Preventivní kontrola logu

[Loik]

Zdravím,

před třemi dny jsem založil vlákno http://forum.viry.cz/viewtopic.php?f=30&t=130617 , kde na konci vysvětluji, proč zakládám nové. Přikládám nový RSIT log a log z AdwCleaneru.

Díky za pomoc
Lukáš

Logfile of random's system information tool 1.09 (written by random/random)
Run by user at 2013-06-03 11:23:27
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 61 GB (42%) free of 143 GB
Total RAM: 3068 MB (52% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:24:11, on 3.6.2013
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v9.00 (9.00.8112.16483)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Program Files\HP\HP Software Update\hpwuschd2.exe
C:\Program Files\Software602\Print2PDF\Print2PDF.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Hewlett-Packard\HP wireless Assistant\WiFiMsg.EXE
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\System32\mobsync.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\user\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\user\Desktop\Lukáš odvirování\RSIT.exe
C:\Program Files\trend micro\user.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.seznam.cz/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://seznam.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: SimpleAdblock Class - {FFCB3198-32F3-4E8B-9539-4324694ED664} - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files\Microsoft\BingBar\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [hpWirelessAssistant] C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [HP Health Check Scheduler] c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
O4 - HKLM\..\Run: [HP Software Update] C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Print2PDF Print Monitor] "C:\Program Files\Software602\Print2PDF\Print2PDF.exe" /server
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} (O2C-Player - area constructor view (ELECO Software GmbH)) - http://www.o2c.de/download/o2cplayerac.cab
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: 602Updater (602XML Updater) - Software602 a.s. - C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FsUsbExService - Teruten - C:\Windows\system32\FsUsbExService.Exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: Recovery Service for Windows - Unknown owner - C:\Windows\SMINST\BLService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: SInstalátor (ssinstall) - Unknown owner - C:\Windows\System32\ssins.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 10235 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\Final Media Player Update Checker.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000UA.job
C:\Windows\tasks\PCConfidential.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-15 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-03-19 4529272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}]
SimpleAdblock Class - C:\Program Files\Common Files\Simple Adblock\SimpleAdblock.dll [2011-08-17 681240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-15 192144]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files\Microsoft\BingBar\BingExt.dll [2011-04-01 1144072]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2008-04-17 1049896]
"QPService"=C:\Program Files\HP\QuickPlay\QPService.exe [2008-06-12 468264]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2008-05-13 202032]
"hpWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [2008-04-15 488752]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"HP Health Check Scheduler"=c:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe [2008-10-09 75008]
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [2011-01-12 49208]
""= []
"Kernel and Hardware Abstraction Layer"=C:\Windows\KHALMNPR.EXE [2009-06-17 55824]
"NvCplDaemon"=C:\Windows\system32\NvCpl.dll [2009-10-03 13826664]
"Print2PDF Print Monitor"=C:\Program Files\Software602\Print2PDF\Print2PDF.exe [2011-10-04 220992]
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2013-01-27 947152]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2009-04-11 1233920]
"LightScribe Control Panel"=C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe [2008-02-27 2289664]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 125952]
"Google Update"=C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-10-25 136176]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2013-05-09 18678376]
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe [2008-01-21 202240]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"msacm.l3codecp"=l3codecp.acm
"msacm.siren"=sirenacm.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-06-03 11:18:33 ----A---- C:\AdwCleaner[R1].txt
2013-06-01 01:04:16 ----D---- C:\Program Files\Windows Live
2013-06-01 01:01:55 ----D---- C:\Program Files\Microsoft
2013-06-01 01:01:47 ----A---- C:\Windows\system32\XAudio2_5.dll
2013-06-01 01:01:47 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2013-06-01 01:01:47 ----A---- C:\Windows\system32\d3dx10_42.dll
2013-06-01 01:01:28 ----A---- C:\Windows\system32\d3dx9_32.dll
2013-05-31 18:45:55 ----D---- C:\Program Files\Common Files\Windows Live
2013-05-31 18:45:06 ----A---- C:\Windows\system32\webservices.dll
2013-05-31 18:36:39 ----D---- C:\Program Files\NVIDIA Corporation
2013-05-31 18:31:02 ----A---- C:\Windows\system32\Wdfres.dll
2013-05-31 18:30:46 ----A---- C:\Windows\system32\drivers\WUDFRd.sys
2013-05-31 18:30:46 ----A---- C:\Windows\system32\drivers\WUDFPf.sys
2013-05-31 18:30:45 ----A---- C:\Windows\system32\WUDFSvc.dll
2013-05-31 18:30:45 ----A---- C:\Windows\system32\winusb.dll
2013-05-31 18:30:44 ----A---- C:\Windows\system32\WUDFPlatform.dll
2013-05-31 18:30:42 ----A---- C:\Windows\system32\drivers\WdfLdr.sys
2013-05-31 18:30:42 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-05-31 18:30:40 ----A---- C:\Windows\system32\WUDFx.dll
2013-05-31 18:30:40 ----A---- C:\Windows\system32\WUDFHost.exe
2013-05-31 18:30:40 ----A---- C:\Windows\system32\WUDFCoinstaller.dll
2013-05-31 18:26:03 ----SHD---- C:\Config.Msi
2013-05-31 18:21:20 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2013-05-31 18:21:20 ----A---- C:\Windows\system32\FntCache.dll
2013-05-31 18:21:09 ----A---- C:\Windows\system32\XpsPrint.dll
2013-05-31 18:21:05 ----A---- C:\Windows\system32\gameux.dll
2013-05-31 18:21:02 ----A---- C:\Windows\system32\Apphlpdm.dll
2013-05-31 18:21:01 ----A---- C:\Windows\system32\GameUXLegacyGDFs.dll
2013-05-31 18:20:59 ----A---- C:\Windows\system32\shlwapi.dll
2013-05-31 18:20:05 ----A---- C:\Windows\system32\xmllite.dll
2013-05-31 17:49:12 ----D---- C:\rsit
2013-05-31 17:49:12 ----D---- C:\Program Files\trend micro
2013-05-31 17:41:25 ----A---- C:\Windows\system32\ssinstall-uninstall.bat
2013-05-31 17:41:24 ----A---- C:\Windows\system32\ssins.exe
2013-05-31 17:30:10 ----D---- C:\Program Files\Common Files\Java
2013-05-31 17:29:33 ----A---- C:\Windows\system32\npDeployJava1.dll
2013-05-31 17:29:33 ----A---- C:\Windows\system32\javaws.exe
2013-05-31 17:29:25 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2013-05-31 17:29:25 ----A---- C:\Windows\system32\javaw.exe
2013-05-31 17:29:25 ----A---- C:\Windows\system32\java.exe
2013-05-31 16:15:25 ----ASH---- C:\hiberfil.sys
2013-05-31 15:24:34 ----A---- C:\Users\user\AppData\Roaming\skype.ini
2013-05-16 19:34:34 ----A---- C:\Windows\system32\mshtml.dll
2013-05-16 19:24:32 ----A---- C:\Windows\system32\vbscript.dll
2013-05-16 19:24:32 ----A---- C:\Windows\system32\mshtmled.dll
2013-05-16 19:24:30 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-16 19:24:30 ----A---- C:\Windows\system32\ieUnatt.exe
2013-05-16 19:24:30 ----A---- C:\Windows\system32\ieui.dll
2013-05-16 19:24:29 ----A---- C:\Windows\system32\wininet.dll
2013-05-16 19:24:29 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-16 19:24:28 ----A---- C:\Windows\system32\url.dll
2013-05-16 19:24:28 ----A---- C:\Windows\system32\jscript9.dll
2013-05-16 19:24:28 ----A---- C:\Windows\system32\jscript.dll
2013-05-16 19:24:27 ----A---- C:\Windows\system32\iertutil.dll
2013-05-16 19:24:26 ----A---- C:\Windows\system32\urlmon.dll
2013-05-16 19:24:25 ----A---- C:\Windows\system32\ieframe.dll
2013-05-16 18:27:43 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-16 18:27:43 ----A---- C:\Windows\system32\cdd.dll
2013-05-16 18:27:35 ----A---- C:\Windows\system32\win32k.sys
2013-05-06 08:49:44 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 month======

2013-06-03 11:23:40 ----D---- C:\Windows\Prefetch
2013-06-03 11:23:24 ----D---- C:\Windows\Temp
2013-06-03 11:22:41 ----D---- C:\Users\user\AppData\Roaming\Skype
2013-06-03 10:36:21 ----SHD---- C:\System Volume Information
2013-06-03 09:45:03 ----D---- C:\Windows\System32
2013-06-03 09:45:03 ----D---- C:\Windows\inf
2013-06-03 09:45:03 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-01 09:55:14 ----D---- C:\Windows\winsxs
2013-06-01 09:47:28 ----D---- C:\Windows\Microsoft.NET
2013-06-01 01:23:10 ----D---- C:\Windows\system32\catroot
2013-06-01 01:23:08 ----D---- C:\Windows\system32\catroot2
2013-06-01 01:17:54 ----AD---- C:\WINDOWS
2013-06-01 01:17:47 ----D---- C:\Windows\system32\en-US
2013-06-01 01:17:47 ----D---- C:\Windows\system32\cs-CZ
2013-06-01 01:17:47 ----D---- C:\Windows\AppPatch
2013-06-01 01:17:46 ----RD---- C:\Windows\Fonts
2013-06-01 01:17:46 ----D---- C:\Windows\system32\wbem
2013-06-01 01:17:46 ----D---- C:\Windows\system32\drivers\en-US
2013-06-01 01:17:46 ----D---- C:\Windows\system32\drivers\cs-CZ
2013-06-01 01:17:46 ----D---- C:\Windows\system32\drivers
2013-06-01 01:17:46 ----D---- C:\Program Files\Windows Mail
2013-06-01 01:16:37 ----SHD---- C:\Windows\Installer
2013-06-01 01:15:56 ----RSD---- C:\Windows\assembly
2013-06-01 01:06:26 ----SD---- C:\ProgramData\Microsoft
2013-06-01 01:04:16 ----D---- C:\Program Files
2013-06-01 01:04:08 ----D---- C:\Program Files\Common Files\microsoft shared
2013-06-01 01:01:25 ----D---- C:\Windows\Logs
2013-05-31 18:45:55 ----D---- C:\Program Files\Common Files
2013-05-31 18:09:49 ----D---- C:\ProgramData\Skype
2013-05-31 17:33:04 ----D---- C:\Program Files\Java
2013-05-31 17:28:56 ----A---- C:\Windows\system32\deployJava1.dll
2013-05-31 17:13:06 ----HD---- C:\ProgramData
2013-05-31 16:29:52 ----D---- C:\Program Files\CCleaner
2013-05-31 16:27:36 ----D---- C:\Windows\Minidump
2013-05-31 07:08:59 ----D---- C:\Windows\system32\spool
2013-05-29 11:49:28 ----D---- C:\Users\user\AppData\Roaming\HpUpdate
2013-05-29 09:38:12 ----D---- C:\Windows\system
2013-05-29 09:37:41 ----D---- C:\SWSetup
2013-05-27 13:47:10 ----D---- C:\Windows\Debug
2013-05-17 07:49:06 ----D---- C:\Windows\system32\migration
2013-05-17 07:49:06 ----D---- C:\Program Files\Internet Explorer
2013-05-16 19:34:26 ----A---- C:\Windows\win.ini
2013-05-16 19:25:26 ----A---- C:\Windows\system32\mrt.exe
2013-05-16 19:01:48 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-05-08 20:33:07 ----D---- C:\Program Files\rajce
2013-05-06 08:49:44 ----RD---- C:\Program Files\Skype

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2013-01-20 195296]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-12-12 691696]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-19 12672]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2013-01-20 100328]
R2 XAudio;XAudio; C:\Windows\system32\DRIVERS\xaudio.sys [2007-10-18 8704]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-09-05 1183744]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\CHDRT32.sys [2008-10-03 222208]
R3 FsUsbExDisk;FsUsbExDisk; \??\C:\Windows\system32\FsUsbExDisk.SYS [2009-12-22 36640]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2007-06-19 16768]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\HSX_DPV.sys [2007-11-01 985600]
R3 HSXHWAZL;HSXHWAZL; C:\Windows\system32\DRIVERS\HSXHWAZL.sys [2007-11-01 208896]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2013-02-18 149352]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2009-10-03 9905096]
R3 RTL8169;Realtek 8169 NT Driver; C:\Windows\system32\DRIVERS\Rtlh86.sys [2008-06-10 123904]
R3 RTSTOR;Realtek USB 2.0 Card Reader; C:\Windows\system32\drivers\RTSTOR.SYS [2009-04-23 64512]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2008-04-17 199344]
R3 usbvideo;Zobrazovací zařízení USB (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 134016]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\HSX_CNXT.sys [2007-11-01 661504]
R3 WudfPf;@%SystemRoot%\system32\drivers\Wudfpf.sys,-1000; C:\Windows\system32\drivers\WudfPf.sys [2012-07-26 66560]
S3 BCM43XV;Broadcom Extensible 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl6.sys [2006-11-02 464384]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\DRIVERS\BthEnum.sys [2008-07-14 23040]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2008-01-21 92160]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2008-07-14 507904]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2008-07-14 30208]
S3 dgderdrv;dgderdrv; C:\Windows\System32\drivers\dgderdrv.sys []
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S3 HdAudAddService;Microsoft 1.1 UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\HdAudio.sys [2006-11-02 235520]
S3 HSFHWAZL;HSFHWAZL; C:\Windows\system32\DRIVERS\VSTAZL3.SYS [2008-01-21 200704]
S3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\Windows\system32\DRIVERS\LHidFilt.Sys [2009-06-17 35472]
S3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\Windows\system32\DRIVERS\LMouFilt.Sys [2009-06-17 37392]
S3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\Windows\System32\Drivers\LUsbFilt.Sys [2009-06-17 28560]
S3 motmodem;Motorola USB CDC ACM Driver; C:\Windows\system32\DRIVERS\motmodem.sys [2009-10-27 23936]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm60x32.sys [2006-11-02 429056]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2008-07-14 149504]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2012-07-26 155136]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 602XML Updater;602Updater; C:\Program Files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-10 65640]
R2 BthServ;@%SystemRoot%\System32\bthserv.dll,-101; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 ezSharedSvc;Easybits Shared Services for Windows; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
R2 FsUsbExService;FsUsbExService; C:\Windows\system32\FsUsbExService.Exe [2009-12-22 217088]
R2 HP Health Check Service;HP Health Check Service; c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe [2008-10-09 94208]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2008-02-27 73728]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2013-01-27 20456]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2009-10-03 219752]
R2 Recovery Service for Windows;Recovery Service for Windows; C:\Windows\SMINST\BLService.exe [2008-04-26 361808]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared Files\RichVideo.exe [2007-01-09 272024]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
R2 ssinstall;SInstalátor; C:\Windows\System32\ssins.exe [2013-05-31 2317848]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R2 XAudioService;XAudioService; C:\Windows\system32\DRIVERS\xaudio.exe [2007-10-18 386560]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2008-04-03 193840]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-05-02 165192]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2013-01-27 295232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-04 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-16 256904]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2009-03-30 31048]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-12-12 77944]
S3 BBSvc;Bing Bar Update Service; C:\Program Files\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-05-04 135664]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-11 194032]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe [2004-10-22 73728]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2008-11-11 620544]
S3 usnjsvc;Messenger Sharing Folders USN Journal Reader service; C:\Program Files\MSN Messenger\usnsvc.exe [2007-01-19 97136]
S3 WPFFontCache_v0400;@c:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------



# AdwCleaner v2.301 - Log vytvooen 03/06/2013 v 11:18:33
# Aktualizováno 16/05/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Uživatel : user - USER-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\user\Desktop\adwcleaner.exe
# Volba [Prohledat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Nalezeno : C:\Program Files\DAEMON Tools Toolbar
Složka Nalezeno : C:\Program Files\Free Offers from Freeze.com
Soubor Nalezeno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Hodnota Nalezeno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Klíe Nalezeno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Nalezeno : HKCU\Software\YahooPartnerToolbar
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Klíe Nalezeno : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Klíe Nalezeno : HKLM\Software\Freeze.com
Klíe Nalezeno : HKU\S-1-5-21-530082027-1884451408-44207059-1000\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16483

[OK] Registry jsou eisté.

-\\ Google Chrome v27.0.1453.94

*************************

AdwCleaner[R1].txt - [1841 octets] - [03/06/2013 11:18:33]

########## EOF - C:\AdwCleaner[R1].txt - [1901 octets] ##########

[vyosek]

Zdravim

Spustte znovu AdwCleaner

• Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
• Kliknete na Smazat
• PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Loik]

Děkuji,

nejsem majitelem počítače. Jeho majitel je bohužel aktuálně pryč. Po jeho návratu provedu navrhovaná řešení.

Jsem si vědom uzamknutí po 14 dnech, případně vložím nějaký koment. Zatím děkuji...

[vyosek]

Tema tedy zamykat nebudu, pokracujte pak tady

[Loik]

Nevím, zda se téma uzavře po 14 dnech nečinnosti automaticky, ale raději vložím komentář.

K počítači, ze kterého pocházejí výše uvedené logy se dostanu zase 17. 6. 2013. Díky zatím za pomoc

[vyosek]

Ou Kej, tema zamykat nebudu

[Loik]

Přeji pěkný den a děkuji za trpělivost.

Proveden Adw "vymazat" scan.

A Combofix scan dle instrukcí.

Lukáš

# AdwCleaner v2.303 - Log vytvooen 21/06/2013 v 10:45:07
# Aktualizováno 08/06/2013 Xplode
# Operaení systém : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Uživatel : user - USER-PC
# Spuštin systém : Normální
# Spuštino z : C:\Users\user\Desktop\Lukáš odvirování\adwcleaner.exe
# Volba [Vymazat]


***** [Služby] *****


***** [Soubory / Složky] *****

Složka Vymazáno : C:\Program Files\DAEMON Tools Toolbar
Složka Vymazáno : C:\Program Files\Free Offers from Freeze.com
Soubor Vymazáno : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk

***** [Registry] *****

Hodnota Vymazáno : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Klíe Vymazáno : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Klíe Vymazáno : HKCU\Software\YahooPartnerToolbar
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{761F6A83-F007-49E4-8EAC-CDB6808EF06F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{76C45B18-A29E-43EA-AAF8-AF55C2E1AE17}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{96EF404C-24C7-43D0-9096-4CCC8BB7CCAC}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{97720195-206A-42AE-8E65-260B9BA5589F}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{97D69524-BB57-4185-9C7F-5F05593B771A}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{986F7A5A-9676-47E1-8642-F41F8C3FCF82}
Klíe Vymazáno : HKLM\SOFTWARE\Classes\CLSID\{B18788A4-92BD-440E-A4D1-380C36531119}
Klíe Vymazáno : HKLM\Software\Freeze.com

***** [Internetové prohlížeee] *****

-\\ Internet Explorer v9.0.8112.16490

[OK] Registry jsou eisté.

-\\ Google Chrome v27.0.1453.116

*************************

AdwCleaner[R1].txt - [1970 octets] - [03/06/2013 11:18:33]
AdwCleaner[S1].txt - [1763 octets] - [21/06/2013 10:45:07]

########## EOF - C:\AdwCleaner[S1].txt - [1823 octets] ##########






ComboFix 13-06-21.02 - user 21.06.2013 11:01:21.1.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.2078 [GMT 2:00]
Spuštěný z: c:\users\user\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\DFR7521.tmp
C:\DFREBB9.tmp
c:\users\user\AppData\Roaming\skype.dat
c:\users\user\AppData\Roaming\skype.ini
c:\windows\IsUn0407.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\lpksetup.exe.tmp
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_usnjsvc
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-21 do 2013-06-21 )))))))))))))))))))))))))))))))
.
.
2013-06-21 05:49 . 2013-06-21 05:48 724464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81BD0CA9-63E6-4A4F-BE47-6CE03CDE754D}\gapaengine.dll
2013-06-21 05:48 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{2DF78FB0-DF44-405C-B125-69E4220D6649}\mpengine.dll
2013-06-20 05:23 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-15 08:32 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 08:32 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-06-15 08:31 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 08:31 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-15 08:31 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-15 08:31 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-15 08:31 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-15 08:31 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-15 08:31 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-15 08:31 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-15 08:31 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-31 23:04 . 2013-05-31 23:09 -------- d-----w- c:\program files\Windows Live
2013-05-31 23:01 . 2013-05-31 23:01 -------- d-----w- c:\program files\Microsoft
2013-05-31 23:01 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-05-31 23:01 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-05-31 23:01 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-05-31 23:01 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-05-31 16:45 . 2013-05-31 16:45 -------- d-----w- c:\users\user\AppData\Local\Windows Live
2013-05-31 16:45 . 2013-05-31 16:45 -------- d-----w- c:\program files\Common Files\Windows Live
2013-05-31 16:45 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-05-31 16:36 . 2013-05-31 16:36 -------- d-----w- c:\program files\NVIDIA Corporation
2013-05-31 16:31 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-31 16:30 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-31 16:30 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-31 16:30 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-31 16:30 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-05-31 16:30 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-31 16:30 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-31 16:30 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-31 16:30 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-31 16:30 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-31 16:30 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-31 16:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2013-05-31 16:21 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-31 16:21 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-05-31 16:21 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-31 16:21 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-05-31 16:21 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-05-31 16:21 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-05-31 15:49 . 2013-06-03 09:23 -------- d-----w- c:\program files\trend micro
2013-05-31 15:49 . 2013-05-31 15:49 -------- d-----w- C:\rsit
2013-05-31 15:41 . 2013-05-31 15:41 79 ----a-w- c:\windows\system32\ssinstall-uninstall.bat
2013-05-31 15:41 . 2013-05-31 15:41 2317848 ----a-w- c:\windows\system32\ssins.exe
2013-05-31 15:30 . 2013-05-31 15:30 -------- d-----w- c:\program files\Common Files\Java
2013-05-31 15:29 . 2013-05-31 15:28 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-31 15:29 . 2013-05-31 15:29 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:01 . 2012-04-03 06:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 15:01 . 2011-07-04 05:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-31 23:23 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-31 15:28 . 2010-05-04 10:05 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-21 18:40 . 2012-02-10 14:22 724464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:28 . 2009-10-03 16:56 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-16 16:27 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-16 16:27 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-16 16:27 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-06-03 19604072]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2011-01-12 49208]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-04-04 958576]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-26 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - FSUSBEXDISK
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 15:01]
.
2013-06-21 c:\windows\Tasks\Final Media Player Update Checker.job
- c:\program files\FinalMediaPlayer\FMPCheckForUpdates.exe [2010-07-25 20:22]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 10:06]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-04 10:06]
.
2013-06-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000Core.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 16:18]
.
2013-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000UA.job
- c:\users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-01 16:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=83&bd=Presario&pf=cnnb
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 10.0.0.138
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-BLANCO CAD-Service - c:\windows\IsUn0407.exe
AddRemove-Cool's_Codec_pack_4.12 - c:\windows\iun6002.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-21 11:12
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5896)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\System32\ssins.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\windows\ehome\ehmsas.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
.
**************************************************************************
.
Celkový čas: 2013-06-21 11:18:24 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-21 09:18
.
Před spuštěním: Volných bajtů: 62 593 269 760
Po spuštění: Volných bajtů: 62 395 727 872
.
- - End Of File - - 39B8A6B24F183E353E10703ED74C27D5
85D751F0E41B8E520AEE8C07A8DA777B

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Skype"=-
  "WMPNSCFG"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "UCam_Menu"=-
  "HP Software Update"=-
  "Adobe ARM"=-
  HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring"=dword:00000000
  [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
  "DisableMonitoring"=dword:00000000
  
  DDS::
  mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... io&pf=cnnb
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  
  File::
  C:\Windows\tasks\Adobe Flash Player Updater.job
  C:\Windows\tasks\Final Media Player Update Checker.job
  C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
  C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000Core.job
  C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000UA.job
  C:\Windows\tasks\PCConfidential.job
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Loik]

Zdravím,

jěště připomenu (uváděl jsem to v původním vlákně (viz OP)), že se jedná o notebook, kde byl odstraněn tzv. Policejní virus pomocí RogueKiller.

Log z Combofix:


ComboFix 13-06-21.02 - user 24.06.2013 14:14:20.2.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3068.2018 [GMT 2:00]
Spuštěný z: c:\users\user\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\user\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\Final Media Player Update Checker.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000UA.job"
"c:\windows\tasks\PCConfidential.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\Final Media Player Update Checker.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-530082027-1884451408-44207059-1000UA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-24 do 2013-06-24 )))))))))))))))))))))))))))))))
.
.
2013-06-24 12:22 . 2013-06-24 12:24 -------- d-----w- c:\users\user\AppData\Local\temp
2013-06-24 12:22 . 2013-06-24 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-24 10:07 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F228485A-11EA-4E8C-9ADF-076C046667B1}\mpengine.dll
2013-06-23 08:17 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-06-21 05:49 . 2013-06-21 05:48 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{81BD0CA9-63E6-4A4F-BE47-6CE03CDE754D}\gapaengine.dll
2013-06-15 08:32 . 2013-05-08 03:40 914792 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-15 08:32 . 2013-05-08 01:58 31232 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-06-15 08:31 . 2013-05-02 04:04 443904 ----a-w- c:\windows\system32\win32spl.dll
2013-06-15 08:31 . 2013-05-02 04:03 37376 ----a-w- c:\windows\system32\printcom.dll
2013-06-15 08:31 . 2013-04-24 04:00 985600 ----a-w- c:\windows\system32\crypt32.dll
2013-06-15 08:31 . 2013-04-24 04:00 133120 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-15 08:31 . 2013-04-24 01:46 812544 ----a-w- c:\windows\system32\certutil.exe
2013-06-15 08:31 . 2013-04-24 04:00 98304 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-15 08:31 . 2013-04-24 04:00 41984 ----a-w- c:\windows\system32\certenc.dll
2013-06-15 08:31 . 2013-05-02 22:03 3603832 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-15 08:31 . 2013-05-02 22:03 3551096 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-05-31 23:04 . 2013-05-31 23:09 -------- d-----w- c:\program files\Windows Live
2013-05-31 23:01 . 2013-05-31 23:01 -------- d-----w- c:\program files\Microsoft
2013-05-31 23:01 . 2009-09-04 15:44 69464 ----a-w- c:\windows\system32\XAPOFX1_3.dll
2013-05-31 23:01 . 2009-09-04 15:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2013-05-31 23:01 . 2009-09-04 15:29 453456 ----a-w- c:\windows\system32\d3dx10_42.dll
2013-05-31 23:01 . 2006-11-29 11:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2013-05-31 16:45 . 2013-05-31 16:45 -------- d-----w- c:\users\user\AppData\Local\Windows Live
2013-05-31 16:45 . 2013-05-31 16:45 -------- d-----w- c:\program files\Common Files\Windows Live
2013-05-31 16:45 . 2009-08-04 08:02 754688 ----a-w- c:\windows\system32\webservices.dll
2013-05-31 16:36 . 2013-05-31 16:36 -------- d-----w- c:\program files\NVIDIA Corporation
2013-05-31 16:31 . 2012-07-26 02:46 9728 ----a-w- c:\windows\system32\Wdfres.dll
2013-05-31 16:30 . 2012-07-26 02:33 66560 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2013-05-31 16:30 . 2012-07-26 02:32 155136 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2013-05-31 16:30 . 2012-07-26 03:20 73216 ----a-w- c:\windows\system32\WUDFSvc.dll
2013-05-31 16:30 . 2009-07-14 12:12 16896 ----a-w- c:\windows\system32\winusb.dll
2013-05-31 16:30 . 2012-07-26 03:20 172032 ----a-w- c:\windows\system32\WUDFPlatform.dll
2013-05-31 16:30 . 2012-07-26 03:39 526952 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2013-05-31 16:30 . 2012-07-26 03:39 47720 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2013-05-31 16:30 . 2012-07-26 03:21 196608 ----a-w- c:\windows\system32\WUDFHost.exe
2013-05-31 16:30 . 2012-07-26 03:20 613888 ----a-w- c:\windows\system32\WUDFx.dll
2013-05-31 16:30 . 2012-07-26 03:20 38912 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2013-05-31 16:21 . 2012-03-01 11:01 2409784 ----a-w- c:\program files\Windows Mail\OESpamFilter.dat
2013-05-31 16:21 . 2011-02-22 14:13 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-05-31 16:21 . 2011-02-22 13:33 797696 ----a-w- c:\windows\system32\FntCache.dll
2013-05-31 16:21 . 2011-03-12 21:55 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2013-05-31 16:21 . 2010-08-26 16:34 1696256 ----a-w- c:\windows\system32\gameux.dll
2013-05-31 16:21 . 2011-03-03 15:40 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2013-05-31 16:21 . 2011-03-03 13:35 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2013-05-31 15:49 . 2013-06-03 09:23 -------- d-----w- c:\program files\trend micro
2013-05-31 15:49 . 2013-05-31 15:49 -------- d-----w- C:\rsit
2013-05-31 15:41 . 2013-05-31 15:41 79 ----a-w- c:\windows\system32\ssinstall-uninstall.bat
2013-05-31 15:41 . 2013-05-31 15:41 2317848 ----a-w- c:\windows\system32\ssins.exe
2013-05-31 15:30 . 2013-05-31 15:30 -------- d-----w- c:\program files\Common Files\Java
2013-05-31 15:29 . 2013-05-31 15:28 866720 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-05-31 15:29 . 2013-05-31 15:29 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 15:01 . 2012-04-03 06:00 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 15:01 . 2011-07-04 05:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-31 23:23 . 2011-03-28 16:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-31 15:28 . 2010-05-04 10:05 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-05-21 18:40 . 2012-02-10 14:22 724464 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-05-02 15:28 . 2009-10-03 16:56 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-15 14:20 . 2013-05-16 16:27 638328 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-13 10:56 . 2013-05-16 16:27 37376 ----a-w- c:\windows\system32\cdd.dll
2013-04-09 01:36 . 2013-05-16 16:27 2049024 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-02-26 2289664]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DisableMonitoring"="0 (0x0)" [X]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-17 1049896]
"QPService"="c:\program files\HP\QuickPlay\QPService.exe" [2008-06-12 468264]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2008-05-12 202032]
"hpWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2008-04-15 488752]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2009-06-17 55824]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-10-03 13826664]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2011-10-04 220992]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2010-8-26 813584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001
.
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [2011-10-10 85344]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezSharedSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-02-26 22:06 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://seznam.cz/
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~3\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_89D8574934B26AC4.dll/cmsidewiki.html
Trusted Zone: postsignum.cz\www
TCP: DhcpNameServer = 10.0.0.138
DPF: {813A45F9-744F-435F-A815-19E2DF35A9D8} - hxxp://www.o2c.de/download/o2cplayerac.cab
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
SafeBoot-Wdf01000.sys
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-06-24 14:24
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DisableMonitoring = 63
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(1052)
c:\program files\Logitech\SetPoint\lgscroll.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\FsUsbExService.Exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\SMINST\BLService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\program files\Microsoft\BingBar\SeaPort.EXE
c:\windows\System32\ssins.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\windows\system32\DRIVERS\xaudio.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conime.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
c:\windows\ehome\ehmsas.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Windows Media Player\wmpnscfg.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\Shared\HpqToaster.exe
c:\program files\Hewlett-Packard\HP Health Check\hphc_service.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2013-06-24 14:31:04 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-06-24 12:31
.
Před spuštěním: Volných bajtů: 68 951 818 240
Po spuštění: Volných bajtů: 68 969 422 848
.
- - End Of File - - 7F746E86B356A5A674A43AFFE7A45661
85D751F0E41B8E520AEE8C07A8DA777B

[vyosek]

Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe

• Ulozte nejlepe na Plochu
• U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
• Kliknete na Scan
• Po dokonceni skenu se objevi log FSS.txt ten sem vlozte

[Loik]

Farbar Service Scanner Version: 16-06-2013
Ran by user (administrator) on 25-06-2013 at 10:38:52
Running from "C:\Users\user\Desktop"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Disabled Policy:
========================


Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is OK.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys
[2013-06-15 10:32] - [2013-05-08 05:40] - 0914792 ____A (Microsoft Corporation) 078218D74C4EFC2CE7E4C6DF22A94F2F

C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\wuaueng.dll => MD5 is legit
C:\Windows\system32\qmgr.dll => MD5 is legit
C:\Windows\system32\es.dll => MD5 is legit
C:\Windows\system32\cryptsvc.dll
[2013-06-15 10:31] - [2013-04-24 06:00] - 0133120 ____A (Microsoft Corporation) 3EDE4C1F9672C972479201544969ADCB

C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\system32\ipnathlp.dll => MD5 is legit
C:\Windows\system32\iphlpsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit


**** End of log ****

díky

[vyosek]

Fajn, jak se chova PC

[Loik]

Notebook se chová standardně. Už po aplikaci RogueKilleru se virus pravděpodobně odstranil. Krátce na to jsem však četl článek (http://www.root.cz/clanky/ransomware-po ... nim-stole/) a rozhodl se využít Vašich blahodárných služeb. Věřím, že Combofix mohl ještě něco zajímavého najít.

Pokud je to vše, mnohokrát děkuji za pomoc a přeju mnoho úspěchů.

Lukáš

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse