Vše co stáhnu jsou viry...

Zpráva

R3vo · #1 Příspěvek od **R3vo** » 15 srp 2013 22:48

Ahoj! Mám takový, moc špatný problém a nevím, jak z něho vybruslit. :) Vše co chci stáhnout(.exe soubory) je mi ohlášeno na mých třech prohlížečích(Chrome, Firefox, Explorer)jako vir. Pls poradíte jak z toho ven??? Navíc teda to, že s Chromem se nedostanu na web Google.
P.S. OS Win7
P.S.S. Předem díky za odpověď

#2 Příspěvek od **vyosek** » 16 srp 2013 06:23

Zdravim

Restart PC, mackat F8, zvolit Stav nouze s praci v siti

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784

R3vo · #3 Příspěvek od **R3vo** » 16 srp 2013 08:38

Problém je v tom, že cokoliv co chci stáhnout se jeví jako vir.(U Chromu napíše: Problém při zjišťování virů). Ale nějak to zkusím, třeba přes mobil.
/Tak. V nabídce nebylo Stav nouze s prací v síti. Bylo tam něco jako nouzový režim se síti(tak jsem spustil). Nicméně exeHelper jsem spustil, vytvořil se exehelperlog, který jsem uložil na plochu a spustil jsem RSIT a nahlásilo to: AutoIt Error Line -1: Error : Variable used without being declared
P.S. Win7 32-bit

#4 Příspěvek od **vyosek** » 16 srp 2013 10:48

Opet pracujte v tom Nouzovem rezimu se siti

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

Poprosim o spusteni nasledujiciho

Aplikace ke stažení:

Po stažení FRSTLauncher spustte, objevi se mozna varovani od antiviru, ignorujte a nechte FRSTL spustit

Následně dojde ke stažení FRST a inicializaci

Po spuštění FRST odsouhlasíme licenční podmínky kliknutím na Ano.
Dooznačíme položku Addition.txt - viz obrázek.
Klikneme na tlačítko Scan čímž spustíme skenování.
Počkáme na dokončení skenování FRST a vytvoření doplňkových informací naší nástavbou.
Otevře se nám textový soubor FRST.txt, což je požadovaný log a jehož obsah vložíme do svého tématu na fóru.
Po uzavření logu se FRSTLauncher.exe ukončí a na ploše nám zbyde utilta FRST a dva logy FRST.txt a Addition.txt - nic z toho zatím nemažeme.

R3vo · #5 Příspěvek od **R3vo** » 23 srp 2013 14:41

Takže tady to je:
RKill:
Rkill 2.6.1 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 08/23/2013 03:19:41 PM in x86 mode. (Safe Mode)
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* Windows Defender Disabled

[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001

* ALERT: ZEROACCESS rootkit symptoms found!

* C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ \ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ \...\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ \...\ﯹ๛\ [ZA Dir]
* C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ \...\ﯹ๛\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ [ZA Dir]
* C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ [ZA Dir]
* C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\❤≸⋙\ [ZA Dir]
* C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\❤≸⋙\Ⱒ☠⍨\ [ZA Dir]
* C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\ [ZA Dir]
* C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\❤≸⋙\Ⱒ☠⍨\ﯹ๛\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ [ZA Dir]
* C:\Windows\assembly\GAC\Desktop.ini [ZA File]

FRST:
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 23-08-2013
Ran by Jaroslav (administrator) on 23-08-2013 15:20:52
Running from C:\Users\Jaroslav\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 10
Boot Mode: Safe Mode (with Networking)

==================== Processes (Whitelisted) ===================

(Bleeping Computer, LLC) C:\Users\Jaroslav\Desktop\rkill.com

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [NvSvc] - C:\Windows\system32\nvsvc.dll [90191 2006-10-09] (NVIDIA Corporation)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [7741440 2006-10-09] (NVIDIA Corporation)
HKLM\...\Run: [NvMediaCenter] - C:\Windows\system32\NvMcTray.dll [81920 2006-10-09] (NVIDIA Corporation)
HKLM\...\Run: [AVG_UI] - C:\Program Files\AVG\AVG2013\avgui.exe [4408368 2013-04-29] (AVG Technologies CZ, s.r.o.)
HKLM\...\Run: [TV Card Remote Control Device Monitor] - C:\Windows\878RMTMon.exe [450560 2007-09-14] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [SunJavaUpdateSched] - C:\Program Files\Common Files\Java\Java Update\jusched.exe [253816 2013-03-12] (Oracle Corporation)
HKLM\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe [1016320 2013-08-09] (NoVirusThanks Company Srl) <===== ATTENTION
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Google Update*] - [x] <===== ATTENTION (ZeroAccess rootkit hidden path)
HKCU\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe [1016320 2013-08-09] (NoVirusThanks Company Srl) <===== ATTENTION
HKCU\...\CurrentVersion\Windows: [Load] c:\users\jaroslav\dxlrsn.exe <===== ATTENTION
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [x]
HKU\Lenka\...\Run: [Google Update] - [x]
HKU\Lenka\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Lenka\AppData\Local\Temp\csrss.exe [ 2013-08-12] (NoVirusThanks Company Srl) <===== ATTENTION
HKU\Lenka\...\CurrentVersion\Windows: [Load] c:\users\lenka\dxwiiz.exe <===== ATTENTION
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\PixelView Schedule Agent.lnk
ShortcutTarget: PixelView Schedule Agent.lnk -> C:\Program Files\PixelView\ADTVScheduleAgent.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\TP-LINK Wireless Configuration Utility.lnk
ShortcutTarget: TP-LINK Wireless Configuration Utility.lnk -> C:\Program Files\TP-LINK\TP-LINK Wireless Configuration Utility\TWCU.exe ()

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 2&tsp=4969
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 2&tsp=4969
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKCU -No Name - {D4027C7F-154A-4066-A1AD-4243D8127440} - No File
Winsock: Catalog5 01 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\system32\NLAapi.dll"
Winsock: Catalog5 05 mswsock.dll File Not found (Microsoft Corporation) ATTENTION: The LibraryPath should be "%SystemRoot%\System32\mswsock.dll"
Winsock: Catalog9 01 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 02 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 03 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 04 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 05 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 06 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 07 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 08 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 09 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 10 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 11 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 12 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 13 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 14 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 15 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 16 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 17 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 18 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 19 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 20 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 21 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 22 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 23 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 24 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 25 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 26 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 27 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 28 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 29 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 30 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 31 mswsock.dll File Not found (Microsoft Corporation)
Winsock: Catalog9 32 mswsock.dll File Not found (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138 192.168.0.1

FireFox:
========
FF ProfilePath: C:\Users\Jaroslav\AppData\Roaming\Mozilla\Firefox\Profiles\ue9o6sz9.default
FF user.js: detected! => C:\Users\Jaroslav\AppData\Roaming\Mozilla\Firefox\Profiles\ue9o6sz9.default\user.js
FF NewTab: hxxp://www1.delta-search.com/?babsrc=NT_ss&mntrId=AC67A6F3C120B434&affID=120672&tsp=4969
FF Homepage: hxxp://www1.delta-search.com/?babsrc=HP_ss&mntrId=AC67A6F3C120B434&affID=120672&tsp=4969
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF Plugin: @java.com/DTPlugin,version=10.25.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @tools.google.com/Google Update;version=3 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 - C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Jaroslav\AppData\Roaming\Mozilla\Firefox\Profiles\ue9o6sz9.default\searchplugins\babylon.xml
FF Extension: Default - C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

Chrome:
=======
CHR HomePage: hxxp://www.google.cz/
CHR RestoreOnStartup: "hxxp://www.google.com"
CHR DefaultSearchURL: (Google) - {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR DefaultSuggestURL: (Google) - {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}
CHR Plugin: (Shockwave Flash) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\PepperFlash\pepflashplayer.dll ()
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll ()
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll ()
CHR Plugin: (Google Update) - C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll No File
CHR Plugin: (Java(TM) Platform SE 7 U17) - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
CHR Plugin: (Shockwave Flash) - C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll No File
CHR Plugin: (Java Deployment Toolkit 7.0.170.2) - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
CHR Extension: (Google Docs) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0
CHR Extension: (Google Drive) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0
CHR Extension: (YouTube) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0
CHR Extension: (Google Search) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0
CHR Extension: (Dark Vibe) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkckeanhmkjaechlhllmapjaaglgpcbj\1.1_0
CHR Extension: (Gmail) - C:\Users\Jaroslav\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0

========================== Services (Whitelisted) =================

S2 avgfws; C:\Program Files\AVG\AVG2013\avgfws.exe [1428472 2013-04-10] (AVG Technologies CZ, s.r.o.)
S2 AVGIDSAgent; C:\Program Files\AVG\AVG2013\avgidsagent.exe [4937264 2013-05-14] (AVG Technologies CZ, s.r.o.)
S2 avgwd; C:\Program Files\AVG\AVG2013\avgwdsvc.exe [283136 2013-04-18] (AVG Technologies CZ, s.r.o.)
S2 NAUpdate; C:\Program Files\Nero\Update\NASvc.exe [503080 2010-05-04] (Nero AG)
S3 npggsvc; C:\Windows\system32\GameMon.des [4230040 2013-04-15] (INCA Internet Co., Ltd.)
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ \...\???\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\GoogleUpdate.exe" < <==== ATTENTION (ZeroAccess)

==================== Drivers (Whitelisted) ====================

S2 878TVCard; C:\Windows\System32\drivers\Bt878.sys [214628 2007-06-08] (Conexant Systems, Inc.)
S2 878TVTuner; C:\Windows\System32\drivers\BtTuner.sys [11520 2006-10-04] (Conexant Systems, Inc.)
S2 878Xbar; C:\Windows\System32\drivers\BtXbar.sys [8704 2006-05-21] (Conexant Systems, Inc.)
R3 athur; C:\Windows\System32\DRIVERS\athur.sys [1559552 2010-12-03] (Atheros Communications, Inc.)
R1 Avgfwfd; C:\Windows\System32\DRIVERS\avgfwd6x.sys [50296 2012-09-04] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdriverx.sys [208184 2013-03-29] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHX; C:\Windows\System32\DRIVERS\avgidshx.sys [60216 2013-02-08] (AVG Technologies CZ, s.r.o.)
S1 AVGIDSShim; C:\Windows\System32\DRIVERS\avgidsshimx.sys [22328 2013-03-01] (AVG Technologies CZ, s.r.o.)
S1 Avgldx86; C:\Windows\System32\DRIVERS\avgldx86.sys [170808 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avglogx; C:\Windows\System32\DRIVERS\avglogx.sys [245048 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx86; C:\Windows\System32\DRIVERS\avgmfx86.sys [96568 2013-02-08] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx86; C:\Windows\System32\DRIVERS\avgrkx86.sys [39224 2013-02-08] (AVG Technologies CZ, s.r.o.)
R1 Avgtdix; C:\Windows\System32\DRIVERS\avgtdix.sys [182072 2013-03-21] (AVG Technologies CZ, s.r.o.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R3 FETNDIS; C:\Windows\System32\DRIVERS\fetnd6.sys [44032 2009-07-14] (VIA Technologies, Inc. )
S3 SrvHsfPCI; C:\Windows\System32\DRIVERS\VSTBS23.SYS [266752 2009-07-14] (Conexant Systems, Inc.)
S3 VIAudio; C:\Windows\System32\drivers\ac97via.sys [68096 2008-01-19] (VIA Technologies, Inc.)

==================== NetSvcs (Whitelisted) ===================

==================== One Month Created Files and Folders ========

2013-08-23 15:20 - 2013-08-23 15:20 - 00000000 ____D C:\FRST
2013-08-23 15:20 - 2013-08-23 06:49 - 01070315 _____ (Farbar) C:\Users\Jaroslav\Desktop\FRST.exe
2013-08-23 15:19 - 2013-08-23 15:21 - 00004280 _____ C:\Users\Jaroslav\Desktop\Rkill.txt
2013-08-23 15:03 - 2013-08-23 15:03 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Jaroslav\Desktop\rkill.com
2013-08-16 10:09 - 2013-08-16 10:15 - 00000000 ____D C:\Program Files\trend micro
2013-08-16 10:09 - 2013-08-16 10:09 - 00000000 ____D C:\rsit
2013-08-15 23:21 - 2013-08-15 23:21 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-09 19:20 - 2013-08-09 19:26 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\systweak
2013-08-09 19:20 - 2012-01-20 14:14 - 00017280 _____ (Systweak Inc., (http://www.systweak.com)) C:\Windows\system32\roboot.exe
2013-08-09 19:19 - 2013-08-15 23:21 - 00000000 ____D C:\Users\Jaroslav\AppData\Local\Sony
2013-08-09 19:17 - 2013-08-09 19:21 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Sony
2013-08-09 19:17 - 2013-08-09 19:17 - 00000000 ____D C:\ProgramData\Babylon
2013-08-08 18:33 - 2013-08-15 23:25 - 00000000 ____D C:\Users\Jaroslav\Desktop\HTML
2013-08-08 17:27 - 2013-08-08 17:34 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\PSpad
2013-08-08 17:25 - 2013-08-08 17:25 - 00000000 ____D C:\Program Files\PSPad editor
2013-08-08 17:24 - 2013-08-08 17:24 - 04014560 _____ (Jan Fiala ) C:\Users\Jaroslav\Downloads\pspad457inst_cz.exe
2013-08-08 16:22 - 2009-07-14 06:42 - 00001304 _____ C:\Users\Jaroslav\Desktop\Notepad.lnk
2013-08-03 19:34 - 2013-08-03 19:34 - 00213432 _____ C:\Windows\Minidump\080313-35875-01.dmp
2013-08-03 13:33 - 2013-08-03 14:25 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\avidemux
2013-08-03 13:21 - 2013-08-03 13:21 - 21289376 _____ C:\Users\Jaroslav\Downloads\Avidemux-setup.exe
2013-08-03 13:09 - 2013-08-03 13:15 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\uTorrent
2013-08-03 12:51 - 2013-08-03 12:52 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\ExpressFiles
2013-07-27 11:19 - 2013-07-27 12:36 - 00000001 _____ C:\Users\Jaroslav\random.dat
2013-07-27 11:19 - 2013-07-27 11:19 - 00000047 _____ C:\Users\Jaroslav\jagex_cl_runescape_LIVE.dat
2013-07-27 11:19 - 2013-07-27 11:19 - 00000000 ____D C:\Users\Jaroslav\jagexcache
2013-07-27 11:17 - 2013-07-27 11:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-27 11:16 - 2013-07-27 11:16 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-27 11:16 - 2013-07-27 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-27 11:16 - 2013-07-27 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-27 11:16 - 2013-07-27 11:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-27 11:15 - 2013-07-27 11:15 - 00000000 ____D C:\Program Files\Java
2013-07-27 11:09 - 2013-07-27 11:09 - 00903080 _____ (Oracle Corporation) C:\Users\Jaroslav\Downloads\chromeinstall-7u25.exe

==================== One Month Modified Files and Folders =======

2013-08-23 15:21 - 2013-08-23 15:19 - 00004280 _____ C:\Users\Jaroslav\Desktop\Rkill.txt
2013-08-23 15:20 - 2013-08-23 15:20 - 00000000 ____D C:\Users\Jaroslav\AppData\Local\qb0203FD.BE
2013-08-23 15:20 - 2013-08-23 15:20 - 00000000 ____D C:\FRST
2013-08-23 15:10 - 2013-04-16 19:40 - 00000944 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-08-23 15:03 - 2013-08-23 15:03 - 01898112 _____ (Bleeping Computer, LLC) C:\Users\Jaroslav\Desktop\rkill.com
2013-08-23 14:32 - 2013-03-29 22:01 - 00000914 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-23 13:35 - 2009-07-14 06:34 - 00016144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-23 13:35 - 2009-07-14 06:34 - 00016144 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-23 13:33 - 2013-03-24 13:57 - 00000000 ____D C:\ProgramData\MFAData
2013-08-23 13:32 - 2013-04-16 19:40 - 00000940 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-08-23 13:32 - 2013-03-29 21:35 - 00000000 ____D C:\Program Files\Steam
2013-08-23 13:32 - 2013-03-24 12:55 - 00000000 ____D C:\Users\Jaroslav
2013-08-23 13:27 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-23 13:27 - 2009-07-14 06:39 - 00027279 _____ C:\Windows\setupact.log
2013-08-23 06:49 - 2013-08-23 15:20 - 01070315 _____ (Farbar) C:\Users\Jaroslav\Desktop\FRST.exe
2013-08-21 19:32 - 2013-03-24 13:53 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-21 19:32 - 2013-03-24 13:53 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-16 10:15 - 2013-08-16 10:09 - 00000000 ____D C:\Program Files\trend micro
2013-08-16 10:09 - 2013-08-16 10:09 - 00000000 ____D C:\rsit
2013-08-16 09:59 - 2013-03-24 13:03 - 01469888 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-15 23:25 - 2013-08-08 18:33 - 00000000 ____D C:\Users\Jaroslav\Desktop\HTML
2013-08-15 23:25 - 2013-07-14 12:10 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2013-08-15 23:21 - 2013-08-15 23:21 - 00000000 ____D C:\Windows\system32\appmgmt
2013-08-15 23:21 - 2013-08-09 19:19 - 00000000 ____D C:\Users\Jaroslav\AppData\Local\Sony
2013-08-12 20:15 - 2013-06-27 17:06 - 00000000 ____D C:\Users\Lenka\AppData\Local\Google
2013-08-12 20:14 - 2013-06-27 17:03 - 00000000 ____D C:\Users\Lenka
2013-08-11 09:52 - 2013-03-29 22:31 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\.minecraft
2013-08-10 08:26 - 2013-03-27 23:48 - 00006190 _____ C:\Windows\PFRO.log
2013-08-09 19:26 - 2013-08-09 19:20 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\systweak
2013-08-09 19:21 - 2013-08-09 19:17 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\Sony
2013-08-09 19:19 - 2013-04-01 14:34 - 00000441 _____ C:\Windows\system32\Drivers\etc\hosts.ics
2013-08-09 19:19 - 2013-03-24 12:43 - 02053099 _____ C:\Windows\WindowsUpdate.log
2013-08-09 19:18 - 2013-04-16 19:39 - 00000000 ____D C:\Users\Jaroslav\AppData\Local\Google
2013-08-09 19:18 - 2013-04-16 19:39 - 00000000 ____D C:\Program Files\Google
2013-08-09 19:17 - 2013-08-09 19:17 - 00000000 ____D C:\ProgramData\Babylon
2013-08-08 17:34 - 2013-08-08 17:27 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\PSpad
2013-08-08 17:25 - 2013-08-08 17:25 - 00000000 ____D C:\Program Files\PSPad editor
2013-08-08 17:24 - 2013-08-08 17:24 - 04014560 _____ (Jan Fiala ) C:\Users\Jaroslav\Downloads\pspad457inst_cz.exe
2013-08-04 07:22 - 2013-03-29 21:35 - 00000000 ____D C:\Program Files\Common Files\Steam
2013-08-03 19:34 - 2013-08-03 19:34 - 00213432 _____ C:\Windows\Minidump\080313-35875-01.dmp
2013-08-03 19:34 - 2013-04-04 13:56 - 150347321 _____ C:\Windows\MEMORY.DMP
2013-08-03 19:34 - 2013-04-04 13:56 - 00000000 ____D C:\Windows\Minidump
2013-08-03 14:25 - 2013-08-03 13:33 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\avidemux
2013-08-03 13:21 - 2013-08-03 13:21 - 21289376 _____ C:\Users\Jaroslav\Downloads\Avidemux-setup.exe
2013-08-03 13:15 - 2013-08-03 13:09 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\uTorrent
2013-08-03 12:52 - 2013-08-03 12:51 - 00000000 ____D C:\Users\Jaroslav\AppData\Roaming\ExpressFiles
2013-08-02 16:50 - 2013-04-16 19:44 - 00002129 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2013-07-27 12:36 - 2013-07-27 11:19 - 00000001 _____ C:\Users\Jaroslav\random.dat
2013-07-27 11:19 - 2013-07-27 11:19 - 00000047 _____ C:\Users\Jaroslav\jagex_cl_runescape_LIVE.dat
2013-07-27 11:19 - 2013-07-27 11:19 - 00000000 ____D C:\Users\Jaroslav\jagexcache
2013-07-27 11:17 - 2013-07-27 11:17 - 00000000 ____D C:\Program Files\Common Files\Java
2013-07-27 11:16 - 2013-07-27 11:16 - 00263592 _____ (Oracle Corporation) C:\Windows\system32\javaws.exe
2013-07-27 11:16 - 2013-07-27 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\javaw.exe
2013-07-27 11:16 - 2013-07-27 11:16 - 00175016 _____ (Oracle Corporation) C:\Windows\system32\java.exe
2013-07-27 11:16 - 2013-07-27 11:16 - 00094632 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge.dll
2013-07-27 11:16 - 2013-03-29 17:46 - 00867240 _____ (Oracle Corporation) C:\Windows\system32\npDeployJava1.dll
2013-07-27 11:16 - 2013-03-29 17:46 - 00789416 _____ (Oracle Corporation) C:\Windows\system32\deployJava1.dll
2013-07-27 11:15 - 2013-07-27 11:15 - 00000000 ____D C:\Program Files\Java
2013-07-27 11:09 - 2013-07-27 11:09 - 00903080 _____ (Oracle Corporation) C:\Users\Jaroslav\Downloads\chromeinstall-7u25.exe

ZeroAccess:
C:\Windows\assembly\GAC\Desktop.ini

Files to move or delete:
====================
C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe
C:\Users\Lenka\AppData\Local\Temp\csrss.exe
ZeroAccess:
C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}
ZeroAccess:
C:\Users\Lenka\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}
ZeroAccess:
C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}
C:\ProgramData\dxmpubyom.exe
C:\Users\Jaroslav\dxavou.exe
C:\Users\Jaroslav\dxdpsj.exe
C:\Users\Jaroslav\dxehxy.exe
C:\Users\Jaroslav\dxexvnm.exe
C:\Users\Jaroslav\dxfauidyu.exe
C:\Users\Jaroslav\dxfodhev.exe
C:\Users\Jaroslav\dxfwuiozu.exe
C:\Users\Jaroslav\dxgepvqr.exe
C:\Users\Jaroslav\dxgrzztog.exe
C:\Users\Jaroslav\dxizoib.exe
C:\Users\Jaroslav\dxkpmxc.exe
C:\Users\Jaroslav\dxkthottn.exe
C:\Users\Jaroslav\dxlrsn.exe
C:\Users\Jaroslav\dxmitue.exe
C:\Users\Jaroslav\dxovod.exe
C:\Users\Jaroslav\dxpicf.exe
C:\Users\Jaroslav\dxpuwja.exe
C:\Users\Jaroslav\dxrcfqeq.exe
C:\Users\Jaroslav\dxvpko.exe
C:\Users\Jaroslav\dxxwtoiao.exe
C:\Users\Jaroslav\dxymuine.exe
C:\Users\Jaroslav\jagex_cl_runescape_LIVE.dat
C:\Users\Jaroslav\random.dat
C:\Users\Lenka\dxvalt.exe
C:\Users\Lenka\dxwiiz.exe

==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
C:\Program Files\Windows Defender\mpsvc.dll => ATTENTION: ZeroAccess. Use DeleteJunctionsIndirectory: C:\Program Files\Windows Defender

==================== Scheduled Tasks (whitelisted) ===========

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe

==================== Supplementary Scan (All) ================

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Option

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=dword:00000005
"ConsentPromptBehaviorUser"=dword:00000003
"EnableInstallerDetection"=dword:00000001
"EnableLUA"=dword:00000001
"EnableSecureUIAPaths"=dword:00000001
"EnableUIADesktopToggle"=dword:00000000
"EnableVirtualization"=dword:00000001
"PromptOnSecureDesktop"=dword:00000001
"ValidateAdminCodeSignatures"=dword:00000000
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"scforceoption"=dword:00000000
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001
"FilterAdministratorToken"=dword:00000000
"DisableTaskMgr"=dword:00000000
"DisableRegistryTools"=dword:00000000
"DisableCMD"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoSetActiveDesktop"=dword:00000000
"NoActiveDesktopChanges"=dword:00000000
"NoFolderOptions"=dword:00000000
"NoRun"=dword:00000000

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run]
"63661"="c:\\progra~2\\dxmpubyom.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval"=dword:00000000
"AntiVirusOverride"=dword:00000000
"AntiSpywareOverride"=dword:00000000
"FirewallOverride"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"VIDC.UYVY"="msyuv.dll"
"VIDC.YUY2"="msyuv.dll"
"VIDC.YVYU"="msyuv.dll"
"VIDC.IYUV"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"VIDC.YVU9"="tsbyuv.dll"
"msacm.l3acm"="C:\\Windows\\System32\\l3codeca.acm"
"vidc.cvid"="iccvid.dll"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"MSVideo8"="VfWWDM32.dll"
"VIDC.FMVC"="fmcodec.dll"

==================== Drive and Memory info ===================

Drive c: () (Fixed) (Total:74.52 GB) (Free:45.63 GB) NTFS ==>[Drive with boot components (obtained from BCD)]

Available physical RAM: 540.16 MB
Total physical RAM: 1023.37 MB
Percentage of memory in use: 47%

LastRegBack: 2013-08-22 11:07

==================== End Of Log ==============================

#6 Příspěvek od **cernohous13** » 24 srp 2013 07:33

Zdravím, kolega je zaneprázdněn tak další krok

Na ploše vytvoř nový fixlist.txt a zkopíruj tam zelený text - ulož

Kód: Vybrat vše

Start
C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}
C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}
C:\Users\Lenka\AppData\Local\Temp\csrss.exe
C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe
C:\Windows\assembly\GAC\Desktop.ini
HKLM\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe [1016320 2013-08-09] (NoVirusThanks Company Srl)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Google Update*] - [x]
HKCU\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe [1016320 2013-08-09] (NoVirusThanks Company Srl)
HKCU\...\CurrentVersion\Windows: [Load] c:\users\jaroslav\dxlrsn.exe
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [x]
HKU\Lenka\...\Run: [Google Update] - [x]
HKU\Lenka\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Lenka\AppData\Local\Temp\csrss.exe [ 2013-08-12] (NoVirusThanks Company Srl)
HKU\Lenka\...\CurrentVersion\Windows: [Load] c:\users\lenka\dxwiiz.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 2&tsp=4969
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=AC67A6F3C120B434&affID=120672&tsp=4969
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ \...\???\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\GoogleUpdate.exe"
C:\Program Files\Windows Defender\mpsvc.dll
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
REG: reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\63661" /f
Hosts:
CMD: shutdown /r /f /t 2
End

Spusť znovu FRST a klik na "Fix"
Proběhne oprava a restart - výsledek Fixlog.txt mi dej.

Měl bys být v normálním režimu

R3vo · #7 Příspěvek od **R3vo** » 24 srp 2013 08:57

Fixlog:
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 23-08-2013 01
Ran by Jaroslav at 2013-08-24 09:53:50 Run:1
Running from C:\Users\Jaroslav\Desktop
Boot Mode: Normal

==============================================

Content of fixlist:
*****************
Start
C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}
C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}
C:\Users\Lenka\AppData\Local\Temp\csrss.exe
C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe
C:\Windows\assembly\GAC\Desktop.ini
HKLM\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe [1016320 2013-08-09] (NoVirusThanks Company Srl)
HKCU\...\Run: [Steam] - C:\Program Files\Steam\Steam.exe [1807272 2013-07-27] (Valve Corporation)
HKCU\...\Run: [Google Update*] - [x]
HKCU\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe [1016320 2013-08-09] (NoVirusThanks Company Srl)
HKCU\...\CurrentVersion\Windows: [Load] c:\users\jaroslav\dxlrsn.exe
HKU\Guest\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_6_602_180_Plugin.exe -update plugin [x]
HKU\Lenka\...\Run: [Google Update] - [x]
HKU\Lenka\...\Run: [Microsoft Windows Hosting Service] - C:\Users\Lenka\AppData\Local\Temp\csrss.exe [ 2013-08-12] (NoVirusThanks Company Srl)
HKU\Lenka\...\CurrentVersion\Windows: [Load] c:\users\lenka\dxwiiz.exe
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 2&tsp=4969
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = http://www1.delta-search.com/?q={search ... 2&tsp=4969
U2 *etadpug; "C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\ \...\???\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31}\GoogleUpdate.exe"
C:\Program Files\Windows Defender\mpsvc.dll
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
REG: reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\63661" /f
Hosts:
CMD: shutdown /r /f /t 2
End
*****************

C:\Users\Jaroslav\AppData\Local\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31} => Moved successfully.
C:\Program Files\Google\Desktop\Install\{bdbe451f-a72f-d29f-87b0-a9eec2dc8a31} => Moved successfully.
C:\Users\Lenka\AppData\Local\Temp\csrss.exe => Moved successfully.
C:\Users\Jaroslav\AppData\Local\Temp\csrss.exe => Moved successfully.
C:\Windows\assembly\GAC\Desktop.ini => Moved successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Hosting Service => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Steam => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update* => Value deleted successfully.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Hosting Service => Value not found.
HKCU\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKU\Guest\Software\Microsoft\Windows\CurrentVersion\RunOnce\\FlashPlayerUpdate => Value deleted successfully.
HKU\Lenka\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update => Value not found.
HKU\Lenka\Software\Microsoft\Windows\CurrentVersion\Run\\Microsoft Windows Hosting Service => Value deleted successfully.
HKU\Lenka\Software\Microsoft\Windows NT\CurrentVersion\Windows\\Load => Value was restored successfully.
HKCU\Software\Microsoft\Internet Explorer\Main\\Start Page => Value deleted successfully.
HKCU\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key deleted successfully.
HKCR\Wow6432Node\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} => Key not found.
*etadpug => Service deleted successfully.
C:\Program Files\Windows Defender\mpsvc.dll => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => Moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => Moved successfully.

========= reg delete "HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer\Run\63661" /f =========

Chyba: Syst‚m nenalezl zadaně klˇź registru nebo po§adovanou hodnotu.

========= End of Reg: =========

C:\Windows\System32\Drivers\etc\hosts => Moved successfully.
Hosts was reset successfully.

========= shutdown /r /f /t 2 =========

========= End of CMD: =========

The system needs a manual reboot.

==== End of Fixlog ====
A mám přiložit textovou formu souboru logmodification.bat?

#8 Příspěvek od **cernohous13** » 24 srp 2013 10:40

Restartoval jsi a už jsi v normálním režimu

smaž Fixlog.txt a spusť znovu FRST s příkazem Scan - log sem

Stáhni TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe . Pak použij tento návod od kolegy:

Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
Pokud utilita najde infikekci, bude ji chtit uložit do karantény (Quarantine), povolte leceni kliknutim na Continue
Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte

R3vo · #9 Příspěvek od **R3vo** » 24 srp 2013 12:58

Nu, restartoval jsem a vůbec nic nešlo. Mám tím na mysli, že žádný z prohlížečů(resp. jejich zástupců na dolním slidu obrazovky Win)se mi nechtěl spustit s tím, že s originál programem se něco stalo. Pak jsem klikl tlačítko Windows a po kliknutí na všechny programy se žádný program neobjevil. Zašel jsem na disk C: ten byl naprosto prázdný(alespoň se tak jevil). Mám naštěstí druhý účet. Takže budu operovat přes druhý účet a přidám edit.

#10 Příspěvek od **cernohous13** » 24 srp 2013 17:17

účet C:\Users\Lenka ti funguje?

#11 Příspěvek od **cernohous13** » 28 srp 2013 10:15

V jaké fázi jsi současně

VIRY.CZ

Vše co stáhnu jsou viry...

Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...

Re: Vše co stáhnu jsou viry...