VIRY.CZ

RogueKiller V6.2.4 [01/12/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Kristina [Admin rights]
Mode: Remove -- Date : 01/24/2012 13:45:50

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Parameters\Interfaces\{916B6CEE-5C69-4A23-871C-AF72C5913451} : NameServer (213.46.172.36) -> NOT REMOVED, USE DNSFIX
[DNS] HKLM\[...]\ControlSet002\Parameters\Interfaces\{916B6CEE-5C69-4A23-871C-AF72C5913451} : NameServer (213.46.172.36) -> NOT REMOVED, USE DNSFIX

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost

¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: +++++
--- User ---
[MBR] a4eb089d8a1a5b9bbd136a72f0a5ee46
[BSP] 675c6f0177c9f488a15afc559e61fbda : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] NTFS [HIDDEN!] Offset (sectors): 2048 | Size: 12884 Mo
1 - [ACTIVE] NTFS [VISIBLE] Offset (sectors): 25167872 | Size: 104 Mo
2 - [XXXXXX] NTFS [VISIBLE] Offset (sectors): 25372672 | Size: 104852 Mo
3 - [XXXXXX] UNKNW [VISIBLE] Offset (sectors): 230163255 | Size: 382261 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[1].txt >>
RKreport[1].txt

Spustte znovu OTL

Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

Kód: Vybrat vše

:otl
MOD - [2011/12/18 18:43:32 | 000,892,768 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe
SRV - [2011/12/18 18:43:33 | 000,869,216 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe -- (vToolbarUpdater)
DRV - [2012/01/23 21:58:46 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\vacqg.sys -- (cfxy)
DRV - [2012/01/23 21:52:01 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\pjseyuxm.sys -- (ajru)
DRV - [2012/01/23 21:26:21 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\cefcrid.sys -- (fdcpcqaj)
DRV - [2010/11/10 22:55:43 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\chnkrw.sys -- (hzcs)
DRV - [2010/11/10 22:50:59 | 000,061,440 | ---- | M] () [Kernel | Boot | Stopped] -- C:\Windows\system32\drivers\gcylh.sys -- (nwhqbc)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t5511k350
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://homepage.acer.com/rdr.aspx?b=ACA ... 5t5511k350
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://isearch.avg.com/?cid={4B76F333-32E0-453B-8D4A-1A63BD64B722}&mid=1a03e961187e47d1bb831943efa5dd50-e987b5263c701dd0f443dd35e740503b43cdb538&lang=en&ds=tt014&pr=sa&d=&v=&sap=hp
IE - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\..\URLSearchHook: - No CLSID value found
IE - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\..\URLSearchHook: {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll (Conduit Ltd.)
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird
[2011/12/14 15:56:39 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar
[2011/12/14 15:56:30 | 000,003,741 | ---- | M] () -- C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\ebnd8786.default\searchplugins\avg-secure-search.xml
() (No name found) -- C:\USERS\KRISTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBND8786.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O2 - BHO: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (BS Player Toolbar) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\..\Toolbar\WebBrowser: (BS Player Toolbar) - {FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - C:\Program Files (x86)\BS_Player\tbBS_1.dll (Conduit Ltd.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000..\Run: [Facebook Update] C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O37 - HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\...com [@ = comfile] -- Reg Error: Key error. File not found
[7 C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\*.tmp -> ]
[11 C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp files -> C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\*.tmp -> ]
[1 C:\Windows\Installer\*.tmp files -> C:\Windows\Installer\*.tmp -> ]
[1 C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp files -> C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\*.tmp -> ]
[2010/05/22 09:19:31 | 000,000,000 | ---D | M] -- C:\Users\Kristina\AppData\Roaming\ESTsoft
[2012/01/22 21:22:00 | 000,000,918 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000Core.job
[2012/01/24 12:22:04 | 000,000,940 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000UA.job
[2012/01/24 11:40:29 | 000,000,952 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2012/01/24 13:05:00 | 000,000,956 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2012/01/22 23:36:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000Core.job
[2012/01/24 12:36:01 | 000,000,974 | ---- | M] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000UA.job
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

:services
gupdate
gupdatem
Nero BackItUp Scheduler 3
NMIndexingService
Cyberlink RichVideo Service(CRVS)

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=-
"Facebook Update"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk]

:files
c:\Windows\assembly\tmp
C:\PROGRA~2\ESET
C:\Users\Kristina\AppData\Local\Facebook
C:\Program Files (x86)\AVG Secure Search
C:\Program Files (x86)\Common Files\AVG Secure Search
C:\USERS\KRISTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBND8786.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
C:\Program Files (x86)\DAEMON Tools Toolbar
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp

:commands
[RESETHOSTS]
[EMPTYTEMP]
[EMPTYFLASH]

Nasledne kliknete na Opravit
PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Po kliknuti na opravit se program zavrel, avsak notebook se nerestartoval, ani neni vygenerovany zadny logfile

Opakujte postup jeste jednou ale v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

All processes killed
========== OTL ==========
Service vToolbarUpdater stopped successfully!
Service vToolbarUpdater deleted successfully!
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1\ToolbarUpdater.exe moved successfully.
Service cfxy stopped successfully!
Service cfxy deleted successfully!
C:\Windows\SysWOW64\drivers\vacqg.sys moved successfully.
Service ajru stopped successfully!
Service ajru deleted successfully!
C:\Windows\SysWOW64\drivers\pjseyuxm.sys moved successfully.
Service fdcpcqaj stopped successfully!
Service fdcpcqaj deleted successfully!
C:\Windows\SysWOW64\drivers\cefcrid.sys moved successfully.
Service hzcs stopped successfully!
Service hzcs deleted successfully!
C:\Windows\SysWOW64\drivers\chnkrw.sys moved successfully.
Service nwhqbc stopped successfully!
Service nwhqbc deleted successfully!
C:\Windows\SysWOW64\drivers\gcylh.sys moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
C:\Program Files (x86)\BS_Player\tbBS_1.dll moved successfully.
HKU\S-1-5-21-2318351912-2155151090-1007949156-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files (x86)\BS_Player\tbBS_1.dll not found.
Prefs.js: "Ask.com" removed from browser.search.defaultengine
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
Prefs.js: "Ask.com" removed from browser.search.order.1
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@microsoft.com/GENUINE\ deleted successfully.
File HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\eplgTb@eset.com: C:\Program Files\ESET\ESET NOD32 Antivirus\Mozilla Thunderbird not found.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\skin folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\zh-tw folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\zh-cn folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\tr folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\sr folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\sk folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\ru folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\pt-br folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\pt folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\pl folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\nl folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\ms folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\ko folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\ja folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\it folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\id folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\hu folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\fr folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\es-es folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\es folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\en folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\de folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\da folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale\cs folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules\locale folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\modules folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\locale\en-US folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\locale folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\components\FF4 folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\components folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar\chrome folder moved successfully.
C:\Users\Kristina\AppData\Roaming\mozilla\Firefox\Profiles\ebnd8786.default\extensions\avg@toolbar folder moved successfully.
C:\Users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\ebnd8786.default\searchplugins\avg-secure-search.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files (x86)\BS_Player\tbBS_1.dll not found.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ deleted successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
File C:\Program Files (x86)\AVG Secure Search\9.0.0.22\AVG Secure Search_toolbar.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5}\ not found.
File C:\Program Files (x86)\BS_Player\tbBS_1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll not found.
Registry value HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
File C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll not found.
Registry value HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5}\ not found.
File C:\Program Files (x86)\BS_Player\tbBS_1.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\vProt deleted successfully.
C:\Program Files (x86)\AVG Secure Search\vprot.exe moved successfully.
Registry value HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update deleted successfully.
C:\Users\Kristina\AppData\Local\Facebook\Update\FacebookUpdate.exe moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\grooveLocalGWS\ deleted successfully.
File Protocol\Handler\grooveLocalGWS - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
File Protocol\Handler\livecall - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-help\ deleted successfully.
File Protocol\Handler\ms-help - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ms-itss\ deleted successfully.
File Protocol\Handler\ms-itss - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
File Protocol\Handler\msnim - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\skype4com\ deleted successfully.
File Protocol\Handler\skype4com - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol\ deleted successfully.
File Protocol\Handler\viprotocol - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlmailhtml\ deleted successfully.
File Protocol\Handler\wlmailhtml - No CLSID value found not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\wlpg\ deleted successfully.
File Protocol\Handler\wlpg - No CLSID value found not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000_Classes\.com\ deleted successfully.
Registry key HKEY_USERS\S-1-5-21-2318351912-2155151090-1007949156-1000_Classes\comfile\ not found.
HKEY_LOCAL_MACHINE\Software\Classes\.com\\|comfile /E : value set successfully!
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP1093.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP163E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2D46.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP4220.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9E41.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC0A0.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPDFD3.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP2010.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP3C25.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP4C1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP5169.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAP79C1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA41B.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPA7E1.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE291.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPE56E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEA9D.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_64\Temp\ZAPEEDF.tmp folder deleted successfully.
C:\Windows\Installer\MSI1223.tmp deleted successfully.
C:\Windows\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\wltE83F.tmp deleted successfully.
C:\Users\Kristina\AppData\Roaming\ESTsoft\ALZip folder moved successfully.
C:\Users\Kristina\AppData\Roaming\ESTsoft folder moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000Core.job moved successfully.
C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000UA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000Core.job moved successfully.
C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2318351912-2155151090-1007949156-1000UA.job moved successfully.
ADS C:\ProgramData\Temp:ABE89FFE deleted successfully.
========== SERVICES/DRIVERS ==========
Service gupdate stopped successfully!
Service gupdate deleted successfully!
Service gupdatem stopped successfully!
Service gupdatem deleted successfully!
Service Nero BackItUp Scheduler 3 stopped successfully!
Service Nero BackItUp Scheduler 3 deleted successfully!
Service NMIndexingService stopped successfully!
Service NMIndexingService deleted successfully!
Error: No service named Cyberlink RichVideo Service(CRVS) was found to stop!
Service\Driver key Cyberlink RichVideo Service(CRVS) not found.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Facebook Update not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg\ not found.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Aktualizovat ESET licenci.lnk\ not found.
========== FILES ==========
c:\Windows\assembly\tmp folder moved successfully.
File\Folder C:\PROGRA~2\ESET not found.
C:\Users\Kristina\AppData\Local\Facebook\Video\Skype folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Video\Common\fb#3aac5ijrrbqdciprucjsxqv-vpyudp-fco8csfvplrgkux2yggqhiaervnhtbj57lwr20 folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Video\Common folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Video folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Update\Manifest\Initial folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Update\Manifest folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Update\Download folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Update\1.2.203.0 folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\Update folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook\CrashReports folder moved successfully.
C:\Users\Kristina\AppData\Local\Facebook folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\skin folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\9.0.0.22\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\9.0.0.22 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\8.0.0.40\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\8.0.0.40 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\8.0.0.34\radio folder moved successfully.
C:\Program Files (x86)\AVG Secure Search\8.0.0.34 folder moved successfully.
C:\Program Files (x86)\AVG Secure Search folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\9.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\9.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\9.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ToolBandTlb folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\9.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\ScriptHelperInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller\9.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller\8.0.1 folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search\CommonInstaller folder moved successfully.
C:\Program Files (x86)\Common Files\AVG Secure Search folder moved successfully.
C:\USERS\KRISTINA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\EBND8786.DEFAULT\EXTENSIONS\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar\Resources folder moved successfully.
C:\Program Files (x86)\DAEMON Tools Toolbar folder moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: AppData
->Temp folder emptied: 0 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Kristina
->Temp folder emptied: 6726878 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 984132 bytes
->FireFox cache emptied: 47693014 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 498 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2222552 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50507 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 55.00 mb

[EMPTYFLASH]

User: All Users

User: AppData

User: Default

User: Default User

User: Kristina
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.31.0 log created on 01242012_141626

Files\Folders moved on Reboot...
C:\Users\Kristina\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

Registry entries deleted on Reboot...

Super, OTL udelalo co melo

Smazte ComboFix co mate stazeny, pouzijem aktualni verzi

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

ComboFix 12-01-23.02 - Kristina 24.01.2012 15:38:18.7.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3895.2325 [GMT 1:00]
Spuštěný z: c:\users\Kristina\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-24 do 2012-01-24 )))))))))))))))))))))))))))))))
.
.
2016-04-01 08:28 . 2016-04-01 08:28 -------- d-----w- c:\program files (x86)\Alcohol Soft
2016-04-01 08:25 . 2016-04-01 08:25 834544 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-01-24 14:44 . 2012-01-24 14:44 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-01-24 14:44 . 2012-01-24 14:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-24 14:44 . 2012-01-24 14:44 -------- d-----w- c:\users\AppData\AppData\Local\temp
2012-01-24 12:57 . 2012-01-24 12:57 -------- d-----w- C:\_OTL
2012-01-24 10:58 . 2012-01-24 10:58 917840 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{06290117-9BEF-47D4-B9DE-E9669D6FA4C9}\gapaengine.dll
2012-01-24 10:58 . 2012-01-05 20:15 8602168 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E8586D0B-27CA-484A-9E29-ACD89532AFD1}\mpengine.dll
2012-01-24 10:44 . 2012-01-24 10:44 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2012-01-24 10:43 . 2012-01-24 10:44 -------- d-----w- c:\program files\Microsoft Security Client
2012-01-23 21:15 . 2012-01-24 12:10 512 ----a-w- C:\PhysicalMBR.bin
2012-01-23 21:03 . 2012-01-24 11:00 -------- d-----w- c:\program files\trend micro
2012-01-23 21:03 . 2012-01-23 21:03 -------- d-----w- C:\rsit
2012-01-23 20:26 . 2012-01-23 20:58 3408 ----a-w- C:\backup.reg
2012-01-21 16:51 . 2012-01-06 05:15 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{354185DE-DEE7-4194-9115-540F6A306240}\mpengine.dll
2012-01-11 07:19 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 07:19 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 07:19 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 07:19 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 07:19 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 07:19 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 07:19 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 07:19 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-01-09 10:50 . 2012-01-09 10:50 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-09 10:50 . 2012-01-09 10:50 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-09 10:50 . 2012-01-09 10:50 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-09 10:50 . 2012-01-09 10:50 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-05 21:01 . 2012-01-05 21:01 -------- d-----w- c:\users\Kristina\AppData\Local\Xenocode
2012-01-02 14:29 . 2012-01-04 09:02 -------- d-----w- c:\users\Kristina\AppData\Local\Thunderbird
2012-01-02 14:29 . 2012-01-02 14:29 -------- d-----w- c:\users\Kristina\AppData\Roaming\Thunderbird
2012-01-02 14:29 . 2012-01-07 19:29 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-12-08 16:38 . 2011-11-02 09:27 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-12-08 16:31 . 2011-11-02 09:27 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-12-08 16:31 . 2011-11-02 09:27 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-12-08 16:31 . 2011-11-02 09:27 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-12-08 16:31 . 2011-11-02 09:27 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-11-24 04:52 . 2011-12-14 08:33 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 06:35 . 2012-01-17 21:43 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-17 21:43 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-05 05:32 . 2011-12-14 08:33 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:26 . 2011-12-14 08:33 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-04 01:53 . 2011-12-14 09:34 2309120 ----a-w- c:\windows\system32\jscript9.dll
2011-11-04 01:44 . 2011-12-14 09:34 1390080 ----a-w- c:\windows\system32\wininet.dll
2011-11-04 01:44 . 2011-12-14 09:34 1493504 ----a-w- c:\windows\system32\inetcpl.cpl
2011-11-04 01:34 . 2011-12-14 09:34 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-03 22:47 . 2011-12-14 09:34 1798144 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-11-03 22:40 . 2011-12-14 09:34 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-11-03 22:39 . 2011-12-14 09:34 1127424 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-03 22:31 . 2011-12-14 09:34 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-11-01 22:00 . 2011-08-21 07:56 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-23_20.42.45 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-22 07:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-24 08:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-22 07:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 08:04 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-03-03 06:34 . 2012-01-24 13:20 70950 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-24 13:20 31814 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-05-20 19:00 . 2012-01-24 10:42 17704 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2318351912-2155151090-1007949156-1000_UserData.bin
+ 2011-04-27 14:25 . 2011-04-27 14:25 84864 c:\windows\system32\drivers\NisDrvWFP.sys
+ 2011-04-18 12:18 . 2011-04-18 12:18 40832 c:\windows\system32\drivers\MpNWMon.sys
+ 2010-05-21 09:54 . 2012-01-24 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-21 09:54 . 2012-01-23 20:39 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-05-21 09:54 . 2012-01-23 20:39 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-24 14:27 . 2012-01-24 14:27 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-24 14:27 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-23 20:39 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-05-19 16:23 . 2011-05-19 16:23 75264 c:\windows\Installer\3a59a.msi
+ 2011-06-15 13:55 . 2011-06-15 13:55 32256 c:\windows\Installer\3a58d.msi
- 2012-01-23 20:27 . 2012-01-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-24 13:18 . 2012-01-24 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-24 13:18 . 2012-01-24 13:18 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-23 20:27 . 2012-01-23 20:27 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2012-01-24 08:04 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-22 07:51 229376 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-05-22 10:58 . 2012-01-23 22:22 226534 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-01-24 10:44 926748 c:\windows\system32\perfc009.dat
+ 2010-04-03 08:56 . 2012-01-24 10:44 966544 c:\windows\system32\perfc005.dat
+ 2010-05-24 09:25 . 2010-10-19 20:51 270720 c:\windows\system32\MpSigStub.exe
- 2010-05-24 09:25 . 2011-11-15 13:29 270720 c:\windows\system32\MpSigStub.exe
+ 2011-04-18 12:18 . 2011-04-18 12:18 189440 c:\windows\system32\drivers\MpFilter.sys
- 2009-07-14 05:01 . 2012-01-23 19:02 405248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-24 13:12 405248 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:36 . 2012-01-24 10:44 1474524 c:\windows\system32\perfh009.dat
+ 2010-04-03 08:56 . 2012-01-24 10:44 3062132 c:\windows\system32\perfh005.dat
+ 2010-11-10 22:17 . 2012-01-24 13:12 1647706 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2318351912-2155151090-1007949156-1000-8192.dat
- 2010-11-10 22:17 . 2012-01-23 19:02 1647706 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2318351912-2155151090-1007949156-1000-8192.dat
- 2010-05-24 12:08 . 2012-01-08 06:42 1381532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2318351912-2155151090-1007949156-1000-12288.dat
+ 2010-05-24 12:08 . 2012-01-23 22:31 1381532 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2318351912-2155151090-1007949156-1000-12288.dat
+ 2011-05-19 16:23 . 2011-05-19 16:23 2708992 c:\windows\Installer\3a593.msi
+ 2011-06-15 13:51 . 2011-06-15 13:51 1911808 c:\windows\Installer\3a586.msi
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-22 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-02-25 1289296]
"MDS_Menu"="c:\program files (x86)\Acer Arcade Deluxe\MediaShow Espresso\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files (x86)\Acer\Acer VCM\AcerVCM.exe [2010-3-3 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe"
"ArcadeMovieService"="c:\program files (x86)\Acer Arcade Deluxe\Arcade Movie\ArcadeMovieService.exe"
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" -h -k
"IAStorIcon"=c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
"NBKeyScan"="c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe"
"NortonOnlineBackupReminder"="c:\program files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe" UNATTENDED
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-11-06 50432]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [2010-10-19 2011944]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-02-25 325200]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2010-01-21 819232]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2009-12-24 13336]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-01-07 255744]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-11-06 144640]
S2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2010-02-05 171040]
S2 RS_Service;Raw Socket Service;c:\program files (x86)\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-08 2028864]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atipmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-22 10081312]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-02-22 877600]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2010-02-05 222240]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-01-22 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-01-22 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-01-22 410136]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2010-01-21 496160]
"PLD_FrameworkRun"="c:\oem\preload\utility\_NowIntoDT.vbs" [2009-12-30 486]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Prevést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_950DF09FAB501E03.dll/cmsidewiki.html
IE: {{71BFC818-0CED-42D6-9C87-5142918957EE} - c:\program files (x86)\ICQ7.1\ICQ.exe
TCP: DhcpNameServer = 194.213.32.237 212.111.0.10
TCP: Interfaces\{74AD2F4A-85BA-4ED6-9439-9EE0F4F18867}: DhcpNameServer = 194.213.32.237 212.111.0.10
TCP: Interfaces\{916B6CEE-5C69-4A23-871C-AF72C5913451}: NameServer = 213.46.172.36
TCP: Interfaces\{916B6CEE-5C69-4A23-871C-AF72C5913451}\D496368616C6: NameServer = 213.46.172.36
FF - ProfilePath - c:\users\Kristina\AppData\Roaming\Mozilla\Firefox\Profiles\ebnd8786.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-AVG Secure Search - c:\program files (x86)\AVG Secure Search\UNINSTALL.exe
AddRemove-DAEMON Tools Toolbar - c:\program files (x86)\DAEMON Tools Toolbar\uninst.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10v_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10v.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2012-01-24 15:47:34
ComboFix-quarantined-files.txt 2012-01-24 14:47
ComboFix2.txt 2012-01-23 20:45
ComboFix3.txt 2011-09-24 19:56
.
Před spuštěním: Volných bajtů: 49 748 971 520
Po spuštění: Volných bajtů: 49 471 664 128
.
- - End Of File - - 5D7B105A972EA5FCCDA0B1FC11D6886A

Jeste proverime jednu drobnost

Stahnete MBRScan http://eric71.geekstogo.com/tools/MbrScan.exe

Ulozte nejlepe na plochu
Pokud pouzivate Win Vista ci W7, kliknete na MBRScan pravym a dejte Run As Administrator ci Spustit jako spravce
Kliknete na Report
Po chvilce se objevi log do souboru MBRScan.txt, ten sem vlozte

Stahnete aswMBR http://public.avast.com/%7Egmerek/aswMBR.exe a ulozte jej na plochu.

Utilitu spustte a prikazte ji, at skenuje - klik na Scan
Po dokonceni skenu kliknutim na Save log ulozte log aswMBR na plochu
Obsah logu aswMBR mi sem vlozte

Kód: Vybrat vše

MBRScan v1.0.7

OS             : Windows 7 Service Pack 1 (64 bit)
PROCESSOR      : Intel64 Family 6 Model 37 Stepping 2, GenuineIntel
BOOT           : Normal Boot
DATE           : 2012/01/24 (ISO 8601) at 17:14:36
________________________________________________________________________________

DISK           : Device\Harddisk0\DR0 __WDC WD50 00BEVT-22A0R (01.0)
BUS_TYPE       : (0x03)  P-ATA
USE_PIO        : NO
MAX_TRANSFER   : 128 Kb
ALIGNMENT_MASK : word aligned
________________________________________________________________________________

Device\Harddisk0\DR0	465.8 Go  [Fixed] ==> 7 MBR Code

MBR_MD5   : A4EB089D8A1A5B9BBD136A72F0A5EE46
MBR_SHA1  : BB4C62A60AAF60F8C1257A1794590EFF4548F241

Device\Harddisk0\Partition1	12.00 Go  	0x27 RE Hidden partition 
Device\Harddisk0\Partition2	100.0 Mo  	0x07 NTFS / HPFS __ BOOTABLE __
Device\Harddisk0\Partition3	97.65 Go  	0x07 NTFS / HPFS
Device\Harddisk0\Partition4	356.0 Go  	0x07 NTFS / HPFS
________________________________________________________________________________


_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.Ð¼.|.À.Ø¾.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 9C 4E 45 0D 00 00 00 20   em...c{..NE.... 
0x000001C0   21 00 27 FE FF FF 00 08 00 00 00 00 80 01 80 FE   !.'þ...........þ
0x000001D0   FF FF 07 FE FF FF 00 08 80 01 00 20 03 00 00 FE   ...þ....... ...þ
0x000001E0   FF FF 07 FE FF FF 00 28 83 01 37 DB 34 0C 00 FE   ...þ...(..7Û4..þ
0x000001F0   FF FF 0F FE FF FF 37 03 B8 0D 0A 49 80 2C 55 AA   ...þ..7.¸..I.,Uª

a aswMBR spusteno ne jako spravce s tim, ze se program ptal na Avast! a dal jsem ne. Log:

aswMBR version 0.9.9.1509 Copyright(c) 2011 AVAST Software
Run date: 2012-01-24 17:15:14
-----------------------------
17:15:14.581 OS Version: Windows x64 6.1.7601 Service Pack 1
17:15:14.581 Number of processors: 4 586 0x2502
17:15:14.581 ComputerName: KRISTINA-PC UserName: Kristina
17:15:15.238 Initialize success
17:15:36.903 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
17:15:36.906 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
17:15:36.921 Disk 0 MBR read successfully
17:15:36.924 Disk 0 MBR scan
17:15:36.927 Disk 0 Windows 7 default MBR code
17:15:36.933 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 12288 MB offset 2048
17:15:36.952 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 25167872
17:15:36.968 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 99995 MB offset 25372672
17:15:36.972 Disk 0 Partition - 00 0F Extended LBA 364553 MB offset 230163255
17:15:36.990 Disk 0 Partition 4 00 07 HPFS/NTFS NTFS 364553 MB offset 230163318
17:15:36.994 Service scanning
17:15:37.555 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
17:15:37.617 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:15:38.170 Modules scanning
17:15:38.177 Disk 0 trace - called modules:
17:15:38.220 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStor.sys spjg.sys hal.dll
17:15:38.226 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004d37060]
17:15:38.231 3 CLASSPNP.SYS[fffff88001a1743f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa80049b8050]
17:15:38.237 Scan finished successfully
17:15:52.836 Disk 0 MBR has been saved successfully to "C:\Users\Kristina\Desktop\MBR.dat"
17:15:52.841 The log file has been saved successfully to "C:\Users\Kristina\Desktop\aswMBR.txt"

Fajn, jak se chova PC

Výborně - vypadá, že je vše v pořádku. AdBlock Plus jsem nenašel, takže ani nebylo co odnastavovat, prohlížeč se k tmpuse.com již nepřipojuje, takže asi vše OK.

Díky opravdu moc! Klobouk dolů před Vámi.

Mám ještě dotaz, zda raději používat v kombinaci s MSE IE9, nebo použití Mozilly aktuální verze je postačující, popřípadě jestli upravit nějak nastavení prohlížení (například mazání cookies po vypnutí, "oznánim serverům, že nechci být sledován" a podobně.

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner (viz muj podpis)
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Staci pouzivat Mozilu s puvodnim nastavenim

Nejdulezitejsi pro bezpecnost je rozum = neklikat na kdejakou blikajici a skakajici blbinu a co mi kdo nabidne..

VIRY.CZ

tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com

Re: tmpuse.com