Policajný vírus

[bigjohn]

mám tu kolegov ntb....nenaštaruje mu ani Win7, preblikne mu to hneď na vírus....to isté pri núdzovom režime, aj sa skúsi os prihlásiť ale vírus ho zruší a nabehne sám...
ďakujem vopred za pomoc

[vyosek]

Zdravim

Dejte mi chvili nez napisu postup

Jen se zeptam, jedna se o domaci ntb nebo nejaky firemni\pracovni

[bigjohn]

domáci

[vyosek]

Na zdravem PC stahnete Farbar Recovery Scan Tool http://www.bleepingcomputer.com/downloa ... scan-tool/

• Ulozte na nejaky flash disk, primo na jeho koren

Na poskozenem PC nabootujte Nouzovy rezim s prikazovym radkem MS-DOS

Nyni si zjisteme pismeno flash disku

• Zadejte prikaz notepad a odenterujte
• Otebre se poznamkovy blok (notepad)
• Dejte Soubor --> Otevrit --> najdete tento pocitac a otevrete USB klic je FRST ulozeny
• Podivejte se, jake pismeno ma USB klic (F:\, G:\ apod)
• Zavrete notepad krizkem

Ted si ziskame log

• Pokud mate stazeny FRST pro 64 bit OS, tak se jmenuje FRST64.exe a je nutne jej tak zadat
• Zadejte prikaz "pismeno disku":\FRST.exe a odenterujte (napr. F:\FRST.exe)
• Spusti se FRST
• Spuste prohledavani kliknutim na Scan
• Po chvili se vytvori na flash disku log FRST.exe
• Ten mi sem vlozte pres zdravy PC

[bigjohn]

no, teraz sa potím s opačným lomítkom....
príkaz musí byť v tvare FRST64.exe.....

[bigjohn]

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 28-12-2012
Ran by user at 28-12-2012 15:11:40
Running from F:\
Service Pack 1 (X64) OS Language: 041B
Attention: Could not load system hive.
ATTENTION:=====> THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.


==================== One Month Created Files and Folders ========

2012-12-20 22:59 - 2012-12-28 13:49 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe
2012-12-20 13:11 - 2012-12-28 13:48 - 00000504 ____A C:\Windows\setupact.log
2012-12-20 13:11 - 2012-12-20 13:11 - 00000000 ____A C:\Windows\setuperr.log
2012-12-18 22:53 - 2012-12-18 22:53 - 00002098 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-12-18 22:52 - 2012-12-18 22:52 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-12-18 22:01 - 2012-12-18 22:01 - 00002151 ____A C:\Users\Public\Desktop\Počítačový prístup k internetu Nokia.lnk
2012-12-13 14:28 - 2012-11-14 07:11 - 02312704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-12-13 14:28 - 2012-11-14 07:04 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-12-13 14:28 - 2012-11-14 07:04 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-12-13 14:28 - 2012-11-14 07:02 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-12-13 14:28 - 2012-11-14 07:02 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-12-13 14:28 - 2012-11-14 06:59 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-12-13 14:28 - 2012-11-14 06:58 - 00816640 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-12-13 14:28 - 2012-11-14 06:57 - 00599040 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2012-12-13 14:28 - 2012-11-14 06:57 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-12-13 14:28 - 2012-11-14 06:55 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-12-13 14:28 - 2012-11-14 06:55 - 00729088 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2012-12-13 14:28 - 2012-11-14 06:53 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-12-13 14:28 - 2012-11-14 06:52 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-12-13 14:28 - 2012-11-14 06:46 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-12-13 14:28 - 2012-11-14 03:48 - 12320256 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-12-13 14:28 - 2012-11-14 03:09 - 01800704 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-12-13 14:28 - 2012-11-14 02:58 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-12-13 14:28 - 2012-11-14 02:57 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-12-13 14:28 - 2012-11-14 02:57 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-12-13 14:28 - 2012-11-14 02:55 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-12-13 14:28 - 2012-11-14 02:51 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-12-13 14:28 - 2012-11-14 02:49 - 00717824 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-12-13 14:28 - 2012-11-14 02:49 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-12-13 14:28 - 2012-11-14 02:48 - 00420864 ____A (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2012-12-13 14:28 - 2012-11-14 02:47 - 00607744 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2012-12-13 14:28 - 2012-11-14 02:46 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-12-13 14:28 - 2012-11-14 02:45 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-12-13 14:28 - 2012-11-14 02:44 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-12-13 14:28 - 2012-11-14 02:41 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-12-13 14:27 - 2012-11-14 08:06 - 17811968 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-12-13 14:27 - 2012-11-14 07:32 - 10925568 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-12-13 14:27 - 2012-11-14 03:14 - 09738240 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-12-13 14:11 - 2012-11-09 06:45 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\tzres.dll
2012-12-13 14:11 - 2012-11-09 05:42 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2012-12-13 14:10 - 2012-11-22 04:26 - 03149824 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-12-13 14:10 - 2012-11-05 22:35 - 00046080 ____A (Adobe Systems) C:\Windows\System32\atmlib.dll
2012-12-13 14:10 - 2012-11-05 21:41 - 00367616 ____A (Adobe Systems Incorporated) C:\Windows\System32\atmfd.dll
2012-12-13 14:10 - 2012-11-05 21:32 - 00295424 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2012-12-13 14:10 - 2012-11-05 21:32 - 00034304 ____A (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00362496 ____A (Microsoft Corporation) C:\Windows\System32\wow64win.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00243200 ____A (Microsoft Corporation) C:\Windows\System32\wow64.dll
2012-12-13 14:10 - 2012-10-04 18:46 - 00013312 ____A (Microsoft Corporation) C:\Windows\System32\wow64cpu.dll
2012-12-13 14:10 - 2012-10-04 18:45 - 00215040 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll
2012-12-13 14:10 - 2012-10-04 18:43 - 00016384 ____A (Microsoft Corporation) C:\Windows\System32\ntvdm64.dll
2012-12-13 14:10 - 2012-10-04 18:41 - 01161216 ____A (Microsoft Corporation) C:\Windows\System32\kernel32.dll
2012-12-13 14:10 - 2012-10-04 18:41 - 00424960 ____A (Microsoft Corporation) C:\Windows\System32\KernelBase.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 01114112 ____A (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 00274944 ____A (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2012-12-13 14:10 - 2012-10-04 17:47 - 00005120 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2012-12-13 14:10 - 2012-10-04 16:21 - 00338432 ____A (Microsoft Corporation) C:\Windows\System32\conhost.exe
2012-12-13 14:10 - 2012-10-04 15:46 - 00025600 ____A (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2012-12-13 14:10 - 2012-10-04 15:46 - 00014336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2012-12-13 14:09 - 2012-11-02 06:59 - 00478208 ____A (Microsoft Corporation) C:\Windows\System32\dpnet.dll
2012-12-13 14:09 - 2012-11-02 06:11 - 00376832 ____A (Microsoft Corporation) C:\Windows\SysWOW64\dpnet.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00006144 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00005120 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004608 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00004096 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003584 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 18:38 - 00003072 ___AH (Microsoft Corporation) C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00005120 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00004096 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 17:40 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:46 - 00007680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2012-12-13 14:09 - 2012-10-04 15:46 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2012-12-13 14:09 - 2012-10-04 15:41 - 00006144 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00004608 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00003584 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-12-13 14:09 - 2012-10-04 15:41 - 00003072 ___AH (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2012-12-12 18:17 - 2012-12-12 18:17 - 00001068 ____A C:\Users\user\Desktop\mp3DirectCut.lnk
2012-12-10 18:54 - 2012-12-10 19:04 - 14477017 ____A C:\Users\user\Downloads\taggart_96_stiny_minulosti_web-rip_cz_mattys.avi
2012-12-06 22:00 - 2012-12-07 17:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird


==================== One Month Modified Files and Folders =======

2012-12-28 15:11 - 2012-12-28 15:11 - 00000000 ____D C:\FRST
2012-12-28 14:58 - 2009-07-14 06:13 - 00726444 ____A C:\Windows\System32\PerfStringBackup.INI
2012-12-28 13:49 - 2012-12-20 22:59 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
2012-12-28 13:49 - 2011-02-26 19:38 - 00000928 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-12-28 13:48 - 2012-12-20 13:11 - 00000504 ____A C:\Windows\setupact.log
2012-12-28 13:48 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe
2012-12-20 22:29 - 2011-02-26 19:38 - 00000932 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-12-20 22:24 - 2010-11-03 11:51 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
2012-12-20 22:11 - 2011-04-30 22:17 - 00000942 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261128354-3970813660-1466534925-1000UA.job
2012-12-20 22:02 - 2012-04-03 18:16 - 00000830 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2012-12-20 17:59 - 2009-07-14 05:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-12-20 17:59 - 2009-07-14 05:45 - 00015344 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-12-20 14:17 - 2011-02-19 15:50 - 02060630 ____A C:\Windows\WindowsUpdate.log
2012-12-20 13:11 - 2012-12-20 13:11 - 00000000 ____A C:\Windows\setuperr.log
2012-12-19 23:44 - 2010-02-18 17:42 - 00000000 ____D C:\Users\user\AppData\Roaming\Winamp
2012-12-18 22:54 - 2011-07-03 20:44 - 00000000 ____D C:\Users\All Users\Nokia
2012-12-18 22:53 - 2012-12-18 22:53 - 00002098 ____A C:\Users\Public\Desktop\Nokia Suite.lnk
2012-12-18 22:52 - 2012-12-18 22:52 - 00000000 ____D C:\Program Files (x86)\PC Connectivity Solution
2012-12-18 22:51 - 2010-07-29 23:07 - 00000000 ____D C:\Program Files (x86)\Nokia
2012-12-18 22:01 - 2012-12-18 22:01 - 00002151 ____A C:\Users\Public\Desktop\Počítačový prístup k internetu Nokia.lnk
2012-12-18 22:01 - 2010-07-29 23:07 - 00000000 ____D C:\Users\All Users\Installations
2012-12-18 19:55 - 2010-02-19 07:12 - 00000000 ____D C:\Users\user\AppData\Roaming\dvdcss
2012-12-18 19:41 - 2011-06-12 09:01 - 00000000 ___RD C:\Users\user\Desktop\ZÁSTUPCOVIA
2012-12-14 13:31 - 2009-07-14 06:08 - 00032502 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-12-13 20:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2012-12-13 16:46 - 2009-07-14 05:45 - 00320584 ____A C:\Windows\System32\FNTCACHE.DAT
2012-12-13 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\SysWOW64\sk-SK
2012-12-13 16:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\sk-SK
2012-12-13 14:29 - 2010-02-18 16:18 - 67413224 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-12-13 14:27 - 2010-02-18 16:41 - 00000000 ____D C:\Users\All Users\Microsoft Help
2012-12-12 18:22 - 2012-02-11 12:13 - 00000000 ____D C:\Users\user\Desktop\Plagáty
2012-12-12 18:17 - 2012-12-12 18:17 - 00001068 ____A C:\Users\user\Desktop\mp3DirectCut.lnk
2012-12-12 16:53 - 2010-06-10 22:43 - 00000069 ____A C:\Windows\NeroDigital.ini
2012-12-12 11:11 - 2011-04-30 22:17 - 00000890 ____A C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4261128354-3970813660-1466534925-1000Core.job
2012-12-12 10:00 - 2010-02-24 08:08 - 00000000 ____D C:\Program Files (x86)\Mozilla Sunbird
2012-12-11 20:02 - 2012-04-03 18:16 - 00697272 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-12-11 20:02 - 2011-05-14 21:47 - 00073656 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-12-10 19:04 - 2012-12-10 18:54 - 14477017 ____A C:\Users\user\Downloads\taggart_96_stiny_minulosti_web-rip_cz_mattys.avi
2012-12-07 20:49 - 2010-03-12 20:09 - 00000000 ____D C:\Users\user\AppData\Roaming\ELIS
2012-12-07 20:49 - 2010-03-12 20:09 - 00000000 ____D C:\Program Files (x86)\ELIS
2012-12-07 17:19 - 2012-12-06 22:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird

==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== Restore Points =========================


==================== Memory info ===========================

Percentage of memory in use: 13%
Total physical RAM: 4060.27 MB
Available physical RAM: 3523.96 MB
Total Pagefile: 8118.72 MB
Available Pagefile: 7595.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Partitions =============================

1 Drive c: (Windows 7) (Fixed) (Total:97.56 GB) (Free:40.58 GB) NTFS
2 Drive d: (Ukladací disk) (Fixed) (Total:368.1 GB) (Free:31.51 GB) NTFS
4 Drive f: () (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT32

Disk ### Status Size Free Dyn Gpt
-------- ------------- ------- ------- --- ---
Disk 0 Online 465 GB 0 B
Disk 1 Online 1937 MB 0 B

Partitions of Disk 0:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 100 MB 1024 KB
Partition 2 Primary 97 GB 101 MB
Partition 3 Primary 368 GB 97 GB

==================================================================================

Disk: 0
Partition 1
Type : 07
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 1 Vyhraden‚ s NTFS Partition 100 MB Healthy System (partition with boot components)

=========================================================

Disk: 0
Partition 2
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 2 C Windows 7 NTFS Partition 97 GB Healthy Boot

=========================================================

Disk: 0
Partition 3
Type : 07
Hidden: No
Active: No

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 3 D Ukladacˇ di NTFS Partition 368 GB Healthy

=========================================================

Partitions of Disk 1:
===============

Partition ### Type Size Offset
------------- ---------------- ------- -------
Partition 1 Primary 1933 MB 4032 KB

==================================================================================

Disk: 1
Partition 1
Type : 0B
Hidden: No
Active: Yes

Volume ### Ltr Label Fs Type Size Status Info
---------- --- ----------- ----- ---------- ------- --------- --------
* Volume 4 F FAT32 Removable 1933 MB Healthy

=========================================================

Last Boot: 2012-12-15 13:28

==================== End Of Log =============================

[vyosek]

Tvorba fixlistu pro FRST

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  2012-12-20 22:59 - 2012-12-28 13:49 - 00000004 ____A C:\Users\user\AppData\Roaming\skype.ini
  2012-12-20 22:59 - 2012-12-20 22:59 - 00094720 ____A C:\Users\user\3493465.exe
  CMD: del "%USERPROFILE%\AppData\Local\Microsoft\Windows\runctf.lnk" 

• Ulozte vytvoreny TXT jako fixlist.txt
• Presunte vytvoreny log na flashku k FRST

Spustte znovu FRST64.exe na tom poskozenem PC

• Kliknete na Fix
• Probehne oprava a na flash disku se vytvori log Fixlog.txt

Pokuste se nastartovat do bezneho rezimu

[bigjohn]

stále je tam.....

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 28-12-2012
Ran by user at 2012-12-28 16:09:53 Run:1
Running from F:\

ATTENTION: THE TOOL IS NOT RUN FROM RECOVERY ENVIRONMENT AND WILL NOT FUNCTION PROPERLY.

==============================================

C:\Users\user\AppData\Roaming\skype.ini moved successfully.
C:\Users\user\3493465.exe moved successfully.

========= del "%USERPROFILE%\AppData\Local\Microsoft\Windows\runctf.lnk" =========

Could Not Find C:\Users\user\AppData\Local\Microsoft\Windows\runctf.lnk

========= End of CMD: =========


==== End of Fixlog ====

[vyosek]

Fajn, na flash disk si stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Pres prikazovy radek zadejte F:\RogueKiller.exe

Nechte probehnout Pre-Scan a pak dejte volbu Smazat a nasledne Zprava - log se ulozi a ten rad uvidim

[bigjohn]

RK prebehne, zmazanie neponúkne, log tiež nie...
policajti stále strážia.....

[vyosek]

Ha, moje chybka...Spustit RogueKiller - Prohledat - Smazat - Zprava

[bigjohn]

RogueKiller V8.4.1 [Dec 28 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operačný systém : Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Núdzový režim
Užívateľ : user [Práva Správcu]
Režim : Odebrať -- Dátum : 12/28/2012 17:32:30

¤¤¤ Škodlivé procesy : 0 ¤¤¤

¤¤¤ Záznamy Registrov : 10 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : EPSON SX110 Series (kópia 1) (C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIFBE.EXE /FU "C:\Windows\TEMP\E_SCFE.tmp" /EF "HKCU") -> VYMAZANÉ
[SHELL][Rans.Gendarm] HKCU\[...]\Winlogon : shell (explorer.exe,C:\Users\user\AppData\Roaming\skype.dat) -> VYMAZANÉ
[DNS] HKLM\[...]\ControlSet001\Services\Tcpip\Interfaces\{58587F29-2C77-4193-99D3-8D9FC3912BBF} : NameServer (195.146.128.60) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Services\Tcpip\Interfaces\{58587F29-2C77-4193-99D3-8D9FC3912BBF} : NameServer (195.146.128.60) -> NEBOLO ODSTRÁNENÉ, POUŽITE DNSFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> NAHRADENÉ (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> NAHRADENÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyDocs (0) -> NAHRADENÉ (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_TrackProgs (0) -> NAHRADENÉ (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NAHRADENÉ (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRADENÉ (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač : [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : Rans.Gendarm ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts



¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK5056GSY +++++
--- User ---
[MBR] ef8ae848570c6f5a1dca295b26d98e2b
[BSP] feb9390a267cb50e1af331104c25d6b2 : Windows 7/8 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 99900 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 204802048 | Size: 376938 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++
--- User ---
[MBR] d5516ffdb6ec0b41d895f7667d73d603
[BSP] a2536bc67333673c41991ddb1b8b7bd1 : MBR Code unknown
Partition table:
0 - [ACTIVE] FAT32 (0x0b) [VISIBLE] Offset (sectors): 8064 | Size: 1933 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[5]_D_12282012_02d1732.txt >>
RKreport[1]_S_12282012_02d1643.txt ; RKreport[2]_D_12282012_02d1644.txt ; RKreport[3]_D_12282012_02d1644.txt ; RKreport[4]_S_12282012_02d1731.txt ; RKreport[5]_D_12282012_02d1732.txt

počas scanu tam vylezie Google Chrome...niečo o nedostupnosti nejakej stránky

[vyosek]

Fajn, zkuste nyni nabehnout do bezneho rezimu

[bigjohn]

no, policajti zmizli, dočistil som ccleanerom....ale nejako to postihlo grafiku, je nejaká divná, rozhodená ako win98

[vyosek]

Ja si nemyslim ze je to jeste OK

Dejte nyni log z RSIT

Zkuste mrknout na nastaveni stylu, mozna je to jen prehozene