PC-HELP.CZ

Zdavím, krátce po zapnutí se Pc velice zpomalí.V nouzovém režimu běží normálně.Využití CPU je 100%.
Může za to nějaká služba 4A31.exe/FileZilla FTP Client. Nevím co s tím posílám log jestli to k něčemu bude.

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:17:15, on 23.11.2012
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v8.00 (8.00.6001.19328)
Boot mode: Safe mode with network support

Running processes:
C:\Windows\Explorer.EXE
D:\Program Files\Mount&Blade Warband\Modules\bin\TSVNCache.exe
C:\Windows\System32\mobsync.exe
C:\Users\Ondra\Downloads\HiJackThis.exe
C:\Windows\system32\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={31545F7D-34CB-49DD-8BB1-C6F7AD4D18EF}&mid=7b770b02efa5efa0371d49b651fadb34-27f3b627538e3f55120eaf3ff81df1037ba30a64&lang=cs&ds=gm011&pr=sa&d=2012-07-21 00:41:33&v=12.1.0.20&sap=hp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com
O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Acer eDataSecurity Management - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Windows\system32\eDStoolbar.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Acer Empowering Technology Monitor] C:\Acer\Empowering Technology\SysMonitor.exe
O4 - HKLM\..\Run: [eDataSecurity Loader] C:\Acer\Empowering Technology\eDataSecurity\eDSloader.exe
O4 - HKLM\..\Run: [WarReg_PopUp] C:\Acer\WR_PopUp\WarReg_PopUp.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Windows\system32\NeroCheck.exe
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [AVG9_TRAY] C:\PROGRA~1\AVG\AVG9\avgtray.exe
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [vProt] "C:\Program Files\AVG Secure Search\vprot.exe"
O4 - HKLM\..\Run: [ROC_ROC_JULY_P1] "C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1
O4 - HKLM\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe
O4 - HKLM\..\RunOnce: [AvgUninstallURL] cmd.exe /c start http://www.avg.cz/cz.special-uninstalla ... QBNAEIAUgA"&"inst=NwA2AC0ANwAxADEAMgA3ADAAMQA3ADMALQBQAEwAKwA5AC0AWABPADMANgArADEALQBOADEARAArADEALQBEADMAOAAxAEwAKwA1AC0AQwBJAFAAKwAyAC0ARABEAFQAKwA1ADYANgA5ADMALQBJADkAMAArADEALQBEAEQAOQAwACsAMQAtAFMAVAA5ADAAQQBQAFAAKwAxAA"&"prod=54"&"ver=9.0.894
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [AdobeBridge] "D:\Program Files\Adobe Bridge CS5\Bridge.exe" -stealth
O4 - HKCU\..\Run: [WINSXS32] C:\Users\Ondra\AppData\Roaming\4A31.exe
O4 - HKCU\..\Run: [Iaicik] C:\Users\Ondra\AppData\Roaming\Iaicik.exe
O4 - HKUS\S-1-5-18\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Acer Tour Reminder] C:\Acer\AcerTour\Reminder.exe (User 'Default user')
O4 - Startup: Cyber-shot Viewer Media Check Tool.lnk = C:\Program Files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe
O4 - Global Startup: Empowering Technology Launcher.lnk = ?
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Ondra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: WikiKomentáře Google... - res://C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
O9 - Extra button: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.5 - {7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - C:\Program Files\ICQ7.5\ICQ.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe (file missing)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{98F178C4-DBEC-4468-A176-2C093E8879F4}: NameServer = 213.250.192.1,213.250.194.1
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O20 - AppInit_DLLs: avgrsstx.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ePerformance Service (AcerMemUsageCheckService) - Unknown owner - C:\Acer\Empowering Technology\ePerformance\MemCheck.exe
O23 - Service: Ati External Event Utility - ATI Technologies Inc. - C:\Windows\system32\Ati2evxx.exe
O23 - Service: AVG WatchDog (avg9wd) - AVG Technologies CZ, s.r.o. - C:\Program Files\AVG\AVG9\avgwdsvc.exe
O23 - Service: AVG9IDSAgent (AVGIDSAgent) - AVG Technologies CZ, s.r.o. - (no file)
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: eDSService.exe (eDataSecurity Service) - HiTRSUT - C:\Acer\Empowering Technology\eDataSecurity\eDSService.exe
O23 - Service: eRecovery Service (eRecoveryService) - Acer Inc. - C:\Acer\Empowering Technology\eRecovery\eRecoveryService.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Macromedia Licensing Service - Unknown owner - C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe

--
End of file - 9496 bytes

Stáhni si Rogue killer a ulož si ho na Plochu.
Spusť ho jak Administrátor. Po načtení se ti objeví okno programu. Zvol Prohledat. Proběhne sken a na Ploše se ti objeví log s názvem: RKreport[1].txt.
Zkopíruj mi ho sem.

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Nouzový režim s prací v síti
Uživatel : Ondra [Práva správce]
Mód : Kontrola -- Datum : 11/23/2012 18:31:48

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 14 ¤¤¤
[RUN][SUSP PATH] HKCU\[...]\Run : WINSXS32 (C:\Users\Ondra\AppData\Roaming\4A31.exe) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Iaicik (C:\Users\Ondra\AppData\Roaming\Iaicik.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2173778668-643321604-1992859200-1000[...]\Run : WINSXS32 (C:\Users\Ondra\AppData\Roaming\4A31.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2173778668-643321604-1992859200-1000[...]\Run : Iaicik (C:\Users\Ondra\AppData\Roaming\Iaicik.exe) -> NALEZENO
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{98F178C4-DBEC-4468-A176-2C093E8879F4} : NameServer (213.250.192.1,213.250.194.1) -> NALEZENO
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{98F178C4-DBEC-4468-A176-2C093E8879F4} : NameServer (213.250.192.1,213.250.194.1) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost
::1 localhost
127.0.0.1 007guard.com 008i.com 008k.com 00hq.com 010402.com 032439.com 0scan.com 1-2005-search.com 1-domains-registrations.com 1000gratisproben.com 1001namen.com 100888290cs.com 100sexlinks.com 10sek.com 123fporn.info
127.0.0.1 123haustiereundmehr.com 123moviedownload.com 123simsen.com 123topsearch.com 125sms.co.uk 125sms.com 132.com 1337-crew.to 1337crew.info 136136.net 150freesms.de 163ns.com 17-plus.com 171203.com 17concepts.info
127.0.0.1 1800searchonline.com 180searchassistant.com 180solutions.com 181.365soft.info 1987324.com 1sexparty.com 1sms.de 1spybot.com 1stantivirus.com 1stpagehere.com 1stsearchportal.com 2-2005-search.com 2.82211.net 2006ooo.com 2007-download.com
127.0.0.1 2008-search-destroy.com 2008-viewer.com 2008firefox.com 2008search-destroy.com 2009--access.com 2009-edition.com 2009-phone.com 2009-version.info 2009antivirpro.com 2009search-destroy.com 2020search.com 20x2p.com 21dice.net 24-7pharmacy.info 24-7searching-and-more.com
127.0.0.1 24.365soft.info 247fxxx.info 24teen.com 2ndpower.com 2search.com 2search.org 2squared.com 3-2005-search.com 31columns.com 321-gratis-sms.com 3322.org 365fporn.info 365sites.info 365soft.info 36site.com
127.0.0.1 3721.com 39-93.com 3bay.it 3x-festival.com 3x-galls.com 3xclipsonline.com 3xcurves.com 3xfestival.com 3xmiracle.com 3xmoviesblog.com 4-2005-search.com 4-open-davinci.com 404dns.com 4199.com 4corn.net
127.0.0.1 4ebay.it 4klm.com 4mpg.com 5-2005-search.com 500sex.info 555royalclub.net 59cn.cn 5starsblog.com 5zgmu7o20kt5d8yq.com 6000vornamen.de 6700.cn 680180.net 69loadz.com 6hporn.info 6sek.com
127.0.0.1 70-music.com 7322.com 745970.com 75tz.com 777gamecard.net 777jackpotgame.net 777playeuro.net 777search.com 777starsgame.net 777top.com 7939.com 8-download.com 80-music.com 80gw6ry3i3x3qbrkwhxhw.032439.com 82211.net
127.0.0.1 8866.org 888-lucky.net 888gamegold.net 888gamevip.net 88sms.ch 88vcd.com 8ad.com 90-music.com 9505.com 971searchbox.com 99downloads.de 9mmporn.com a-d-w-a-r-e.com a.bestmanage.org aaabesthomepage.com
127.0.0.1 aaasexypics.com aaawebfinder.com aantivir.de aaqada-rsztriv.com aaqada-ueorn.com aaqada-ygco.com aaqada-ymct.com aaqadarsztriv.com aaqadaueorn.com aaszxy.ru aav2008.com aavc.com aavira.de abc-find.info abccodec.com
127.0.0.1 abcdperformance.com abcload.de abcsearch.com abcways.com abetterinternet.com abiword-download.com abnetsoft.info abntivir.de about-adult.net aboutclicker.com abrp.net absolutee.com abvira.de ac66.cn access-dvd.com
127.0.0.1 access.navinetwork.com access.rapid-pass.net accessactivexvideo.com accessclips.com accesskeygenerator.com accessthefuture.net accessvid.net ace-webmaster.com acemedic.com acjp.com acrobat-2007.com acrobat-8.com acrobat-center.com acrobat-hq.com acrobat-reader-8.de
127.0.0.1 acrobat-stop.com acrobatreader-8.com actionbreastcancer.org activesearcher.info activesecurityscaner.org activexaccessobject.com activexaccessvideo.com activexemedia.com activexmediaobject.com activexmediapro.com activexmediasite.com activexmediasoftware.com activexmediasource.com activexmediatool.com activexmediatour.com
127.0.0.1 activexsoftwares.com activexsource.com activexupdate.com activexvideo.com activexvideotool.com acvira.de ad-w-a-r-e.com ad-ware.cc ad-warealert.com ad.marketingsector.com ad.mokead.com ad.oinadserver.com ad.outerinfoads.com ad25.com ad45.com
127.0.0.1 ad77.com ad86.com adamsupportgroup.org adarmor.com adasearch.com adatoms.com adaware.cc adawarenow.com adchannel.contextplus.net add-hhh.info add-manager.com addetect.com addictivetechnologies.com addictivetechnologies.net addioerrori.com
127.0.0.1 addresswebsearch.com adgate.info adintelligence.net adioserrores.com adipics.com adlogix.com admin2cash.biz adnet-plus.com adnetserver.com adobe-9.com adobe-download-now.com adobe-downloads.com adobe-reader-8.fr adprotect.com ads.centralmedia.ws
127.0.0.1 ads.k8l.info ads.kmpads.com ads.kw.revenue.net ads.marketingsector.com ads.searchingbooth.com ads.z-quest.com ads1.revenue.net ads183.com adscontex.com adservices1.enhance.com adservs.com adsextend.net adshxxp.com adsniffer.com adsonwww.com
127.0.0.1 adspics.com adsrevenue.net adtrak.net adtrgt.com adult-engine-search.com adult-erotic-guide.net adult-friends-finder.net adult-host.org adult-mpg.net adult-personal.us adult18codec.com adult777search.info adultan.com adultcodec-2008.com adultcodecstars.com
[...]

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++
--- User ---
[MBR] be07f36201506e03336fd4c1efbb0dc3
[BSP] 415b1c5fb7cef1912cc966191c47ae55 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 14329980 | Size: 149299 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 320095125 | Size: 148946 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[1]_S_11232012_02d1831.txt >>
RKreport[1]_S_11232012_02d1831.txt

Spusť znovu RK. Zmáčkni prohledat.
Po skenu ponech zaškrtnuto pouze:

[RUN][SUSP PATH] HKCU\[...]\Run : WINSXS32 (C:\Users\Ondra\AppData\Roaming\4A31.exe) -> NALEZENO
[RUN][SUSP PATH] HKCU\[...]\Run : Iaicik (C:\Users\Ondra\AppData\Roaming\Iaicik.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2173778668-643321604-1992859200-1000[...]\Run : WINSXS32 (C:\Users\Ondra\AppData\Roaming\4A31.exe) -> NALEZENO
[RUN][SUSP PATH] HKUS\S-1-5-21-2173778668-643321604-1992859200-1000[...]\Run : Iaicik (C:\Users\Ondra\AppData\Roaming\Iaicik.exe) -> NALEZENO
[HJPOL] HKCU\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {59031A47-3F72-44A7-89C5-5595FE6B30EE} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\ClassicStartMenu : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK] HKCU\[...]\NewStartPanel : {645FF040-5081-101B-9F08-00AA002F954E} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO

a zmáčkni Smazat. Poté zmáčkni Oprava Hosts. Pak RK vypni a znova ho spusť a vlož mi sem nový log název bude mít stejný, jen číslo v závorce bude jiné

RogueKiller V8.3.1 [Nov 23 2012] by Tigzy
mail : tigzyRK<at>gmail<dot>com
Podpora : http://www.geekstogo.com/forum/files/fi ... guekiller/
Webové stránky : http://tigzy.geekstogo.com/roguekiller.php
: http://tigzyrk.blogspot.com/

Operační systém : Windows Vista (6.0.6002 Service Pack 2) 32 bits version
Spuštěno v : Nouzový režim s prací v síti
Uživatel : Ondra [Práva správce]
Mód : Kontrola -- Datum : 11/23/2012 19:02:03

¤¤¤ Škodlivé procesy: : 0 ¤¤¤

¤¤¤ ¤¤¤ Záznamy Registrů: : 2 ¤¤¤
[DNS] HKLM\[...]\ControlSet001\Services\Interfaces\{98F178C4-DBEC-4468-A176-2C093E8879F4} : NameServer (213.250.192.1,213.250.194.1) -> NALEZENO
[DNS] HKLM\[...]\ControlSet003\Services\Interfaces\{98F178C4-DBEC-4468-A176-2C093E8879F4} : NameServer (213.250.192.1,213.250.194.1) -> NALEZENO

¤¤¤ Zvláštní soubory / Složky: ¤¤¤

¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤

¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\Windows\system32\drivers\etc\hosts

127.0.0.1 localhost

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: ST332082 0AS SCSI Disk Device +++++
--- User ---
[MBR] be07f36201506e03336fd4c1efbb0dc3
[BSP] 415b1c5fb7cef1912cc966191c47ae55 : Acer tatooed MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 63 | Size: 6997 Mo
1 - [ACTIVE] FAT16 (0x06) [VISIBLE] Offset (sectors): 14329980 | Size: 149299 Mo
2 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 320095125 | Size: 148946 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončeno : << RKreport[8]_S_11232012_02d1902.txt >>
RKreport[3]_S_11232012_02d1854.txt ; RKreport[6]_H_11232012_02d1900.txt ; RKreport[7]_S_11232012_02d1901.txt ; RKreport[8]_S_11232012_02d1902.txt

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti: Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko Konec.
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje a poté kliknutím na OK spusť program
- nech vybranou možnost Rychlá kontrola a klikni na tlačítko Prohledat

Bude-li nalezen problém:
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost Uložit protokol a ulož si log na Plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
- výsledný log mi sem zkopíruj
(zatím nic nemaž!).

Nebude-li nalezen problém:
- Klikni na tlačítko "OK" a sděl mi to

Až se to rozhodneš provést, bude tu jaro3, žbeky, memphisto nebo orcus. Já mažu do hajan. Zítra tu asi nebudu.
Pokud ti něco nejde, dej také vědět

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.23.07

Windows Vista Service Pack 2 x86 NTFS (Safe Mode s podporou sítě)
Internet Explorer 8.0.6001.19328
Ondra :: COMP [administrátor]

23.11.2012 22:15:05
mbam-log-2012-11-23 (22-21-03).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 234105
Uplynulý čas: 5 minut, 51 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Žádná instrukce nebyla provedena.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

Jak vidíš, i když se to zdá OK, něco tam zůstalo.

Spusť znovu MbAM a dej Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Konec
***************************************************************************************************************************
Vypni rezidentní štít antiviru.
Stáhni si ComboFix (by sUBs) nebo ComboFix (subs) a ulož si ho na Plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Verze databáze: v2012.11.23.07

Windows Vista Service Pack 2 x86 NTFS (Safe Mode s podporou sítě)
Internet Explorer 8.0.6001.19328
Ondra :: COMP [administrátor]

23.11.2012 22:43:16
mbam-log-2012-11-23 (22-43-16).txt

Typ: Rychlá kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Registr | Systémové soubory | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: P2P
Kontrolované objekty: 234074
Uplynulý čas: 7 minut, 18 sekund

Nalezené procesy v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 1
HKCU\Software\AppDataLow\Software\MyWebSearch (PUP.MyWebsearch) -> Umístnění do karantény a smazání se zdařilo.

Nalezené hodnoty v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené datové položky v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 0
(Žádné škodlivé položky nebyly zjištěny)

(konec)

ComboFix 12-11-23.02 - Ondra 23.11.2012 23:09:44.6.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.1016 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\BasicScan
c:\programdata\01fc7359003e841088c403f3d2eac5d8_c
c:\programdata\page
c:\programdata\page\page.ico
c:\programdata\page\page.URL
c:\users\Ondra\AppData\Roaming\399D.exe
c:\users\Ondra\AppData\Roaming\4A31.exe
c:\users\Ondra\AppData\Roaming\6EB9.exe
c:\users\Ondra\AppData\Roaming\7F5D.exe
c:\users\Ondra\AppData\Roaming\B318.exe
c:\users\Ondra\AppData\Roaming\C1AA.exe
c:\users\Ondra\AppData\Roaming\CCF8.exe
c:\users\Ondra\AppData\Roaming\D2EE.exe
c:\users\Ondra\AppData\Roaming\EF3F.exe
c:\users\Public\sdelevURL.tmp
c:\windows\IsUn0405.exe
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\roboot.exe
c:\windows\system32\system
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-23 do 2012-11-23 )))))))))))))))))))))))))))))))
.
.
2012-11-23 22:27 . 2012-11-23 22:27 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-23 22:27 . 2012-11-23 22:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-23 22:27 . 2012-11-23 22:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-22 16:48 . 2012-11-22 16:48 -------- d-----w- c:\users\Ondra\AppData\Roaming\NVIDIA
2012-11-18 13:43 . 2012-10-02 19:29 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-18 13:41 . 2012-10-10 20:14 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-18 13:39 . 2012-11-18 13:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-16 13:23 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 13:22 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 21:16 . 2012-11-02 22:31 -------- d-----w- c:\program files\CardRecovery
2012-11-02 20:54 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 15:45 . 2012-07-20 22:41 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-10-10 20:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2012-10-10 20:14 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:14 . 2012-10-10 20:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 11:18 . 2012-05-03 16:59 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:18 . 2011-08-03 11:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 19:29 . 2009-06-10 06:34 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2009-06-10 06:34 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2009-06-10 06:34 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2009-06-10 06:34 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2009-06-10 06:34 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-29 18:54 . 2012-08-01 21:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 21:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 21:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 21:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-25 22:48 . 2008-12-16 11:49 137464 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-08-25 22:47 . 2010-03-07 21:04 214520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-08-25 22:47 . 2008-12-16 11:49 214520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-08-25 22:47 . 2008-12-16 11:49 214520 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-10-20 09:03 . 2012-06-05 07:25 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 15:45 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"AdobeBridge"="d:\program files\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-06-16 81920]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894" [?]
.
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-8-24 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-3 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2008-04-01 11:21 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiCalc]
2008-07-16 07:43 3216384 ----a-w- c:\program files\MultiCalc\MultiCalc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2012-03-28 16:01 2774352 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 11:18]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:07]
.
2012-11-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:07]
.
2012-11-23 c:\windows\Tasks\User_Feed_Synchronization-{86AF73E7-A9FD-4A8A-A54F-189925096B5A}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Doplňkový sken -------
.
uStart Page = https://isearch.avg.com/?cid={31545F7D-34CB-49DD-8BB1-C6F7AD4D18EF}&mid=7b770b02efa5efa0371d49b651fadb34-27f3b627538e3f55120eaf3ff81df1037ba30a64&lang=cs&ds=gm011&pr=sa&d=2012-07-21 00:41&v=12.1.0.20&sap=hp
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ondra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{98F178C4-DBEC-4468-A176-2C093E8879F4}: NameServer = 213.250.192.1,213.250.194.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\89dezo23.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - ExtSQL: !HIDDEN! 2010-03-04 06:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{5E5AB302-7F65-44CD-8211-C1D4CAACCEA3} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
HKU-Default-Run-Acer Tour Reminder - c:\acer\AcerTour\Reminder.exe
.
.
.
**************************************************************************
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory:
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2173778668-643321604-1992859200-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:46,4f,b3,d2,d0,bd,89,25,c7,a4,c8,93,c3,6c,af,da,a0,b5,f7,86,5a,38,9a,
34,b3,71,8b,63,ac,c5,72,dd,87,8b,de,09,ef,b3,13,93,85,19,f8,22,00,5d,40,0a,\
"??"=hex:f7,d3,33,2b,2d,d5,7f,8e,71,09,2c,ed,5a,74,b9,1f
.
[HKEY_USERS\S-1-5-21-2173778668-643321604-1992859200-1000\Software\SecuROM\License information*]
"datasecu"=hex:a6,8c,7f,4a,e4,2c,8a,c6,bd,fb,78,83,6a,73,b8,37,ea,92,56,91,34,
f0,c2,1e,ed,d7,40,5b,9f,40,8b,91,8a,0c,fd,ba,a3,db,5d,f3,cf,6d,02,8b,50,91,\
"rkeysecu"=hex:2e,d1,b9,fc,f1,c6,5b,d3,6f,7c,e6,6a,47,68,0d,75
.
Celkový čas: 2012-11-23 23:30:39
ComboFix-quarantined-files.txt 2012-11-23 22:30
ComboFix2.txt 2010-12-04 19:37
.
Před spuštěním: Volných bajtů: 25 735 966 720
Po spuštění: Volných bajtů: 27 248 623 616
.
- - End Of File - - DAEEE985F606D82E41B9E355DBF0EC5C

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok).
Zkopíruj do něj následující celý text označený červeně:

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSScheduler"=-
"NeroFilterCheck"=-

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe
a když se oba soubory překryjí, skript upusť.

- Automaticky se spustí ComboFix, oprava může trvat i déle než 10 minut. ! Nech ComboFix dokončit svou práci !
- Vlož sem log, který vyběhne v závěru čistícího procesu

Upozornění : Může se stát, že po aplikaci skriptu a restartu počítače Windows nenaběhnou, pak znovu restartuj počítač, mačkej F8 a pak zvol poslední známou funkční konfiguraci.

ComboFix 12-11-23.02 - Ondra 24.11.2012 8:38.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.786 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-24 do 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 07:52 . 2012-11-24 07:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-24 07:52 . 2012-11-24 07:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 07:52 . 2012-11-24 07:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-22 16:48 . 2012-11-22 16:48 -------- d-----w- c:\users\Ondra\AppData\Roaming\NVIDIA
2012-11-18 13:43 . 2012-10-02 19:29 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-18 13:41 . 2012-10-10 20:14 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-18 13:39 . 2012-11-18 13:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-16 13:23 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 13:22 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 21:16 . 2012-11-02 22:31 -------- d-----w- c:\program files\CardRecovery
2012-11-02 20:54 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 15:45 . 2012-07-20 22:41 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-10-10 20:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2012-10-10 20:14 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:14 . 2012-10-10 20:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 11:18 . 2012-05-03 16:59 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:18 . 2011-08-03 11:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 19:29 . 2009-06-10 06:34 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2009-06-10 06:34 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2009-06-10 06:34 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2009-06-10 06:34 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2009-06-10 06:34 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-29 18:54 . 2012-08-01 21:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 21:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 21:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 21:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-20 09:03 . 2012-06-05 07:25 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 15:45 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"AdobeBridge"="d:\program files\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894" [?]
.
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-8-24 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-3 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2008-04-01 11:21 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiCalc]
2008-07-16 07:43 3216384 ----a-w- c:\program files\MultiCalc\MultiCalc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2012-03-28 16:01 2774352 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 11:18]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:07]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:07]
.
2012-11-24 c:\windows\Tasks\User_Feed_Synchronization-{86AF73E7-A9FD-4A8A-A54F-189925096B5A}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Doplňkový sken -------
.
uStart Page = https://isearch.avg.com/?cid={31545F7D-34CB-49DD-8BB1-C6F7AD4D18EF}&mid=7b770b02efa5efa0371d49b651fadb34-27f3b627538e3f55120eaf3ff81df1037ba30a64&lang=cs&ds=gm011&pr=sa&d=2012-07-21 00:41&v=12.1.0.20&sap=hp
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ondra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{98F178C4-DBEC-4468-A176-2C093E8879F4}: NameServer = 213.250.192.1,213.250.194.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\89dezo23.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - ExtSQL: !HIDDEN! 2010-03-04 06:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-24 08:52
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2173778668-643321604-1992859200-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:46,4f,b3,d2,d0,bd,89,25,c7,a4,c8,93,c3,6c,af,da,a0,b5,f7,86,5a,38,9a,
34,b3,71,8b,63,ac,c5,72,dd,87,8b,de,09,ef,b3,13,93,85,19,f8,22,00,5d,40,0a,\
"??"=hex:f7,d3,33,2b,2d,d5,7f,8e,71,09,2c,ed,5a,74,b9,1f
.
[HKEY_USERS\S-1-5-21-2173778668-643321604-1992859200-1000\Software\SecuROM\License information*]
"datasecu"=hex:a6,8c,7f,4a,e4,2c,8a,c6,bd,fb,78,83,6a,73,b8,37,ea,92,56,91,34,
f0,c2,1e,ed,d7,40,5b,9f,40,8b,91,8a,0c,fd,ba,a3,db,5d,f3,cf,6d,02,8b,50,91,\
"rkeysecu"=hex:2e,d1,b9,fc,f1,c6,5b,d3,6f,7c,e6,6a,47,68,0d,75
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5836)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Celkový čas: 2012-11-24 08:54:56
ComboFix-quarantined-files.txt 2012-11-24 07:54
ComboFix2.txt 2012-11-23 22:30
ComboFix3.txt 2010-12-04 19:37
.
Před spuštěním: Volných bajtů: 26 233 122 816
Po spuštění: Volných bajtů: 26 196 074 496
.
- - End Of File - - C9FA9F55D6D99B56232CDEC0836E8AFE
ComboFix 12-11-23.02 - Ondra 24.11.2012 8:38.7.2 - x86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2047.786 [GMT 1:00]
Spuštěný z: c:\users\Ondra\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ondra\Desktop\CFScript.txt.txt
AV: AVG Internet Security *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: AVG Internet Security *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-24 do 2012-11-24 )))))))))))))))))))))))))))))))
.
.
2012-11-24 07:52 . 2012-11-24 07:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-11-24 07:52 . 2012-11-24 07:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-24 07:52 . 2012-11-24 07:52 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-11-22 16:48 . 2012-11-22 16:48 -------- d-----w- c:\users\Ondra\AppData\Roaming\NVIDIA
2012-11-18 13:43 . 2012-10-02 19:29 2557288 ----a-w- c:\windows\system32\nvsvcr.dll
2012-11-18 13:41 . 2012-10-10 20:14 52584 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-18 13:39 . 2012-11-18 13:39 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-11-16 13:23 . 2012-09-25 16:19 75776 ----a-w- c:\windows\system32\synceng.dll
2012-11-16 13:22 . 2012-10-12 14:29 2047488 ----a-w- c:\windows\system32\win32k.sys
2012-11-02 21:16 . 2012-11-02 22:31 -------- d-----w- c:\program files\CardRecovery
2012-11-02 20:54 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-08 15:45 . 2012-07-20 22:41 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-10-10 20:15 . 2012-10-10 20:15 1867112 ----a-w- c:\windows\system32\nvcuvenc.dll
2012-10-10 20:15 . 2012-10-10 20:15 2574696 ----a-w- c:\windows\system32\nvcuvid.dll
2012-10-10 20:14 . 2012-10-10 20:14 888168 ----a-w- c:\windows\system32\nvdispgenco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 12501352 ----a-w- c:\windows\system32\nvwgf2um.dll
2012-10-10 20:14 . 2012-10-10 20:14 17559912 ----a-w- c:\windows\system32\nvcompiler.dll
2012-10-10 20:14 . 2012-10-10 20:14 2428776 ----a-w- c:\windows\system32\nvapi.dll
2012-10-10 20:14 . 2012-10-10 20:14 7697768 ----a-w- c:\windows\system32\nvcuda.dll
2012-10-10 20:14 . 2012-10-10 20:14 10837352 ----a-w- c:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 20:14 . 2012-10-10 20:14 19906920 ----a-w- c:\windows\system32\nvoglv32.dll
2012-10-10 20:14 . 2012-10-10 20:14 1009512 ----a-w- c:\windows\system32\nvdispco32.dll
2012-10-10 20:14 . 2012-10-10 20:14 6127464 ----a-w- c:\windows\system32\nvopencl.dll
2012-10-10 20:14 . 2012-10-10 20:14 15309160 ----a-w- c:\windows\system32\nvd3dum.dll
2012-10-09 11:18 . 2012-05-03 16:59 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 11:18 . 2011-08-03 11:18 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 19:29 . 2009-06-10 06:34 645992 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:29 . 2009-06-10 06:34 62312 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:29 . 2009-06-10 06:34 108392 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:29 . 2009-06-10 06:34 2853224 ----a-w- c:\windows\system32\nvsvc.dll
2012-10-02 19:28 . 2009-06-10 06:34 3965288 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 12:15 . 2012-10-02 12:15 430952 ----a-w- c:\windows\system32\nvStreaming.exe
2012-09-29 18:54 . 2012-08-01 21:09 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-13 13:28 . 2012-10-10 21:16 2048 ----a-w- c:\windows\system32\tzres.dll
2012-08-29 11:27 . 2012-10-10 21:13 3602816 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-08-29 11:27 . 2012-10-10 21:13 3550080 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-20 09:03 . 2012-06-05 07:25 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 15:45 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2011-06-13 08:20 64792 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-18 125952]
"AdobeBridge"="d:\program files\Adobe Bridge CS5\Bridge.exe" [2010-03-09 11989960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2007-02-15 4390912]
"Acer Empowering Technology Monitor"="c:\acer\Empowering Technology\SysMonitor.exe" [2007-01-24 319488]
"eDataSecurity Loader"="c:\acer\Empowering Technology\eDataSecurity\eDSloader.exe" [2007-02-06 464168]
"WarReg_PopUp"="c:\acer\WR_PopUp\WarReg_PopUp.exe" [2006-11-05 57344]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"AVG9_TRAY"="c:\progra~1\AVG\AVG9\avgtray.exe" [2012-01-26 2077536]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-03 1022048]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"AvgUninstallURL"="start http://www.avg.cz/cz.special-uninstalla ... er=9.0.894" [?]
.
c:\users\Ondra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Cyber-shot Viewer Media Check Tool.lnk - c:\program files\Sony\Sony Picture Utility\VolumeWatcher\SPUVolumeWatcher.exe [2010-8-24 155648]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Empowering Technology Launcher.lnk - c:\acer\Empowering Technology\eAPLauncher.exe [2007-5-3 528384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\avgrsstx.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^GamePark klient 2.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\GamePark klient 2.lnk
backup=c:\windows\pss\GamePark klient 2.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Service Manager.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Service Manager.lnk
backup=c:\windows\pss\Service Manager.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-03-29 19:59 937920 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
2008-04-01 11:21 61440 ----a-r- c:\program files\Adobe\Adobe Photoshop Lightroom 1.4\apdproxy.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-08-31 01:57 40368 ----a-w- c:\program files\Adobe\Reader 8.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-02-22 03:57 406992 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-01-20 09:20 1305408 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ISUSPM Startup]
2004-06-16 05:03 221184 ----a-w- c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MultiCalc]
2008-07-16 07:43 3216384 ----a-w- c:\program files\MultiCalc\MultiCalc.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OODefragTray]
2012-03-28 16:01 2774352 ----a-w- c:\program files\OO Software\Defrag\oodtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-07-13 11:33 17418928 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2011-06-09 12:06 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-03 11:18]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:07]
.
2012-11-24 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-03 19:07]
.
2012-11-24 c:\windows\Tasks\User_Feed_Synchronization-{86AF73E7-A9FD-4A8A-A54F-189925096B5A}.job
- c:\windows\system32\msfeedssync.exe [2012-09-22 08:30]
.
.
------- Doplňkový sken -------
.
uStart Page = https://isearch.avg.com/?cid={31545F7D-34CB-49DD-8BB1-C6F7AD4D18EF}&mid=7b770b02efa5efa0371d49b651fadb34-27f3b627538e3f55120eaf3ff81df1037ba30a64&lang=cs&ds=gm011&pr=sa&d=2012-07-21 00:41&v=12.1.0.20&sap=hp
mStart Page = hxxp://home.sweetim.com
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Ondra\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_E11712C84EA7E12B.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: Interfaces\{98F178C4-DBEC-4468-A176-2C093E8879F4}: NameServer = 213.250.192.1,213.250.194.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\Ondra\AppData\Roaming\Mozilla\Firefox\Profiles\89dezo23.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - ExtSQL: !HIDDEN! 2010-03-04 06:42; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-24 08:52
Windows 6.0.6002 Service Pack 2 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2173778668-643321604-1992859200-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:46,4f,b3,d2,d0,bd,89,25,c7,a4,c8,93,c3,6c,af,da,a0,b5,f7,86,5a,38,9a,
34,b3,71,8b,63,ac,c5,72,dd,87,8b,de,09,ef,b3,13,93,85,19,f8,22,00,5d,40,0a,\
"??"=hex:f7,d3,33,2b,2d,d5,7f,8e,71,09,2c,ed,5a,74,b9,1f
.
[HKEY_USERS\S-1-5-21-2173778668-643321604-1992859200-1000\Software\SecuROM\License information*]
"datasecu"=hex:a6,8c,7f,4a,e4,2c,8a,c6,bd,fb,78,83,6a,73,b8,37,ea,92,56,91,34,
f0,c2,1e,ed,d7,40,5b,9f,40,8b,91,8a,0c,fd,ba,a3,db,5d,f3,cf,6d,02,8b,50,91,\
"rkeysecu"=hex:2e,d1,b9,fc,f1,c6,5b,d3,6f,7c,e6,6a,47,68,0d,75
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'Explorer.exe'(5836)
c:\windows\system32\MsnChatHook.dll
c:\windows\system32\ShowErrMsg.dll
c:\windows\system32\sysenv.dll
c:\windows\system32\BatchCrypto.dll
c:\windows\system32\CryptoAPI.dll
c:\windows\system32\keyManager.dll
.
Celkový čas: 2012-11-24 08:54:56
ComboFix-quarantined-files.txt 2012-11-24 07:54
ComboFix2.txt 2012-11-23 22:30
ComboFix3.txt 2010-12-04 19:37
.
Před spuštěním: Volných bajtů: 26 233 122 816
Po spuštění: Volných bajtů: 26 196 074 496
.
- - End Of File - - C9FA9F55D6D99B56232CDEC0836E8AFE

PC-HELP.CZ

Prosím o kontrolu logu pomalé Pc

Prosím o kontrolu logu pomalé Pc Vyřešeno

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc

Re: Prosím o kontrolu logu pomalé Pc