VIRY.CZ

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Premek [Práva správce]
Mód : Oprava HOSTS -- Datum : 04/27/2014 09:18:10
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\PhoneBrowser.dll [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\NGSCM.DLL [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr [x] -> ODEBRÁNO

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ Resetovaný HOSTS: ¤¤¤

Dokončeno : << RKreport[0]_H_04272014_091810.txt >>
RKreport[0]_D_04272014_091802.txt;RKreport[0]_S_04272014_090258.txt

A druhy log?

už jsem to zavřel, ale tady jsem to prohledal znova:

RogueKiller V8.8.15 [Mar 27 2014] by Adlice Software
mail : http://www.adlice.com/contact/
Podpora : http://forum.adlice.com
Webové stránky : http://www.adlice.com/softwares/roguekiller/
: http://www.adlice.com

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Normální režim
Uživatel : Premek [Práva správce]
Mód : Kontrola -- Datum : 04/27/2014 09:42:05
| ARK || FAK || MBR |

¤¤¤ Škodlivé procesy: : 1 ¤¤¤
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\PhoneBrowser.dll [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\NGSCM.DLL [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr [x] -> ODEBRÁNO
[SUSP PATH][DLL] explorer.exe -- C:\Users\Bara\Desktop\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr [x] -> ODEBRÁNO

¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤

¤¤¤ naplánované úlohy : 0 ¤¤¤

¤¤¤ spuštění položky : 0 ¤¤¤

¤¤¤ Webové prohlížeče : 0 ¤¤¤

¤¤¤ Browser Addons : 0 ¤¤¤

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NAHRÁNO] ¤¤¤
[Address] SSDT[289] : NtSetContextThread @ 0x82EA22CF -> HOOKED (Unknown @ 0x8A54551B)
[Address] SSDT[314] : NtSetSecurityObject @ 0x82DCF027 -> HOOKED (Unknown @ 0x8A545525)

¤¤¤ Externí včelstvo: ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> %SystemRoot%\System32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: (\\.\PHYSICALDRIVE0 @ IDE) FUJITSU MJA2250BH G2 ATA Device +++++
--- User ---
[MBR] 370aebb5e74e3c6865e2b44a9f328855
[BSP] 2e1f9d8a365eba3cf1b114061c7a5742 : Windows Vista MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 120000 MB
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 245762048 | Size: 118473 MB
User = LL1 ... OK!
User = LL2 ... OK!

Dokončeno : << RKreport[0]_S_04272014_094205.txt >>
RKreport[0]_D_04272014_091802.txt;RKreport[0]_H_04272014_091810.txt;RKreport[0]_S_04272014_090258.txt
RKreport[0]_S_04272014_093855.txt

Pokud nemate, zazalohujte si radeji dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 14-04-26.01 - Premek 27.04.2014 9:57.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.420.1029.18.1976.646 [GMT 2:00]
Spuštěný z: c:\users\Premek\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Premek\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
c:\windows\system32\AutoRun.inf
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2014-03-27 do 2014-04-27 )))))))))))))))))))))))))))))))
.
.
2014-04-26 09:35 . 2014-04-26 16:19 107736 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-04-26 09:14 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-04-26 09:13 . 2014-04-26 09:16 -------- d-----w- C:\AdwCleaner
2014-04-26 08:19 . 2014-04-26 08:19 -------- d-----w- c:\users\Premek\AppData\Roaming\hpqLog
2014-04-26 08:14 . 2014-04-26 08:14 -------- d-----w- c:\users\Premek\{5ec20338-9ca7-413e-9e0e-4816cc7b0c1d}
2014-04-26 07:37 . 2014-04-26 07:39 -------- d-----w- c:\program files\trend micro
2014-04-26 07:36 . 2014-04-26 07:39 -------- d-----w- C:\rsit
2014-04-26 07:34 . 2014-04-26 07:35 -------- d-----w- c:\programdata\Oracle
2014-04-26 07:34 . 2014-04-26 07:34 -------- d-----w- c:\program files\Common Files\Java
2014-04-26 07:32 . 2014-04-26 07:31 94632 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2014-04-26 07:30 . 2014-04-26 07:30 -------- d-----w- c:\program files\Java
2014-04-17 11:18 . 2014-04-17 11:18 -------- d-----w- c:\users\Premek\AppData\Local\Skype
2014-04-17 11:17 . 2014-04-17 11:17 -------- d-----w- c:\program files\Common Files\Skype
2014-04-09 09:25 . 2014-04-09 09:25 -------- d-----w- c:\users\Bara\AppData\Roaming\Avira
2014-04-06 06:29 . 2014-04-06 06:29 14232 ------w- c:\windows\system32\Upgrd.exe
2014-04-06 06:28 . 2014-04-06 09:26 69792 ----a-w- c:\windows\system32\NTAgent.exe
2014-04-01 20:30 . 2014-04-01 20:36 -------- d-----w- c:\program files\CheckPoint
2014-04-01 20:30 . 2014-04-01 20:30 -------- d-----w- c:\programdata\CheckPoint
2014-04-01 20:14 . 2014-04-01 20:14 -------- d-----w- c:\users\Premek\AppData\Roaming\Avira
2014-04-01 20:08 . 2014-02-25 09:41 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2014-04-01 20:08 . 2014-02-25 09:41 135648 ----a-w- c:\windows\system32\drivers\avipbb.sys
2014-04-01 20:08 . 2014-02-25 09:41 90400 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2014-04-01 19:57 . 2014-04-17 11:24 -------- d-----w- c:\program files\Avira
2014-04-01 19:57 . 2014-04-01 20:07 -------- d-----w- c:\programdata\Avira
2014-04-01 19:56 . 2014-04-17 11:25 -------- d-----w- c:\programdata\Package Cache
2014-04-01 19:40 . 2014-04-01 19:40 -------- d-----w- c:\users\Premek\AppData\Roaming\Malwarebytes
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-04-27 08:08 . 2009-11-15 23:50 17408 ----a-w- c:\windows\system32\rpcnetp.exe
2014-04-27 08:08 . 2009-11-16 00:12 69792 ----a-w- c:\windows\system32\rpcnet.dll
2014-04-06 06:23 . 2009-11-15 23:52 17408 ----a-w- c:\windows\system32\rpcnetp.dll
2014-04-01 21:11 . 2009-11-16 00:12 69792 ------w- c:\windows\system32\rpcnet.exe
2014-03-18 00:22 . 2014-03-18 00:22 453720 ----a-w- c:\windows\system32\drivers\vsdatant.sys
2014-03-11 17:51 . 2012-07-06 08:36 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-03-11 17:51 . 2012-07-06 08:36 692616 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-03-07 04:35 . 2014-03-25 14:03 7969936 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{ADDF1232-2482-4142-AFEF-CC350B22BD77}\mpengine.dll
2014-02-07 10:38 . 2014-03-11 22:36 2050560 ----a-w- c:\windows\system32\win32k.sys
2014-02-03 10:37 . 2014-03-11 22:35 505344 ----a-w- c:\windows\system32\qedit.dll
2014-01-30 07:46 . 2014-03-11 22:35 876032 ----a-w- c:\windows\system32\wer.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-06-10 150040]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-06-10 170520]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-06-10 145944]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdSync.exe" [2008-01-21 215552]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-07-21 141608]
"TO2SSM_McciTrayApp"="c:\program files\TO2SSM\McciTrayApp.exe" [2008-08-15 1473536]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2014-02-25 689744]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2014-03-18 137352]
"Avira Systray"="c:\program files\Avira\My Avira\Avira.OE.Systray.exe" [2014-04-15 180304]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-11 287800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
"HideSCAHealth"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"TaskbarNoNotification"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Reader Synchronizer.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Reader Synchronizer.lnk
backup=c:\windows\pss\Adobe Reader Synchronizer.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^Users^Premek^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk]
path=c:\users\Premek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
backup=c:\windows\pss\OpenOffice.org 3.3.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
2006-12-05 21:55 54832 ----a-w- c:\program files\CyberLink\PowerDVD\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2006-12-06 17:37 69216 ------w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
2008-01-21 02:33 1008184 ----a-w- c:\program files\Windows Defender\MSASCui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-04-10 07:53 1077576 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.116\Installer\chrmstp.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2014-04-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-06 17:51]
.
2014-04-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1442088012-695715647-31229734-1000Core.job
- c:\users\Bara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-23 19:48]
.
2014-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1442088012-695715647-31229734-1000UA.job
- c:\users\Bara\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-12-23 19:48]
.
2014-04-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1442088012-695715647-31229734-1001Core.job
- c:\users\Premek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-03 15:50]
.
2014-04-27 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1442088012-695715647-31229734-1001UA.job
- c:\users\Premek\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-05-03 15:50]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-19 18:51]
.
2014-04-27 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-11-19 18:51]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.0.0.138
FF - ProfilePath - c:\users\Premek\AppData\Roaming\Mozilla\Firefox\Profiles\80migwzz.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - ExtSQL: !HIDDEN! 2009-11-17 17:27; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{472083B0-C522-11CF-8763-00608CC02F24} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Agere Systems Soft Modem - c:\windows\agrsmdel
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{95808DC4-FA4A-4c74-92FE-5B863F82066B}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(7640)
c:\windows\system32\stobject.dll
c:\users\Bara\Desktop\Nokia PC Suite 7\PhoneBrowser.dll
c:\users\Bara\Desktop\Nokia PC Suite 7\NGSCM.DLL
c:\users\Bara\Desktop\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\users\Bara\Desktop\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Hpservice.exe
c:\windows\system32\WLANExt.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Motive\McciCMService.exe
c:\program files\CyberLink\Shared Files\RichVideo.exe
c:\windows\system32\rpcnet.exe
c:\program files\Avira\My Avira\Avira.OE.ServiceHost.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\VolCtrl.exe
c:\program files\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Celkový čas: 2014-04-27 10:16:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2014-04-27 08:16
.
Před spuštěním: Volných bajtů: 56 181 997 568
Po spuštění: Volných bajtů: 56 512 438 272
.
- - End Of File - - 5FB393C73F3E053D54FD207E774ACEF3
5C616939100B85E558DA92B899A0FC36

Otevrete si poznamkovy blok a zkopirujte do nej tento skript

Kód: Vybrat vše

KillAll::

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WMPNSCFG"=-
"Skype"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LanguageShortcut]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"AntiVirusOverride"=dword:00000000

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]

Reboot::

Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace

Kdyz windows nabehne, ale pri spousteni ruznych programu bude hlasena chyba, staci restartovat pc a bude to v poradku

31.5. pro neaktivitu

http://forum.viry.cz/viewtopic.php?f=12&t=123975

VIRY.CZ

prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu

Re: prosím o kontrolu