VIRY.CZ

All processes killed
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes

User: Public

User: Vali
->Temp folder emptied: 0 bytes
->Java cache emptied: 1991595 bytes
->FireFox cache emptied: 64089419 bytes
->Opera cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 10546527 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 538790994 bytes

Total Files Cleaned = 587,00 mb


[EMPTYFLASH]

User: All Users

User: Default

User: Default User

User: Public

User: Vali

Total Flash Files Cleaned = 0,00 mb

Restore point Set: OTL Restore Point
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.
Error: Unble to create default HOSTS file!
========== SERVICES/DRIVERS ==========
Service MpKslbac8af72 stopped successfully!
Service MpKslbac8af72 deleted successfully!
Service BingDesktopUpdate stopped successfully!
Service BingDesktopUpdate deleted successfully!
Service Skype C2C Service stopped successfully!
Service Skype C2C Service deleted successfully!
Service NAUpdate stopped successfully!
Service NAUpdate deleted successfully!
Service SkypeUpdate stopped successfully!
Service SkypeUpdate deleted successfully!
Service Adobe LM Service stopped successfully!
Service Adobe LM Service deleted successfully!
Service AdobeFlashPlayerUpdateSvc stopped successfully!
Service AdobeFlashPlayerUpdateSvc deleted successfully!
Service gusvc stopped successfully!
Service gusvc deleted successfully!
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Adobe Flash Player Updater.job moved successfully.
C:\Windows\tasks\AutoKMS.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1662283064-2572083958-921213609-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1662283064-2572083958-921213609-1000UA.job moved successfully.
C:\Windows\AutoKMS folder moved successfully.
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKU\S-1-5-21-1662283064-2572083958-921213609-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1662283064-2572083958-921213609-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-1662283064-2572083958-921213609-1000\Software\Microsoft\Internet Explorer\SearchScopes\{E8277F30-5B78-499B-9AA0-BC8DC496CC23}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E8277F30-5B78-499B-9AA0-BC8DC496CC23}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}\ not found.
C:\Users\Vali\Desktop\~WRL1946.tmp deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP2BA5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP322C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP429C.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP51D7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP5E64.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP6509.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP72DF.tmp\Microsoft.Ink.dll deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP72DF.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP7E91.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP8545.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAP9F8F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA4C8.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPA7C8.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPBDA5.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPC89F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPD90F.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPE419.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPED62.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPEFAE.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF2C7.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF410.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPF85E.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFC29.tmp folder deleted successfully.
C:\Windows\assembly\NativeImages_v2.0.50727_32\Temp\ZAPFEFA.tmp folder deleted successfully.
ADS C:\Windows\Cursors\arrow_n.cur:NEDTA.DAT deleted successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\BingDesktop deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\AlcoholAutomount deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Nektra OEAPI deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\OEXPRESS deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BingDesktop\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBAgent\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaSuite.exe\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl10\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ROC_roc_ssl_v12\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched\ deleted successfully.

OTL by OldTimer - Version 3.2.69.0 log created on 01032013_122204

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\hlktmp scheduled to be moved on reboot.
File\Folder C:\Windows\temp\TMP000000BB672E1A856C5573A8 not found!
File\Folder C:\Windows\temp\TMP000000C2053B27BBA6EB9C1F not found!
File move failed. C:\Windows\System32\drivers\etc\Hosts scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Vali [Admin rights]
Mode : Scan -- Date : 01/03/2013 14:19:03

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\LOST_screensaver.scr) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8306A06D -> HOOKED (Unknown @ 0x8C92AE4E)
SSDT[299] : NtRequestWaitReplyPort @ 0x83084A63 -> HOOKED (Unknown @ 0x8C92AE58)
SSDT[316] : NtSetContextThread @ 0x83124745 -> HOOKED (Unknown @ 0x8C92AE53)
SSDT[347] : NtSetSecurityObject @ 0x83048742 -> HOOKED (Unknown @ 0x8C92AE5D)
SSDT[368] : NtSystemDebugControl @ 0x830CC6BC -> HOOKED (Unknown @ 0x8C92AE62)
SSDT[370] : NtTerminateProcess @ 0x830A1BFB -> HOOKED (Unknown @ 0x8C92ADEF)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8C92AE76)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8C92AE7B)
_INLINE_ : NtCreateKey -> HOOKED (\SystemRoot\system32\DRIVERS\aksfridge.sys @ 0x9CA6EE59)
_INLINE_ : NtOpenKey -> HOOKED (\SystemRoot\system32\DRIVERS\aksfridge.sys @ 0x9CA6E718)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8032GAX ATA Device +++++
--- User ---
[MBR] 49abc2242c675c883ca3a06f6982cd42
[BSP] 836b9131ed7776ca2731c4ebebe80d1c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233856 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 10438656 | Size: 71221 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Samsung G2 Portable USB Device +++++
--- User ---
[MBR] b1f9aa08fe39cfb6e96edb146ab397f1
[BSP] e70cf01ea71e5ea74f4a5e3a40476b0a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[1]_S_01032013_02d1419.txt >>
RKreport[1]_S_01032013_02d1419.txt

Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrel/a, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Vali [Admin rights]
Mode : Remove -- Date : 01/03/2013 14:32:22

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 7 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> NOT REMOVED, USE PROXYFIX
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ SMENU] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[SCREENSV][SUSP PATH] HKCU\[...]\Desktop (C:\Windows\LOST_screensaver.scr) -> REPLACED (C:\Windows\system32\logon.scr)

¤¤¤ Particular Files / Folders: ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤
SSDT[84] : NtCreateSection @ 0x8306A06D -> HOOKED (Unknown @ 0x8C92AE4E)
SSDT[299] : NtRequestWaitReplyPort @ 0x83084A63 -> HOOKED (Unknown @ 0x8C92AE58)
SSDT[316] : NtSetContextThread @ 0x83124745 -> HOOKED (Unknown @ 0x8C92AE53)
SSDT[347] : NtSetSecurityObject @ 0x83048742 -> HOOKED (Unknown @ 0x8C92AE5D)
SSDT[368] : NtSystemDebugControl @ 0x830CC6BC -> HOOKED (Unknown @ 0x8C92AE62)
SSDT[370] : NtTerminateProcess @ 0x830A1BFB -> HOOKED (Unknown @ 0x8C92ADEF)
S_SSDT[585] : NtUserSetWindowsHookEx -> HOOKED (Unknown @ 0x8C92AE76)
S_SSDT[588] : NtUserSetWinEventHook -> HOOKED (Unknown @ 0x8C92AE7B)
_INLINE_ : NtCreateKey -> HOOKED (\SystemRoot\system32\DRIVERS\aksfridge.sys @ 0x9CA6EE59)
_INLINE_ : NtOpenKey -> HOOKED (\SystemRoot\system32\DRIVERS\aksfridge.sys @ 0x9CA6E718)

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
[...]


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: TOSHIBA MK8032GAX ATA Device +++++
--- User ---
[MBR] 49abc2242c675c883ca3a06f6982cd42
[BSP] 836b9131ed7776ca2731c4ebebe80d1c : Windows 7/8 MBR Code
Partition table:
0 - [XXXXXX] COMPAQ (0x12) [VISIBLE] Offset (sectors): 63 | Size: 4996 Mo
1 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 10233856 | Size: 100 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 10438656 | Size: 71221 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: Samsung G2 Portable USB Device +++++
--- User ---
[MBR] b1f9aa08fe39cfb6e96edb146ab397f1
[BSP] e70cf01ea71e5ea74f4a5e3a40476b0a : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 64 | Size: 476937 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Finished : << RKreport[2]_D_01032013_02d1432.txt >>
RKreport[1]_S_01032013_02d1419.txt ; RKreport[2]_D_01032013_02d1432.txt

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Vali [Admin rights]
Mode : HOSTSFix -- Date : 01/03/2013 14:35:14

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 0 ¤¤¤

¤¤¤ Driver : [LOADED] ¤¤¤

¤¤¤ HOSTS File: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 serial.alcohol-soft.com
127.0.0.1 www.alcohol-soft.com
127.0.0.1 images.alcohol-soft.com
127.0.0.1 trial.alcohol-soft.com
127.0.0.1 alcohol-soft.com
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
[...]


¤¤¤ Reset HOSTS: ¤¤¤
127.0.0.1 localhost

Finished : << RKreport[4]_H_01032013_02d1435.txt >>
RKreport[1]_S_01032013_02d1419.txt ; RKreport[2]_D_01032013_02d1432.txt ; RKreport[3]_H_01032013_02d1434.txt ; RKreport[4]_H_01032013_02d1435.txt

Jeste jednou spustte RogueKiller jako spravce.
Kliknete na napis Oprava Proxy a Zprava.
I tento log sem dejte

RogueKiller V8.4.2 [Dec 31 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Feedback : http://www.geekstogo.com/forum/files/fi ... guekiller/
Website : http://tigzy.geekstogo.com/roguekiller.php
Blog : http://tigzyrk.blogspot.com/

Operating System : Windows 7 (6.1.7601 Service Pack 1) 32 bits version
Started in : Normal mode
User : Vali [Admin rights]
Mode : ProxyFix -- Date : 01/03/2013 14:45:58

¤¤¤ Bad processes : 0 ¤¤¤

¤¤¤ Registry Entries : 1 ¤¤¤
[PROXY IE] HKCU\[...]\Internet Settings : ProxyEnable (1) -> REPLACED (0)

¤¤¤ Driver : [LOADED] ¤¤¤

Finished : << RKreport[5]_PR_01032013_02d1445.txt >>
RKreport[1]_S_01032013_02d1419.txt ; RKreport[2]_D_01032013_02d1432.txt ; RKreport[3]_H_01032013_02d1434.txt ; RKreport[4]_H_01032013_02d1435.txt ; RKreport[5]_PR_01032013_02d1445.txt

Pokud nemate, zazalohujte si dulezita data (fotky, dokumenty, atd.)

Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!

Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 13-01-03.02 - Vali 03.01.2013 15:46:45.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.1022.275 [GMT 1:00]
Spuštěný z: c:\users\Vali\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\64dlls.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\intel64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\Kernel32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\localsys64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\oembios.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra73.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\swin32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twex.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twext.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\win32avs.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\wsnpoema.exe
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-03 do 2013-01-03 )))))))))))))))))))))))))))))))
.
.
2012-12-28 09:51 . 2012-12-28 09:51 -------- d-----w- c:\users\Vali\AppData\Roaming\Malwarebytes
2012-12-28 08:27 . 2012-12-28 08:27 -------- d-----w- C:\found.000
2012-12-26 08:08 . 2012-08-23 14:44 14848 ----a-w- c:\windows\system32\drivers\rdpvideominiport.sys
2012-12-26 08:08 . 2012-08-23 14:40 49664 ----a-w- c:\windows\system32\drivers\TsUsbFlt.sys
2012-12-26 08:08 . 2012-08-23 11:15 269312 ----a-w- c:\windows\system32\aaclient.dll
2012-12-26 08:06 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-26 08:06 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-21 13:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 06:34 . 2012-03-30 12:41 83560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe ERROR(0x00000005)
2012-12-17 13:47 . 2012-12-17 13:47 -------- d-----w- c:\users\Vali\AppData\Local\Programs
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-13 06:22 . 2012-10-04 14:57 271360 ----a-w- c:\windows\system32\conhost.exe
2012-12-10 10:47 . 2012-12-10 10:47 -------- d-----w- c:\users\Vali\AppData\Roaming\Nokia Suite
2012-12-10 10:38 . 2012-12-10 10:47 -------- d-----w- c:\users\Vali\AppData\Roaming\Nokia
2012-12-10 10:31 . 2012-12-10 10:31 -------- d-----w- c:\users\Vali\AppData\Local\Nokia
2012-12-10 10:31 . 2012-12-10 10:37 -------- d-----w- c:\users\Vali\AppData\Roaming\PC Suite
2012-12-10 10:28 . 2012-12-10 10:28 -------- d-----w- c:\program files\Common Files\Nokia
2012-12-10 10:27 . 2012-06-27 14:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-03 13:21 . 2013-01-01 17:17 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{416B2CA8-84C5-4928-9476-DE4CE0F03B0E}\offreg.dll ERROR(0x00000005)
2012-12-12 14:16 . 2012-03-29 20:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:16 . 2011-12-20 07:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 12:16 . 2012-10-27 15:44 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 12:16 . 2012-10-27 15:44 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-22 02:56 . 2012-12-13 06:22 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-14 01:57 . 2012-12-13 07:32 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:48 . 2012-12-13 07:32 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-13 07:32 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-13 12:16 . 2012-10-27 15:44 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-09 04:42 . 2012-12-13 06:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-08 18:00 . 2013-01-01 14:42 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{416B2CA8-84C5-4928-9476-DE4CE0F03B0E}\mpengine.dll ERROR(0x00000005)
2012-11-08 18:00 . 2012-08-28 14:19 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-10-27 16:54 . 2012-10-27 16:54 32256 ----a-w- c:\windows\system32\maplec.dll
2012-10-27 16:54 . 2012-10-27 16:54 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2012-10-27 16:54 . 2012-10-27 16:54 20480 ----a-w- c:\windows\system32\maplecompat.dll
2012-10-23 19:42 . 2012-10-23 19:42 671744 ----a-w- c:\windows\is-4MEA7.exe
2012-10-16 07:39 . 2012-11-28 06:17 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 11:30 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 11:30 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2010-03-31 08:09 . 2012-11-19 06:04 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2012-11-19 06:04 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll
2012-11-19 06:05 . 2012-11-19 06:04 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2011-03-10 183808]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-30 4186112]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Vali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-28 17:43 754712 ----a-w- c:\program files\Acer\OrbiCam10\OrbiCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2011-02-27 19:40 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMDownloading your update...1300677038363]
2010-05-21 11:12 95592 ----a-w- c:\program files\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Síť)]
2010-01-12 07:01 201216 ------w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX525WD Series]
2010-01-12 07:01 201216 ------w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Island ClockWork]
2011-02-07 10:34 587264 ----a-w- c:\program files\Island ClockWork\clockwork.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
2007-03-26 16:45 389120 ----a-w- c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory3]
2010-08-16 12:31 647168 ------w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
R2 Minitab License Manager;Minitab License Manager;c:\program files\Minitab\License Manager\lmgrd.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb16.sys [x]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/12/19 17:39];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\Bin\BSQLServer.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 HASP Loader;HASP Loader;c:\windows\system32\nhsrvice.exe -service [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 Scia Licence Server;Scia Licence Server;c:\program files\Common Files\SCIA\Protection\lmgrd.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys [x]
S3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Vali\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Vali\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Prevést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.74.236
FF - ProfilePath -
.
.
------- Asociace souborů -------
.
.scr=scr
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1662283064-2572083958-921213609-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4t#Tu>*€"Ö]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1662283064-2572083958-921213609-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4t#Tu>*€"Ö\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\nhsrvice.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\SCIA\Protection\SCIA.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\RunDll32.exe
.
**************************************************************************
.
Celkový čas: 2013-01-03 16:25:15 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-03 15:25
.
Před spuštěním: 4 441 571 328 bytes free
Po spuštění: 4 670 062 592 bytes free
.
- - End Of File - - B64C49FF40DD9224F773908CE67723F5

Otevrete si poznamkovy blok a zkopirujte do nej tento skript Vlevo nahore kliknete na napis Soubor
Kliknete na napis Ulozit jako...
Napiste spravne ten cerveny nazev CFScript a ulozte na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Pretahntete mysi tento vytvoreny textovy dokument nad ikonu ComboFix a pustte.
ComboFix by se mel spustit a vykonat prikazy.
Az skonci (muze dojit k restartu pc), mel by se objevit novy log, ten mi sem zase zkopirujte.

Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
Kdyz windows nabehne, ale pri spousteni programu bude hlasena chyba, staci restartovat pc a bude to v poradku

ComboFix 13-01-03.02 - Vali 04.01.2013 0:12.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1033.18.1022.246 [GMT 1:00]
Spuštěný z: c:\users\Vali\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Vali\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\64dlls.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\intel64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\Kernel32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\localsys64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\ntos.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\oembios.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra64.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\sdra73.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\swin32.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twex.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\twext.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\win32avs.exe
c:\documents and settings\ReleaseEngineer.MACROVISION\Application Data\wsnpoema.exe
c:\windows\NCLAUNCH.EXe
c:\windows\system32\cseDVH.dll
c:\windows\wininit.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-12-04 do 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-03 23:34 . 2013-01-04 07:11 -------- d-----w- c:\users\Vali\AppData\Local\temp
2013-01-03 23:34 . 2013-01-03 23:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-01 17:17 . 2013-01-04 00:38 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{416B2CA8-84C5-4928-9476-DE4CE0F03B0E}\offreg.dll ERROR(0x00000005)
2013-01-01 14:42 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\{416B2CA8-84C5-4928-9476-DE4CE0F03B0E}\mpengine.dll ERROR(0x00000005)
2012-12-28 21:45 . 2012-12-28 21:45 -------- d-----w- c:\program files\HD Tune
2012-12-28 17:13 . 2012-12-28 21:22 -------- d-----w- c:\program files\vanBasco's Karaoke Player
2012-12-28 10:09 . 2012-12-28 10:13 -------- d-----w- c:\program files\CrystalDiskInfo
2012-12-28 09:51 . 2012-12-28 09:51 -------- d-----w- c:\users\Vali\AppData\Roaming\Malwarebytes
2012-12-28 08:27 . 2012-12-28 08:27 -------- d-----w- C:\found.000
2012-12-26 08:07 . 2012-08-23 08:19 4916224 ----a-w- c:\windows\system32\mstscax.dll
2012-12-26 08:06 . 2012-08-24 17:05 136560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2012-12-26 08:06 . 2012-08-24 17:02 369856 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-26 08:06 . 2012-08-24 16:57 247808 ----a-w- c:\windows\system32\schannel.dll
2012-12-26 08:06 . 2012-08-24 16:57 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-12-26 08:06 . 2012-08-24 16:56 1039360 ----a-w- c:\windows\system32\lsasrv.dll
2012-12-21 13:29 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:29 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 06:34 . 2012-03-30 12:41 83560 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\BingDesktop\Updater\BingDesktopRestarter.exe ERROR(0x00000005)
2012-12-17 13:47 . 2012-12-17 13:47 -------- d-----w- c:\users\Vali\AppData\Local\Programs
2012-12-17 13:46 . 2012-12-17 13:46 -------- d-----w- c:\program files\Minitab 15
2012-12-17 12:16 . 2012-12-17 12:16 -------- d-----w- c:\program files\Minitab
2012-12-13 13:30 . 2012-12-13 13:30 5955856 ----a-w- c:\program files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}\components\SkypeFfComponent.dll
2012-12-13 06:22 . 2012-11-22 02:56 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-12-13 06:22 . 2012-10-04 16:43 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-13 06:22 . 2012-10-04 14:57 271360 ----a-w- c:\windows\system32\conhost.exe
2012-12-13 06:22 . 2012-10-04 16:47 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-12-13 06:20 . 2012-11-09 04:42 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-10 10:47 . 2012-12-10 10:47 -------- d-----w- c:\users\Vali\AppData\Roaming\Nokia Suite
2012-12-10 10:38 . 2012-12-10 10:47 -------- d-----w- c:\users\Vali\AppData\Roaming\Nokia
2012-12-10 10:31 . 2012-12-10 10:31 -------- d-----w- c:\users\Vali\AppData\Local\Nokia
2012-12-10 10:31 . 2012-12-10 10:37 -------- d-----w- c:\users\Vali\AppData\Roaming\PC Suite
2012-12-10 10:28 . 2012-12-10 10:28 -------- d-----w- c:\program files\Common Files\Nokia
2012-12-10 10:27 . 2012-12-10 10:27 -------- d-----w- c:\program files\DIFX
2012-12-10 10:27 . 2012-06-27 14:18 19072 ----a-w- c:\windows\system32\drivers\pccsmcfd.sys
2012-12-10 10:27 . 2012-12-10 10:27 -------- d-----w- c:\program files\PC Connectivity Solution
2012-12-10 10:26 . 2012-06-11 13:17 75264 ----a-w- c:\windows\system32\nmwcdcls.dll
2012-12-10 10:24 . 2012-12-10 10:28 -------- d-----w- c:\program files\Nokia
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 14:16 . 2012-03-29 20:29 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 14:16 . 2011-12-20 07:48 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 12:16 . 2012-10-27 15:44 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-11 12:16 . 2012-10-27 15:44 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-11-13 12:16 . 2012-10-27 15:44 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-11-08 18:00 . 2012-08-28 14:19 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2012-10-27 16:54 . 2012-10-27 16:54 32256 ----a-w- c:\windows\system32\maplec.dll
2012-10-27 16:54 . 2012-10-27 16:54 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2012-10-27 16:54 . 2012-10-27 16:54 20480 ----a-w- c:\windows\system32\maplecompat.dll
2012-10-23 19:42 . 2012-10-23 19:42 671744 ----a-w- c:\windows\is-4MEA7.exe
2012-10-16 07:39 . 2012-11-28 06:17 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-16 11:30 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-16 11:30 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2010-03-31 08:09 . 2012-11-19 06:04 10437264 ----a-w- c:\program files\mozilla firefox\plugins\PDFNetC.dll
2010-04-08 10:36 . 2012-11-19 06:04 107760 ----a-w- c:\program files\mozilla firefox\plugins\ScorchPDFWrapper.dll
2010-03-31 08:09 . 2010-03-31 08:09 10437264 ----a-w- c:\program files\opera\program\plugins\PDFNetC.dll
2010-04-08 10:36 . 2010-04-08 10:36 107760 ----a-w- c:\program files\opera\program\plugins\ScorchPDFWrapper.dll
2012-11-19 06:05 . 2012-11-19 06:04 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{1EA00BE1-6E54-4E2A-8099-680300BF23E1}"= "c:\program files\Seznam.cz\toolbar\toolbar.dll" [2011-03-10 183808]
.
[HKEY_CLASSES_ROOT\clsid\{1ea00be1-6e54-4e2a-8099-680300bf23e1}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2006-11-30 4186112]
"LogitechCommunicationsManager"="c:\program files\Common Files\Logitech\LComMgr\Communications_Helper.exe" [2006-10-31 304664]
"LVCOMSX"="c:\program files\Common Files\Logitech\LComMgr\LVComSX.exe" [2006-11-28 244512]
"ioCentre"="c:\genius\ioCentre\gTaskBar.exe" [2009-09-03 61440]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKLM\~\startupfolder\C:^Users^Vali^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Adobe Gamma.lnk]
path=c:\users\Vali\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
backup=c:\windows\pss\Adobe Gamma.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AcerOrbicamRibbon]
2006-11-28 17:43 754712 ----a-w- c:\program files\Acer\OrbiCam10\OrbiCam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-08-27 19:32 59280 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2011-02-27 19:40 941320 ----a-w- c:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DIMDownloading your update...1300677038363]
2010-05-21 11:12 95592 ----a-w- c:\program files\Corel\CorelDRAW Graphics Suite X5\Programs\DIM.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Epson Stylus SX525WD(Síť)]
2010-01-12 07:01 201216 ------w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EPSON SX525WD Series]
2010-01-12 07:01 201216 ------w- c:\windows\System32\spool\drivers\w32x86\3\E_FATIGAE.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Island ClockWork]
2011-02-07 10:34 587264 ----a-w- c:\program files\Island ClockWork\clockwork.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NexusServer]
2007-03-26 16:45 389120 ----a-w- c:\program files\Common Files\Grass Valley\ProCoder 3\Kernel\PNXSERVR.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pdfFactory3]
2010-08-16 12:31 647168 ------w- c:\windows\System32\spool\drivers\w32x86\3\fppdis3a.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\USBToolTip]
2007-02-20 10:07 199752 ----a-w- c:\progra~1\Pinnacle\SHARED~1\Programs\USBTip\USBTip.exe
.
R2 Minitab License Manager;Minitab License Manager;c:\program files\Minitab\License Manager\lmgrd.exe [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 gMouUsb;USB Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb.sys [x]
R3 PROCEXP151;PROCEXP151;c:\windows\system32\Drivers\PROCEXP151.SYS [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VD_FileDisk;VD_FileDisk; [x]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2011/12/19 17:39];c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl [x]
S2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [x]
S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Web Protection;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 BlackfishSQL;BlackfishSQL;c:\program files\Embarcadero\RAD Studio\7.0\Bin\BSQLServer.exe [x]
S2 EPSON_EB_RPCV4_04;EPSON V5 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE [x]
S2 EPSON_PM_RPCV4_04;EPSON V3 Service4(04);c:\program files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [x]
S2 HASP Loader;HASP Loader;c:\windows\system32\nhsrvice.exe -service [x]
S2 hasplms;Sentinel HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 Scia Licence Server;Scia Licence Server;c:\program files\Common Files\SCIA\Protection\lmgrd.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 gHidPnp;USB Device Enhanced Function Driver;c:\windows\system32\Drivers\gHidPnp.Sys [x]
S3 gMouPS2;PS2 Scroll Mouse Device;c:\windows\system32\DRIVERS\gMouPS2.sys [x]
S3 gMouUsb16;USB 16-bit Mouse Device Drv;c:\windows\system32\DRIVERS\gMouUsb16.sys [x]
S3 lv321av;Logitech USB PC Camera (VC0321);c:\windows\system32\DRIVERS\lv321av.sys [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
GPSvcGroup REG_MULTI_SZ GPSvc
.
.
------- Doplňkový sken -------
.
uStart Page = about:blank
mStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\Vali\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Vali\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Prevést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést cíl vazby do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést do Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Připojit cíl vazby k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Připojit k existujícímu PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
IE: {{0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - {0E46D7B6-887D-4F81-B4CA-FCC92AF73610} - c:\program files\Seznam.cz\listicka.dll
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 193.84.206.100 193.84.209.5
FF - ProfilePath -
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-1662283064-2572083958-921213609-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4t#Tu>*€"Ö]
@Class="Shell"
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-1662283064-2572083958-921213609-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*4t#Tu>*€"Ö\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\nhsrvice.exe
c:\program files\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\windows\system32\agrsmsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\hasplms.exe
c:\program files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\windows\system32\conhost.exe
c:\program files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files\Common Files\SCIA\Protection\SCIA.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\conhost.exe
.
**************************************************************************
.
Celkový čas: 2013-01-04 08:17:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-01-04 07:17
ComboFix2.txt 2013-01-03 15:25
.
Před spuštěním: 4 117 663 744 bytes free
Po spuštění: 4 364 763 136 bytes free
.
- - End Of File - - 846FCCB37F4DCA69E4DE0DBE8564A07C

Je tam nejaka chyba v registrech. Predpokladam, ze toto tam schvalne nemate c:\documents and settings\ReleaseEngineer.MACROVISION
Moc info jsem o tom nenasel. A cesky uz vubec ne

Treba tady je neco.
http://translate.google.cz/translate?hl ... CE8Q7gEwAQ

Nevim, jestli to ma cenu nejak resit. Stejne by to chtelo vymenit ten disk



Vsechny tyto programy - vcetne instalace - spoustejte jako spravce (kliknete na ne pravym mysidlem a zvolte - Spustit jako spravce)
Prejmenujte ComboFix na Uninstall a spustte ho. CF by se mel odinstalovat.

vyosek píše: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry mohou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

Stahnete OTC http://oldtimer.geekstogo.com/OTC.exe , ulozte a spustte.
Kliknete na napis CleanUp a pote OK - Po uklidu dojde k restartu pc.

Stahnete TFC http://oldtimer.geekstogo.com/TFC.exe , ulozte a spustte
Kliknete na START a pote OK - Po uklidu dojde k restartu pc.
Po pouziti muzete programek smazat

Stahnete Ccleaner http://www.stahuj.centrum.cz/utility_a_ ... /ccleaner/ a spustte.
Pri instalaci pozor na toolbar (ci jine doplnky), jestli vam nabidne jeho instalaci, tak zruste zatrzitko.
Po spusteni se ocitnete ve funkci Cistic. Vlevo je spousta zatrzitek. Pozor dejte hlavne na kos, pokud nechate zatrzene, vzdy ho vysype.
Dale, podle toho jak je nastaven, smaze vsechna hesla ulozena na netu!!! Takze jestli mate nastavene, at si pocitac hesla pamatuje (coz neni pro bezpecnost dobre), budete je muset pak napsat znova rucne (napr mail, facebook, ruzna fora atd.)
Kliknete na Analyzovat a az dokonci analyzu, kliknete na Spustit Cleaner.
Potom kliknete vlevo na funkci Registry
Kliknete na Hledej problemy, kdyz najde, kliknete na Opravit problemy. Nabidne Vam zalohu, tu udelejte a ulozte ji tak, at ji v pripade potreby najdete.
Funkce Nastroje umoznuje odinstalovani programu. Je dukladnejsi nez samotny windows!

Defragmentujte disk(y)
Stahnete program Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
Pri instalaci opet pozor na toolbar
Po nainstalovani program spustte a kliknete na Analyzovat, po analyze kliknete na Defragmentovat a programek odvede svou praci.




Pak napiste, jak to s pc vypada

Co se týče té chyby v registrech, tak opravdu nevím. Jinak PC se chová tak, že start windows trvá skoro 10 minut - úvodní Welcome obrazovka je tam hroznou dobu. Vše ostatní funguje normálně, takže to dokážu přežít. Myslíte, že je to tím diskem?

Lancre píše:Myslíte, že je to tím diskem?

Myslim ze ano.


Postupujte podle navodu kolegy

vyosek píše: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/

• Ulozte nejlepe na Plochu a rozbalte
• Spustte kliknutim na mbar
• Nyni postupne kliknete na Next a Update
• Po dokonceni update (aktualizace) databaze kliknete opet na Next
• Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
• Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
• Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
• Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
• PC bude restartovan
• Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte