [90112 2009-04-02] ()
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [13080 2010-06-17] (Microsoft Corporation)
S3 EhttpSrv; C:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe [20680 2009-05-14] (ESET)
S2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [731840 2009-05-14] (ESET)
S2 O&O Defrag; C:\Program Files\OO Software\Defrag\oodag.exe [1488128 2009-09-12] (O&O Software GmbH)
S2 PnkBstrA; C:\Windows\system32\PnkBstrA.exe [76888 2013-03-06] ()
S2 Winmgmt; C:\PROGRA~2\to1t1.dat [177152 2013-06-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

S1 AsIO; C:\Windows\System32\drivers\AsIO.sys [12400 2007-12-17] ()
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [279712 2010-01-21] ()
S2 cpuz134; C:\Windows\system32\drivers\cpuz134_x32.sys [20328 2010-07-09] (Windows (R) Win 7 DDK provider)
S2 eamon; C:\Windows\System32\DRIVERS\eamon.sys [114472 2009-05-14] (ESET)
S1 ehdrv; C:\Windows\System32\DRIVERS\ehdrv.sys [107256 2009-05-14] (ESET)
S1 EIO; C:\Windows\System32\DRIVERS\EIO.sys [14336 2010-06-12] (ASUSTeK Computer Inc.)
S3 ENTECH; C:\Windows\system32\DRIVERS\ENTECH.sys [21664 2004-10-25] (EnTech Taiwan)
S2 epfw; C:\Windows\System32\DRIVERS\epfw.sys [133000 2009-05-14] (ESET)
S3 Epfwndis; C:\Windows\System32\DRIVERS\Epfwndis.sys [33096 2009-05-14] (ESET)
S2 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [38240 2009-05-14] (ESET)
S3 L1E; C:\Windows\System32\DRIVERS\L1E62x86.sys [47104 2009-07-14] (Atheros Communications, Inc.)
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2010-01-19] ()
R3 MTsensor; C:\Windows\System32\DRIVERS\ASACPI.sys [6504 2009-05-13] ()
S1 prodrv06; C:\Windows\System32\drivers\prodrv06.sys [54368 2004-11-25] (Protection Technology)
S0 prohlp02; C:\Windows\System32\drivers\prohlp02.sys [77248 2004-11-25] (Protection Technology)
S0 prosync1; C:\Windows\System32\drivers\prosync1.sys [7040 2004-07-19] (Protection Technology)
S0 sfhlp01; C:\Windows\System32\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [691696 2010-01-06] (Duplex Secure Ltd.)
R3 whfltr2k; C:\Windows\System32\DRIVERS\whfltr2k.sys [7424 2009-09-17] ()
S3 IntcAzAudAddService; system32\drivers\RTKVHDA.sys [x]

========================== Drivers MD5 =======================

C:\Windows\system32\DRIVERS\1394ohci.sys D01E0B1CEF9EE82100C2BB07294880EF
C:\Windows\System32\DRIVERS\ACPI.sys C69D550C6B3F8F32913E7E5200DE8DD9
C:\Windows\system32\DRIVERS\acpipmi.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adp94xx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpahci.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\adpu320.sys ==> MD5 is legit
C:\Windows\system32\drivers\afd.sys DDC040FDB01EF1712A6B13E52AFB104C
C:\Windows\system32\DRIVERS\agp440.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\djsvs.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\aliide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdk8.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdppm.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\amdsata.sys 2101A86C25C154F8314B24EF49D7FBC2
C:\Windows\system32\DRIVERS\amdsbs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\amdxata.sys B81C2B5616F6420A9941EA093A92B150
C:\Windows\system32\drivers\appid.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\arcsas.sys ==> MD5 is legit
C:\Windows\System32\drivers\AsIO.sys 2B4E66FAC6503494A2C6F32BB6AB3826
C:\Windows\System32\DRIVERS\asyncmac.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\atksgt.sys E46D344412D1ABC60C58E95C73BCDC70
C:\Windows\system32\DRIVERS\bxvbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\b57nd60x.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Beep.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\blbdrive.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bowser.sys FCAFAEF6798D7B51FF029F99A9898961
C:\Windows\system32\DRIVERS\BrFiltLo.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\BrFiltUp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\bridge.sys 77361D72A04F18809D0EFB6CCEB74D4B
C:\Windows\System32\Drivers\Brserid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrSerWdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbMdm.sys ==> MD5 is legit
C:\Windows\System32\Drivers\BrUsbSer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\bthmodem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdfs.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\cdrom.sys BB63132C854BC53D2826F4D4B92C9C35
C:\Windows\system32\DRIVERS\circlass.sys ==> MD5 is legit
C:\Windows\System32\CLFS.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\CmBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\cmdide.sys ==> MD5 is legit
C:\Windows\System32\Drivers\cng.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\compbatt.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\CompositeBus.sys ==> MD5 is legit
C:\Windows\system32\drivers\cpuz134_x32.sys 75FA19142531CBF490770C2988A7DB64
C:\Windows\system32\DRIVERS\crcdisk.sys ==> MD5 is legit
C:\Windows\System32\drivers\csc.sys 89385BE480B225C72E2B8E84D5E00426
C:\Windows\System32\Drivers\dfsc.sys 8E09E52EE2E3CEB199EF3DD99CF9E3FB
C:\Windows\System32\drivers\discache.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\disk.sys ==> MD5 is legit
C:\Windows\System32\drivers\drmkaud.sys ==> MD5 is legit
C:\Windows\System32\drivers\dxgkrnl.sys A61B5A28761211CFA34E4ECFC2B97865
C:\Windows\System32\DRIVERS\eamon.sys E31464CE787E3A0FFEA55BAA591897F0
C:\Windows\system32\DRIVERS\evbdx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ehdrv.sys 2C95A7A87E4272C1FFF9BAF579677DB3
C:\Windows\System32\DRIVERS\EIO.sys 42584EC72495F4DA1704123A20AC1012
C:\Windows\system32\DRIVERS\elxstor.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ENTECH.sys FD9FC82F134B1C91004FFC76A5AE494B
C:\Windows\System32\DRIVERS\epfw.sys C2C9A92B560A775C65B89E78DCB6951A
C:\Windows\System32\DRIVERS\Epfwndis.sys 73FC7C4A5952B5493C6BE2708D1538C0
C:\Windows\System32\DRIVERS\epfwwfp.sys 5211FB96523E6C1AEE19D6FB4D57CE25
C:\Windows\system32\DRIVERS\errdev.sys ==> MD5 is legit
C:\Windows\System32\Drivers\exfat.sys ==> MD5 is legit
C:\Windows\System32\Drivers\fastfat.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fdc.sys ==> MD5 is legit
C:\Windows\System32\drivers\fileinfo.sys ==> MD5 is legit
C:\Windows\System32\drivers\filetrace.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\flpydisk.sys ==> MD5 is legitB
C:\Windows\System32\drivers\fltmgr.sys ==> MD5 is legit
C:\Windows\System32\drivers\FsDepends.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Fs_Rec.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\fvevol.sys 0C0386C5B33812BE2E7188E5E82621DC
C:\Windows\system32\DRIVERS\gagp30kx.sys ==> MD5 is legit
C:\Windows\system32\drivers\hcw85cir.sys ==> MD5 is legit
C:\Windows\System32\drivers\HdAudio.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\HDAudBus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HidBatt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidbth.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\hidir.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\hidusb.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\HpSAMD.sys ==> MD5 is legit
C:\Windows\System32\drivers\HTTP.sys 33ACD5DC50FA8156BA406CAD2D3957BC
C:\Windows\System32\drivers\hwpolicy.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\i8042prt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\iaStorV.sys 0E91F3DA853BEB74A1E63B3621C989F5
C:\Windows\system32\DRIVERS\iirsp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\intelide.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\intelppm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ipfltdrv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\IPMIDrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\ipnat.sys ==> MD5 is legit
C:\Windows\System32\drivers\irenum.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\isapnp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\msiscsi.sys BB1B120FED24D379A9D523EB27F78953
C:\Windows\System32\DRIVERS\kbdclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\kbdhid.sys ==> MD5 is legit
C:\Windows\System32\Drivers\ksecdd.sys 0A495BA8AF0196D4E4D670C93FF2C468
C:\Windows\System32\Drivers\ksecpkg.sys 184F17E0C66C5CCC855793CF602D11EE
C:\Windows\System32\DRIVERS\L1E62x86.sys 8C804B1FFAD1EFA952B747E8285C3B76
C:\Windows\System32\DRIVERS\lirsgt.sys 8CCF9ED46D52AF1375875F74A91FFACF
C:\Windows\System32\DRIVERS\lltdio.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_fc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_sas2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\lsi_scsi.sys ==> MD5 is legit
C:\Windows\system32\drivers\luafv.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\megasas.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MegaSR.sys ==> MD5 is legit
C:\Windows\System32\drivers\modem.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\monitor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouclass.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mouhid.sys ==> MD5 is legit
C:\Windows\System32\drivers\mountmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mpio.sys ==> MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys ==> MD5 is legit
C:\Windows\system32\drivers\mrxdav.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\mrxsmb.sys F1B6AA08497EA86CA6EF6F7A08B0BFB8
C:\Windows\System32\DRIVERS\mrxsmb10.sys 5613358B4050F46F5A9832DA8050D6E4
C:\Windows\System32\DRIVERS\mrxsmb20.sys 25C9792778D80FEB4C8201E62281BFDF
C:\Windows\system32\DRIVERS\msahci.sys B37F0400E4E8FEA871F2081F2301BFB8
C:\Windows\system32\DRIVERS\msdsm.sys C575749358DE482326943BDDF0BEB64B
C:\Windows\System32\Drivers\Msfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\mshidkmdf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\msisadrv.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSKSSRV.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPCLOCK.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSPQM.sys ==> MD5 is legit
C:\Windows\System32\Drivers\MsRPC.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\mssmbios.sys ==> MD5 is legit
C:\Windows\System32\drivers\MSTEE.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\MTConfig.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ASACPI.sys 0F24624106D8042E7F27882D9D6FF5C0
C:\Windows\System32\Drivers\mup.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nwifi.sys ==> MD5 is legit
C:\Windows\System32\drivers\ndis.sys 3CB507AB001DFFACA301CFE177631CCC
C:\Windows\System32\DRIVERS\ndiscap.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndistapi.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\ndisuio.sys BF6D06B889915B252333EE887479C5AC
C:\Windows\System32\DRIVERS\ndiswan.sys ==> MD5 is legit
C:\Windows\System32\Drivers\NDProxy.sys F49FEF57E1828E243679F1E9A0B5F291
C:\Windows\System32\DRIVERS\netbios.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\netbt.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\nfrd960.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Npfs.sys ==> MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys ==> MD5 is legit
C:\Windows\System32\Drivers\Ntfs.sys A67FF9F42E2A25920D5DB3812EE4BF6A
C:\Windows\System32\Drivers\Null.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\nvlddmkm.sys AFB33A823AABC112FC7BD62AFBCDB0CD
C:\Windows\system32\DRIVERS\nvraid.sys 3F3D04B1D08D43C16EA7963954EC768D
C:\Windows\system32\DRIVERS\nvstor.sys C99F251A5DE63C6F129CF71933ACED0F
C:\Windows\system32\DRIVERS\nv_agp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ohci1394.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parport.sys ==> MD5 is legit
C:\Windows\System32\drivers\partmgr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\parvdm.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\pci.sys 5B154C69B2940B91B93D7AC4266810E2
C:\Windows\System32\DRIVERS\pciide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\pcmcia.sys ==> MD5 is legit
C:\Windows\System32\drivers\pcw.sys ==> MD5 is legit
C:\Windows\System32\drivers\peauth.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspptp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\processr.sys ==> MD5 is legit
C:\Windows\System32\drivers\prodrv06.sys 139AF08BD63738EF25B1F61528282F98
C:\Windows\System32\drivers\prohlp02.sys 5F74753CB5CBB4766542960390C371EE
C:\Windows\System32\drivers\prosync1.sys 960BCE3ED38761B446AABAC06C76BADF
C:\Windows\System32\DRIVERS\pacer.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql2300.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\ql40xx.sys ==> MD5 is legit
C:\Windows\system32\drivers\qwavedrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasacd.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\AgileVpn.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rasl2tp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\raspppoe.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rassstp.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\rdbss.sys 3818DD5C0C4923D213F3EF1EA2D49488
C:\Windows\System32\DRIVERS\rdpbus.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\RDPCDD.sys 1E016846895B15A99F9A176A05029075
C:\Windows\System32\drivers\rdpdr.sys C5FF95883FFEF704D50C40D21CFB3AB5
C:\Windows\System32\drivers\rdpencdd.sys ==> MD5 is legit
C:\Windows\System32\drivers\rdprefmp.sys ==> MD5 is legit
C:\Windows\System32\Drivers\RDPWD.sys BC247AAD6A56ABB6B476D9286CE14F51
C:\Windows\System32\drivers\rdyboost.sys 4EA225BF1CF05E158853F30A99CA29A7
C:\Windows\System32\DRIVERS\rspndr.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vms3cap.sys 5423D8437051E89DD34749F242C98648
C:\Windows\system32\DRIVERS\sbp2port.sys 34EE0C44B724E3E4CE2EFF29126DE5B5
C:\Windows\System32\DRIVERS\scfilter.sys A95C54B2AC3CC9C73FCDF9E51A1D6B51
C:\Windows\System32\Drivers\secdrv.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serenum.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\serial.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sermouse.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffdisk.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_mmc.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sffp_sd.sys A0708BBD07D245C06FF9DE549CA47185
C:\Windows\System32\drivers\sfhlp01.sys 462AEE0EA0481EA8BD45CAC876A4CCC4
C:\Windows\system32\DRIVERS\sfloppy.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\SiSRaid2.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\sisraid4.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\smb.sys ==> MD5 is legit
C:\Windows\System32\Drivers\spldr.sys ==> MD5 is legit
C:\Windows\System32\Drivers\sptd.sys CDDDEC541BC3C96F91ECB48759673505
C:\Windows\System32\DRIVERS\srv.sys D3D5D265BE15FD07F1D80BC6EF6C1115
C:\Windows\System32\DRIVERS\srv2.sys 0090B612A300F27B597CBB4AD617EC2E
C:\Windows\System32\DRIVERS\srvnet.sys 522E125A2B4C365E50DA0253811A21AD
C:\Windows\system32\DRIVERS\stexstor.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vmstorfl.sys 957E346CA948668F2496A6CCF6FF82CC
C:\Windows\system32\DRIVERS\storvsc.sys D5751969DC3E4B88BF482AC8EC9FE019
C:\Windows\system32\DRIVERS\swenum.sys ==> MD5 is legit
C:\Windows\System32\drivers\tcpip.sys 5D6A83E928F22AF5AC9868B162FFAD0D
C:\Windows\System32\DRIVERS\tcpip.sys 5D6A83E928F22AF5AC9868B162FFAD0D
C:\Windows\System32\drivers\tcpipreg.sys E64444523ADD154F86567C469BC0B17F
C:\Windows\System32\drivers\tdpipe.sys 1875C1490D99E70E449E3AFAE9FCBADF
C:\Windows\System32\drivers\tdtcp.sys 7551E91EA999EE9A8E9C331D5A9C31F3
C:\Windows\System32\DRIVERS\tdx.sys 3CE2CC0B2B5E5B422DD20A2F0B340299
C:\Windows\system32\DRIVERS\termdd.sys 9A927FC5727F03F50602A260A1D6D7C2
C:\Windows\System32\DRIVERS\tssecsrv.sys 98AE6FA07D12CB4EC5CF4A9BFA5F4242
C:\Windows\System32\DRIVERS\tunnel.sys 3E461D890A97F9D4C168F5FDA36E1D00
C:\Windows\system32\DRIVERS\uagp35.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\udfs.sys 6557D75E8B7D6A06CDC21CD39DBF255C
C:\Windows\system32\DRIVERS\uliagpkx.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\umbus.sys 71BBF3E8078D585ABF27411A8986EB95
C:\Windows\system32\DRIVERS\umpass.sys ==> MD5 is legit
C:\Windows\System32\drivers\usbaudio.sys 2436A42AAB4AD48A9B714E5B0F344627
C:\Windows\System32\DRIVERS\usbccgp.sys 8455C4ED038EFD09E99327F9D2D48FFA
C:\Windows\system32\DRIVERS\usbcir.sys 6EB45C02E2C8A5DBF9A119F76AE9BD95
C:\Windows\system32\DRIVERS\usbehci.sys 553207142A7230952CF279CA3A658FE6
C:\Windows\System32\DRIVERS\usbhub.sys F47D65C0D6ED5B82CBA28904AFA9A24D
C:\Windows\system32\DRIVERS\usbohci.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbprint.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\usbscan.sys 576096CCBC07E7C4EA4F5E6686D6888F
C:\Windows\System32\DRIVERS\USBSTOR.SYS D8889D56E0D27E57ED4591837FE71D27
C:\Windows\system32\DRIVERS\usbuhci.sys ==> MD5 is legit
C:\Windows\System32\Drivers\usbvideo.sys B5F6A992D996282B7FAE7048E50AF83A
C:\Windows\System32\DRIVERS\vdrvroot.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\vgapnp.sys ==> MD5 is legit
C:\Windows\System32\drivers\vga.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vhdmp.sys 3BE6E1F3A4F1AFEC8CEE0D7883F93583
C:\Windows\system32\DRIVERS\viaagp.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viac7.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\viaide.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\vmbus.sys 379B349F65F453D2A6E75EA6B7448E49
C:\Windows\system32\DRIVERS\VMBusHID.sys EC2BBAB4B84D0738C6C83D2234DC36FE
C:\Windows\System32\DRIVERS\volmgr.sys 2C78240E17CE3599446F978B9580D31E
C:\Windows\System32\drivers\volmgrx.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\volsnap.sys C4DD492711FD18E888756DEA48FC61D5
C:\Windows\system32\DRIVERS\vsmraid.sys ==> MD5 is legit
C:\Windows\System32\drivers\vwifibus.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wacompen.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wanarp.sys DB3B1965C2FB1476D95E413C3B7CACBB
C:\Windows\System32\DRIVERS\wanarp.sys DB3B1965C2FB1476D95E413C3B7CACBB
C:\Windows\system32\DRIVERS\wd.sys ==> MD5 is legit
C:\Windows\System32\drivers\Wdf01000.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\wfplwf.sys ==> MD5 is legit
C:\Windows\System32\DRIVERS\whfltr2k.sys B4E9B84C2EFF6E2F28403A8E44926EB5
C:\Windows\System32\drivers\wimmount.sys ==> MD5 is legit
C:\Windows\system32\DRIVERS\wmiacpi.sys ==> MD5 is legit
C:\Windows\system32\drivers\ws2ifsl.sys ==> MD5 is legit
C:\Windows\System32\drivers\WudfPf.sys A52494B107AFC92DDCA21F0B64F83376
C:\Windows\System32\DRIVERS\WUDFRd.sys 90A541C607DA0025AE75F0F3673945FE

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-06-13 19:01 - 2013-06-13 19:01 - 00000000 ____D C:\FRST
2013-06-13 14:36 - 2013-06-13 14:36 - 00002644 ____A C:\ProgramData\1t1ot.js
2013-06-13 14:33 - 2013-06-13 18:38 - 95023320 ___AT C:\ProgramData\1t1ot.pad
2013-06-13 14:33 - 2013-06-13 18:38 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-13 14:33 - 2013-06-13 14:33 - 00177152 ____N (Microsoft Corporation) C:\ProgramData\to1t1.dat
2013-06-13 14:33 - 2013-06-13 14:33 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-12 21:09 - 2013-06-12 22:28 - 623112644 ____A C:\Users\Hacker\Desktop\Stokerovi_Stoker.2013.480p.BRRip.XviD.AC3.rar
2013-06-12 12:36 - 2013-06-12 12:45 - 92431884 ____A C:\Users\Hacker\Desktop\22x20-strihoruky-homer-(480x320).mp4
2013-06-10 19:20 - 2013-06-09 13:28 - 00000000 ____D C:\Users\Hacker\Desktop\TCL - 321_ 26.5
2013-06-10 17:22 - 2013-06-10 17:48 - 257177488 ____A C:\Users\Hacker\Desktop\TCL---321_-26.5.rar
2013-06-10 11:38 - 2013-05-19 13:06 - 00000000 ____D C:\Users\Hacker\Desktop\Torula - Z kanála hore (2013)
2013-06-07 21:03 - 2013-06-07 21:27 - 148206635 ____A C:\Users\Hacker\Desktop\Torula - Z kanála hore (2013).zip
2013-06-07 14:24 - 2013-06-07 15:12 - 341730879 ____A C:\Users\Hacker\Desktop\The.Simpsons.S24E22.720p.HDTV.X264-DIMENSION.avi
2013-06-07 13:22 - 2013-06-07 13:25 - 25780720 ____A (Microsoft Corporation) C:\Users\Hacker\Desktop\wordview_sk-sk.exe
2013-06-02 19:16 - 2013-05-12 15:21 - 736051200 ____A C:\Users\Hacker\Desktop\Zkurvena noc.avi
2013-06-02 11:34 - 2013-06-02 15:41 - 1261122230 ____A C:\Users\Hacker\Desktop\2ZasazenBleskem.avi
2013-06-01 15:23 - 2013-06-01 23:18 - 2045526016 ____A C:\Users\Hacker\Desktop\sllplb.avi
2013-05-31 20:49 - 2013-05-31 23:10 - 736051288 ____A C:\Users\Hacker\Desktop\z___urvena-přes-MultiLoad.cz.rar
2013-05-31 17:05 - 2013-05-31 20:50 - 152355068 ____A C:\Users\Hacker\Desktop\trplsk.part1.rar
2013-05-31 15:01 - 2013-05-31 17:19 - 803444869 ____A C:\Users\Hacker\Desktop\The-Simpsons-24-22-Dangers-on-a-Train-HD-1080p.avi
2013-05-30 11:23 - 2013-06-13 18:38 - 00001176 ____A C:\Windows\setupact.log
2013-05-30 11:23 - 2013-05-30 11:23 - 00000000 ____A C:\Windows\setuperr.log
2013-05-26 17:13 - 2013-05-26 19:17 - 823608633 ____A C:\Users\Hacker\Documents\The-Simpsons-24-19-Whiskey-Business-HD-1080p.avi
2013-05-19 20:09 - 2013-05-19 20:09 - 00000000 ____A C:\Users\Hacker\Desktop\Nový textový dokument (2).txt
2013-05-19 11:24 - 2013-05-19 12:21 - 00000000 ____D C:\Users\Hacker\Desktop\mmm

==================== One Month Modified Files and Folders ========

2013-06-13 19:01 - 2013-06-13 19:01 - 00000000 ____D C:\FRST
2013-06-13 18:41 - 2010-01-12 11:36 - 02004793 ____A C:\Windows\System32\oodbs.lor
2013-06-13 18:38 - 2013-06-13 14:33 - 95023320 ___AT C:\ProgramData\1t1ot.pad
2013-06-13 18:38 - 2013-06-13 14:33 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-13 18:38 - 2013-05-30 11:23 - 00001176 ____A C:\Windows\setupact.log
2013-06-13 18:38 - 2009-12-25 14:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-13 18:38 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-13 14:36 - 2013-06-13 14:36 - 00002644 ____A C:\ProgramData\1t1ot.js
2013-06-13 14:33 - 2013-06-13 14:33 - 00177152 ____N (Microsoft Corporation) C:\ProgramData\to1t1.dat
2013-06-13 14:33 - 2013-06-13 14:33 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe
2013-06-13 12:26 - 2011-07-18 19:00 - 01748091 ____A C:\Windows\WindowsUpdate.log
2013-06-13 11:30 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-13 11:30 - 2009-07-14 06:34 - 00014016 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-13 11:28 - 2009-12-25 14:23 - 00717892 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-12 23:30 - 2009-12-25 15:03 - 00000000 ____D C:\Users\Hacker\AppData\Roaming\ICQ
2013-06-12 22:28 - 2013-06-12 21:09 - 623112644 ____A C:\Users\Hacker\Desktop\Stokerovi_Stoker.2013.480p.BRRip.XviD.AC3.rar
2013-06-12 12:45 - 2013-06-12 12:36 - 92431884 ____A C:\Users\Hacker\Desktop\22x20-strihoruky-homer-(480x320).mp4
2013-06-10 17:48 - 2013-06-10 17:22 - 257177488 ____A C:\Users\Hacker\Desktop\TCL---321_-26.5.rar
2013-06-09 13:28 - 2013-06-10 19:20 - 00000000 ____D C:\Users\Hacker\Desktop\TCL - 321_ 26.5
2013-06-07 21:27 - 2013-06-07 21:03 - 148206635 ____A C:\Users\Hacker\Desktop\Torula - Z kanála hore (2013).zip
2013-06-07 15:12 - 2013-06-07 14:24 - 341730879 ____A C:\Users\Hacker\Desktop\The.Simpsons.S24E22.720p.HDTV.X264-DIMENSION.avi
2013-06-07 13:25 - 2013-06-07 13:22 - 25780720 ____A (Microsoft Corporation) C:\Users\Hacker\Desktop\wordview_sk-sk.exe
2013-06-04 23:14 - 2010-05-24 15:41 - 00000000 ____D C:\Users\Hacker\AppData\Roaming\Skype
2013-06-04 22:59 - 2010-05-24 15:43 - 00000000 ____D C:\Users\Hacker\AppData\Roaming\skypePM
2013-06-02 15:41 - 2013-06-02 11:34 - 1261122230 ____A C:\Users\Hacker\Desktop\2ZasazenBleskem.avi
2013-06-01 23:18 - 2013-06-01 15:23 - 2045526016 ____A C:\Users\Hacker\Desktop\sllplb.avi
2013-05-31 23:10 - 2013-05-31 20:49 - 736051288 ____A C:\Users\Hacker\Desktop\z___urvena-přes-MultiLoad.cz.rar
2013-05-31 20:50 - 2013-05-31 17:05 - 152355068 ____A C:\Users\Hacker\Desktop\trplsk.part1.rar
2013-05-31 17:19 - 2013-05-31 15:01 - 803444869 ____A C:\Users\Hacker\Desktop\The-Simpsons-24-22-Dangers-on-a-Train-HD-1080p.avi
2013-05-30 11:23 - 2013-05-30 11:23 - 00000000 ____A C:\Windows\setuperr.log
2013-05-26 19:17 - 2013-05-26 17:13 - 823608633 ____A C:\Users\Hacker\Documents\The-Simpsons-24-19-Whiskey-Business-HD-1080p.avi
2013-05-25 11:38 - 2009-12-25 16:47 - 00000000 ____D C:\Users\Hacker\AppData\Roaming\Media Player Classic
2013-05-19 20:09 - 2013-05-19 20:09 - 00000000 ____A C:\Users\Hacker\Desktop\Nový textový dokument (2).txt
2013-05-19 13:06 - 2013-06-10 11:38 - 00000000 ____D C:\Users\Hacker\Desktop\Torula - Z kanála hore (2013)
2013-05-19 12:21 - 2013-05-19 11:24 - 00000000 ____D C:\Users\Hacker\Desktop\mmm

Files to move or delete:
====================
C:\ProgramData\rundll32.exe
C:\ProgramData\1t1ot.pad
C:\ProgramData\to1t1.dat

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe
[2010-06-17 14:32] - [2010-06-17 14:32] - 2614784 ____A (Microsoft Corporation) 016D7144F3B717A0850DACC75F08DD3D

C:\Windows\System32\winlogon.exe
[2010-06-17 13:36] - [2010-06-17 13:36] - 0285696 ____A (Microsoft Corporation) 1C4707299926AF0E555C2DC98E411B59

C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll
[2010-06-17 14:19] - [2010-06-17 14:19] - 0811520 ____A (Microsoft Corporation) A59E558BEA7D9607E86E8BDE68E2488F

C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys
[2010-06-17 13:24] - [2010-06-17 13:24] - 0245128 ____A (Microsoft Corporation) C4DD492711FD18E888756DEA48FC61D5

==================== BCD ================================

Windows Boot Manager
--------------------
identifier {bootmgr}
device partition=C:
description Windows Boot Manager
locale sk-SK
inherit {globalsettings}
default {current}
resumeobject {4fd132a4-f147-11de-95e8-ae01671e4370}
displayorder {current}
toolsdisplayorder {memdiag}
timeout 30

Windows Boot Loader
-------------------
identifier {current}
device partition=C:
path \Windows\system32\winload.exe
description Windows 7
locale sk-SK
inherit {bootloadersettings}
recoverysequence {4fd132a6-f147-11de-95e8-ae01671e4370}
recoveryenabled Yes
osdevice partition=C:
systemroot \Windows
resumeobject {4fd132a4-f147-11de-95e8-ae01671e4370}
nx OptIn
safebootalternateshell No

Windows Boot Loader
-------------------
identifier {4fd132a6-f147-11de-95e8-ae01671e4370}
device ramdisk=[C:]\Recovery\4fd132a6-f147-11de-95e8-ae01671e4370\Winre.wim,{4fd132a7-f147-11de-95e8-ae01671e4370}
path \windows\system32\winload.exe
description Windows Recovery Environment
inherit {bootloadersettings}
osdevice ramdisk=[C:]\Recovery\4fd132a6-f147-11de-95e8-ae01671e4370\Winre.wim,{4fd132a7-f147-11de-95e8-ae01671e4370}
systemroot \windows
nx OptIn
winpe Yes

Resume from Hibernate
---------------------
identifier {4fd132a4-f147-11de-95e8-ae01671e4370}
device partition=C:
path \Windows\system32\winresume.exe
description Windows Resume Application
locale sk-SK
inherit {resumeloadersettings}
filedevice partition=C:
filepath \hiberfil.sys
pae Yes
debugoptionenabled No

Windows Memory Tester
---------------------
identifier {memdiag}
device partition=C:
path \boot\memtest.exe
description Windows Memory Diagnostic
locale sk-SK
inherit {globalsettings}
badmemoryaccess Yes

EMS Settings
------------
identifier {emssettings}
bootems Yes

Debugger Settings
-----------------
identifier {dbgsettings}
debugtype Serial
debugport 1
baudrate 115200

RAM Defects
-----------
identifier {badmemory}

Global Settings
---------------
identifier {globalsettings}
inherit {dbgsettings}
{emssettings}
{badmemory}

Boot Loader Settings
--------------------
identifier {bootloadersettings}
inherit {globalsettings}
{hypervisorsettings}

Hypervisor Settings
-------------------
identifier {hypervisorsettings}
hypervisordebugtype Serial
hypervisordebugport 1
hypervisorbaudrate 115200

Resume Loader Settings
----------------------
identifier {resumeloadersettings}
inherit {globalsettings}

Device options
--------------
identifier {4fd132a7-f147-11de-95e8-ae01671e4370}
description Ramdisk Options
ramdisksdidevice partition=C:
ramdisksdipath \Recovery\4fd132a6-f147-11de-95e8-ae01671e4370\boot.sdi

LastRegBack: 2013-06-13 11:41

==================== End Of Log ============================

Tvorba fixlistu pro FRST

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

HKCU\...\Run: [ctfmon32.exe] C:\PROGRA~2\rundll32.exe C:\PROGRA~2\to1t1.dat,XFG00 [177152 2013-06-13] (Microsoft Corporation) <===== ATTENTION
HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
SearchScopes: HKCU - {6552C7DD-90A4-4387-B795-F8F96747DE19} URL = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
S2 Winmgmt; C:\PROGRA~2\to1t1.dat [177152 2013-06-13] (Microsoft Corporation)
C:\ProgramData\rundll32.exe
C:\ProgramData\1t1ot.pad
C:\ProgramData\to1t1.dat
2013-06-13 18:41 - 2010-01-12 11:36 - 02004793 ____A C:\Windows\System32\oodbs.lor
2013-06-13 18:38 - 2013-06-13 14:33 - 95023320 ___AT C:\ProgramData\1t1ot.pad
2013-06-13 18:38 - 2013-06-13 14:33 - 00000000 ____A C:\ProgramData\kjhy64.txt
2013-06-13 18:38 - 2013-05-30 11:23 - 00001176 ____A C:\Windows\setupact.log
2013-06-13 18:38 - 2009-12-25 14:24 - 00000000 ____D C:\ProgramData\NVIDIA
2013-06-13 18:38 - 2009-07-14 06:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-13 14:36 - 2013-06-13 14:36 - 00002644 ____A C:\ProgramData\1t1ot.js
2013-06-13 14:33 - 2013-06-13 14:33 - 00177152 ____N (Microsoft Corporation) C:\ProgramData\to1t1.dat
2013-06-13 14:33 - 2013-06-13 14:33 - 00044544 ____A (Microsoft Corporation) C:\ProgramData\rundll32.exe

Ulozte vytvoreny TXT jako fixlist.txt
Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST.exe na tom poskozenem PC

Kliknete na Fix
Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

Dobry den...ked som restartoval PC do normal rezimu tak sa nezaplo videl som len ciernu plochu, listu a kolecko nacitavania.... ked som restartoval znova tak sa zapol ... ako budeme pokracovat?... prepacte ze odpisujem az dnes

zase musim odist do mesta pridem okolo 17:30..dik

edit
este info:skusal som restartovat viac krat spustanie je podivne a velmi dlho nacitava plochu.

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 12-06-2013 04
Ran by Hacker at 2013-06-14 12:18:38 Run:2
Running from L:\
Boot Mode: Safe Mode (minimal)

==============================================

HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon32.exe => Value not found.
HKCU\Software\Microsoft\Internet Explorer\Main\\Search Page => Value not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
HKCR\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19} => Key not found.
Winmgmt => Service restored successfully.
C:\ProgramData\rundll32.exe => File/Directory not found.
C:\ProgramData\1t1ot.pad => Moved successfully.
C:\ProgramData\to1t1.dat => Moved successfully.
C:\Windows\System32\oodbs.lor => Moved successfully.
C:\ProgramData\1t1ot.pad => File/Directory not found.
C:\ProgramData\kjhy64.txt => Moved successfully.
C:\Windows\setupact.log => Moved successfully.
C:\ProgramData\NVIDIA => Moved successfully.
C:\Windows\Tasks\SA.DAT => Moved successfully.
C:\ProgramData\1t1ot.js => Moved successfully.
C:\ProgramData\to1t1.dat => File/Directory not found.
C:\ProgramData\rundll32.exe => File/Directory not found.

==== End of Fixlog ====

Ono tam toho bude vice...

Dejte nyni log z RSIT nebo DDS http://forum.viry.cz/viewforum.php?f=24

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 8.0.7600.16385
Run by Hacker at 22:30:50 on 2013-06-14
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1431 [GMT 2:00]
.
AV: ESET Smart Security 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET Smart Security 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: ESET personal firewall *Enabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\OO Software\Defrag\oodag.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\ASUS\EPU-6 Engine\SixEngine.exe
C:\Windows\system32\PnkBstrA.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\WUDFHost.exe
\\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\Windows\system32\conhost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Reader Link Helper: {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelper.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre6\bin\jp2ssv.dll
mRun: [egui] "c:\program files\eset\eset smart security\egui.exe" /hide /waitservice
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableSecureUIAPaths = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~2\office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\micros~2\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\icq7.5\ICQ.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 62.168.65.19 192.168.0.1
TCP: Interfaces\{176C225A-A76F-4264-8E3B-D96ED8D87C65} : DHCPNameServer = 62.168.65.19 192.168.0.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\asus\assysctrlservice\1.00.02\AsSysCtrlService.exe [2009-12-26 90112]
R2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-10-28 20328]
R2 ekrn;ESET Service;c:\program files\eset\eset smart security\ekrn.exe [2009-5-14 731840]
R2 epfwwfp;epfwwfp;c:\windows\system32\drivers\epfwwfp.sys [2009-5-14 38240]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\nvidia corporation\3d vision\nvSCPAPISvr.exe [2012-5-15 382272]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\drivers\whfltr2k.sys [2010-11-8 7424]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-14 229888]
S3 c2wts;Claims to Windows Token Service;c:\program files\windows identity foundation\v3.5\c2wtshost.exe [2010-6-17 13080]
.
=============== Created Last 30 ================
.
2013-06-13 17:01:12 -------- d-----w- C:\FRST
.
==================== Find3M ====================
.
2013-04-27 10:38:02 201728 ----a-w- C:\OTC.exe
2013-04-26 18:31:38 188416 ----a-w- C:\T-Cleaner.exe
2013-04-25 13:53:30 6216360 ----a-w- C:\PCHunter32.exe
2013-04-25 12:49:20 781909 ----a-w- C:\RSIT.exe
2013-04-10 11:49:30 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-10 11:49:18 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-10 11:49:18 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-04 12:50:32 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-31 10:55:05 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
============= FINISH: 22:31:17,07 ===============

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 06/15/2013 11:19:19 AM in x86 mode.
Windows Version: Windows 7 Ultimate

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\exefile\shell\open\command\\IsolatedCommand was changed. It was reset to "%1" %*!

* HKLM\Software\Classes\exefile\shell\runas\command\\IsolatedCommand was changed. It was reset to "%1" %*!

Performing miscellaneous checks:

* Windows Firewall Disabled

[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000

Checking Windows Service Integrity:

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 06/15/2013 11:19:58 AM
Execution time: 0 hours(s), 0 minute(s), and 39 seconds(s)

ComboFix 13-06-13.01 - Hacker . 06. 2013 11:23:26.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2047.1408 [GMT 2:00]
Running from: c:\users\Hacker\Desktop\ComboFix.exe
AV: ESET Smart Security 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
FW: ESET personal firewall *Disabled* {F3340042-195E-BB41-42D1-CDB495BB46DE}
SP: ESET Smart Security 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\desktop.ini
c:\windows\system32\frapsvid.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-05-15 to 2013-06-15 )))))))))))))))))))))))))))))))
.
.
2013-06-14 20:27 . 2013-06-14 20:27 -------- d-----w- C:\rsit
2013-06-14 10:19 . 2013-06-15 09:17 -------- d-----w- c:\programdata\NVIDIA
2013-06-13 17:01 . 2013-06-13 17:01 -------- d-----w- C:\FRST
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-27 10:38 . 2013-04-27 10:38 201728 ----a-w- C:\OTC.exe
2013-04-26 18:31 . 2013-04-26 18:31 188416 ----a-w- C:\T-Cleaner.exe
2013-04-25 13:53 . 2013-04-25 14:56 6216360 ----a-w- C:\PCHunter32.exe
2013-04-25 12:49 . 2013-04-25 13:51 781909 ----a-w- C:\RSIT.exe
2013-04-10 11:49 . 2013-03-06 19:26 138032 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2013-04-10 11:49 . 2013-03-06 19:26 281688 ----a-w- c:\windows\system32\PnkBstrB.exe
2013-04-10 11:49 . 2013-03-06 19:26 281688 ----a-w- c:\windows\system32\PnkBstrB.xtr
2013-04-04 12:50 . 2011-07-18 14:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-31 10:55 . 2013-03-06 19:26 281688 ----a-w- c:\windows\system32\PnkBstrB.ex0
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2009-05-14 2029640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OfficeSyncProcess]
2010-03-16 01:58 718208 ----a-w- c:\program files\Microsoft Office\Office14\MSOSYNC.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2009-09-11 23:34 2524416 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-06-17 11:56 1173504 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WheelMouse]
2010-05-26 19:47 147456 ----a-w- c:\advanc~1\wh_exec.exe
.
R2 AsSysCtrlService;ASUS System Control Service;c:\program files\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe [2009-04-02 90112]
R3 c2wts;Claims to Windows Token Service;c:\program files\Windows Identity Foundation\v3.5\c2wtshost.exe [2010-06-17 13080]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-01-06 691696]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-05-14 107256]
S2 cpuz134;cpuz134;c:\windows\system32\drivers\cpuz134_x32.sys [2010-07-09 20328]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2009-05-14 731840]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-05-14 38240]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-05-15 382272]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-17 7424]
.
.
.
------- Supplementary Scan -------
.
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 62.168.65.19 192.168.0.1
.
.
Completion time: 2013-06-15 11:29:49
ComboFix-quarantined-files.txt 2013-06-15 09:29
.
Pre-Run: 231 706 624 bytes free
Post-Run: 276 180 992 bytes free
.
- - End Of File - - A964F82C73AA23C5801695D8637855F7
A36C5E4F47E84449FF07ED3517B43A31

Jak se chova PC

zdravim...sprava sa normalne...

mozno ten start mi prisiel trosku spomaleny ale to asi len preto ze sa nad tym teraz viac zamyslam.

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel èistiè

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

ok docistene

tak teda Vdaka za pomoc

mozte lock

VIRY.CZ

Policajný vírus

Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus

Re: Policajný vírus