VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Soubory a složky na USB změněné na zástupce

https://forum.viry.cz:443/viewtopic.php?t=136700

Stránka 1 z 2

Soubory a složky na USB změněné na zástupce

Napsal: 07 bře 2014 22:00
od Tomas_R
Dobrý den, prosím o radu...
Měl jsem flashdisk na cizím počítači, kde fungoval bez problému a když jsem ho vrátil na svůj, zjistil jsem, že všechny složky jsou změněné na zástupce a zobrazují se i skryté složky. Po kliknutí na určitého zástupce se otevře příslušná složka v novém okně průzkumníka se všemi původními soubory. Je tam však jedna složka se shodným názvem jako složka, kterou mám na ploše a zástupce na flashce otvírá tu složku na ploše. Umístění to ukazuje cmd(C:\WINDOWS\system32) u všech stejně.
Nepodařilo se mi spustit RSIT ani FRST. RSIT hlásí: Line-1: Error: Variable used without being declared a FRST launcher se mi nedaří stáhnout, protože pokaždé zakročí Symantec Endpoint Protection, který se mi nedaří ani vypnout ani odinstalovat.

Re: Soubory a složky na USB změněné na zástupce

Napsal: 07 bře 2014 22:08
od vyosek
Zdravim :)

:arrow: Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)

Re: Soubory a složky na USB změněné na zástupce

Napsal: 07 bře 2014 22:45
od Tomas_R
Složky již fungují normálně, tady je log:

############################## | UsbFix V 7.134 | [Deletion]

User: Jana (Administrator) # TOM-PC
Updated 06/09/2013 by El Desaparecido
Started at 22:25:55 | 07/03/2014

Website: http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: eldesaparecido@sosvirus.net

PC: Acer (AOD270) (X86-based PC)
CPU: Intel(R) Atom(TM) CPU N2600 @ 1.60GHz (1600)
RAM -> [Total : 2036 | Free : 223]
BIOS: InsydeH2O Version CCB.03.61.31V1.03
BOOT: Normal boot

OS: Microsoft Windows 7 Professional (6.1.7601 32-Bit) # Service Pack 1
WB: Windows Internet Explorer 11.0.9600.16518

SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: Symantec Endpoint Protection [(!) Disabled | Updated]
FW: Windows FireWall Service [Enabled]

C:\ (%systemdrive%) -> Fixed drive # 298 Gb (45 Mb free - 15%) [] # NTFS
D:\ -> CD-ROM
E:\ -> Fixed drive # 100 Mb (70 Mb free - 70%) [] # NTFS
F:\ -> Removable drive # 44 Mb (40 Mb free - 91%) [] # FAT
G:\ -> Removable drive # 15 Gb (4 Mb free - 25%) [PRCEK] # FAT32
H:\ -> Removable drive # 29 Gb (26 Mb free - 87%) [] # FAT32

################## | El Desaparecido Section |

HKLM\SOFTWARE | Run : [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
HKLM\SOFTWARE | Run : [LManager] - C:\Program Files\Launch Manager\LManager.exe
HKLM\SOFTWARE | Run : [IgfxTray] - C:\Windows\system32\igfxtray.exe
HKLM\SOFTWARE | Run : [HotKeysCmds] - C:\Windows\system32\hkcmd.exe
HKLM\SOFTWARE | Run : [Persistence] - C:\Windows\system32\igfxpers.exe
HKLM\SOFTWARE | Run : [GfxServiceInstall] - C:\Windows\system32\GfxCUIServiceInstall.vbs
HKLM\SOFTWARE | Run : [TaskTray] -
HKLM\SOFTWARE | Run : [BCSSync] - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
HKLM\SOFTWARE | Run : [TouchMouse] - C:\Program Files\Multitouch Mouse\Touch_Mouse.exe
HKLM\SOFTWARE | Run : [Adobe ARM] - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
HKLM\SOFTWARE | Run : [SynTPEnh] - %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
HKLM\SOFTWARE | Run : [ioCentre] - C:\Genius\ioCentre\gTaskBar.exe
HKLM\SOFTWARE | Run : [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
HKLM\SOFTWARE | Run : [QuickTime Task] - "C:\Program Files\QuickTime\QTTask.exe" -atboottime
HKLM\SOFTWARE | Run : [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe -s
HKLM\SOFTWARE | Run : [Chew7Hale] - "C:\Windows\System32\hale.exe" /nolog
HKLM\SOFTWARE | Run : [ComplexWebServer] - "C:\ComplexWebServer\bin\ServiceDirect.exe" /RUNHIDE /CONF="C:\ComplexWebServer\bin\ServiceDirect.conf"
HKLM\SOFTWARE | Run : [AvastUI.exe] - "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
HKLM\SOFTWARE | Run : [mobilegeni daemon] - C:\Program Files\Mobogenie\DaemonProcess.exe
HKLM\SOFTWARE | Run : [rsiuijjiub] - wscript.exe //B "C:\Users\Jana\AppData\Local\Temp\rsiuijjiub.vbe"
HKLM\SOFTWARE | RunOnce : [] -
HKU\S-1-5-19\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-20\SOFTWARE | Run : [Sidebar] - %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\SOFTWARE | Run : [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe Silent
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\SOFTWARE | Run : [uTorrent] - "C:\Users\Jana\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\SOFTWARE | Run : [DAEMON Tools Lite] - "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\SOFTWARE | Run : [Sidebar] - C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\SOFTWARE | Run : [rsiuijjiub] - wscript.exe //B "C:\Users\Jana\AppData\Local\Temp\rsiuijjiub.vbe"
HKU\S-1-5-19\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe
HKU\S-1-5-20\SOFTWARE | RunOnce : [mctadmin] - C:\Windows\System32\mctadmin.exe

################## | Stopped processes |

Stopped! C:\Program Files\AVAST Software\Avast\AvastSvc.exe (1460)
Stopped! C:\Windows\System32\spoolsv.exe (1636)
Stopped! C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (1884)
Stopped! C:\ComplexWebServer\apache\bin\apache.exe (2016)
Stopped! C:\ComplexWebServer\mysql\bin\mysqld-nt.exe (500)
Stopped! C:\Program Files\Launch Manager\dsiwmis.exe (868)
Stopped! C:\Program Files\Launch Manager\LMutilps32.exe (1264)
Stopped! C:\Genius\ioCentre\GMouseService.exe (1316)
Stopped! C:\Program Files\IB Updater\ExtensionUpdaterService.exe (1512)
Stopped! C:\Windows\system32\dmwu.exe (1480)
Stopped! C:\ComplexWebServer\apache\bin\apache.exe (1612)
Stopped! C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe (2204)
Stopped! C:\Program Files\PANDORA.TV\PanService\PandoraService.exe (2272)
Stopped! C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe (2364)
Stopped! C:\Windows\system32\sppsvc.exe (2392)
Stopped! C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (3516)
Stopped! C:\Windows\System32\WUDFHost.exe (4016)
Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (3140)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (1876)
Stopped! C:\Windows\system32\SearchIndexer.exe (3580)
Stopped! C:\Windows\system32\taskhost.exe (3320)
Stopped! C:\Windows\System32\jmdp\stij.exe (1416)
Stopped! C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (1508)
Stopped! C:\Program Files\Launch Manager\LManager.exe (1532)
Stopped! C:\Windows\System32\igfxtray.exe (2288)
Stopped! C:\Windows\System32\hkcmd.exe (2568)
Stopped! C:\Windows\System32\igfxpers.exe (3040)
Stopped! C:\Program Files\Launch Manager\LMworker.exe (3032)
Stopped! C:\Windows\system32\igfxsrvc.exe (1104)
Stopped! C:\Program Files\Multitouch Mouse\Touch_Mouse.exe (1132)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (1272)
Stopped! C:\Genius\ioCentre\gTaskBar.exe (928)
Stopped! C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe (4208)
Stopped! C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (4224)
Stopped! C:\Genius\ioCentre\gMouseTask.exe (4372)
Stopped! C:\Genius\ioCentre\gKbdTask.exe (4400)
Stopped! C:\Genius\ioCentre\gIoCentreFunMgm.exe (4488)
Stopped! C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE (4496)
Stopped! C:\Windows\System32\hale.exe (4620)
Stopped! C:\ComplexWebServer\bin\ServiceDirect.exe (4896)
Stopped! C:\Program Files\AVAST Software\Avast\AvastUI.exe (4912)
Stopped! C:\Windows\system32\wuauclt.exe (4928)
Stopped! C:\Windows\System32\cmd.exe (4968)
Stopped! C:\Windows\System32\wscript.exe (4996)
Stopped! C:\Windows\system32\conhost.exe (5024)
Stopped! C:\Users\Jana\AppData\Roaming\uTorrent\uTorrent.exe (5328)
Stopped! C:\Program Files\Windows Sidebar\sidebar.exe (5420)
Stopped! C:\Windows\servicing\TrustedInstaller.exe (4352)
Stopped! C:\Program Files\Microsoft Office\Office14\WINWORD.EXE (424)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7524)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera_crashreporter.exe (3564)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (6836)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (4380)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (3064)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (1520)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (6080)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (3672)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7436)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (5848)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (1092)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (4452)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (4308)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7888)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7920)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (6768)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (6932)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (6708)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7488)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7100)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (3260)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7924)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (6792)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7196)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7128)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (7704)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (4204)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (5344)
Stopped! C:\Windows\system32\NOTEPAD.EXE (7200)
Stopped! C:\Program Files\Opera\20.0.1387.64\opera.exe (4848)

################## | Files # Infected Folders |

Deleted ! F:\rsiuijjiub.vbe
Deleted ! G:\rsiuijjiub.vbe
Deleted ! H:\rsiuijjiub.vbe
Deleted ! C:\Users\Jana\AppData\Local\Temp\rsiuijjiub.vbe
Deleted ! F:\phb_video.lnk
Deleted ! F:\@UC000.lnk
Deleted ! F:\@usedetail.lnk
Deleted ! F:\@mmsobject.lnk
Deleted ! F:\Template.lnk
Deleted ! F:\_UJSR.lnk
Deleted ! F:\SMSArch.lnk
Deleted ! F:\sat.lnk
Deleted ! F:\Settings.lnk
Deleted ! F:\Download.lnk
Deleted ! F:\@avplugin.lnk
Deleted ! F:\@Opera.lnk
Deleted ! F:\@email100.lnk
Deleted ! F:\@mms.lnk
Deleted ! F:\Images.lnk
Deleted ! F:\Photos.lnk
Deleted ! F:\SMSSimCust.lnk
Deleted ! F:\Audio.lnk
Deleted ! F:\Ebook.lnk
Deleted ! F:\@Playlists.lnk
Deleted ! F:\@MediaCache.lnk
Deleted ! F:\Videos.lnk
Deleted ! G:\stavba.lnk
Deleted ! G:\FOUND.000.lnk
Deleted ! G:\Vendelinovka.lnk
Deleted ! G:\Kovárna.lnk
Deleted ! G:\Knihy.lnk
Deleted ! G:\Filmy.lnk
Deleted ! G:\Spisky.lnk
Deleted ! G:\msvisnovka.cz.lnk
Deleted ! G:\www.lnk
Deleted ! G:\Škola.lnk
Deleted ! G:\Tisk.lnk
Deleted ! G:\cobr.lnk
Deleted ! G:\aukro.lnk
Deleted ! G:\System Volume Information.lnk
Deleted ! H:\@bgsr_1.lnk
Deleted ! H:\@mms.lnk
Deleted ! H:\Aplikace.lnk
Deleted ! H:\@Java.lnk
Deleted ! H:\Hudba.lnk
Deleted ! H:\First Aid Kit - Studio Disography (2012) MP3VBR Beolab1700.lnk
Deleted ! F:\@Opera\browser.js
Deleted ! C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\rsiuijjiub.vbe
Deleted ! C:\Users\Jana\AppData\Local\Temp\utt8CAD.tmp.exe
Not deleted ! D:\_AUTORUN\AUTORUN.EXE
Not deleted ! D:\AUTORUN.INF

(!) Temporary files deleted.

################## | Registry |

Deleted ! HKLM\Software\Microsoft\Windows\CurrentVersion\Run|rsiuijjiub
Deleted ! HKCU\Software\Microsoft\Windows\CurrentVersion\Run|rsiuijjiub

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{2b7507e5-95fd-11e1-a6e4-806e6f6e6963}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{537a6364-3f1c-11e2-ab7d-642737642f72}
Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{e7170997-9fe4-11e1-813b-642737642f72}

################## | Listing |

[29/08/2013 - 05:47:53 | SHD ] C:\$Recycle.Bin
[10/06/2009 - 22:42:20 | N | 24] C:\autoexec.bat
[05/03/2013 - 18:06:56 | D ] C:\Complex-Web-Server-2
[22/04/2013 - 19:31:33 | D ] C:\ComplexWebServer
[10/06/2009 - 22:42:20 | N | 10] C:\config.sys
[14/07/2009 - 05:53:55 | SHD ] C:\Documents and Settings
[29/08/2012 - 08:05:46 | N | 1384] C:\Foto_ASKARESU – zástupce.lnk
[16/05/2012 - 20:32:35 | D ] C:\Genius
[07/03/2014 - 18:34:46 | ASH | 1601409024] C:\hiberfil.sys
[04/05/2012 - 12:00:09 | D ] C:\Intel
[04/05/2012 - 12:15:26 | RHD ] C:\MSOCache
[07/03/2014 - 18:34:52 | ASH | 2135216128] C:\pagefile.sys
[14/07/2009 - 03:37:05 | D ] C:\PerfLogs
[07/03/2014 - 21:09:16 | D ] C:\Program Files
[05/02/2014 - 23:02:24 | HD ] C:\ProgramData
[04/05/2012 - 10:31:42 | SHD ] C:\Recovery
[07/03/2014 - 20:41:25 | D ] C:\rsit
[07/03/2014 - 22:27:10 | SHD ] C:\System Volume Information
[07/03/2014 - 22:40:14 | D ] C:\UsbFix
[07/03/2014 - 22:41:15 | A | 12180] C:\UsbFix [Clean 1] TOM-PC.txt
[02/01/2013 - 15:42:49 | N | 448] C:\user.js
[29/08/2013 - 05:46:28 | D ] C:\Users
[01/03/2014 - 19:10:49 | D ] C:\Windows
[08/09/2000 - 22:15:28 | R | 2048] D:\00000001.TMP
[16/05/2006 - 11:02:16 | R | 6509] D:\0x0405.ini
[23/06/2009 - 10:00:49 | R | 215] D:\AUTORUN.INF
[14/02/2007 - 19:11:44 | R | 359199725] D:\Data1.cab
[23/06/2009 - 09:44:34 | D ] D:\DirectX
[23/03/2007 - 18:59:00 | R | 652347] D:\H3AB_Manual.pdf
[23/03/2007 - 21:16:00 | R | 2097904] D:\H3SoD_PC Manual.pdf
[01/02/2007 - 16:53:56 | R | 2732032] D:\HEROES3.EXE
[23/03/2007 - 16:47:23 | R | 10679323] D:\HOMM3.pdf
[14/02/2007 - 19:11:44 | R | 1042944] D:\Heroes of Might and Magic III Complete.msi
[12/02/2007 - 20:51:53 | R | 1804636] D:\ISSetup.dll
[23/06/2009 - 09:45:17 | D ] D:\MPlayer
[15/02/2007 - 12:00:58 | R | 12162] D:\README.TXT
[14/02/2007 - 19:11:44 | R | 2021] D:\Setup.ini
[23/06/2009 - 09:58:48 | D ] D:\_autorun
[12/02/2007 - 21:04:06 | D ] D:\extras
[23/06/2009 - 09:44:34 | D ] D:\heroes3
[16/05/2006 - 10:58:14 | R | 1708856] D:\instmsia.exe
[16/05/2006 - 10:58:16 | R | 1822520] D:\instmsiw.exe
[15/10/2004 - 17:58:18 | R | 6999] D:\license.txt
[12/02/2007 - 20:51:44 | R | 294912] D:\setup.exe
[23/06/2009 - 09:45:17 | D ] D:\support
[29/08/2013 - 05:47:53 | SHD ] E:\$RECYCLE.BIN
[16/05/2012 - 09:00:53 | SHD ] E:\Boot
[20/11/2010 - 13:40:07 | RASH | 383786] E:\bootmgr
[04/05/2012 - 17:23:14 | N | 8192] E:\BOOTSECT.BAK
[11/11/2012 - 12:49:07 | D ] E:\Foto
[02/08/2009 - 08:59:51 | N | 171136] E:\grldr
[02/08/2009 - 08:59:51 | N | 171136] E:\grldr.bak
[07/03/2014 - 22:26:31 | SHD ] E:\System Volume Information
[07/03/2014 - 10:18:38 | D ] F:\@UC000
[01/01/2000 - 00:00:02 | D ] F:\@usedetail
[01/01/2000 - 00:00:02 | D ] F:\@mmsobject
[05/03/2014 - 14:51:52 | D ] F:\Template
[05/03/2014 - 14:51:52 | D ] F:\_UJSR
[01/01/2000 - 00:00:02 | D ] F:\SMSArch
[01/01/2000 - 00:00:02 | N | 0] F:\phb_video.dat
[01/01/2000 - 00:00:02 | D ] F:\sat
[01/01/2000 - 00:00:02 | D ] F:\Settings
[05/03/2014 - 14:51:52 | D ] F:\Download
[05/03/2014 - 14:51:52 | D ] F:\@avplugin
[01/01/2000 - 00:00:12 | D ] F:\@Opera
[01/01/2000 - 00:00:08 | D ] F:\@email100
[01/01/2000 - 00:00:10 | D ] F:\@mms
[01/01/2000 - 00:00:12 | D ] F:\Images
[01/01/2000 - 00:00:12 | D ] F:\Photos
[01/01/2000 - 00:05:32 | D ] F:\SMSSimCust
[01/01/2000 - 00:00:44 | D ] F:\Audio
[24/12/2013 - 20:54:36 | D ] F:\Ebook
[24/12/2013 - 22:12:30 | D ] F:\@Playlists
[16/01/2014 - 19:38:52 | D ] F:\@MediaCache
[14/02/2014 - 13:19:38 | D ] F:\Videos
[24/11/2012 - 13:04:24 | D ] G:\FOUND.000
[04/11/2012 - 10:09:02 | D ] G:\Vendelinovka
[17/11/2012 - 12:25:28 | D ] G:\Kovárna
[24/11/2012 - 13:09:56 | D ] G:\Knihy
[24/11/2012 - 13:11:28 | D ] G:\Filmy
[24/11/2012 - 14:28:50 | D ] G:\Spisky
[21/12/2012 - 18:38:30 | D ] G:\msvisnovka.cz
[25/12/2012 - 19:35:00 | D ] G:\www
[30/05/2013 - 11:34:20 | D ] G:\Škola
[01/09/2013 - 18:42:34 | D ] G:\Tisk
[28/09/2013 - 14:39:02 | N | 13235] G:\stavba.docx
[20/06/2013 - 10:31:26 | D ] G:\cobr
[24/11/2013 - 19:55:04 | D ] G:\aukro
[25/11/2013 - 20:28:42 | SHD ] G:\System Volume Information
[16/01/2014 - 21:16:12 | D ] H:\@bgsr_1
[17/01/2014 - 18:20:48 | D ] H:\@mms
[22/01/2014 - 12:48:40 | D ] H:\Aplikace
[12/02/2014 - 17:49:18 | D ] H:\@Java
[17/01/2014 - 17:21:26 | D ] H:\Hudba
[04/03/2014 - 16:54:42 | D ] H:\First Aid Kit - Studio Disography (2012) MP3VBR Beolab1700

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
E:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net |

Re: Soubory a složky na USB změněné na zástupce

Napsal: 09 bře 2014 06:37
od vyosek
Poprosim nyni o log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=130786

Re: Soubory a složky na USB změněné na zástupce

Napsal: 09 bře 2014 10:04
od Tomas_R
Situace s RSIT i FRST je stále stejná, nedaří se mi spustit ani jedno.

RSIT hlásí: Line-1: Error: Variable used without being declared a FRST launcher se mi nedaří stáhnout, protože pokaždé zakročí Symantec Endpoint Protection, který se mi nedaří ani vypnout ani odinstalovat.

Re: Soubory a složky na USB změněné na zástupce

Napsal: 09 bře 2014 20:11
od vyosek
Zkuste DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171

Re: Soubory a složky na USB změněné na zástupce

Napsal: 09 bře 2014 22:29
od Tomas_R
Tady to je:
DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 11.0.9600.16518
Run by Jana at 22:30:57 on 2014-03-09
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.2036.442 [GMT 1:00]
.
AV: Symantec Endpoint Protection *Enabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Symantec Endpoint Protection *Enabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
FW: Symantec Endpoint Protection *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\ComplexWebServer\apache\bin\apache.exe
C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
C:\Program Files\Launch Manager\dsiwmis.exe
C:\Genius\ioCentre\GMouseService.exe
C:\Program Files\Launch Manager\LMutilps32.exe
C:\Program Files\IB Updater\ExtensionUpdaterService.exe
C:\ComplexWebServer\apache\bin\apache.exe
C:\Windows\system32\dmwu.exe
C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\sppsvc.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Symantec\Symantec Endpoint Protection\12.1.1000.157.105\Bin\ccSvcHst.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\jmdp\stij.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\Program Files\Launch Manager\LManager.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Launch Manager\LMworker.exe
C:\Windows\system32\igfxsrvc.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Multitouch Mouse\Touch_Mouse.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Genius\ioCentre\gTaskBar.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Windows\System32\hale.exe
C:\ComplexWebServer\bin\ServiceDirect.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Genius\ioCentre\gMouseTask.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Genius\ioCentre\gKbdTask.exe
C:\Genius\ioCentre\gIoCentreFunMgm.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\conhost.exe
C:\Windows\System32\WUDFHost.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\System32\slui.exe
C:\Users\Jana\Desktop\FirefoxPortable\FirefoxPortable.exe
C:\Users\Jana\Desktop\FirefoxPortable\App\firefox\firefox.exe
C:\Users\Jana\Desktop\FirefoxPortable\App\firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\system32\AUDIODG.EXE
C:\PROGRA~1\THEKMP~1\KMPlayer.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Users\Jana\AppData\Local\Temp\F5F2.tmp\bump.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
.
============== Pseudo HJT Report ===============
.
uWindow Title = Windows Internet Explorer
BHO: IB Updater: {336D0C35-8A85-403a-B9D2-65C292C39087} - c:\program files\ib updater\Extension32.dll
BHO: Symantec Intrusion Prevention: {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\ips\IPSBHO.dll
BHO: Incredibar.com Helper Object: {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - c:\program files\incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - c:\program files\microsoft office\office14\GROOVEEX.DLL
BHO: avast! Online Security: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - c:\program files\avast software\avast\aswWebRepIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - c:\program files\microsoft office\office14\URLREDIR.DLL
TB: Incredibar Toolbar: {F9639E4A-801B-4843-AEE3-03D9DA199E77} - c:\program files\incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
TB: avast! Online Security: {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - c:\program files\avast software\avast\aswWebRepIE.dll
uRun: [CONNMGRTRAY] c:\program files\acer\acer 3g connection manager\ConnMgrLauncher.exe Silent
uRun: [uTorrent] "c:\users\jana\appdata\roaming\utorrent\uTorrent.exe" /MINIMIZED
uRun: [DAEMON Tools Lite] "c:\program files\daemon tools lite\DTLite.exe" -autorun
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
mRun: [IAStorIcon] c:\program files\intel\intel(r) rapid storage technology\IAStorIcon.exe
mRun: [LManager] c:\program files\launch manager\LManager.exe
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [GfxServiceInstall] c:\windows\system32\GfxCUIServiceInstall.vbs
mRun: [TaskTray] <no file>
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\adobeg~1.lnk - c:\program files\common files\adobe\calibration\Adobe Gamma Loader.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:0
uPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveAutoRun = dword:3
mPolicies-Explorer: NoDriveTypeAutoRun = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\micros~1\office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\micros~1\office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\program files\microsoft office\office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - c:\program files\microsoft office\office14\ONBttnIELinkedNotes.dll
TCP: NameServer = 192.168.100.20
TCP: Interfaces\{D5BA5982-1B4D-4D24-9792-0B3260E6ADD6} : DHCPNameServer = 192.168.100.20
TCP: Interfaces\{D5BA5982-1B4D-4D24-9792-0B3260E6ADD6}\55053413136323838313 : DHCPNameServer = 213.46.172.37 213.46.172.36
TCP: Interfaces\{D5BA5982-1B4D-4D24-9792-0B3260E6ADD6}\56465727F616D6 : DHCPNameServer = 172.18.160.1
TCP: Interfaces\{D5BA5982-1B4D-4D24-9792-0B3260E6ADD6}\7596649684F6D6560535 : DHCPNameServer = 10.0.0.138
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\common files\microsoft shared\office14\MSOXMLMF.DLL
Notify: igfxcui - igfxdev.dll
Notify: SEP - c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\WinLogoutNotifier.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - c:\program files\microsoft office\office14\GROOVEEX.DLL
.
============= SERVICES / DRIVERS ===============
.
R0 aswRvrt;avast! Revert;c:\windows\system32\drivers\aswRvrt.sys [2014-2-5 49944]
R0 aswVmm;avast! VM Monitor;c:\windows\system32\drivers\aswVmm.sys [2014-2-5 180248]
R0 SymDS;Symantec Data Store;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymDS.sys [2011-7-17 340088]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\SymEFA.sys [2011-8-28 758904]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [2014-2-5 775952]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [2014-2-5 410784]
R1 BHDrvx86;BHDrvx86;c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\bashdefs\20140304.011\BHDrvx86.sys [2014-3-5 1098968]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [2012-12-5 242240]
R1 IDSVix86;IDSVix86;c:\programdata\symantec\symantec endpoint protection\12.1.1000.157.105\data\definitions\ipsdefs\20140307.001\IDSvix86.sys [2014-3-8 394456]
R1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\Ironx86.sys [2011-9-14 137336]
R1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\drivers\sep\0c0103e8\009d.105\x86\symnets.sys [2011-9-9 299640]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2014-2-5 67824]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2013-11-22 108120]
R3 igddim32;igddim32;c:\windows\system32\drivers\igddim32.sys [2012-5-4 1336320]
R3 igdkmd32;igdkmd32;c:\windows\system32\drivers\igdkmd32.sys [2012-5-4 417280]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\drivers\IntcDAud.sys [2012-5-4 278528]
R3 rpt1msdrv;Rapoo T1 Mouse;c:\windows\system32\drivers\rpt1msdrv.sys [2012-5-10 10240]
R3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\drivers\RtsPStor.sys [2012-5-4 254056]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\drivers\Rt86win7.sys [2012-5-16 521832]
S3 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys [2014-2-5 64168]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 netr73;RT73 USB - ovladač karty pro bezdrátovou síť LAN pro systém Windows Vista;c:\windows\system32\drivers\netr73.sys [2009-6-10 545792]
S3 SyDvCtrl;SyDvCtrl;c:\program files\symantec\symantec endpoint protection\12.1.1000.157.105\bin\SyDvCtrl32.sys [2011-10-31 23984]
S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-5-16 52224]
.
=============== File Associations ===============
.
ShellExec: Opera.exe: open="c:\program files\opera\Launcher.exe" "%1"
.
=============== Created Last 30 ================
.
2014-03-07 21:24:48 -------- d-----w- C:\UsbFix
2014-03-07 20:19:30 -------- d-----w- c:\windows\system32\appmgmt
2014-03-07 19:41:29 -------- d-----w- c:\program files\trend micro
2014-03-01 09:36:24 -------- d-----w- c:\program files\Verdict Free
2014-02-26 09:05:54 -------- d-----w- c:\windows\system32\jmdp
2014-02-25 20:17:27 -------- d-----w- c:\windows\Migration
2014-02-18 20:55:06 -------- d-----w- c:\users\jana\appdata\roaming\newnext.me
2014-02-18 20:54:55 -------- d-----w- c:\users\jana\appdata\local\genienext
2014-02-18 20:54:48 -------- d-----w- c:\users\jana\appdata\local\Mobogenie
2014-02-18 20:52:05 -------- d-----w- c:\program files\Mobogenie
2014-02-16 20:45:27 454656 ----a-w- c:\windows\system32\vbscript.dll
2014-02-16 08:05:25 1237504 ----a-w- c:\windows\system32\msxml3.dll
2014-02-16 08:05:24 2048 ----a-w- c:\windows\system32\msxml3r.dll
2014-02-16 08:04:43 3419136 ----a-w- c:\windows\system32\d2d1.dll
2014-02-16 08:04:43 1987584 ----a-w- c:\windows\system32\d3d10warp.dll
2014-02-16 08:04:37 594944 ----a-w- c:\windows\system32\RMActivate_isv.exe
2014-02-16 08:04:36 572416 ----a-w- c:\windows\system32\RMActivate.exe
2014-02-16 08:04:36 510976 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2014-02-16 08:04:36 508928 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2014-02-16 08:04:35 428032 ----a-w- c:\windows\system32\secproc.dll
2014-02-16 08:04:35 423936 ----a-w- c:\windows\system32\secproc_isv.dll
2014-02-16 08:04:34 87040 ----a-w- c:\windows\system32\secproc_ssp.dll
2014-02-16 08:04:34 390144 ----a-w- c:\windows\system32\msdrm.dll
2014-02-16 08:04:33 87040 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
.
==================== Find3M ====================
.
2014-02-24 11:03:27 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 11:03:27 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-02-06 10:20:26 2724864 ----a-w- c:\windows\system32\mshtml.tlb
2014-02-06 10:19:55 4096 ----a-w- c:\windows\system32\ieetwcollectorres.dll
2014-02-06 10:01:36 61952 ----a-w- c:\windows\system32\iesetup.dll
2014-02-06 10:00:46 51200 ----a-w- c:\windows\system32\ieetwproxystub.dll
2014-02-06 09:47:22 112128 ----a-w- c:\windows\system32\ieUnatt.exe
2014-02-06 09:47:18 108032 ----a-w- c:\windows\system32\ieetwcollector.exe
2014-02-06 09:46:27 553472 ----a-w- c:\windows\system32\jscript9diag.dll
2014-02-06 09:25:36 4244480 ----a-w- c:\windows\system32\jscript9.dll
2014-02-06 09:09:30 1964032 ----a-w- c:\windows\system32\inetcpl.cpl
2014-02-06 08:41:35 1820160 ----a-w- c:\windows\system32\wininet.dll
2014-02-05 22:10:37 64168 ----a-w- c:\windows\system32\drivers\aswStm.sys
2014-02-05 22:10:36 775952 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2014-02-05 22:10:36 67824 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-02-05 22:10:36 49944 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-02-05 22:10:36 180248 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-02-05 22:10:35 79720 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-02-05 22:10:27 43152 ----a-w- c:\windows\avastSS.scr
2014-02-04 16:35:36 1527600 ----a-w- c:\windows\system32\dmwu.exe
2014-02-04 16:30:40 27136 ----a-w- c:\windows\system32\ImHttpComm.dll
2014-02-04 08:39:38 773968 ----a-w- c:\windows\system32\msvcr100.dll
2014-02-04 08:39:38 632656 ----a-w- c:\windows\system32\msvcr80.dll
2014-02-04 08:39:38 554832 ----a-w- c:\windows\system32\msvcp80.dll
2014-02-04 08:39:38 479232 ----a-w- c:\windows\system32\msvcm80.dll
2014-02-04 08:39:38 421200 ----a-w- c:\windows\system32\msvcp100.dll
2012-06-21 06:26:01 2169856 --sha-w- c:\windows\system32\hale.exe
.
============= FINISH: 22:33:34,39 ===============

Re: Soubory a složky na USB změněné na zástupce

Napsal: 10 bře 2014 09:11
od vyosek
Ten Symantec Endpoint pouzivate zamerne nebo se tam jen nejak dostal...

Re: Soubory a složky na USB změněné na zástupce

Napsal: 10 bře 2014 09:31
od Tomas_R
Symantec Endpoint záměrně nepoužívám, nevím odkud se vzal. Je však možné, že mi ho nainstaloval někdo, komu jsem notebook půjčil.

Re: Soubory a složky na USB změněné na zástupce

Napsal: 10 bře 2014 19:38
od vyosek
:arrow: Na cem ztroskota odinstalace Symantecu??

:arrow: Zkuste pouzit revo http://www.stahuj.centrum.cz/utility_a_ ... installer/

Re: Soubory a složky na USB změněné na zástupce

Napsal: 11 bře 2014 13:20
od Tomas_R
Odinstalace zkončila hláškou ve smyslu: "Pro dokončení restartujte počítač", po restartu tam stále byl a problémy s RSIT i FRST byly stejné. Zkusil jsem odinstalovat ještě jednou, abych si podrobně přečetl tu hlášku a už jsem ho tam neměl.
Problém se spuštěním RSIT přetrvává, ale FRST se mi spustit povedlo, tak přikládám log:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-03-2014 01
Ran by Jana (administrator) on TOM-PC on 11-03-2014 13:18:28
Running from C:\Users\Jana\Desktop
Microsoft Windows 7 Professional Service Pack 1 (X86) OS Language: Czech
Internet Explorer Version 11
Boot Mode: Normal

The only official download link for FRST:
Download link for 32-Bit version: http://www.bleepingcomputer.com/downloa ... ool/dl/81/
Download link for 64-Bit Version: http://www.bleepingcomputer.com/downloa ... ool/dl/82/
Download link from any site other than Bleeping Computer is unpermitted or outdated.
See tutorial for FRST: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apache Software Foundation) C:\ComplexWebServer\apache\bin\apache.exe
() C:\ComplexWebServer\mysql\bin\mysqld-nt.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\dsiwmis.exe
() C:\Genius\ioCentre\GMouseService.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMutilps32.exe
() C:\Program Files\IB Updater\ExtensionUpdaterService.exe
() C:\Windows\system32\dmwu.exe
(Realsil Microelectronics Inc.) C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Pandora.TV) C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
(Apache Software Foundation) C:\ComplexWebServer\apache\bin\apache.exe
(Microsoft Corporation) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LManager.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\system32\igfxsrvc.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
() C:\Program Files\Multitouch Mouse\Touch_Mouse.exe
() C:\Windows\System32\jmdp\stij.exe
(Dritek System Inc.) C:\Program Files\Launch Manager\LMworker.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Genius\ioCentre\gTaskBar.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
() C:\Genius\ioCentre\gMouseTask.exe
() C:\Genius\ioCentre\gKbdTask.exe
(ioCentre) C:\Genius\ioCentre\gIoCentreFunMgm.exe
() C:\Windows\System32\hale.exe
(Microsoft Corporation) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
(Jilm :-)) C:\ComplexWebServer\bin\ServiceDirect.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(BitTorrent Inc.) C:\Users\Jana\AppData\Roaming\uTorrent\uTorrent.exe
(Synaptics Incorporated) C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\system32\wbem\unsecapp.exe
(Microsoft Corporation) C:\Windows\system32\wuauclt.exe
(PortableApps.com) C:\Users\Jana\Desktop\FirefoxPortable\FirefoxPortable.exe
(Mozilla Corporation) C:\Users\Jana\Desktop\FirefoxPortable\App\firefox\firefox.exe
(Mozilla Corporation) C:\Users\Jana\Desktop\FirefoxPortable\App\firefox\plugin-container.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Adobe Systems, Inc.) C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
(Microsoft Corporation) C:\Windows\system32\AUDIODG.EXE
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Adobe Systems Incorporated) C:\Program Files\Adobe\Reader 10.0\Reader\AcroRd32.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\WINWORD.EXE
(forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [IAStorIcon] - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [283160 2010-11-05] (Intel Corporation)
HKLM\...\Run: [LManager] - C:\Program Files\Launch Manager\LManager.exe [1103440 2011-07-01] (Dritek System Inc.)
HKLM\...\Run: [GfxServiceInstall] - C:\Windows\system32\GfxCUIServiceInstall.vbs [131 2011-12-13] ()
HKLM\...\Run: [TaskTray] - [X]
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [TouchMouse] - C:\Program Files\Multitouch Mouse\Touch_Mouse.exe [2335232 2010-07-13] ()
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2333968 2012-03-01] (Synaptics Incorporated)
HKLM\...\Run: [ioCentre] - C:\Genius\ioCentre\gTaskBar.exe [61440 2009-09-03] ()
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10967656 2012-03-27] (Realtek Semiconductor)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [619008 2010-05-25] (Nikon Corporation)
HKLM\...\Run: [Chew7Hale] - C:\Windows\System32\hale.exe [2169856 2012-06-21] ()
HKLM\...\Run: [ComplexWebServer] - C:\ComplexWebServer\bin\ServiceDirect.exe [686080 2006-09-17] (Jilm :-))
HKLM\...\Run: [AvastUI.exe] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [3767096 2014-02-05] (AVAST Software)
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\...\Run: [CONNMGRTRAY] - C:\Program Files\Acer\Acer 3G Connection Manager\ConnMgrLauncher.exe [363112 2011-06-20] ()
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\...\Run: [uTorrent] - C:\Users\Jana\AppData\Roaming\uTorrent\uTorrent.exe [905296 2014-02-06] (BitTorrent Inc.)
HKU\S-1-5-21-4100487996-1625500737-2735647802-1000\...\Run: [DAEMON Tools Lite] - C:\Program Files\DAEMON Tools Lite\DTLite.exe [3673728 2012-11-06] (DT Soft Ltd)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKCU\Software\Microsoft\Internet Explorer\Main,Default_search_url = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Default_page_url = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
HKLM\Software\Microsoft\Internet Explorer\Main,Search bar = http://search.msn.com/spbasic.htm
HKLM\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages =
SearchScopes: HKCU - DefaultScope {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PR4ff ... earchTerms}
SearchScopes: HKCU - {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} URL = http://mystart.incredibar.com/?a=6PR4ff ... earchTerms}
BHO: IB Updater - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll ()
BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
Toolbar: HKLM - Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
Toolbar: HKLM - avast! Online Security - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.0.0.138

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\heureka-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
FF HKLM\...\Firefox\Extensions: [{336D0C35-8A85-403a-B9D2-65C292C39087}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2013-01-02]
FF HKLM\...\Firefox\Extensions: [{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052}] - C:\Program Files\IB Updater\Firefox
FF Extension: IB Updater - C:\Program Files\IB Updater\Firefox [2013-01-02]

Chrome:
=======
CHR DefaultSearchURL: {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR Extension: (IB Updater) - C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd [2013-03-10]
CHR HKLM\...\Chrome\Extension: [dlnembnfbcpjnepmfjmngjenhhajpdfd] - C:\Program Files\IB Updater\source.crx [2013-01-02]

========================== Services (Whitelisted) =================

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [50344 2014-02-05] (AVAST Software)
R2 CWS_Apache_80; C:\ComplexWebServer\apache\bin\apache.exe [20541 2005-10-09] (Apache Software Foundation)
R2 CWS_MySQL_3306; C:\ComplexWebServer\mysql\bin\mysqld-nt.exe [3604480 2006-11-06] ()
R2 GeniusMouseService; C:\Genius\ioCentre\GMouseService.exe [12288 2010-03-11] ()
R2 IB Updater; C:\Program Files\IB Updater\ExtensionUpdaterService.exe [188760 2013-01-29] ()
R2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1527600 2014-02-04] ()
R2 IconMan_R; C:\Program Files\Realtek\Realtek PCIE Card Reader\RIconMan.exe [1755136 2011-03-07] (Realsil Microelectronics Inc.)
R2 PanService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [578264 2011-12-21] (Pandora.TV)
S2 SetupARService; "C:\Program Files\Realtek\Audio\SetupAfterRebootService.exe" [X]

==================== Drivers (Whitelisted) ====================

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [67824 2014-02-05] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [79720 2014-02-05] (AVAST Software)
R0 aswRvrt; C:\Windows\system32\Drivers\aswRvrt.sys [49944 2014-02-05] ()
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [775952 2014-02-05] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [410784 2014-02-05] (AVAST Software)
S3 aswStm; C:\Windows\system32\drivers\aswStm.sys [64168 2014-02-05] (AVAST Software)
R0 aswVmm; C:\Windows\system32\Drivers\aswVmm.sys [180248 2014-02-05] ()
R1 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [242240 2012-12-05] (DT Soft Ltd)
R3 rpt1msdrv; C:\Windows\System32\drivers\rpt1msdrv.sys [10240 2010-06-07] ()
R3 RSPCIESTOR; C:\Windows\System32\DRIVERS\RtsPStor.sys [254056 2011-05-30] (Realtek Semiconductor Corp.)
S3 RTL8192cu; system32\DRIVERS\rtwlanu.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-11 13:18 - 2014-03-11 13:19 - 00012433 _____ () C:\Users\Jana\Desktop\FRST.txt
2014-03-11 13:17 - 2014-03-11 13:18 - 00000000 ____D () C:\FRST
2014-03-11 13:16 - 2014-03-11 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2014-03-11 13:15 - 2014-03-11 13:15 - 00781909 _____ () C:\Users\Jana\Desktop\RSIT.exe
2014-03-11 09:14 - 2014-02-03 13:20 - 00231584 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2014-03-09 22:29 - 2014-03-09 22:29 - 00688992 ____R (Swearware) C:\Users\Jana\Desktop\dds.exe
2014-03-09 10:12 - 2013-11-24 20:07 - 00000000 ____D () C:\Users\Jana\Desktop\Filosofický sborník 1932
2014-03-09 10:02 - 2014-03-09 10:02 - 01145344 _____ (Farbar) C:\Users\Jana\Desktop\FRST.exe
2014-03-07 22:25 - 2014-03-07 22:41 - 00016182 _____ () C:\UsbFix [Clean 1] TOM-PC.txt
2014-03-07 22:24 - 2014-03-07 22:40 - 00000000 ____D () C:\UsbFix
2014-03-07 21:50 - 2014-03-07 21:50 - 00000000 _____ () C:\Users\Jana\Downloads\FRSTLauncher.exe
2014-03-07 21:19 - 2014-03-07 21:19 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-07 20:41 - 2014-03-11 13:15 - 00000000 ____D () C:\Program Files\trend micro
2014-03-07 20:41 - 2014-03-07 20:41 - 00000000 ____D () C:\rsit
2014-03-04 21:54 - 2014-03-11 11:53 - 00000000 ____D () C:\Users\Jana\Desktop\Moje práce
2014-03-04 14:26 - 2014-03-04 14:27 - 00000000 ____D () C:\Users\Jana\Downloads\First Aid Kit - Studio Disography (2012) MP3VBR Beolab1700
2014-03-01 10:36 - 2014-03-01 10:36 - 00001862 _____ () C:\Users\Public\Desktop\Verdict Free.lnk
2014-03-01 10:36 - 2014-03-01 10:36 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verdict Free
2014-03-01 10:36 - 2014-03-01 10:36 - 00000000 ____D () C:\Program Files\Verdict Free
2014-02-28 19:41 - 2014-02-28 19:41 - 00000000 ____D () C:\Users\Jana\Downloads\Levi-Strauss---mysleni-prirodnich-narodu
2014-02-28 19:01 - 2014-02-28 19:15 - 254066648 _____ () C:\Users\Jana\Downloads\Levi-Strauss---mysleni-prirodnich-narodu.rar
2014-02-28 18:39 - 2014-02-28 18:46 - 104931511 _____ () C:\Users\Jana\Downloads\Dějiny-společenských-teorií.zip
2014-02-28 18:08 - 2014-02-28 18:19 - 00000000 ____D () C:\Users\Jana\Desktop\grafy
2014-02-26 10:05 - 2014-02-26 10:05 - 00000000 ____D () C:\Windows\system32\jmdp
2014-02-18 21:55 - 2014-02-24 09:09 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\newnext.me
2014-02-18 21:54 - 2014-02-18 22:04 - 00000000 ____D () C:\Users\Jana\AppData\Local\Mobogenie
2014-02-18 21:54 - 2014-02-18 21:54 - 00000000 ____D () C:\Users\Jana\Documents\Mobogenie
2014-02-18 21:54 - 2014-02-18 21:54 - 00000000 ____D () C:\Users\Jana\AppData\Local\genienext
2014-02-18 21:54 - 2014-02-18 21:54 - 00000000 _____ () C:\Users\Jana\daemonprocess.txt
2014-02-18 21:52 - 2014-03-10 15:07 - 00000000 ____D () C:\Program Files\Mobogenie
2014-02-18 18:24 - 2014-02-18 18:35 - 733913667 _____ () C:\Users\Jana\Downloads\Shanghai Noon.mp4
2014-02-18 18:23 - 2014-02-18 18:23 - 00015453 _____ () C:\Users\Jana\Downloads\Shanghai+Noon%282000%29DVDRip.AC3%28ENG%29-DROCK.torrent
2014-02-18 18:22 - 2014-02-18 21:31 - 00000000 ____D () C:\Users\Jana\Downloads\Little.Big.Soldier.2010.720p.BRRip.XviD.AC3-RARBG
2014-02-18 18:22 - 2014-02-18 18:39 - 00000000 ____D () C:\Users\Jana\Downloads\Shanghai Knights (2003)
2014-02-18 18:22 - 2014-02-18 18:22 - 00015956 _____ () C:\Users\Jana\Downloads\Shanghai+Knights+%282003%29+720p+BrRip+x264+-+YIFY.torrent
2014-02-18 18:21 - 2014-02-18 21:40 - 00000000 ____D () C:\Users\Jana\Downloads\Rush.Hour.Trilogy[2007]DvDrip-aXXo
2014-02-18 18:20 - 2014-02-18 18:20 - 00089676 _____ () C:\Users\Jana\Downloads\Rush.Hour.Trilogy%5B2007%5DDvDrip-aXXo+%283370907%29.torrent
2014-02-18 18:18 - 2014-02-18 18:18 - 00031810 _____ () C:\Users\Jana\Downloads\Little+Big+Soldier+2010+720p+BRRip+XviD+AC3-RARBG.torrent
2014-02-16 22:06 - 2014-02-06 11:38 - 17103872 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2014-02-16 22:06 - 2014-02-06 11:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2014-02-16 22:06 - 2014-02-06 11:19 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2014-02-16 22:06 - 2014-02-06 11:01 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2014-02-16 22:06 - 2014-02-06 11:00 - 00051200 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2014-02-16 22:06 - 2014-02-06 10:57 - 02168320 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2014-02-16 22:06 - 2014-02-06 10:52 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2014-02-16 22:06 - 2014-02-06 10:52 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2014-02-16 22:06 - 2014-02-06 10:49 - 00440832 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2014-02-16 22:06 - 2014-02-06 10:47 - 00112128 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2014-02-16 22:06 - 2014-02-06 10:47 - 00108032 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2014-02-16 22:06 - 2014-02-06 10:46 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2014-02-16 22:06 - 2014-02-06 10:34 - 00208896 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2014-02-16 22:06 - 2014-02-06 10:25 - 04244480 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2014-02-16 22:06 - 2014-02-06 10:25 - 00164864 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2014-02-16 22:06 - 2014-02-06 10:13 - 00524288 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2014-02-16 22:06 - 2014-02-06 10:09 - 01964032 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2014-02-16 22:06 - 2014-02-06 10:03 - 11266048 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2014-02-16 22:06 - 2014-02-06 09:41 - 01820160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2014-02-16 22:06 - 2014-02-06 09:36 - 01156096 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2014-02-16 22:06 - 2014-02-06 09:34 - 00703488 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2014-02-16 21:45 - 2013-12-21 09:56 - 00454656 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2014-02-16 14:55 - 2014-02-17 16:48 - 00000000 ____D () C:\Users\Jana\Downloads\Escape Plan (2013)
2014-02-16 14:53 - 2014-02-16 14:53 - 00009438 _____ () C:\Users\Jana\Downloads\Escape+Plan+%282013%29+720p+BrRip+x264+-+YIFY.torrent
2014-02-16 14:45 - 2014-02-16 14:48 - 00000000 ____D () C:\Users\Jana\Downloads\Anna Karenina (2012)
2014-02-16 14:44 - 2014-02-16 14:44 - 00017752 _____ () C:\Users\Jana\Downloads\Anna+Karenina+%282012%29+720p+BrRip+x264+-+YIFY.torrent
2014-02-16 09:05 - 2014-01-01 00:05 - 00420008 _____ () C:\Windows\system32\locale.nls
2014-02-16 09:05 - 2013-12-06 03:02 - 01237504 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2014-02-16 09:05 - 2013-12-06 03:02 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\msxml3r.dll
2014-02-16 09:04 - 2013-12-25 00:09 - 01987584 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2014-02-16 09:04 - 2013-12-04 03:03 - 00428032 _____ (Microsoft Corporation) C:\Windows\system32\secproc.dll
2014-02-16 09:04 - 2013-12-04 03:03 - 00423936 _____ (Microsoft Corporation) C:\Windows\system32\secproc_isv.dll
2014-02-16 09:04 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp_isv.dll
2014-02-16 09:04 - 2013-12-04 03:03 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\secproc_ssp.dll
2014-02-16 09:04 - 2013-12-04 03:02 - 00390144 _____ (Microsoft Corporation) C:\Windows\system32\msdrm.dll
2014-02-16 09:04 - 2013-12-04 02:54 - 00594944 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_isv.exe
2014-02-16 09:04 - 2013-12-04 02:54 - 00572416 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate.exe
2014-02-16 09:04 - 2013-12-04 02:54 - 00510976 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp.exe
2014-02-16 09:04 - 2013-12-04 02:54 - 00508928 _____ (Microsoft Corporation) C:\Windows\system32\RMActivate_ssp_isv.exe
2014-02-16 09:04 - 2013-11-26 09:16 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll

==================== One Month Modified Files and Folders =======

2014-03-11 13:19 - 2014-03-11 13:18 - 00012433 _____ () C:\Users\Jana\Desktop\FRST.txt
2014-03-11 13:19 - 2013-01-06 17:42 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\uTorrent
2014-03-11 13:19 - 2012-06-21 07:26 - 67018906 _____ () C:\Windows\system32\cwlog.dtl
2014-03-11 13:18 - 2014-03-11 13:17 - 00000000 ____D () C:\FRST
2014-03-11 13:16 - 2014-03-11 13:16 - 00112640 _____ (forum.viry.cz) C:\Users\Jana\Desktop\FRSTLauncher.exe
2014-03-11 13:15 - 2014-03-11 13:15 - 00781909 _____ () C:\Users\Jana\Desktop\RSIT.exe
2014-03-11 13:15 - 2014-03-07 20:41 - 00000000 ____D () C:\Program Files\trend micro
2014-03-11 13:06 - 2009-07-14 05:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-11 13:06 - 2009-07-14 05:34 - 00022096 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-11 13:02 - 2012-11-14 09:01 - 00000914 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-11 11:53 - 2014-03-04 21:54 - 00000000 ____D () C:\Users\Jana\Desktop\Moje práce
2014-03-11 11:26 - 2012-05-04 16:27 - 01599024 _____ () C:\Windows\WindowsUpdate.log
2014-03-11 09:26 - 2012-05-16 13:11 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Mozilla
2014-03-11 09:08 - 2012-05-17 06:54 - 00000266 _____ () C:\Windows\Tasks\AutoKMS.job
2014-03-11 09:06 - 2009-07-14 05:53 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-11 09:06 - 2009-07-14 05:39 - 00086411 _____ () C:\Windows\setupact.log
2014-03-11 09:05 - 2012-05-04 12:56 - 00107770 _____ () C:\Windows\PFRO.log
2014-03-10 15:07 - 2014-02-18 21:52 - 00000000 ____D () C:\Program Files\Mobogenie
2014-03-10 09:38 - 2012-06-14 10:23 - 00000000 ____D () C:\Program Files\The KMPlayer
2014-03-09 22:29 - 2014-03-09 22:29 - 00688992 ____R (Swearware) C:\Users\Jana\Desktop\dds.exe
2014-03-09 10:02 - 2014-03-09 10:02 - 01145344 _____ (Farbar) C:\Users\Jana\Desktop\FRST.exe
2014-03-08 15:58 - 2013-11-27 15:31 - 00000000 ____D () C:\Users\Jana\Desktop\x-phi
2014-03-07 22:41 - 2014-03-07 22:25 - 00016182 _____ () C:\UsbFix [Clean 1] TOM-PC.txt
2014-03-07 22:40 - 2014-03-07 22:24 - 00000000 ____D () C:\UsbFix
2014-03-07 22:08 - 2014-01-13 14:01 - 00000000 ____D () C:\Users\Jana\Desktop\foto
2014-03-07 21:50 - 2014-03-07 21:50 - 00000000 _____ () C:\Users\Jana\Downloads\FRSTLauncher.exe
2014-03-07 21:19 - 2014-03-07 21:19 - 00000000 ____D () C:\Windows\system32\appmgmt
2014-03-07 21:09 - 2012-12-05 23:01 - 00000000 ____D () C:\Program Files\Ubisoft
2014-03-07 20:41 - 2014-03-07 20:41 - 00000000 ____D () C:\rsit
2014-03-07 13:06 - 2013-01-04 10:56 - 00000000 ____D () C:\Users\Jana\Desktop\Hudba
2014-03-07 13:06 - 2012-05-04 10:37 - 01590786 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-04 22:04 - 2012-10-09 08:25 - 00000000 ____D () C:\Program Files\Opera
2014-03-04 14:27 - 2014-03-04 14:26 - 00000000 ____D () C:\Users\Jana\Downloads\First Aid Kit - Studio Disography (2012) MP3VBR Beolab1700
2014-03-01 10:36 - 2014-03-01 10:36 - 00001862 _____ () C:\Users\Public\Desktop\Verdict Free.lnk
2014-03-01 10:36 - 2014-03-01 10:36 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Verdict Free
2014-03-01 10:36 - 2014-03-01 10:36 - 00000000 ____D () C:\Program Files\Verdict Free
2014-02-28 20:13 - 2009-07-14 03:37 - 00000000 ____D () C:\Windows\Microsoft.NET
2014-02-28 19:41 - 2014-02-28 19:41 - 00000000 ____D () C:\Users\Jana\Downloads\Levi-Strauss---mysleni-prirodnich-narodu
2014-02-28 19:15 - 2014-02-28 19:01 - 254066648 _____ () C:\Users\Jana\Downloads\Levi-Strauss---mysleni-prirodnich-narodu.rar
2014-02-28 18:46 - 2014-02-28 18:39 - 104931511 _____ () C:\Users\Jana\Downloads\Dějiny-společenských-teorií.zip
2014-02-28 18:19 - 2014-02-28 18:08 - 00000000 ____D () C:\Users\Jana\Desktop\grafy
2014-02-26 10:25 - 2012-05-16 13:11 - 00000000 ____D () C:\Users\Jana\AppData\Local\Mozilla
2014-02-26 10:05 - 2014-02-26 10:05 - 00000000 ____D () C:\Windows\system32\jmdp
2014-02-25 19:46 - 2013-01-02 15:42 - 00000000 ____D () C:\Windows\system32\WNLT
2014-02-25 19:46 - 2013-01-02 15:42 - 00000000 ____D () C:\Windows\system32\ARFC
2014-02-24 12:03 - 2012-06-18 18:02 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2014-02-24 12:03 - 2012-06-18 18:02 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2014-02-24 09:09 - 2014-02-18 21:55 - 00000000 ____D () C:\Users\Jana\AppData\Roaming\newnext.me
2014-02-18 22:04 - 2014-02-18 21:54 - 00000000 ____D () C:\Users\Jana\AppData\Local\Mobogenie
2014-02-18 21:54 - 2014-02-18 21:54 - 00000000 ____D () C:\Users\Jana\Documents\Mobogenie
2014-02-18 21:54 - 2014-02-18 21:54 - 00000000 ____D () C:\Users\Jana\AppData\Local\genienext
2014-02-18 21:54 - 2014-02-18 21:54 - 00000000 _____ () C:\Users\Jana\daemonprocess.txt
2014-02-18 21:54 - 2012-05-04 10:32 - 00000000 ____D () C:\Users\Jana
2014-02-18 21:50 - 2014-01-21 21:47 - 00000997 _____ () C:\Users\Jana\Desktop\KMPlayer.lnk
2014-02-18 21:40 - 2014-02-18 18:21 - 00000000 ____D () C:\Users\Jana\Downloads\Rush.Hour.Trilogy[2007]DvDrip-aXXo
2014-02-18 21:31 - 2014-02-18 18:22 - 00000000 ____D () C:\Users\Jana\Downloads\Little.Big.Soldier.2010.720p.BRRip.XviD.AC3-RARBG
2014-02-18 18:39 - 2014-02-18 18:22 - 00000000 ____D () C:\Users\Jana\Downloads\Shanghai Knights (2003)
2014-02-18 18:35 - 2014-02-18 18:24 - 733913667 _____ () C:\Users\Jana\Downloads\Shanghai Noon.mp4
2014-02-18 18:23 - 2014-02-18 18:23 - 00015453 _____ () C:\Users\Jana\Downloads\Shanghai+Noon%282000%29DVDRip.AC3%28ENG%29-DROCK.torrent
2014-02-18 18:22 - 2014-02-18 18:22 - 00015956 _____ () C:\Users\Jana\Downloads\Shanghai+Knights+%282003%29+720p+BrRip+x264+-+YIFY.torrent
2014-02-18 18:20 - 2014-02-18 18:20 - 00089676 _____ () C:\Users\Jana\Downloads\Rush.Hour.Trilogy%5B2007%5DDvDrip-aXXo+%283370907%29.torrent
2014-02-18 18:18 - 2014-02-18 18:18 - 00031810 _____ () C:\Users\Jana\Downloads\Little+Big+Soldier+2010+720p+BRRip+XviD+AC3-RARBG.torrent
2014-02-17 16:48 - 2014-02-16 14:55 - 00000000 ____D () C:\Users\Jana\Downloads\Escape Plan (2013)
2014-02-16 22:12 - 2012-05-04 12:15 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-02-16 21:47 - 2009-07-14 03:04 - 00000478 _____ () C:\Windows\win.ini
2014-02-16 15:08 - 2013-12-05 20:38 - 00000000 ____D () C:\Users\Jana\Downloads\Inside Im Dancing DVDRip XviD-BONE
2014-02-16 14:53 - 2014-02-16 14:53 - 00009438 _____ () C:\Users\Jana\Downloads\Escape+Plan+%282013%29+720p+BrRip+x264+-+YIFY.torrent
2014-02-16 14:48 - 2014-02-16 14:45 - 00000000 ____D () C:\Users\Jana\Downloads\Anna Karenina (2012)
2014-02-16 14:44 - 2014-02-16 14:44 - 00017752 _____ () C:\Users\Jana\Downloads\Anna+Karenina+%282012%29+720p+BrRip+x264+-+YIFY.torrent
2014-02-09 12:02 - 2014-02-01 19:12 - 00000000 ____D () C:\Users\Jana\Desktop\Filmy

Files to move or delete:
====================
C:\ProgramData\PKP_DLes.DAT
C:\ProgramData\PKP_DLet.DAT
C:\ProgramData\PKP_DLeu.DAT
C:\ProgramData\PKP_DLev.DAT


Some content of TEMP:
====================
C:\Users\Jana\AppData\Local\Temp\OptimizerPro.exe
C:\Users\Jana\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Jana\AppData\Local\Temp\vlc-2.0.6-win32.exe
C:\Users\Jana\AppData\Local\Temp\vlc-2.0.8-win32.exe
C:\Users\Jana\AppData\Local\Temp\_is819D.exe
C:\Users\Jana\AppData\Local\Temp\_is86EA.exe


==================== Bamital & volsnap Check =================

C:\Windows\explorer.exe => MD5 is legit
C:\Windows\system32\winlogon.exe
[2012-05-16 08:09] - [2010-11-20 13:17] - 0285696 ____A (Microsoft Corporation) 1562571D6B1541098E677C3BB78709A0

C:\Windows\system32\wininit.exe => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\services.exe => MD5 is legit
C:\Windows\system32\User32.dll
[2012-05-16 08:09] - [2010-11-20 13:21] - 0811520 ____A (Microsoft Corporation) BE8C64439F1E2AF088063218C16EB9FE

C:\Windows\system32\userinit.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
C:\Windows\system32\Drivers\volsnap.sys => MD5 is legit



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================


==================== Scheduled Tasks (whitelisted) ==================

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\AutoKMS.job => C:\WINDOWS\AutoKMS\AutoKMS.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Users\Jana\Desktop" je 20335 MB.


***** Startup Programs *****


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
DisableNotifications REG_DWORD 0x0
EnableFirewall REG_DWORD 0x1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"Generalize_DisableSR"=dword:00000000


==================== End Of Log ==============================

Re: Soubory a složky na USB změněné na zástupce

Napsal: 11 bře 2014 13:22
od vyosek
:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Scan a nasledne Clean
  • Probehne oprava, restart PC a pak se objevi log, pripadne bude ulozen ve slozce c:\AdwCleaner\AdwCleaner[S?].txt, ten sem vlozte
:arrow: Stahnete Zoek.exe http://hijackthis.nl/smeenk/ a ulozte jej na plochu
  • Pokud pouzivate Win Vista ci W7, kliknete na Zoek pravym a dejte Run As Administrator ci Spustit jako spravce
  • Do okna vlozte skript nize

  • Kód: Vybrat vše

    autoclean;
emptyclsid;
iedefaults;
FFdefaults;
CHRdefaults;
emptyalltemp;
resethosts;
  • Nasledne kliknete na Run Script
  • PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Re: Soubory a složky na USB změněné na zástupce

Napsal: 11 bře 2014 23:26
od Tomas_R
# AdwCleaner v3.021 - Report created 11/03/2014 at 23:20:56
# Updated 10/03/2014 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (32 bits)
# Username : Jana - TOM-PC
# Running from : C:\Users\Jana\Desktop\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

Service Deleted : IB Updater
[#] Service Deleted : IBUpdaterService

***** [ Files / Folders ] *****

Folder Deleted : C:\Program Files\driver-soft
Folder Deleted : C:\Program Files\IB Updater
Folder Deleted : C:\Program Files\incredibar.com
Folder Deleted : C:\Program Files\Mobogenie
Folder Deleted : C:\Windows\system32\ARFC
Folder Deleted : C:\Windows\system32\jmdp
Folder Deleted : C:\Windows\system32\WNLT
Folder Deleted : C:\Users\Jana\AppData\Local\genienext
Folder Deleted : C:\Users\Jana\AppData\Local\Mobogenie
Folder Deleted : C:\Users\Jana\AppData\Roaming\newnext.me
Folder Deleted : C:\Users\Jana\Documents\Mobogenie
Folder Deleted : C:\Users\Administrator\AppData\LocalLow\incredibar.com
Folder Deleted : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
File Deleted : C:\Windows\system32\dmwu.exe
File Deleted : C:\Windows\system32\ImhxxpComm.dll
File Deleted : C:\Program Files\Mozilla Firefox\user.js

***** [ Shortcuts ] *****


***** [ Registry ] *****

Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{336D0C35-8A85-403A-B9D2-65C292C39087}]
Value Deleted : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [{FE1DEEEA-DB6D-44B8-83F0-34FC0F9D1052}]
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Key Deleted : HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Key Deleted : HKLM\SOFTWARE\Classes\I
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr
Key Deleted : HKLM\SOFTWARE\Classes\Incredibar.IncredibarHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\apnstub_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\incredibar_installer_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\MobogenieAdd
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-chrome-portable_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SoftonicDownloader_for_google-chrome-portable_RASMANCS
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{00000001-4FEF-40D3-B3FA-E0531B897F98}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{059EACC2-1ABE-49E8-928D-DC8BD355B7A9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{4C836512-BB70-11D2-A5A7-00105A9C91C6}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{64697678-0000-0010-8000-00AA00389B71}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6FDBBC21-E399-4542-B4CE-86326E1F0727}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7B878FD4-8F19-46DB-94B1-4CABFF80679C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8BA495EF-6CD5-413A-8AEF-483631B98C4F}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8C71E394-2E6F-452A-AB7D-C17E78307083}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BADB1512-759C-4792-A18A-DD6BDC4E1991}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{DB797690-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E54FBC83-9028-45AC-A5B9-D5DA828E59C2}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{633AA60B-C339-46C3-951F-047F9822C473}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{9156C8F9-B397-4DEF-8AC5-5966221A134A}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A8E5842E-102B-4289-9D57-3B3F5B5E15D3}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{DB797681-40E0-11D2-9BD5-0060082AE372}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403A-B9D2-65C292C39087}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9639E4A-801B-4843-AEE3-03D9DA199E77}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{F9639E4A-801B-4843-AEE3-03D9DA199E77}]
Key Deleted : HKCU\Software\APN PIP
Key Deleted : HKCU\Software\IM
Key Deleted : HKCU\Software\ImInstaller
Key Deleted : HKCU\Software\PIP
Key Deleted : HKCU\Software\Softonic
Key Deleted : HKCU\Software\wnlt
Key Deleted : HKLM\Software\Driver-Soft
Key Deleted : HKLM\Software\IB Updater
Key Deleted : HKLM\Software\incredibar.com
Key Deleted : HKLM\Software\PIP
Key Deleted : HKLM\Software\wnlt
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\incredibar
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v11.0.9600.16518


-\\ Mozilla Firefox v

[ File : C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\acs55f4a.default\prefs.js ]


-\\ Google Chrome v

[ File : C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [9721 octets] - [11/03/2014 23:16:52]
AdwCleaner[S0].txt - [9916 octets] - [11/03/2014 23:20:56]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [9976 octets] ##########

Re: Soubory a složky na USB změněné na zástupce

Napsal: 12 bře 2014 00:10
od Tomas_R
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by Jana on Łt 11.03.2014 at 23:37:14,21.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1 x86
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Jana\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

11.3.2014 23:44:43 Zoek.exe System Restore Point Created Succesfully.

==== Reset Hosts File ======================

# Copyright (c) 1993-2006 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
# 102.54.94.97 rhino.acme.com # source server
# 38.25.63.10 x.acme.com # x client host

# localhost name resolution is handle within DNS itself.
127.0.0.1 localhost
::1 localhost

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{336D0C35-8A85-403a-B9D2-65C292C39087} deleted successfully
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{FE1DEEEA-DB6D-44b8-83F0-34FC0F9D1052} deleted successfully

==== Deleting Services ======================


==== FireFox Fix ======================

Deleted from C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\acs55f4a.default\prefs.js:

Added to C:\Users\Jana\AppData\Roaming\Mozilla\Firefox\Profiles\acs55f4a.default\prefs.js:
user_pref("browser.startup.homepage", "http://www.google.com");
user_pref("browser.search.defaulturl", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.newtab.url", "http://www.google.com/");
user_pref("browser.search.defaultengine", "Google");
user_pref("browser.search.defaultenginename", "Google");
user_pref("browser.search.selectedEngine", "Google");
user_pref("browser.search.order.1", "Google");
user_pref("keyword.URL", "http://www.google.com/search?btnG=Google+Search&q=");
user_pref("browser.search.suggest.enabled", true);
user_pref("browser.search.useDBForOrder", true);

==== Deleting Files \ Folders ======================

C:\Users\Jana\daemonprocess.txt deleted
C:\Program Files\Chrome deleted
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd deleted
C:\user.js deleted
"C:\Users\Jana\AppData\Roaming\Widgets" deleted
"C:\Users\Jana\AppData\Roaming\Woodwind" deleted
"C:\Users\Jana\AppData\Roaming\Woodwinds" deleted
"C:\Users\Jana\AppData\Roaming\Work - Home" deleted
"C:\ProgramData\business-inkjet" deleted
"C:\ProgramData\designjet" deleted
"C:\ProgramData\deskjet" deleted
"C:\ProgramData\vhosts" deleted
"C:\ProgramData\Workflows" deleted

==== Firefox Extensions ======================

AppDir: C:\Program Files\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================


==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
No DefaultScope Set For HKCU

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://fr.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{searchCLSID} Unknown Url="Not_Found"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing Url="http://www.bing.com/search?q={searchTer ... ORM=IE11SR"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google Url="http://www.google.com/search?q={searchT ... {startPage}"

==== Reset Google Chrome ======================

C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== Empty IE Cache ======================

C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Administrator\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Jana\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Jana\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Cache found

==== Empty Chrome Cache ======================

C:\Users\Jana\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=3 folders=2 1556 bytes)

==== Empty Temp Folders ======================

C:\Users\Administrator\AppData\Local\Temp emptied successfully
C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\Default User\AppData\Local\Temp emptied successfully
C:\Users\Jana\AppData\Local\Temp will be emptied at reboot
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Jana\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on st 12.03.2014 at 0:13:06,94 ======================

Re: Soubory a složky na USB změněné na zástupce

Napsal: 12 bře 2014 07:34
od vyosek
Poprosim o FRST http://forum.viry.cz/viewtopic.php?f=13&t=133100
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz