VIRY.CZ

Dobry den, můj antivirus mi stále vyskakuje a hlasi problemy. Chtela jsem se toho zbavit, tak, ze dam hloubkovou kontrolu, ale nic nenajde. Prosim pomuze nekdo?
Dekuji mnohokrate

Zde je vypis z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2013-01-28 20:05:19
Microsoft Windows 7 Home Premium
System drive C: has 47 GB (71%) free of 66 GB
Total RAM: 1024 MB (38% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:05:32, on 28.1.2013
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe
C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Parallels\Parallels Tools\Services\prl_tools.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Parallels\Parallels Tools\prl_cc.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Common Files\Java\Java Update\jucheck.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
\psf\Home\Downloads\RSIT.exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll
O4 - HKLM\..\Run: [Parallels Tools Center] "C:\Program Files\Parallels\Parallels Tools\prl_cc.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Policies\Explorer\Run: [Policies] c:\directory\CyberGate\install\server.exe
O4 - HKLM\..\Policies\Explorer\Run: [61433] C:\PROGRA~2\LOCALS~1\Temp\msrwhww.com
O4 - HKCU\..\Policies\Explorer\Run: [Policies] C:\Users\Administrator\AppData\Roaming\install\server.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Sluzba Parallels Coherence (Parallels Coherence Service) - Parallels Holdings, Ltd. and its affiliates. - C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe
O23 - Service: Služba Parallels Tools (Parallels Tools Service) - Parallels Holdings, Ltd. and its affiliates. - C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe

--
End of file - 6237 bytes

======Scheduled tasks folder======

C:\Windows\tasks\AutoKMS.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-10-25 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-15 192144]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-10-25 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2013-01-15 192144]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Parallels Tools Center"=C:\Program Files\Parallels\Parallels Tools\prl_cc.exe [2011-12-16 252168]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-11-26 5074384]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=c:\directory\CyberGate\install\server.exe [2005-12-02 786492]
"61433"=C:\PROGRA~2\LOCALS~1\Temp\msrwhww.com [2009-07-14 422752]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"Policies"=C:\Users\Administrator\AppData\Roaming\install\server.exe [2005-12-02 786492]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\explorer]
C:\Users\Administrator\AppData\Roaming\explorer\explorer.exe [2012-12-04 843264]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKCU]
C:\Windows\System32\Audiios\sounds.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HKLM]
C:\Windows\System32\Audiios\sounds.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\minex]
C:\Users\Administrator\AppData\Roaming\minex\minex.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinDefender]
C:\Users\Administrator\AppData\Roaming\WinDefender\WinDefender.Exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Explorer]
C:\Users\Administrator\Data\iexplorer.exe [2012-11-20 96256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
""=

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoSimpleNetIDList"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe"="C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\Torrant.exe:*:Enabled:Windows Messanger"
"C:\Users\Administrator\AppData\Roaming\Torrant.exe"="C:\Users\Administrator\AppData\Roaming\Torrant.exe:*:Enabled:Windows Messanger"
"C:\Users\Administrator\Data\umas.exe"="C:\Users\Administrator\Data\umas.exe:*:Enabled:Windows Messanger"
"C:\Users\ADMINI~1\AppData\Local\Temp\VITIMA.exe"="C:\Users\ADMINI~1\AppData\Local\Temp\VITIMA.exe:*:Enabled:Windows Messanger"
"C:\Users\ADMINI~1\AppData\Local\Temp\bs.exe"="C:\Users\ADMINI~1\AppData\Local\Temp\bs.exe:*:Enabled:Windows Messanger"
"C:\Users\Administrator\AppData\Roaming\W7AO30OR9Q.exe"="C:\Users\Administrator\AppData\Roaming\W7AO30OR9Q.exe:*:Enabled:Windows Messanger"
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe"="C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe:*:Enabled:Windows Messanger"
"C:\Users\Administrator\AppData\Roaming\MEU.exe"="C:\Users\Administrator\AppData\Roaming\MEU.exe:*:Enabled:Windows Messanger"
"C:\Windows\Microsoft.NET\Framework\v2.0.50727\applaunch.exe"="C:\Windows\Microsoft.NET\Framework\v2.0.50727\applaunch.exe:*:Enabled:Windows Messanger"
"C:\Users\Administrator\AppData\Roaming\SPREAD1.exe"="C:\Users\Administrator\AppData\Roaming\SPREAD1.exe:*:Enabled:Windows Messanger"
"C:\Users\ADMINI~1\AppData\Local\Temp\170179cf.exe"="C:\Users\ADMINI~1\AppData\Local\Temp\170179cf.exe:*:Enabled:Windows Messanger"
"C:\Users\Administrator\AppData\Roaming\bot.exe"="C:\Users\Administrator\AppData\Roaming\bot.exe:*:Enabled:Windows Messanger"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-28 20:05:19 ----D---- C:\rsit
2013-01-28 20:05:19 ----D---- C:\Program Files\trend micro
2013-01-17 21:21:05 ----A---- C:\Windows\system32\FNTCACHE.DAT
2013-01-17 21:06:29 ----D---- C:\ProgramData\ESET
2013-01-17 21:06:29 ----D---- C:\Program Files\ESET
2013-01-02 22:30:31 ----D---- C:\Windows\system32\Macromed

======List of files/folders modified in the last 1 month======

2013-01-28 20:05:24 ----D---- C:\Windows\Temp
2013-01-28 20:05:19 ----RD---- C:\Program Files
2013-01-28 10:28:34 ----D---- C:\Windows\System32
2013-01-28 10:28:34 ----D---- C:\Windows\inf
2013-01-28 10:28:34 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-28 10:21:49 ----D---- C:\Windows
2013-01-25 13:26:38 ----D---- C:\Windows\system32\config
2013-01-25 13:25:53 ----SHD---- C:\System Volume Information
2013-01-20 14:12:21 ----D---- C:\Windows\system32\catroot2
2013-01-19 10:33:39 ----D---- C:\Windows\system32\LogFiles
2013-01-17 21:21:03 ----SHD---- C:\Users\Administrator\AppData\Roaming\minex
2013-01-17 21:18:49 ----D---- C:\Windows\Logs
2013-01-17 21:15:12 ----RSHD---- C:\Windows\system32\Lumio
2013-01-17 21:13:53 ----D---- C:\Users\Administrator\AppData\Roaming\WinDefender
2013-01-17 21:07:23 ----SHD---- C:\Windows\Installer
2013-01-17 21:07:22 ----SHD---- C:\Config.Msi
2013-01-17 21:06:58 ----D---- C:\Windows\system32\DriverStore
2013-01-17 21:06:58 ----D---- C:\Windows\system32\drivers
2013-01-17 21:06:58 ----D---- C:\Windows\system32\catroot
2013-01-17 21:06:29 ----HD---- C:\ProgramData
2013-01-17 21:01:56 ----HD---- C:\Users\Administrator\AppData\Roaming\C035EFF9
2013-01-17 21:00:08 ----D---- C:\Windows\system32\Tasks
2013-01-17 21:00:08 ----D---- C:\Firefox
2013-01-17 20:56:48 ----RSD---- C:\Windows\assembly
2013-01-17 20:56:47 ----D---- C:\Program Files\OpenOffice.org 3

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 prl_pv32;prl_pv32; C:\Windows\system32\DRIVERS\prl_pv32.sys [2011-12-16 51464]
R0 prl_strg;Parallels paravirt disk filter; C:\Windows\system32\DRIVERS\prl_strg.sys [2011-12-16 32008]
R0 prl_tg;Parallels Tool Device; C:\Windows\system32\DRIVERS\prl_tg.sys [2011-12-16 23432]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 prl_boot;prl_boot; C:\Windows\System32\Drivers\prl_boot.sys [2011-12-16 38024]
R1 prl_fs;Parallels Shared Folders; C:\Windows\system32\DRIVERS\prl_fs.sys [2011-12-16 153864]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 104712]
R2 prl_time;Parallels Time Synchronization Helper; \??\C:\Windows\system32\drivers\prl_time.sys [2011-12-16 15752]
R3 E1G60;Intel(R) PRO/1000 NDIS 6 – ovladač adaptéru; C:\Windows\system32\DRIVERS\E1G60I32.sys [2009-07-13 118784]
R3 prl_dd;Parallels Display Adapter (WDDM); C:\Windows\system32\DRIVERS\prl_kmdd.sys [2011-12-16 141576]
R3 prl_memdev;prl_memdev; C:\Windows\system32\DRIVERS\prl_memdev.sys [2011-12-16 17672]
R3 prl_mouf;Parallels Mouse Synchronization Device; C:\Windows\system32\DRIVERS\prl_mouf.sys [2011-12-16 16776]
R3 prl_sound;Parallels Audio Controller; C:\Windows\system32\DRIVERS\prl_sound.sys [2011-12-16 33544]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304]
R2 Parallels Coherence Service;Sluzba Parallels Coherence; C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe [2011-12-16 30472]
R2 Parallels Tools Service;Služba Parallels Tools; C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe [2011-12-16 222472]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-31 136176]
S3 aspnet_state;Stavová služba ASP.NET; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-31 136176]
S3 gusvc;Google Software Updater; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2012-08-21 194032]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

Tady je vypis z kombofixu.

Jsem uz zoufaly - Mockrat dekuji.


ComboFix 13-02-07.02 - Administrator 10.02.2013 11:10:01.1.1 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1252.1.1029.18.1024.375 [GMT 1:00]
Running from: \\psf\Home\Downloads\ComboFix.exe
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Autorun.inf
C:\directory\CyberGate
C:\directory\CyberGate\install\server.exe
C:\Install.exe
C:\setup.exe
C:\Users\Administrator\AppData\Roaming\Administrator3SQLite3.dll
C:\Users\Administrator\AppData\Roaming\Administratorlog.dat
C:\Users\Administrator\AppData\Roaming\data.dat
C:\Users\Administrator\AppData\Roaming\explorer
C:\Users\Administrator\AppData\Roaming\explorer\explorer.exe
C:\Users\Administrator\AppData\Roaming\explorer\mnIndex.exe
C:\Users\Administrator\AppData\Roaming\lsass.exe
C:\Users\Administrator\AppData\Roaming\windefender
C:\Users\Administrator\Data\iexplorer.exe


((((((((((((((((((((((((( Files Created from 2013-01-10 to 2013-02-10 )))))))))))))))))))))))))))))))


2013-02-10 10:13:12 . 2013-02-10 10:13:12 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-02-10 10:08:55 . 2013-02-10 10:08:55 13824 ---h--r- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\authz.exe
2013-02-04 08:02:14 . 2013-02-10 09:09:25 56200 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CEB8649E-5743-473B-BAC7-215E0C370866}\offreg.dll
2013-01-28 19:05:19 . 2013-01-28 19:05:33 -------- d-----w- C:\rsit
2013-01-28 19:05:19 . 2013-01-28 19:05:32 -------- d-----w- C:\Program Files\trend micro
2013-01-17 20:06:29 . 2013-01-17 20:06:29 -------- d-----w- C:\Program Files\ESET
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\PrlToolsShellExt]
@="{456C7CE2-DAAA-4333-A715-898D4671BBD4}"
[HKEY_CLASSES_ROOT\CLSID\{456C7CE2-DAAA-4333-A715-898D4671BBD4}]
2011-12-16 18:41:28 332552 ----a-w- C:\Program Files\Parallels\Parallels Tools\ShellExtentions\PrlToolsShellExt.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Authorization Framework"="C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\authz.exe" [2013-02-10 10:08:55 13824]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Parallels Tools Center"="C:\Program Files\Parallels\Parallels Tools\prl_cc.exe" [2011-12-16 18:41:32 252168]
"SunJavaUpdateSched"="C:\Program Files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 07:04:54 252848]
"egui"="C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 12:34:02 5074384]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"61433"="C:\PROGRA~2\LOCALS~1\Temp\msrwhww.com" [2009-07-14 01:14:50 422752]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoSimpleNetIDList"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-12-03 07:35:28 946352 ----a-w- C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BCSSync]
2010-03-13 12:54:26 91520 ----a-w- C:\Program Files\Microsoft Office\Office14\BCSSync.exe

S0 prl_pv32;prl_pv32;C:\Windows\system32\DRIVERS\prl_pv32.sys [x]
S0 prl_strg;Parallels paravirt disk filter;C:\Windows\system32\DRIVERS\prl_strg.sys [x]
S0 prl_tg;Parallels Tool Device;C:\Windows\system32\DRIVERS\prl_tg.sys [x]
S1 eamonm;eamonm;C:\Windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;C:\Windows\system32\DRIVERS\ehdrv.sys [x]
S1 prl_boot;prl_boot;C:\Windows\system32\Drivers\prl_boot.sys [x]
S1 prl_fs;Parallels Shared Folders;C:\Windows\system32\DRIVERS\prl_fs.sys [x]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;C:\Windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 Parallels Coherence Service;Sluzba Parallels Coherence;C:\Program Files\Parallels\Parallels Tools\Services\coherence.exe [x]
S2 Parallels Tools Service;Služba Parallels Tools;C:\Program Files\Parallels\Parallels Tools\Services\prl_tools_service.exe [x]
S2 prl_time;Parallels Time Synchronization Helper;C:\Windows\system32\drivers\prl_time.sys [x]
S3 prl_dd;Parallels Display Adapter (WDDM);C:\Windows\system32\DRIVERS\prl_kmdd.sys [x]
S3 prl_memdev;prl_memdev;C:\Windows\system32\DRIVERS\prl_memdev.sys [x]
S3 prl_mouf;Parallels Mouse Synchronization Device;C:\Windows\system32\DRIVERS\prl_mouf.sys [x]
S3 prl_sound;Parallels Audio Controller;C:\Windows\system32\DRIVERS\prl_sound.sys [x]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12

Contents of the 'Scheduled Tasks' folder

2013-02-07 C:\Windows\Tasks\AutoKMS.job
- C:\Windows\AutoKMS.exe [2012-07-16 09:51:14 . 2012-07-16 09:51:14]

2013-02-09 C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-31 13:44:44 . 2012-07-31 13:44:42]

2013-02-10 C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files\Google\Update\GoogleUpdate.exe [2012-07-31 13:44:44 . 2012-07-31 13:44:42]


------- Supplementary Scan -------

IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 10.211.55.1

- - - - ORPHANS REMOVED - - - -

HKLM-Explorer_Run-Policies - c:\directory\CyberGate\install\server.exe
MSConfigStartUp-explorer - C:\Users\Administrator\AppData\Roaming\explorer\explorer.exe
MSConfigStartUp-HKCU - C:\Windows\System32\Audiios\sounds.exe
MSConfigStartUp-HKLM - C:\Windows\System32\Audiios\sounds.exe
MSConfigStartUp-minex - C:\Users\Administrator\AppData\Roaming\minex\minex.exe
MSConfigStartUp-WinDefender - C:\Users\Administrator\AppData\Roaming\WinDefender\WinDefender.Exe
MSConfigStartUp-Windows Explorer - C:\Users\Administrator\Data\iexplorer.exe
HKLM_ActiveSetup-{9A7B9A8D-ABAD-6892-F4C8-BD311CED0D28} - C:\Users\Administrator\AppData\Roaming\W7AO30OR9Q.exe
HKLM_ActiveSetup-{B5DB22EF-AAA7-B6AA-DF3E-FD07EBEFBB92} - C:\Users\Administrator\AppData\Roaming\SPREAD1.exe
HKLM_ActiveSetup-{FD21ADFB-0E6C-BA3C-DA2B-BF9EFFB2E4EA} - C:\Users\Administrator\AppData\Roaming\bot.exe



--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b2,e3,
aa,14,5d,31,05,a7,21,07,f3,04,cc,40,e6

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:f1,ff,31,20,9d,3d,cd,01

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,64,a1,2a,98,23,ce,49,9a,5d,55,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,99,64,a1,2a,98,23,ce,49,9a,5d,55,\

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.HTM"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pdf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRd32.exe"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.XHT"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EXCEL.EXE"

[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xlsm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\EXCEL.EXE"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)

Completion time: 2013-02-10 11:14:44
ComboFix-quarantined-files.txt 2013-02-10 10:14:44

Pre-Run: Volných bajtu: 48 862 105 600
Post-Run: Volných bajtu: 48 731 639 808

- - End Of File - - D60BF01C04C97EB3B354707A89156486

Nyní odinstalujte cracklý Office a pak budeme poračovat. Toto fórum nepodporuje softwarové pirátství.

Mám hotovo.

Mě ten office stejně dělal problémy.

Ještě dočiastíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\authz.exe
C:\PROGRA~2\LOCALS~1\Temp\msrwhww.com

File::
C:\Windows\Tasks\AutoKMS.job
C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

Folder::
C:\Program Files\Microsoft Office\Office14

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Authorization Framework"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"61433"=-

RegLock::
[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Internet Explorer\Approved Extensions]
[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
[HKEY_USERS\S-1-5-21-4272071187-4175879413-639288771-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Ano, děkuji za Vaši odpověď.

po vaší doporučené akci je tento vystup:

Log již vypadá OK. Nastala nějaká změna?

Ne všechno vypada již v normalu.

Mockrát Vám děkuji

Nemáte zač!