VIRY.CZ

Fajn, zkusime se toho tedy zbavit

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

• Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane

  Rkill EXE:
  http://download.bleepingcomputer.com/grinler/rkill.exe
  
  Rkill iExplore.exe:
  http://download.bleepingcomputer.com/gr ... xplore.exe
  
  Rkill uSeRiNiT.exe:
  http://download.bleepingcomputer.com/gr ... eRiNiT.exe
  
  Rkill WiNlOgOn.exe:
  http://download.bleepingcomputer.com/gr ... NlOgOn.exe

• Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
• Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
• RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
• Na plose vznikne log Rkill.txt ten mi sem vlozte
• Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Zde je log Rkill

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 12/26/2012 09:23:19 PM in x86 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
* HKLM\Software\Classes\.exe\shell found and deleted!


Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* Služba WMI (Winmgmt) is not Running.
Startup Type set to: Automatic

* Centrum zabezpečení (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Winmgmt => C:\Users\OTAKAR~1\wgsdgsdgdsgsd.dll [Incorrect ServiceDLL]

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 12/26/2012 09:23:33 PM
Execution time: 0 hours(s), 0 minute(s), and 13 seconds(s)

OK, pockam si na ComboFix

Tu je log z ComboFix

ComboFix 12-12-25.02 - Otakar Vavrečka 26.12.2012 22:31:31.1.2 - x86
Spuštěný z: c:\users\Otakar VavreŔka\Desktop\ComboFix.exe
.
ADS - system32: deleted 12 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Otakar Vavrečka\wgsdgsdgdsgsd.dll
c:\windows\PFRO.log
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\ijl11.dll
c:\windows\system32\roboot.exe
c:\windows\system32\vbpng1.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-26 do 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-25 20:12 . 2012-12-25 20:12 -------- d-----w- c:\program files\trend micro
2012-12-23 08:45 . 2012-12-26 18:54 2964 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-22 18:21 . 2012-12-22 19:13 -------- d-----w- C:\TapinRadio - Radio 7
2012-12-21 11:55 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:55 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 10:15 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9472336C-30BC-481A-8F7F-AEBAB59E828E}\mpengine.dll
2012-12-05 11:24 . 2012-12-05 11:24 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\Gmail Notifier Plus
2012-12-04 21:48 . 2012-11-02 14:57 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-12-04 21:48 . 2012-11-02 14:57 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-12-04 21:47 . 2012-12-04 21:47 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\TuneUp Software
2012-12-04 21:47 . 2012-12-04 21:47 -------- d-----w- c:\programdata\TuneUp Software
2012-12-04 21:47 . 2012-12-04 21:54 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-04 21:47 . 2012-12-04 21:47 -------- d--h--w- c:\programdata\Common Files
2012-12-03 11:15 . 2012-12-03 11:15 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\Nitro
2012-12-03 11:15 . 2012-12-03 11:15 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\FileOpen
2012-12-03 11:15 . 2012-12-03 11:15 -------- d-----w- c:\programdata\FileOpen
2012-12-03 11:14 . 2012-12-03 11:14 -------- d-----w- c:\programdata\Nitro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 14:31 . 2012-04-03 09:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:31 . 2011-05-18 10:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2011-02-25 16:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-02-22 14:56 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-02-22 14:56 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-02-22 14:56 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-08-27 18:14 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-02-22 14:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-02-22 14:55 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-02-22 14:55 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-02-26 09:53 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-12-05 16:17 . 2012-12-05 16:17 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2011-05-25 188960]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"hppwrsav"="c:\scanjet\PrecisionScanLT\hppwrsav.exe" [1999-06-07 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
.
c:\users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
runctf.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Update Scheduler for Proteus Professional 7.lnk - c:\program files\Labcenter Electronics\Proteus 7 Professional\BIN\UDSCHED.EXE [2011-6-28 65564]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1300WStatusDisplay]
2004-11-25 21:39 151552 ----a-w- c:\windows\System32\MSTMON_N.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak]
2011-05-25 08:00 491040 ----a-w- c:\program files\Seznam.cz\postak.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-06-03 20:13 880528 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [x]
R2 PPSCAN;PPSCAN; [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 14:31]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 14:56]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 14:56]
.
2012-12-22 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 22:30]
.
2011-12-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 22:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Otakar Vavrečka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Otakar Vavrečka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
FF - ProfilePath - c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2012-12-06 21:39; torntv@torntv.com; c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\extensions\torntv@torntv.com.xpi
FF - ExtSQL: !HIDDEN! 2012-12-04 22:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file)
URLSearchHooks-{37483b40-c254-4a72-bda4-22ee90182c1e} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
WebBrowser-{37483B40-C254-4A72-BDA4-22EE90182C1E} - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2012-12-26 22:45:11 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-26 21:45
.
Před spuštěním: Volných bajtů: 76 279 787 520
Po spuštění: Volných bajtů: 76 290 531 328
.
- - End Of File - - 4E9819FA373BF9BA3DE89B92F9C5BE04

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte

AdwCleaner mi neco blokuje a nelze spustit. Nepodarilo se mi vypnout Avast, nevím jak jej mám vzpnout.

Klik na tu kouli Avastu pravym, ovladani stitu, pozastavit do restartu

Pri pokusu jak spuštení ADWcleaner nebo nečeho jiného mi to vyhodí tabulku s nápisem Pokus použít neplatnou operaci na klíč registru který je označen pro odstranení.

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Nakonec se podarilo

# AdwCleaner v2.102 - Logfile created 12/26/2012 at 23:25:59
# Updated 23/12/2012 by Xplode
# Operating system : Windows 7 Home Premium Service Pack 1 (32 bits)
# User : Otakar Vavrečka - PC-OTAKAR
# Boot Mode : Normal
# Running from : C:\Users\Otakar Vavrečka\Desktop\adwcleaner.exe
# Option [Search]


***** [Services] *****


***** [Files / Folders] *****

File Found : C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\searchplugins\icqplugin.xml

***** [Registry] *****


***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v17.0.1 (cs)

File : C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\prefs.js

[OK] File is clean.

-\\ Google Chrome v23.0.1271.97

File : C:\Users\Otakar Vavrečka\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [56812 octets] - [24/12/2012 10:52:22]
AdwCleaner[R2].txt - [1098 octets] - [24/12/2012 10:58:11]
AdwCleaner[R3].txt - [1094 octets] - [26/12/2012 23:25:59]
AdwCleaner[S1].txt - [58070 octets] - [24/12/2012 10:54:07]
AdwCleaner[S2].txt - [1159 octets] - [24/12/2012 10:58:47]

########## EOF - C:\AdwCleaner[R3].txt - [1275 octets] ##########

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  c:\programdata\dsgsdgdsgdsgw.js
  c:\users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
  
  Registry::
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
  
  File::
  c:\windows\Tasks\Adobe Flash Player Updater.job
  c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
  c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
  c:\windows\Tasks\ParetoLogic Registration3.job
  c:\windows\Tasks\ParetoLogic Update Version3.job
  C:\Users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\searchplugins\icqplugin.xml
  
  Firefox::
  FF - ProfilePath - c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\
  FF - prefs.js: browser.search.selectedEngine - ICQ Search
  FF - prefs.js: network.proxy.type - 1
  FF - ExtSQL: 2012-12-06 21:39; torntv@torntv.com; c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\extensions\torntv@torntv.com.xpi
  FF - ExtSQL: !HIDDEN! 2012-12-04 22:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
  
  RegLock::
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
  [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Doufám že je to ten správný log,neboť jsem si jej neuložil a musel jsem PC restartovat neboť mi nechtěl naběhnout Windows.
Pokuď není,tak to spustím ještě jednou. Marné, už jsem z toho celkem pěkně vyšťavený ale vypadá to už slibně .

ComboFix 12-12-25.02 - Otakar Vavrečka 26.12.2012 23:49:20.2.2 - x86
Spuštěný z: c:\users\Otakar VavreŔka\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Otakar VavreŔka\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\erdnt\cache\atapi.sys
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-26 do 2012-12-26 )))))))))))))))))))))))))))))))
.
.
2012-12-26 22:57 . 2012-12-26 22:57 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-26 21:39 . 2012-12-26 22:59 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Local\temp
2012-12-25 20:12 . 2012-12-25 20:12 -------- d-----w- c:\program files\trend micro
2012-12-23 08:45 . 2012-12-26 18:54 2964 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-22 18:21 . 2012-12-22 19:13 -------- d-----w- C:\TapinRadio - Radio 7
2012-12-21 11:55 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 11:55 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 10:15 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{9472336C-30BC-481A-8F7F-AEBAB59E828E}\mpengine.dll
2012-12-05 11:24 . 2012-12-05 11:24 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\Gmail Notifier Plus
2012-12-04 21:48 . 2012-11-02 14:57 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-12-04 21:48 . 2012-11-02 14:57 21344 ----a-w- c:\windows\system32\authuitu.dll
2012-12-04 21:47 . 2012-12-04 21:47 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\TuneUp Software
2012-12-04 21:47 . 2012-12-04 21:47 -------- d-----w- c:\programdata\TuneUp Software
2012-12-04 21:47 . 2012-12-04 21:54 -------- d-sh--w- c:\programdata\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
2012-12-04 21:47 . 2012-12-04 21:47 -------- d--h--w- c:\programdata\Common Files
2012-12-03 11:15 . 2012-12-03 11:15 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\Nitro
2012-12-03 11:15 . 2012-12-03 11:15 -------- d-----w- c:\users\Otakar Vavrečka\AppData\Roaming\FileOpen
2012-12-03 11:15 . 2012-12-03 11:15 -------- d-----w- c:\programdata\FileOpen
2012-12-03 11:14 . 2012-12-03 11:14 -------- d-----w- c:\programdata\Nitro
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 14:31 . 2012-04-03 09:08 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:31 . 2011-05-18 10:42 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-30 22:51 . 2011-02-25 16:08 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-02-22 14:56 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-02-22 14:56 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-02-22 14:56 58680 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2012-08-27 18:14 20624 ----a-w- c:\windows\system32\drivers\aswKbd.sys
2012-10-30 22:51 . 2011-02-22 14:56 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-02-22 14:55 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-02-22 14:55 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-02-26 09:53 44784 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-12-05 16:17 . 2012-12-05 16:17 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2011-05-25 188960]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"Seznam Postak"="c:\program files\Seznam.cz\bin\postak.exe" [2012-01-10 491040]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
"hppwrsav"="c:\scanjet\PrecisionScanLT\hppwrsav.exe" [1999-06-07 23552]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
.
c:\users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
runctf.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Update Scheduler for Proteus Professional 7.lnk - c:\program files\Labcenter Electronics\Proteus 7 Professional\BIN\UDSCHED.EXE [2011-6-28 65564]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KONICA MINOLTA PagePro 1300WStatusDisplay]
2004-11-25 21:39 151552 ----a-w- c:\windows\System32\MSTMON_N.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Seznam Postak]
2011-05-25 08:00 491040 ----a-w- c:\program files\Seznam.cz\postak.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Sidebar]
2010-11-20 12:17 1174016 ----a-w- c:\program files\Windows Sidebar\sidebar.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2012-06-03 20:13 880528 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"Google Update"="c:\users\Otakar Vavrečka\AppData\Local\Google\Update\GoogleUpdate.exe" /c
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 MLPTDR_N;MLPTDR_N;c:\windows\system32\MLPTDR_N.SYS [x]
R2 PPSCAN;PPSCAN; [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SWDUMon;SWDUMon;c:\windows\system32\DRIVERS\SWDUMon.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 14:31]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 14:56]
.
2012-12-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-02-22 14:56]
.
2012-12-22 c:\windows\Tasks\ParetoLogic Registration3.job
- c:\program files\Common Files\ParetoLogic\UUS3\UUS3.dll [2010-04-06 22:30]
.
2011-12-13 c:\windows\Tasks\ParetoLogic Update Version3.job
- c:\program files\Common Files\ParetoLogic\UUS3\Pareto_Update3.exe [2010-04-06 22:30]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: Free YouTube Download - c:\users\Otakar Vavrečka\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Otakar Vavrečka\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7644E42D-B096-457F-8B5B-901238FC81AE} - c:\program files\ICQ7.6\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - prefs.js: network.proxy.type - 1
FF - ExtSQL: 2012-12-06 21:39; torntv@torntv.com; c:\users\Otakar Vavrečka\AppData\Roaming\Mozilla\Firefox\Profiles\fslv0uhv.default\extensions\torntv@torntv.com.xpi
FF - ExtSQL: !HIDDEN! 2012-12-04 22:46; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\program files\Common Files\DVDVideoSoft\plugins\ff
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\windows\system32\taskhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Celkový čas: 2012-12-27 00:02:28 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-26 23:02
ComboFix2.txt 2012-12-26 21:45
.
Před spuštěním: Volných bajtů: 76 696 403 968
Po spuštění: Volných bajtů: 76 641 030 144
.
- - End Of File - - CA6E6C59E3BFB4C9EEBCB8E570B1D47A

Stahnete OTL http://oldtimer.geekstogo.com/OTL.exe a ulozte jej na plochu

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :reg
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt]
  "DisplayName"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205"
  "ImagePath"=hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,\
    74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00
  "Description"="@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204"
  "ObjectName"="localSystem"
  "ErrorControl"=dword:00000000
  "Start"=dword:00000002
  "Type"=dword:00000020
  "DependOnService"=hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00
  "ServiceSidType"=dword:00000001
  "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
    00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters]
  "ServiceDllUnloadOnStop"=dword:00000001
  "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,\
    00,6c,00,6c,00,00,00
  "ServiceMain"="ServiceMain"
  
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc]
  "DisplayName"="@%SystemRoot%\\System32\\wscsvc.dll,-200"
  "ErrorControl"=dword:00000001
  "ImagePath"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,\
    74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,\
    00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,\
    6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,\
    00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,\
    72,00,69,00,63,00,74,00,65,00,64,00,00,00
  "Start"=dword:00000002
  "Type"=dword:00000020
  "Description"="@%SystemRoot%\\System32\\wscsvc.dll,-201"
  "DependOnService"=hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,\
    4d,00,67,00,6d,00,74,00,00,00,00,00
  "ObjectName"="NT AUTHORITY\\LocalService"
  "ServiceSidType"=dword:00000001
  "RequiredPrivileges"=hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,\
    00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,\
    67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,\
    00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,\
    00,00,00,00
  "DelayedAutoStart"=dword:00000001
  "FailureActions"=hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,\
    00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters]
  "ServiceDllUnloadOnStop"=dword:00000001
  "ServiceDll"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,\
    00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,\
    77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00
  [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security]
  "Security"=hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,\
    00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,\
    00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,\
    05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,\
    20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,\
    00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,\
    00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,\
    00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,\
    7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,\
    00,00,00
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
  
  :files
  C:\Users\OTAKAR~1\wgsdgsdgdsgsd.dll
  c:\programdata\dsgsdgdsgdsgw.js
  c:\users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk 
  c:\windows\Tasks\*.job
  %windir%\system32\*.tmp.dll /s
  %windir%\system32\SET*.tmp /s
  %windir%\*.tmp
  
  :commands
  [RESETHOSTS]
  [EMPTYTEMP]
  [EMPTYFLASH]
  [EMPTYJAVA]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

Zde je log

All processes killed
========== REGISTRY ==========
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"DisplayName"|"@%Systemroot%\\system32\\wbem\\wmisvc.dll,-205" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ImagePath"|hex(2):25,00,73,00,79,00,73,00,74,00,65,00,6d,00,72,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,6e,00,65,00,74,00,73,00,76,00,63,00,73,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"Description"|"@%Systemroot%\\system32\\wbem\\wmisvc.dll,-204" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ObjectName"|"localSystem" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ErrorControl"|dword:00000000 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"DependOnService"|hex(7):52,00,50,00,43,00,53,00,53,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,62,00,65,00,6d,00,5c,00,57,00,4d,00,49,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\Winmgmt\Parameters\\"ServiceMain"|"ServiceMain" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DisplayName"|"@%SystemRoot%\\System32\\wscsvc.dll,-200" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ErrorControl"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ImagePath"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,76,00,63,00,68,00,6f,00,73,00,74,00,2e,00,65,00,78,00,65,00,20,00,2d,00,6b,00,20,00,4c,00,6f,00,63,00,61,00,6c,00,53,00,65,00,72,00,76,00,69,00,63,00,65,00,4e,00,65,00,74,00,77,00,6f,00,72,00,6b,00,52,00,65,00,73,00,74,00,72,00,69,00,63,00,74,00,65,00,64,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Start"|dword:00000002 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Type"|dword:00000020 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"Description"|"@%SystemRoot%\\System32\\wscsvc.dll,-201" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DependOnService"|hex(7):52,00,70,00,63,00,53,00,73,00,00,00,57,00,69,00,6e,00,4d,00,67,00,6d,00,74,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ObjectName"|"NT AUTHORITY\\LocalService" /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"ServiceSidType"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"RequiredPrivileges"|hex(7):53,00,65,00,43,00,68,00,61,00,6e,00,67,00,65,00,4e,00,6f,00,74,00,69,00,66,00,79,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,53,00,65,00,49,00,6d,00,70,00,65,00,72,00,73,00,6f,00,6e,00,61,00,74,00,65,00,50,00,72,00,69,00,76,00,69,00,6c,00,65,00,67,00,65,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"DelayedAutoStart"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\\"FailureActions"|hex:80,51,01,00,00,00,00,00,00,00,00,00,03,00,00,00,14,00,00,00,01,00,00,00,c0,d4,01,00,01,00,00,00,e0,93,04,00,00,00,00,00,00,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters\\"ServiceDllUnloadOnStop"|dword:00000001 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Parameters\\"ServiceDll"|hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,77,00,73,00,63,00,73,00,76,00,63,00,2e,00,64,00,6c,00,6c,00,00,00 /E : value set successfully!
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\wscsvc\Security\\"Security"|hex:01,00,14,80,c8,00,00,00,d4,00,00,00,14,00,00,00,30,00,00,00,02,00,1c,00,01,00,00,00,02,80,14,00,ff,01,0f,00,01,01,00,00,00,00,00,01,00,00,00,00,02,00,98,00,06,00,00,00,00,00,14,00,fd,01,02,00,01,01,00,00,00,00,00,05,12,00,00,00,00,00,18,00,ff,01,0f,00,01,02,00,00,00,00,00,05,20,00,00,00,20,02,00,00,00,00,14,00,9d,01,02,00,01,01,00,00,00,00,00,05,04,00,00,00,00,00,14,00,8d,01,02,00,01,01,00,00,00,00,00,05,06,00,00,00,00,00,14,00,00,01,00,00,01,01,00,00,00,00,00,05,0b,00,00,00,00,00,28,00,15,00,00,00,01,06,00,00,00,00,00,05,50,00,00,00,49,59,9d,77,91,56,e5,55,dc,f4,e2,0e,a7,8b,eb,ca,7b,42,13,56,01,01,00,00,00,00,00,05,12,00,00,00,01,01,00,00,00,00,00,05,12,00,00,00 /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent\ deleted successfully.
========== FILES ==========
File\Folder C:\Users\OTAKAR~1\wgsdgsdgdsgsd.dll not found.
c:\programdata\dsgsdgdsgdsgw.js moved successfully.
c:\users\Otakar Vavrečka\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully.
c:\windows\Tasks\Adobe Flash Player Updater.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job moved successfully.
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job moved successfully.
c:\windows\Tasks\ParetoLogic Registration3.job moved successfully.
c:\windows\Tasks\ParetoLogic Update Version3.job moved successfully.
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
========== COMMANDS ==========
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Otakar Vavrečka
->Temp folder emptied: 3889664 bytes
->Temporary Internet Files folder emptied: 5591045 bytes
->Java cache emptied: 1802894 bytes
->FireFox cache emptied: 67811451 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 13324 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 3512 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 75,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Otakar Vavrečka
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYJAVA]

User: All Users

User: Default

User: Default User

User: Otakar Vavrečka
->Java cache emptied: 0 bytes

User: Public

Total Java Files Cleaned = 0,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 12272012_003412

Files\Folders moved on Reboot...
C:\Users\Otakar Vavrečka\AppData\Local\Temp\radC543F.tmp\bin\x86\sharpwrapi_Win32.dll moved successfully.
C:\Users\Otakar Vavrečka\AppData\Local\Temp\radAE6E6.tmp\bin\Gadget.Interop.dll moved successfully.
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner

• Ulozte nejlepe na plochu
• Ukoncete vsechny programy
• Kliknete na Search
• Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte