VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Skryté soubory na flashce

https://forum.viry.cz:443/viewtopic.php?t=144794

Stránka 1 z 2

Skryté soubory na flashce

Napsal: 10 čer 2015 22:37
od nonevim
Zdravím,

mám asi nějakou havěť v PC (XP SP3). Jednak mi poslední dobou stále vyskakuje MSIL/Bladabindi, co ho do PC stahuje však už antivirák (Microsoft Security Essentials)neobjevil, ani KVRT od Kasperskyho nenašel nic (fakt je, že poslední 2 dny se Bladabi neobjevil) .

Zásadní problém ale je, že se mi na flashce soubory mění na skryté a k nim se vytváří zástupci. Flashku jsem naformátoval, zkontroloval jsem ji i chkdskem, nicméně problém trvá, takže to vypadá na něco v kompu.

Prosím o pomoc

Re: Skryté soubory na flashce

Napsal: 10 čer 2015 23:48
od altrok
Zdravim,


na uvod dejte log z FRST (vizte oranzovy obdelnik s instrukcemi nad Vasim prvnim prispevkem) a koukneme na to.

Re: Skryté soubory na flashce

Napsal: 11 čer 2015 11:14
od nonevim
Log z FRST: (BTW flashku jsem tam zasunul až když už běžel scan, omlouvám se)


Files to move or delete:
====================
C:\Windows\Tasks\{4F233664-495B-7CC4-096E-B162862A0B24}.job


Some files in TEMP:
====================
C:\Documents and Settings\HP\Local Settings\Temp\0GOzOLM.exe
C:\Documents and Settings\HP\Local Settings\Temp\GBCVD.EXE
C:\Documents and Settings\HP\Local Settings\Temp\HJKL.EXE
C:\Documents and Settings\HP\Local Settings\Temp\hjo.exe
C:\Documents and Settings\HP\Local Settings\Temp\KJKJH.EXE
C:\Documents and Settings\HP\Local Settings\Temp\LKO.EXE
C:\Documents and Settings\HP\Local Settings\Temp\MLK.EXE
C:\Documents and Settings\HP\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\HP\Local Settings\Temp\NOSEventMessages.dll
C:\Documents and Settings\HP\Local Settings\Temp\PKIComponent-KBExt-setup.exe
C:\Documents and Settings\HP\Local Settings\Temp\Tierra.exe
C:\Documents and Settings\HP\Local Settings\Temp\~121.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed



===***===***===***=== Extract of Additional scan result of Farbar Recovery Scan Tool ===***===***===***===

==================== Drive and Memory info ===================



==================== MBR and Partition Table ==================

Image Resizer Powertoy for Windows XP (HKLM\...\{1CB92574-96F2-467B-B793-5CEB35C40C29}) (Version: 1.00.0001 - Microsoft Corporation)

==================== Scheduled Tasks (whitelisted) ==================

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040cbb27bfbc.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09039f6744036.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\User_Feed_Synchronization-{5D0B30D7-FF8F-4D24-92BE-6881A78A51DD}.job => C:\WINDOWS\system32\msfeedssync.exe
Task: C:\WINDOWS\Tasks\{4F233664-495B-7CC4-096E-B162862A0B24}.job => C:\Documents and Settings\HP\Data aplikací\LVQkJmNN\zrDGekFZ\AsdnrPjm\csOhEjwQl.exe

==================== Alternate Data Streams (whitelisted) ==================


==================== Security Center ==================

AV: Microsoft Security Essentials (Enabled - Up to date) {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
AV: Microsoft Security Essentials (Disabled - Up to date) {BCF43643-A118-4432-AEDE-D861FCBCFCDF}



===***===***===***=== Supplementary Scan createdy by FRSTLauncher ===***===***===***===
Posledni aktualizace FRSTLauncheru: 25_11_2013 (01)
Posledni aktualizace Modifikacniho skriptu: 30_09_2013 (01)


***** Velikost "Plochy" *****

Velikost slozky "C:\Documents and Settings\HP\Plocha" je 2 MB.


***** Startup Programs *****

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck
%systemroot%\system32\dumprep 0 -k [x]

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background [x]


***** Firewall rules *****

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall REG_DWORD 0x0
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall REG_DWORD 0x1
DisableNotifications REG_DWORD 0x0
DoNotAllowExceptions REG_DWORD 0x0


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"


[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\\system32\\sessmgr.exe"="%windir%\\system32\\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\\Network Diagnostic\\xpnetdiag.exe"="%windir%\\Network Diagnostic\\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\\Program Files\\Internet Explorer\\iexplore.exe"="C:\\Program Files\\Internet Explorer\\iexplore.exe:*:Enabled:Internet Explorer"
"C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe"="C:\\Program Files\\Common Files\\Nokia\\Service Layer\\A\\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe"="C:\\Program Files\\Nokia\\Nokia Ovi Suite\\NokiaOviSuite.exe:*:Enabled:Nokia Ovi Suite"
"C:\\WINDOWS\\explorer.exe"="C:\\WINDOWS\\explorer.exe:*:Disabled:Przkumnk Windows"
"C:\\Documents and Settings\\HP\\Dokumenty\\Hudba\\RollerCoaster Tycoon\\Rct.exe"="C:\\Documents and Settings\\HP\\Dokumenty\\Hudba\\RollerCoaster Tycoon\\Rct.exe:*:Disabled:Rct"
"C:\\Program Files\\Mozilla Firefox\\firefox.exe"="C:\\Program Files\\Mozilla Firefox\\firefox.exe:*:Enabled:Firefox (C:\\Program Files\\Mozilla Firefox)"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]


***** System Restore *****

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR"=dword:00000000

Re: Skryté soubory na flashce

Napsal: 11 čer 2015 18:48
od altrok
:arrow: Spustte samotny FRST.exe/FRST64.exe a kliknete na scan (bez FRSTLauncheru). Obsah frst.txt vlozte.

Re: Skryté soubory na flashce

Napsal: 11 čer 2015 19:05
od nonevim
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 08-06-2015
Ran by HP (administrator) on HOVORCI on 11-06-2015 19:59:58
Running from C:\Documents and Settings\HP\Plocha
Loaded Profiles: HP (Available Profiles: HP & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Sun Microsystems, Inc.) C:\Program Files\Java\jre6\bin\jqs.exe
(NVIDIA Corporation) C:\WINDOWS\system32\nvsvc32.exe
(Microsoft Corporation) C:\Program Files\UPHClean\uphclean.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Microsoft Corporation) C:\WINDOWS\system32\wscript.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKLM\...\Run: [update] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\update.js" <===== ATTENTION
HKLM\...\Run: [system] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\system.js" <===== ATTENTION
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-05-27] (Google Inc.)
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [update] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\update.js" <===== ATTENTION
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [system] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\system.js" <===== ATTENTION
HKU\S-1-5-21-790525478-117609710-839522115-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
Startup: C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\system.js [2015-06-10] ()
Startup: C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\update.js [2015-05-27] ()
BootExecute: autocheck autochk /p \??\D:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-790525478-117609710-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
SearchScopes: HKLM -> DefaultScope value is missing
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-04] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-04-12] (Sun Microsystems, Inc.)
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-04-12] (Sun Microsystems, Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-790525478-117609710-839522115-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-790525478-117609710-839522115-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3448011171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3448054093
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP\Data aplikací\Mozilla\Firefox\Profiles\uneb2417.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2009-04-28] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-790525478-117609710-839522115-1004: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\HP\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-09-26] (Komerční banka, a.s.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF Extension: Java Quick Starter - C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009-05-27]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 JavaQuickStarterService; C:\Program Files\Java\jre6\bin\jqs.exe [153376 2010-04-12] (Sun Microsystems, Inc.)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
R2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [192573 2004-03-05] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)
S2 NvUpdSrv; C:\Program Files\NVIDIA Corporation\Updates\NvdUpd.exe [X]

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
R1 MpKsl58380f92; c:\Documents and Settings\All Users\Data aplikací\Microsoft\Microsoft Antimalware\Definition Updates\{B1CCDD2D-845A-4D33-9C69-BED6CF6B3FA5}\MpKsl58380f92.sys [39464 2015-06-11] (Microsoft Corporation)
S3 nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [731648 2001-08-17] (NVIDIA Corporation)
R2 pmem; C:\WINDOWS\System32\DRIVERS\pmemnt.sys [7012 2004-08-02] (Microsoft Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
S1 aauupecj; \??\C:\WINDOWS\system32\drivers\aauupecj.sys [X]
S1 epkhjwrh; \??\C:\WINDOWS\system32\drivers\epkhjwrh.sys [X]
S1 gktuxbpi; \??\C:\WINDOWS\system32\drivers\gktuxbpi.sys [X]
S1 hjoqixaz; \??\C:\WINDOWS\system32\drivers\hjoqixaz.sys [X]
S4 hpt3xx; No ImagePath
S1 itovsago; \??\C:\WINDOWS\system32\drivers\itovsago.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S1 qumdevtt; \??\C:\WINDOWS\system32\drivers\qumdevtt.sys [X]
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)
S1 ussisyuc; \??\C:\WINDOWS\system32\drivers\ussisyuc.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 12:24 - 2015-06-11 12:24 - 00006081 _____ C:\Documents and Settings\HP\Plocha\Addition.rar
2015-06-11 12:08 - 2015-06-11 12:08 - 00047280 _____ C:\Documents and Settings\HP\Plocha\Addition.txt
2015-06-11 12:06 - 2015-06-11 20:00 - 00010050 _____ C:\Documents and Settings\HP\Plocha\FRST.txt
2015-06-11 12:06 - 2015-06-11 20:00 - 00000000 ____D C:\FRST
2015-06-11 12:05 - 2015-06-11 12:05 - 00029696 _____ C:\Documents and Settings\HP\Local Settings\Data aplikací\MSGBOX.EXE
2015-06-11 12:05 - 2015-06-11 12:05 - 00015327 _____ C:\Documents and Settings\HP\Plocha\LM.bat
2015-06-11 12:04 - 2015-06-11 12:04 - 00112640 _____ (forum.viry.cz) C:\Documents and Settings\HP\Plocha\FRSTLauncher.exe
2015-06-11 12:03 - 2015-06-11 12:03 - 01147904 _____ (Farbar) C:\Documents and Settings\HP\Plocha\FRST.exe
2015-06-10 15:19 - 2015-06-10 15:22 - 00000000 ____D C:\KVRT_Data
2015-06-03 12:15 - 2015-06-04 21:50 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-02 23:33 - 2015-06-02 23:33 - 00002534 _____ C:\Documents and Settings\HP\Plocha\RKreport[8]_S_06022015_02d2333.txt
2015-06-02 23:23 - 2015-06-03 01:20 - 00000000 ____D C:\Documents and Settings\HP\Dokumenty\BCKP_USB
2015-05-17 02:39 - 2015-06-11 11:29 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09039f6744036.job

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-11 20:00 - 2011-12-17 17:40 - 00000000 ____D C:\Documents and Settings\HP\Local Settings\Temp
2015-06-11 20:00 - 2009-05-27 19:45 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-06-11 19:58 - 2009-05-27 21:11 - 00000466 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5D0B30D7-FF8F-4D24-92BE-6881A78A51DD}.job
2015-06-11 19:19 - 2011-12-21 01:27 - 00000940 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-06-11 18:58 - 2009-05-27 19:45 - 00032282 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-11 12:24 - 2011-12-17 17:40 - 00000000 ____D C:\Documents and Settings\HP\Plocha
2015-06-11 12:05 - 2011-12-17 17:40 - 00000000 ___HD C:\Documents and Settings\HP\Local Settings\Data aplikací
2015-06-11 12:04 - 2015-02-22 00:59 - 00000000 ____D C:\Program Files\Instalačky
2015-06-11 11:41 - 2011-12-21 02:15 - 00000000 ___RD C:\Documents and Settings\HP\Dokumenty\Filmy
2015-06-11 11:39 - 2013-10-27 14:02 - 00000396 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-06-11 11:39 - 2012-07-16 01:46 - 00000000 ____D C:\Documents and Settings\HP\Dokumenty\Hudba
2015-06-11 11:30 - 2009-05-27 21:33 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-11 11:30 - 2009-05-27 21:33 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-11 11:30 - 2009-05-27 20:11 - 01884384 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-11 11:30 - 2004-08-02 20:03 - 00004598 _____ C:\WINDOWS\system32\nvapps.xml
2015-06-11 11:30 - 2001-10-25 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-11 11:29 - 2015-02-05 00:36 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040cbb27bfbc.job
2015-06-11 11:29 - 2014-09-04 13:58 - 00000356 _____ C:\WINDOWS\Tasks\{4F233664-495B-7CC4-096E-B162862A0B24}.job
2015-06-11 11:29 - 2011-12-21 01:27 - 00000936 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-06-11 11:29 - 2009-05-27 19:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-10 16:09 - 2015-02-11 00:30 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-06-10 15:54 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění
2015-06-10 01:33 - 2001-10-25 14:00 - 00000554 _____ C:\WINDOWS\win.ini
2015-06-09 01:41 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Dokumenty\Obrázky
2015-06-08 15:00 - 2015-04-21 10:28 - 00000210 _____ C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job
2015-06-07 13:50 - 2014-11-13 22:31 - 00000000 ____D C:\Documents and Settings\HP\Dokumenty\MEDIC
2015-06-07 12:18 - 2014-04-23 01:44 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2015-06-07 12:05 - 2014-04-23 01:44 - 00000000 ____D C:\Documents and Settings\HP\Local Settings\Data aplikací\AskPartnerNetwork
2015-06-06 12:50 - 2009-05-27 20:06 - 00058299 _____ C:\WINDOWS\wmsetup.log
2015-06-06 12:47 - 2011-12-21 09:57 - 00140288 _____ C:\Documents and Settings\HP\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-05 10:56 - 2015-03-09 00:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-03 01:15 - 2013-04-04 07:34 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-02 23:33 - 2013-05-04 04:15 - 00000000 ____D C:\Documents and Settings\HP\Plocha\RK_Quarantine
2015-06-02 23:23 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Dokumenty
2015-06-02 23:19 - 2009-05-27 21:31 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-06-02 23:18 - 2009-05-27 21:31 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2015-06-01 18:30 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Oblíbené položky
2015-05-18 02:03 - 2011-12-28 21:39 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat
2015-05-18 02:01 - 2012-01-20 20:25 - 00000000 ____D C:\Documents and Settings\HP\Data aplikací\foobar2000
2015-05-14 12:49 - 2013-09-21 23:54 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-05-14 12:38 - 2009-05-27 21:05 - 137310008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Files in the root of some directories =======

2013-09-12 12:48 - 2013-09-12 13:00 - 0000004 _____ () C:\Documents and Settings\HP\Data aplikací\settings.ini
2011-12-21 09:57 - 2015-06-06 12:47 - 0140288 _____ () C:\Documents and Settings\HP\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-11 12:05 - 2015-06-11 12:05 - 0029696 _____ () C:\Documents and Settings\HP\Local Settings\Data aplikací\MSGBOX.EXE

Files to move or delete:
====================
C:\Windows\Tasks\{4F233664-495B-7CC4-096E-B162862A0B24}.job


Some files in TEMP:
====================
C:\Documents and Settings\HP\Local Settings\Temp\0GOzOLM.exe
C:\Documents and Settings\HP\Local Settings\Temp\GBCVD.EXE
C:\Documents and Settings\HP\Local Settings\Temp\HJKL.EXE
C:\Documents and Settings\HP\Local Settings\Temp\hjo.exe
C:\Documents and Settings\HP\Local Settings\Temp\KJKJH.EXE
C:\Documents and Settings\HP\Local Settings\Temp\LKO.EXE
C:\Documents and Settings\HP\Local Settings\Temp\MLK.EXE
C:\Documents and Settings\HP\Local Settings\Temp\NEventMessages.dll
C:\Documents and Settings\HP\Local Settings\Temp\NOSEventMessages.dll
C:\Documents and Settings\HP\Local Settings\Temp\PKIComponent-KBExt-setup.exe
C:\Documents and Settings\HP\Local Settings\Temp\Tierra.exe
C:\Documents and Settings\HP\Local Settings\Temp\~121.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Re: Skryté soubory na flashce

Napsal: 11 čer 2015 21:43
od altrok
:arrow: Odinstalujte stare a zranitelne verze javy Java(TM) 6 Update 16 a Java(TM) 6 Update 20. Pokud javu potrebujete, pak nainstalujte novou z java.com - pozor na adware pri jeji instalaci http://forum.viry.cz/viewtopic.php?p=1374438#p1374438 . Z hlediska bezpecnosti (exploity) je lepsi ji nemit.



  • Do Poznamkoveho bloku (Start -> spustit -> notepad) zkopirujte obsah bileho pole
  • ulozte na plochu jako fixlist (Typ souboru: Textovy dokument)
  • znovu spustte FRST a kliknete na Fix
  • po restartu bude na plose ulozen fixlog, jehoz obsah mi vlozte do pristi odpovedi

    Kód: Vybrat vše

    Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [update] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\update.js" <===== ATTENTION
HKLM\...\Run: [system] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\system.js" <===== ATTENTION
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [update] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\update.js" <===== ATTENTION
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [system] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\system.js" <===== ATTENTION
Startup: C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\system.js [2015-06-10] ()
Startup: C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\update.js [2015-05-27] ()

SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-790525478-117609710-839522115-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S2 NvUpdSrv; C:\Program Files\NVIDIA Corporation\Updates\NvdUpd.exe [X]
S1 aauupecj; \??\C:\WINDOWS\system32\drivers\aauupecj.sys [X]
S1 epkhjwrh; \??\C:\WINDOWS\system32\drivers\epkhjwrh.sys [X]
S1 gktuxbpi; \??\C:\WINDOWS\system32\drivers\gktuxbpi.sys [X]
S1 hjoqixaz; \??\C:\WINDOWS\system32\drivers\hjoqixaz.sys [X]
S4 hpt3xx; No ImagePath
S1 itovsago; \??\C:\WINDOWS\system32\drivers\itovsago.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S1 qumdevtt; \??\C:\WINDOWS\system32\drivers\qumdevtt.sys [X]
S1 ussisyuc; \??\C:\WINDOWS\system32\drivers\ussisyuc.sys [X]

2015-06-11 12:24 - 2015-06-11 12:24 - 00006081 _____ C:\Documents and Settings\HP\Plocha\Addition.rar
2015-06-11 12:08 - 2015-06-11 12:08 - 00047280 _____ C:\Documents and Settings\HP\Plocha\Addition.txt
2015-06-11 12:06 - 2015-06-11 20:00 - 00010050 _____ C:\Documents and Settings\HP\Plocha\FRST.txt
2015-06-11 12:05 - 2015-06-11 12:05 - 00029696 _____ C:\Documents and Settings\HP\Local Settings\Data aplikací\MSGBOX.EXE
2015-06-11 12:05 - 2015-06-11 12:05 - 00015327 _____ C:\Documents and Settings\HP\Plocha\LM.bat
2015-05-18 02:03 - 2011-12-28 21:39 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040cbb27bfbc.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09039f6744036.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\{4F233664-495B-7CC4-096E-B162862A0B24}.job => C:\Documents and Settings\HP\Data aplikací\LVQkJmNN\zrDGekFZ\AsdnrPjm\csOhEjwQl.exe
C:\Documents and Settings\HP\Data aplikací\LVQkJmNN
Hosts:
EmptyTemp:
End

Re: Skryté soubory na flashce

Napsal: 11 čer 2015 21:56
od nonevim
Chci se jen zeptat: Začaly mi tu vyskakovat chybové hlášky. Teď tu mám

DEF.EXE - součást nelze najít
Aplikace nemohla být spuštěna, protože součást mscoree.dll nelze najít. Potíže pravděpodobně odstraníte opětovnou instalací aplikace.

To hází nějakou chybku FRST nebo v čem může být problém?

Re: Skryté soubory na flashce

Napsal: 11 čer 2015 22:01
od altrok
:arrow: Uprimne, netusim, kteremu z tech (minimalne) dvou smejdu, ktere v PC mate, tato hlaska patri. Je dost mozne, ze hlaska prestane vyskakovat po aplikovani fixlistu.

Re: Skryté soubory na flashce

Napsal: 12 čer 2015 16:31
od nonevim
ix result of Farbar Recovery Scan Tool (x86) Version: 08-06-2015
Ran by HP at 2015-06-12 17:16:58 Run:1
Running from C:\Documents and Settings\HP\Plocha
Loaded Profiles: HP (Available Profiles: HP & Administrator)
Boot Mode: Normal

==============================================

fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
HKLM\...\Run: [SunJavaUpdateSched] => "C:\Program Files\Java\jre6\bin\jusched.exe"
HKLM\...\Run: [update] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\update.js" <===== ATTENTION
HKLM\...\Run: [system] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\system.js" <===== ATTENTION
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [update] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\update.js" <===== ATTENTION
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [system] => wscript.exe //B "C:\DOCUME~1\HP\LOCALS~1\Temp\system.js" <===== ATTENTION
Startup: C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\system.js [2015-06-10] ()
Startup: C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\update.js [2015-05-27] ()

SearchScopes: HKLM -> DefaultScope value is missing
Toolbar: HKU\S-1-5-21-790525478-117609710-839522115-1004 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File
S2 NvUpdSrv; C:\Program Files\NVIDIA Corporation\Updates\NvdUpd.exe [X]
S1 aauupecj; \??\C:\WINDOWS\system32\drivers\aauupecj.sys [X]
S1 epkhjwrh; \??\C:\WINDOWS\system32\drivers\epkhjwrh.sys [X]
S1 gktuxbpi; \??\C:\WINDOWS\system32\drivers\gktuxbpi.sys [X]
S1 hjoqixaz; \??\C:\WINDOWS\system32\drivers\hjoqixaz.sys [X]
S4 hpt3xx; No ImagePath
S1 itovsago; \??\C:\WINDOWS\system32\drivers\itovsago.sys [X]
S3 pccsmcfd; system32\DRIVERS\pccsmcfd.sys [X]
S1 qumdevtt; \??\C:\WINDOWS\system32\drivers\qumdevtt.sys [X]
S1 ussisyuc; \??\C:\WINDOWS\system32\drivers\ussisyuc.sys [X]

2015-06-11 12:24 - 2015-06-11 12:24 - 00006081 _____ C:\Documents and Settings\HP\Plocha\Addition.rar
2015-06-11 12:08 - 2015-06-11 12:08 - 00047280 _____ C:\Documents and Settings\HP\Plocha\Addition.txt
2015-06-11 12:06 - 2015-06-11 20:00 - 00010050 _____ C:\Documents and Settings\HP\Plocha\FRST.txt
2015-06-11 12:05 - 2015-06-11 12:05 - 00029696 _____ C:\Documents and Settings\HP\Local Settings\Data aplikací\MSGBOX.EXE
2015-06-11 12:05 - 2015-06-11 12:05 - 00015327 _____ C:\Documents and Settings\HP\Plocha\LM.bat
2015-05-18 02:03 - 2011-12-28 21:39 - 00001324 _____ C:\WINDOWS\system32\d3d9caps.dat

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040cbb27bfbc.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09039f6744036.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => C:\WINDOWS\system32\xp_eos.exe
Task: C:\WINDOWS\Tasks\{4F233664-495B-7CC4-096E-B162862A0B24}.job => C:\Documents and Settings\HP\Data aplikací\LVQkJmNN\zrDGekFZ\AsdnrPjm\csOhEjwQl.exe
C:\Documents and Settings\HP\Data aplikací\LVQkJmNN
Hosts:
EmptyTemp:
End


*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value not found.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\update => value removed successfully.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\system => value removed successfully.
HKU\S-1-5-21-790525478-117609710-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\update => value removed successfully.
HKU\S-1-5-21-790525478-117609710-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Run\\system => value removed successfully.
C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\system.js => moved successfully.
C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění\update.js => moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKU\S-1-5-21-790525478-117609710-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully.
HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
NvUpdSrv => Service removed successfully.
aauupecj => Service removed successfully.
epkhjwrh => Service removed successfully.
gktuxbpi => Service removed successfully.
hjoqixaz => Service removed successfully.
hpt3xx => Service removed successfully.
itovsago => Service removed successfully.
pccsmcfd => Service removed successfully.
qumdevtt => Service removed successfully.
ussisyuc => Service removed successfully.
C:\Documents and Settings\HP\Plocha\Addition.rar => moved successfully.
C:\Documents and Settings\HP\Plocha\Addition.txt => moved successfully.
C:\Documents and Settings\HP\Plocha\FRST.txt => moved successfully.
C:\Documents and Settings\HP\Local Settings\Data aplikací\MSGBOX.EXE => moved successfully.
C:\Documents and Settings\HP\Plocha\LM.bat => moved successfully.
C:\WINDOWS\system32\d3d9caps.dat => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d040cbb27bfbc.job => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore1d09039f6744036.job => moved successfully.
C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => moved successfully.
C:\WINDOWS\Tasks\Měsíční oznamování konce poskytování služeb pro Microsoft Windows XP.job => moved successfully.
C:\WINDOWS\Tasks\{4F233664-495B-7CC4-096E-B162862A0B24}.job => moved successfully.
C:\Documents and Settings\HP\Data aplikací\LVQkJmNN => moved successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully.
Hosts restored successfully.
EmptyTemp: => 2.9 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 17:23:14 ====

Re: Skryté soubory na flashce

Napsal: 12 čer 2015 22:51
od altrok
:arrow: Stale jsou na flashkach zastupci?

:arrow: Pouzijte USBFix dle navodu http://forum.viry.cz/viewtopic.php?f=24&t=140144
Pouzijte funkce Clean a Vaccinate.

Re: Skryté soubory na flashce

Napsal: 13 čer 2015 14:22
od nonevim
Původně (ještě než jsem vůbec přišel na forum) mě napadlo, že je nějaký problém s flashkou, a tak jsem ji zformátoval. Problém byl, že jsem tu neměl prázné DVD, takže jsem soubory přesunul do složky USBBCKP do Dokumentů. Tam teď ještě zástupci byli. Spálil jsem složku na DVD (tam se zástupci neobjevili) a složku smazal.

Ty chybové hlášky (viz. výše DEF.EXE...) se objevovaly jen při zasunuté flashce.

Vzhledem k tomu, že teď na flashce prakticky nic není (tuším 1 pdf dokument), nebylo by lepší ji znovu zformátovat? A pokud tam ta havěť je, nevrátí se do PC jakmile flashku do kompu zasunu, resp. otevřu v průzkumníkovi?

Re: Skryté soubory na flashce

Napsal: 14 čer 2015 09:11
od altrok
Havet se vratit muze - proto jsem doporucil pouzit funkci Clean.
Aby flashka i tento PC byly proti teto nakaze pro priste imunni, prislo doporuceni na funkci Vaccinate. Pokud Vas to zajima, na flashce je skryty soubor autorun.inf, ktery se (v defaultnim nastaveni Windowsu) pri zapojeni flashky do PC ihned nacita. Tento druh haveti modifikuje zminovany autorun.inf a funkce Vaccinate (z USBFixu) jej znovu vytvori se spravnym obsahem a chrani proti prepsani.

Re: Skryté soubory na flashce

Napsal: 14 čer 2015 09:47
od nonevim
Log USBFix

b]############################## | UsbFix V 7.181 | [Clean][/b]

User: HP (Administrator) # HOVORCI
Updated 31/08/2014 by El Desaparecido - SosVirus
Started at 10:32:07 | 14/06/2015

Website : http://www.en.usbfix.net/
Changelog : http://www.en.usbfix.net/changelog/
Support : http://www.sosvirus.net/
Upload Malware : http://www.sosvirus.net/upload_malware.php
Contact : http://www.en.usbfix.net/contact/

################## | System information |

CPU: Intel(R) Pentium(R) 4 CPU 2.40GHz
RAM -> [Total : 1279 Mo | Free : 755 Mo]
Boot: Normal boot

OS: Microsoft Windows XP (5.1.2600 32-Bit) Service Pack 3
WB: Internet Explorer : 8.00.6001.18702
WB: Mozilla Firefox : 38.0.5

################## | Security Information |

FW: Windows Firewall [Enabled]
SC: Security Center [Enabled]
WU: Windows Update [Enabled]

################## | Disk Information |

C:\ (%SystemDrive%) -> Fixed disk # 37 Gb (5 Gb free - 15%) [] # NTFS
D:\ -> Removable disk # 2 Gb (2 Gb free - 100%) [A-DATA UFD] # FAT32
F:\ -> CD-ROM # 3 Gb (0 Mb free - 0%) [Moje soubory] # UDF

################## | Generic Research |

Deleted! D:\update.lnk
Deleted! D:\system.lnk
Deleted! D:\FOUND.000.lnk

(!) Temporary files deleted. (70.9821491241455 MB)

################## | Registry |

Deleted! HKLM\Software\system

################## | Regedit Run |

F2 - HKLM\..\Winlogon : [Shell] Explorer.exe
F2 - HKLM\..\Winlogon : [Userinit] C:\WINDOWS\system32\userinit.exe,
04 - HKCU\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKCU\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKLM\..\Run : [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
04 - HKLM\..\Run : [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
04 - HKLM\..\Run : [nwiz] nwiz.exe /install
04 - HKLM\..\Run : [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
04 - HKU\S-1-5-19\..\Run : [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
04 - HKU\S-1-5-20\..\Run : [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE
04 - HKU\S-1-5-21-790525478-117609710-839522115-1004\..\Run : [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
04 - HKU\S-1-5-21-790525478-117609710-839522115-1004\..\Run : [swg] "C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
04 - HKU\S-1-5-18\..\Run : [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE

################## | UsbFix - Information |

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
If you made purchases on Internet,
please contact your bank to enviseager an opposition on your bank card.Info : How to remove shortcut virus on flash disk (Video)
Info : Shortcut virus on flash disk, What is it ?

################## | Hijack |

Restored! [N] D:\update.js
Restored! [N] D:\system.js

################## | C:\ %SystemDrive% - Fixed drive (NTFS) |

[07/04/2013 - 11:33:46 | A | 1 Ko] - C:\AdwCleaner[R1].txt
[07/04/2013 - 13:08:54 | A | 1 Ko] - C:\AdwCleaner[R2].txt
[07/04/2013 - 13:27:26 | A | 1 Ko] - C:\AdwCleaner[R3].txt
[07/04/2013 - 13:29:41 | A | 72 Ko] - C:\TDSSKiller.2.8.16.0_07.04.2013_13.28.10_log.txt
[07/04/2013 - 15:13:01 | A | 1 Ko] - C:\AdwCleaner[R4].txt
[07/04/2013 - 15:14:01 | A | 0 Ko] - C:\AdwCleaner[S1].txt
[07/04/2013 - 15:14:59 | A | 1 Ko] - C:\AdwCleaner[S2].txt
[07/04/2013 - 15:18:58 | A | 1 Ko] - C:\AdwCleaner[R5].txt
[07/04/2013 - 15:44:08 | A | 1 Ko] - C:\AdwCleaner[R6].txt
[07/04/2013 - 15:46:05 | A | 72 Ko] - C:\TDSSKiller.2.8.16.0_07.04.2013_15.44.37_log.txt
[07/04/2013 - 18:14:33 | A | 72 Ko] - C:\TDSSKiller.2.8.16.0_07.04.2013_18.13.30_log.txt
[07/04/2013 - 18:15:08 | A | 1 Ko] - C:\AdwCleaner[R7].txt
[04/05/2013 - 04:22:21 | A | 72 Ko] - C:\TDSSKiller.2.8.16.0_04.05.2013_04.21.16_log.txt
[06/06/2013 - 21:18:14 | A | 50 Ko] - C:\Obnovený dokument.txt
[12/09/2013 - 16:41:30 | A | 71 Ko] - C:\TDSSKiller.2.8.16.0_12.09.2013_16.40.18_log.txt
[12/09/2013 - 16:42:59 | A | 1 Ko] - C:\AdwCleaner[R8].txt
[12/09/2013 - 16:44:15 | A | 1 Ko] - C:\AdwCleaner[R9].txt
[13/09/2013 - 02:08:23 | A | 0 Ko] - C:\TDSSKiller.2.8.16.0_13.09.2013_02.08.19_log.txt
[13/09/2013 - 02:09:56 | A | 71 Ko] - C:\TDSSKiller.2.8.16.0_13.09.2013_02.08.41_log.txt
[14/09/2013 - 00:35:45 | A | 71 Ko] - C:\TDSSKiller.2.8.16.0_14.09.2013_00.34.52_log.txt
[14/09/2013 - 00:37:03 | A | 1 Ko] - C:\AdwCleaner[R10].txt
[14/09/2013 - 00:38:04 | A | 1 Ko] - C:\AdwCleaner[R10]130914.txt
[27/10/2013 - 13:36:20 | A | 71 Ko] - C:\TDSSKiller.2.8.16.0_27.10.2013_12.35.52_log.txt
[27/10/2013 - 13:37:01 | A | 1 Ko] - C:\AdwCleaner[R11].txt
[11/09/2014 - 18:31:22 | A | 2 Ko] - C:\AdwCleaner[R12].txt
[11/09/2014 - 18:33:40 | A | 73 Ko] - C:\TDSSKiller.2.8.16.0_11.09.2014_18.32.18_log.txt
[11/09/2014 - 18:51:26 | A | 2 Ko] - C:\AdwCleaner[R13].txt
[31/12/2014 - 16:51:42 | A | 72 Ko] - C:\TDSSKiller.2.8.16.0_31.12.2014_15.51.08_log.txt
[31/12/2014 - 16:53:56 | A | 2 Ko] - C:\AdwCleaner[R14].txt
[27/05/2009 - 19:41:32 | RAS | 0 Ko] - C:\IO.SYS
[27/05/2009 - 19:41:32 | RAS | 0 Ko] - C:\MSDOS.SYS
[27/05/2009 - 19:41:32 | A | 0 Ko] - C:\CONFIG.SYS
[14/06/2015 - 10:23:35 | ASH | 1964032 Ko] - C:\pagefile.sys
[14/06/2015 - 10:23:36 | ASH | 1310260 Ko] - C:\hiberfil.sys
[04/05/2010 - 17:30:35 | ASH | 0 Ko] - [VirusTotal - (0/54)] - C:\boot.ini
[30/10/2012 - 03:54:51 | A | 0 Ko] - C:\udalosti.dat
[27/05/2009 - 20:03:21 | N | 46 Ko] - [VirusTotal - (0/57)] - C:\NTDETECT.COM
[25/10/2001 - 14:00:00 | RAS | 5 Ko] - C:\Bootfont.bin
[27/05/2009 - 19:41:32 | A | 0 Ko] - C:\AUTOEXEC.BAT
[27/05/2009 - 20:49:11 | RASH | 245 Ko] - C:\ntldr
[04/04/2013 - 09:15:26 | SHD] - C:\RECYCLER
[04/04/2013 - 16:42:59 | D] - C:\Moje logy
[07/04/2013 - 17:34:19 | SHD] - C:\System Volume Information
[11/09/2014 - 18:48:17 | D] - C:\Documents and Settings
[17/12/2014 - 10:55:32 | D] - C:\sr
[10/06/2015 - 15:22:04 | D] - C:\KVRT_Data
[11/06/2015 - 20:01:36 | D] - C:\WINDOWS
[11/06/2015 - 23:08:03 | RD] - C:\Program Files
[12/06/2015 - 17:24:54 | D] - C:\FRST
[13/06/2015 - 00:16:56 | D] - C:\UsbFix

################## | D:\ - Removable drive (FAT32) |

[27/01/2015 - 00:57:50 | N | 299 Ko] - D:\update.js
[10/06/2015 - 15:49:02 | N | 4 Ko] - D:\system.js
[10/06/2015 - 16:11:18 | SHD] - D:\FOUND.000

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
D:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | E.O.F | http://www.sosvirus.net/ | http://www.en.usbfix.net/ |

Dal jsem na zkoušku na flashku nějaký soubor a nezměnil se :) Dík
Ty věci co jsem vypálil na DVD se daj použít nebo existuje riziko nákazy?

Re: Skryté soubory na flashce

Napsal: 14 čer 2015 09:55
od altrok

Kód: Vybrat vše

UsbFix has detected on your computer, an infection which a Keylogger function.
After cleaning with UsbFix, please modify all your passwords.
USBFix detekoval infekci, ktera muze zaznamenavat uhozy klavesnice (keylogger), takze jakmile to tu dokoncime, doporucuji zmenit hesla.


Tento PC i flashku mate naockovane (proti teto haveti imunni), takze by se nakaza z DVD nemela projevit. Nevim jestli budou soubory z DVD pouzitelne - vyzkousejte.

Dejte pak jeste aktualni logy z FRST (FRST.txt i Addition.txt).

Re: Skryté soubory na flashce

Napsal: 14 čer 2015 10:04
od nonevim
Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 13-06-2015
Ran by HP (administrator) on HOVORCI on 14-06-2015 10:57:24
Running from C:\Documents and Settings\HP\Plocha
Loaded Profiles: HP (Available Profiles: HP & Administrator)
Platform: Systém Microsoft Windows XP Professional Service Pack 3 (X86) OS Language: Čeština
Internet Explorer Version 8 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/33 ... scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\WINDOWS\system32\wscntfy.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [866584 2006-11-03] (Microsoft Corporation)
HKLM\...\Run: [NvCplDaemon] => RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
HKLM\...\Run: [nwiz] => nwiz.exe /install
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [948440 2013-10-23] (Microsoft Corporation)
HKU\S-1-5-21-790525478-117609710-839522115-1004\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2009-05-27] (Google Inc.)
HKU\S-1-5-21-790525478-117609710-839522115-1004\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\System32\scrnsave.scr [9216 2008-04-14] (Microsoft Corporation)
BootExecute: autocheck autochk /p \??\D:autocheck autochk *

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-21-790525478-117609710-839522115-1004\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
BHO: Google Toolbar Notifier BHO -> {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} -> C:\Program Files\Google\GoogleToolbarNotifier\5.10.11023.1534\swg.dll [2015-03-04] (Google Inc.)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll No File
BHO: JQSIEStartDetectorImpl Class -> {E7E6F031-17CE-4C07-BC86-EABFE594F69C} -> C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll No File
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
Toolbar: HKU\S-1-5-21-790525478-117609710-839522115-1004 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2015-03-03] (Google Inc.)
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shoc ... tor/sw.cab
DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupda ... 3448011171
DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftup ... 3448054093
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/fl ... rashim.cab
DPF: {C7DB51B4-BCF7-4923-8874-7F1A0DC92277} http://office.microsoft.com/officeupdat ... /opuc4.cab
Handler: lid - {5C135180-9973-46D9-ABF4-148267CBB8BF} - C:\WINDOWS\System32\msvidctl.dll [2008-04-14] (Microsoft Corporation)
ShellExecuteHooks: Microsoft AntiMalware ShellExecuteHook - {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll [83224 2006-11-03] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 213.46.172.36 213.46.172.37

FireFox:
========
FF ProfilePath: C:\Documents and Settings\HP\Data aplikací\Mozilla\Firefox\Profiles\uneb2417.default
FF Homepage: hxxp://www.seznam.cz/
FF Plugin: @adobe.com/ShockwavePlayer -> C:\WINDOWS\system32\Adobe\Director\np32dsw.dll [2009-04-28] (Adobe Systems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.27.5\npGoogleUpdate3.dll [2015-05-17] (Google Inc.)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-08-05] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-790525478-117609710-839522115-1004: @kb-ext.cz/PKIComponent -> C:\Documents and Settings\HP\Data aplikací\KB-ext\lib\x86\npPKIComponentNPAPI-kbext.dll [2013-09-26] (Komerční banka, a.s.)
FF HKLM\...\Firefox\Extensions: [jqs@sun.com] - C:\Program Files\Java\jre6\lib\deploy\jqs\ff

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [22208 2013-10-23] (Microsoft Corporation)
S2 UPHClean; C:\Program Files\UPHClean\uphclean.exe [192573 2004-03-05] (Microsoft Corporation) [File not signed]
S2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [13592 2006-11-03] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ac97intc; C:\WINDOWS\System32\drivers\ac97intc.sys [96256 2001-08-17] (Intel Corporation)
R0 MpFilter; C:\WINDOWS\System32\DRIVERS\MpFilter.sys [214696 2013-09-27] (Microsoft Corporation)
S3 nv4; C:\WINDOWS\System32\DRIVERS\nv4.sys [731648 2001-08-17] (NVIDIA Corporation)
R2 pmem; C:\WINDOWS\System32\DRIVERS\pmemnt.sys [7012 2004-08-02] (Microsoft Corporation)
S3 SONYPVU1; C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS [7552 2001-08-17] (Sony Corporation)
U5 ScsiPort; C:\WINDOWS\system32\drivers\scsiport.sys [96384 2008-04-13] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 10:57 - 2015-06-14 10:57 - 00006946 _____ C:\Documents and Settings\HP\Plocha\FRST.txt
2015-06-14 10:57 - 2015-06-14 10:57 - 00000000 ____D C:\Documents and Settings\HP\Plocha\FRST-OlderVersion
2015-06-14 10:34 - 2015-06-14 10:34 - 00007428 _____ C:\Documents and Settings\HP\Plocha\UsbFix_Report.txt
2015-06-13 00:16 - 2015-06-14 10:34 - 00000000 ____D C:\UsbFix
2015-06-13 00:16 - 2015-06-13 00:16 - 00001364 _____ C:\Documents and Settings\HP\Plocha\UsbFix.lnk
2015-06-12 00:21 - 2015-06-12 00:21 - 00017872 _____ C:\Documents and Settings\HP\Plocha\FRST2.txt
2015-06-12 00:20 - 2015-06-12 00:20 - 00061511 _____ C:\Documents and Settings\HP\Plocha\Addition2.txt
2015-06-11 12:06 - 2015-06-14 10:57 - 00000000 ____D C:\FRST
2015-06-11 12:03 - 2015-06-14 10:57 - 01148416 _____ (Farbar) C:\Documents and Settings\HP\Plocha\FRST.exe
2015-06-10 15:19 - 2015-06-10 15:22 - 00000000 ____D C:\KVRT_Data
2015-06-03 12:15 - 2015-06-11 23:05 - 00000000 ____D C:\Program Files\Mozilla Firefox
2015-06-02 23:33 - 2015-06-02 23:33 - 00002534 _____ C:\Documents and Settings\HP\Plocha\RKreport[8]_S_06022015_02d2333.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-06-14 10:58 - 2009-05-27 21:11 - 00000466 ____H C:\WINDOWS\Tasks\User_Feed_Synchronization-{5D0B30D7-FF8F-4D24-92BE-6881A78A51DD}.job
2015-06-14 10:57 - 2011-12-17 17:40 - 00000000 ____D C:\Documents and Settings\HP\Plocha
2015-06-14 10:57 - 2011-12-17 17:40 - 00000000 ____D C:\Documents and Settings\HP\Local Settings\Temp
2015-06-14 10:42 - 2013-10-27 14:02 - 00000396 ____H C:\WINDOWS\Tasks\Microsoft Antimalware Scheduled Scan.job
2015-06-14 10:28 - 2009-05-27 19:45 - 00031884 _____ C:\WINDOWS\SchedLgU.Txt
2015-06-14 10:24 - 2009-05-27 21:33 - 00000159 _____ C:\WINDOWS\wiadebug.log
2015-06-14 10:24 - 2009-05-27 20:11 - 01949123 _____ C:\WINDOWS\WindowsUpdate.log
2015-06-14 10:24 - 2004-08-02 20:03 - 00004598 _____ C:\WINDOWS\system32\nvapps.xml
2015-06-14 10:24 - 2001-10-25 14:00 - 00002206 _____ C:\WINDOWS\system32\wpa.dbl
2015-06-14 10:23 - 2009-05-27 21:33 - 00000049 _____ C:\WINDOWS\wiaservc.log
2015-06-14 10:23 - 2009-05-27 19:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-06-14 03:03 - 2014-10-29 00:45 - 00000000 ____D C:\Documents and Settings\HP\Dokumenty\Ukrajina
2015-06-14 02:00 - 2009-05-27 19:45 - 00000000 ____D C:\Documents and Settings\NetworkService\Local Settings\Temp
2015-06-13 14:04 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Dokumenty
2015-06-13 00:16 - 2015-02-22 00:59 - 00000000 ____D C:\Program Files\Instalačky
2015-06-12 20:07 - 2012-01-20 20:25 - 00000000 ____D C:\Documents and Settings\HP\Data aplikací\foobar2000
2015-06-12 17:22 - 2013-04-04 07:34 - 00000000 ____D C:\Documents and Settings\Administrator\Local Settings\Temp
2015-06-12 17:19 - 2009-05-27 19:45 - 00000000 ____D C:\Documents and Settings\LocalService\Local Settings\Temp
2015-06-12 17:17 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Nabídka Start\Programy\Po spuštění
2015-06-12 17:17 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Data aplikací
2015-06-12 17:17 - 2011-12-17 17:40 - 00000000 ___HD C:\Documents and Settings\HP\Local Settings\Data aplikací
2015-06-11 23:27 - 2011-12-21 09:57 - 00140288 _____ C:\Documents and Settings\HP\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-06-11 22:58 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Dokumenty\Obrázky
2015-06-11 11:41 - 2011-12-21 02:15 - 00000000 ___RD C:\Documents and Settings\HP\Dokumenty\Filmy
2015-06-11 11:39 - 2012-07-16 01:46 - 00000000 ____D C:\Documents and Settings\HP\Dokumenty\Hudba
2015-06-10 16:09 - 2015-02-11 00:30 - 00000000 ____D C:\WINDOWS\system32\NtmsData
2015-06-10 01:33 - 2001-10-25 14:00 - 00000554 _____ C:\WINDOWS\win.ini
2015-06-07 13:50 - 2014-11-13 22:31 - 00000000 ____D C:\Documents and Settings\HP\Dokumenty\MEDIC
2015-06-07 12:18 - 2014-04-23 01:44 - 00000000 ____D C:\Program Files\AskPartnerNetwork
2015-06-07 12:05 - 2014-04-23 01:44 - 00000000 ____D C:\Documents and Settings\HP\Local Settings\Data aplikací\AskPartnerNetwork
2015-06-06 12:50 - 2009-05-27 20:06 - 00058299 _____ C:\WINDOWS\wmsetup.log
2015-06-05 10:56 - 2015-03-09 00:51 - 00000000 ____D C:\Program Files\Mozilla Maintenance Service
2015-06-03 01:15 - 2013-04-04 07:34 - 00000178 ___SH C:\Documents and Settings\Administrator\ntuser.ini
2015-06-02 23:33 - 2013-05-04 04:15 - 00000000 ____D C:\Documents and Settings\HP\Plocha\RK_Quarantine
2015-06-02 23:19 - 2009-05-27 21:31 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start\Programy
2015-06-02 23:18 - 2009-05-27 21:31 - 00000000 ___RD C:\Documents and Settings\All Users\Nabídka Start
2015-06-01 18:30 - 2011-12-17 17:40 - 00000000 ___RD C:\Documents and Settings\HP\Oblíbené položky

==================== Files in the root of some directories =======

2013-09-12 12:48 - 2013-09-12 13:00 - 0000004 _____ () C:\Documents and Settings\HP\Data aplikací\settings.ini
2011-12-21 09:57 - 2015-06-11 23:27 - 0140288 _____ () C:\Documents and Settings\HP\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== End of log ============================

Změna hesel? A co třeba internetové bankovnictví? Ten keylogger je pryč?

V USBFix jsem zmáčknul jen clean, ale z logu jsem to pochopil tak, že provedl i vakcinaci. Je to tak?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz