Prosím o kontrolu Vyřešeno

[lambor]

A toto je Extras OTL Extras logfile created on: 9.4.2010 18:35:41 - Run 1
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\FRANA\Desktop
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 60,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 77,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 37,21 Gb Free Space | 12,48% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 644,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1396,61 Gb Total Space | 1154,54 Gb Free Space | 82,67% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,86 Gb Total Space | 0,01 Gb Free Space | 0,43% Space Free | Partition Type: FAT
Drive K: | 7,46 Gb Total Space | 1,05 Gb Free Space | 14,11% Space Free | Partition Type: FAT32

Computer Name: FRANA-PC
Current User Name: FRANA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\opera.exe (Opera Software)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- C:\Users\FRANA\AppData\Local\Google\Chrome\Application\chrome.exe (Google Inc.)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\opera.exe" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- Reg Error: Value error.
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0

========== Authorized Applications List ==========


========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{186D2CCE-DEFE-4188-AB44-62008E9BC3E0}" = O&O Defrag Professional
"{26A24AE4-039D-4CA4-87B4-2F86416019FF}" = Java(TM) 6 Update 19 (64-bit)
"{35C2BB76-B80A-4E3B-A9BE-CF7F23651F33}" = WD SmartWare
"{42822DCA-21E7-49C6-20DE-9FAC7A4980C2}" = ATI Problem Report Wizard
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5EBA0265-63AA-40EB-A156-D9D6CF9E6C6F}" = ESET Smart Security
"{5F94D3B9-2B02-9C37-740B-A59C7B8D17CC}" = ATI Catalyst Install Manager
"{63B4D80D-7BAC-4D1D-B9B6-27FF54197982}" = Regi
"{6E8E85E8-CE4B-4FF5-91F7-04999C9FAE6A}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{A792E67C-FDA4-A301-0C3C-53BA86EFBB5A}" = ccc-utility64
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{F2DEDF1D-AFB2-CCFD-54C4-05BED30C75ED}" = ATI AVIVO64 Codecs
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.54
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v3.3.0
"SP6" = Logitech SetPoint 6.0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}" = Cool & Quiet
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{23D6C05C-E8BB-0812-7C96-33F0E25A6388}" = HydraVision
"{26A24AE4-039D-4CA4-87B4-2F83216016F0}" = Java(TM) 6 Update 16
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java(TM) 6 Update 17
"{310BC5E2-31AF-49BB-904D-E71EB93645DC}" = AI Suite
"{33CF58F5-48D8-4575-83D6-96F574E4D83A}" = Nero DriveSpeed
"{359CFC0A-BEB1-440D-95BA-CF63A86DA34F}" = Nero Recode
"{368BA326-73AD-4351-84ED-3C0A7A52CC53}" = Nero Rescue Agent
"{3D6A24EA-A543-6C84-351E-D7646E7AB86E}" = Catalyst Control Center InstallProxy
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{43E39830-1826-415D-8BAE-86845787B54B}" = Nero Vision
"{47CAFF95-C3D8-ABF2-70BC-89DE00D8FB19}" = Catalyst Control Center Graphics Light
"{48D082B9-18F6-4426-AFAC-8B6A3E7021B1}" = Brother MFL-Pro Suite DCP-585CW
"{4962EBAC-AE7C-1B22-1EA0-0916A7E40954}" = Catalyst Control Center Graphics Full Existing
"{49A62E2B-B35C-941D-DF48-601207CF14C0}" = Catalyst Control Center Graphics Previews Common
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{595A3116-40BB-4E0F-A2E8-D7951DA56270}" = NeroExpress
"{5BDA2F58-1F21-4D10-9910-92B01EBCC958}" = AMD USB Filter Driver
"{5F9136F9-93EF-4545-A824-5BDB59156A68}" = AMD OverDrive Beta
"{62AC81F6-BDD3-4110-9D36-3E9EAAB40999}" = Nero CoverDesigner
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A490E11-6C8A-777C-4E00-43F3CC16A1EC}" = CCC Help English
"{7236672F-6430-439E-9B27-27EDEAF1D676}" = Diagnostic Utility
"{72736F5F-520D-472A-88CC-7B02872FD34E}" = ATI Catalyst Registration
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7748AC8C-18E3-43BB-959B-088FAEA16FB2}" = Nero StartSmart
"{77919701-C3E7-09AA-D2F7-DBF42CD7C13D}" = Catalyst Control Center HydraVision Full
"{7829DB6F-A066-4E40-8912-CB07887C20BB}" = Nero BurnRights
"{78B2F09F-BDC7-7865-CF4C-233B64A3BE51}" = Catalyst Control Center Graphics Full New
"{7D7FA0D2-740F-4643-BBE7-FB4AAF43DB39}" = ASUS Smart Doctor
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200DB-287A-4DC0-B02B-2B6787FBCD4C}" = Nero DiscSpeed
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{8ACC73AA-6511-7C55-B1A9-8E5D1DEAFAA3}" = The Lord of the Rings FREE Trial
"{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"{8D7133DE-27D2-47E5-B248-4180278D32AA}" = Catalyst Control Center - Branding
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8F66047B-1AF3-40D9-80D7-106E2EDC2C2A}" = EPU-4 Engine
"{99AD9D6D-A456-49EE-8360-F22EE7AA1272}" = Express Gate
"{9E82B934-9A25-445B-B8DF-8012808074AC}" = Nero PhotoSnap
"{A209525B-3377-43F4-B886-32F6B6E7356F}" = Nero WaveEditor
"{A31951C5-DCD8-4DFE-A525-CFC701F54792}" = TurboV
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-1029-7B44-A93000000001}" = Adobe Reader 9.3.1 - Czech
"{B1ADF008-E898-4FE2-8A1F-690D9A06ACAF}" = DolbyFiles
"{B2EC4A38-B545-4A00-8214-13FE0E915E6D}" = Advertising Center
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B78120A0-CF84-4366-A393-4D0A59BC546C}" = Menu Templates - Starter Kit
"{B83F7FA5-3191-4E39-A1F2-8A9038BD0B04}" = Turbo Key
"{bb84cb8d-4fa1-4b6e-a6b8-53d199674250}" = Nero 9 Trial
"{BBE2F69C-4338-11D7-8F0C-00A0244F4E2D}" = Dr.Web
"{BD5CA0DA-71AD-43DA-B19E-6EEE0C9ADC9A}" = Nero ControlCenter
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C167A588-87AA-47BF-A88E-5B0F9A14480D}" = InterVideo DVDCopy5
"{C427E746-4EC9-4E3C-AACB-C6BB1F714D7F}" = Uniblue DriverScanner 2009
"{C5A7CB6C-E76D-408F-BA0E-85605420FE9D}" = SoundTrax
"{C9FFC925-E27E-436E-A2DF-652324D51029}" = Nero 8
"{D025A639-B9C9-417D-8531-208859000AF8}" = NeroBurningROM
"{D241BBEC-B1C7-7953-EDDE-D90A654A8D2C}" = ccc-core-static
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D5C24E77-099E-9B84-5BE2-708E70B938A9}" = Catalyst Control Center Core Implementation
"{D9DCF92E-72EB-412D-AC71-3B01276E5F8B}" = Nero ShowTime
"{DC4757E2-BAE3-0BFE-C6E5-576CB911FF52}" = Catalyst Control Center Graphics Previews Vista
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{E1BBBAC5-2857-4155-82A6-54492CE88620}" = Opera 9.64
"{E36E864B-BFB6-440A-9A23-2B0BEDE59A92}" = MultiScreen
"{E498385E-1C51-459A-B45F-1721E37AA1A0}" = Movie Templates - Starter Kit
"{E8A80433-302B-4FF1-815D-FCC8EAC482FF}" = Nero Installer
"{EB0F4554-AD4F-4C8C-9764-66AC2CF8D184}" = AMD OverDrive
"{F1861F30-3419-44DB-B2A1-C274825698B3}" = Nero Disc Copy Gadget
"{F4933D9F-89CC-4CA9-B5B0-CF32968890C7}" = BookScan&Whiteboard Suite
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F59205C8-E5FB-43F5-AAB2-16C1760D4F59}" = FaceFilter Studio Brother Edition
"{F7338FA3-DAB5-49B2-900D-0AFB5760C166}" = PC Probe II
"{FA8BFB25-BF48-4F8B-8859-B30810745190}" = LightScribe System Software
"{FBCDFD61-7DCF-4E71-9226-873BA0053139}" = Nero InfoTool
"{FC2C7405-BC58-4E11-8F51-29671BEAC06B}" = Natural Color Pro
"{FE3997D3-6B56-4AC4-A99C-9DDFC45359BF}" = TuneUp Utilities Language Pack (en-US)
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Ashampoo Burning Studio 2010_is1" = Ashampoo Burning Studio 2010
"Ashampoo Burning Studio 9_is1" = Ashampoo Burning Studio 9.20
"Ashampoo WinOptimizer 2010 Advanced_is1" = Ashampoo WinOptimizer 2010 Advanced
"AvantBrowser" = Avant Browser (remove only)
"CCleaner" = CCleaner
"CloneCD" = CloneCD
"CloneDVD2" = CloneDVD2
"CyberLink PowerDVD 9.0.1719" = CyberLink PowerDVD 9.0.1719 CZ
"Driver Magician_is1" = Driver Magician 3.48
"EVEREST Ultimate Edition_is1" = EVEREST Ultimate Edition v5.01
"Hard Drive Inspector" = Hard Drive Inspector Professional 3.60 build # 322
"HijackThis" = HijackThis 2.0.2
"ImTOO HD Video Converter" = ImTOO HD Video Converter
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Platforma Ovladače zařízení
"InstallShield_{7D7FA0D2-740F-4643-BBE7-FB4AAF43DB39}" = ASUS Smart Doctor
"InstallShield_{8B76B8E9-F773-4B75-A08C-120079EB765E}" = RAIDXpert
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"Internet Download Manager" = Internet Download Manager
"KLiteCodecPack_is1" = K-Lite Codec Pack 5.8.3 (Standard)
"Magic ISO Maker v5.5 (build 0281)" = Magic ISO Maker v5.5 (build 0281)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Maxthon2" = Maxthon2
"MediaVideoConverter HD Video Converter" = MediaVideoConverter HD Video Converter
"Mozilla Firefox (3.6.2)" = Mozilla Firefox (3.6.2)
"mv61xxDriver" = marvell 61xx
"RealPlayer 12.0" = RealPlayer
"SpeedFan" = SpeedFan (remove only)
"Super Internet TV (Premium Edition)_is1" = Super Internet TV v8.0 (Premium Edition)
"szn-software-listicka" = Seznam Lištička 2 (Všichni uživatelé tohoto počítače.)
"The KMPlayer" = The KMPlayer (remove only)
"TuneUp Utilities" = TuneUp Utilities
"Uniblue DriverScanner 2009" = Uniblue DriverScanner 2009
"USB Disk Security_is1" = USB Disk Security 5.1.0.15
"uTorrent" = µTorrent
"WinRAR archiver" = WinRAR archiver
"Xilisoft HD Video Converter" = Xilisoft HD Video Converter
"YU2010_is1" = Your Uninstaller! 2010
"ZonerPhotoStudio12_CZ_is1" = Zoner Photo Studio 12

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

Error reading Event Logs: The Event Service is not operating properly or the Event Logs are corrupt!

< End of report >

[Reklama]

[jaro3]

Zbytky po Symantec/Norton , zkus toto:

ftp://ftp.symantec.com/public/english_u ... l_Tool.exe


Poklepej na ikonu OTL na ploše.Ujisti se , že máš všechny ostatní aplikace a prohlížeče zavřeny.
Pod Custom Scans/Fixes do okénka vlož následující text, zobrazený zeleně:

Kód: Vybrat vše

:OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
FF - prefs.js..browser.search.defaultenginename: "Search"
FF - prefs.js..browser.search.defaulturl: "http://www3.iamwired.net/websearch.php?src=tops&search="
FF - prefs.js..browser.search.selectedEngine: "Search"
FF - user.js..browser.search.openintab: false
O1 HOSTS File: ([2010.03.25 12:44:38 | 000,381,046 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 13123 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - Reg Error: Value error. File not found
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Value error. File not found
O4 - HKLM..\Run: [reset] C:\Windows\reset.reg ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\SysNative\DRWEBSP.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\SysNative\DRWEBSP.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\SysNative\DRWEBSP.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\SysNative\DRWEBSP.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\SysNative\DRWEBSP.DLL File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\SysNative\DRWEBSP.DLL File not found
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/s ... wflash.cab (Shockwave Flash Object)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - AutoRun File - [2009.06.18 23:12:18 | 000,000,088 | ---- | M] () - F:\autorun.inf -- [ UDF ]
O33 - MountPoints2\{730cbabe-42d7-11df-98ee-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{730cbabe-42d7-11df-98ee-806e6f6e6963}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- [2009.10.14 23:28:45 | 003,271,968 | ---- | M] (Western Digital)
O33 - MountPoints2\{d648a5db-3795-11df-b2d0-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{d648a5db-3795-11df-b2d0-806e6f6e6963}\Shell\AutoRun\command - "" = L:\WD SmartWare.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (OODBS) - File not found

:Files
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\WINDOWS\system32\*.tmp.dll
C:\WINDOWS\system32\SET*.tmp
c:\windows\Tasks\*.job
F:\autorun.inf
F:\WD SmartWare.exe
C:\ProgramData\NortonInstaller
C:\Program Files (x86)\NortonInstaller
C:\Windows\tasks\SA.DAT
C:\Windows\_MSRSTRT.EXE
C:\Users\FRANA\AppData\Roaming\chrtmp
C:\ProgramData\1F372B8D6B.sys
C:\Windows\ativpsrm.bin
C:\Windows\FIX.reg
C:\Windows\reset.reg
C:\ProgramData\KGyGaAvL.sys

:Reg
:Commands
[resethosts]
[purity]
[emptytemp]
[start explorer]
[Reboot]

Poté klikni nahoře na Run Fix. Nech program nerušeně běžet, na konci se provede restart PC.
Po restartu se objeví log , prosím zkopíruj sem celý jeho obsah.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
C:\Users\FRANA\.rnd
Pokud už byl soubor testován-klikni na otestovat znovu.

Až skončí test všech antivirů, vlož sem pak odkaz na stránku s výsledky.

[lambor]

Já jsem to fixnul 2 krát ale po restartu se mi nic neobjevilo

[lambor]

vistotal Soubor .rnd přijatý 2010.04.09 19:27:47 (UTC)
Současný stav: Čekejte ... Ve frontě Čekání Testování Dokončeno NENALEZENO ZASTAVENO


Výsledek: 0/39 (0%)
Načítám informace ze serveru...
Váš soubor čeká ve frontě na pozici: 1.
Odhadovaný čas začátku mezi 42 a 60 sekundami.
Nezavírejte toto okno dokud nebude test dokončen.
Právě testující program byl je zastaven, probíhá čekání na program.
Za chvíli bude proveden další pokus o otestování souboru.
Pokud budete čekat déle než-li pět minut odešlete Váš soubor znovu.
Váš soubor je nyní testován pomocí VirusTotal,
výsledky budou zobrazeny po dokončení.
Formátované Vytisknout výsledky
Váš soubor není platný, nebo neexistuje.
Služba je pozastavena v tuto chvíli, váš soubor čeká na otestování (pozice: ) po nespecifikovanou dobu.

Nyní čekejte na odezvu webu (automatické obnovení), nebo napište email do pole a klikněte na "vyžádat" a systém Vám zašle email s výsledky až bude test hotov.
Email:


Antivirus Verze Poslední aktualizace Výsledek
a-squared 4.5.0.50 2010.04.09 -
AhnLab-V3 5.0.0.2 2010.04.09 -
AntiVir 7.10.6.55 2010.04.09 -
Antiy-AVL 2.0.3.7 2010.04.09 -
Authentium 5.2.0.5 2010.04.09 -
Avast 4.8.1351.0 2010.04.09 -
Avast5 5.0.332.0 2010.04.09 -
AVG 9.0.0.787 2010.04.09 -
BitDefender 7.2 2010.04.09 -
CAT-QuickHeal 10.00 2010.04.09 -
ClamAV 0.96.0.3-git 2010.04.09 -
Comodo 4550 2010.04.09 -
DrWeb 5.0.2.03300 2010.04.09 -
eSafe 7.0.17.0 2010.04.08 -
eTrust-Vet 35.2.7418 2010.04.09 -
F-Prot 4.5.1.85 2010.04.09 -
F-Secure 9.0.15370.0 2010.04.09 -
Fortinet 4.0.14.0 2010.04.08 -
GData 19 2010.04.09 -
Ikarus T3.1.1.80.0 2010.04.09 -
Jiangmin 13.0.900 2010.04.09 -
Kaspersky 7.0.0.125 2010.04.09 -
McAfee-GW-Edition 6.8.5 2010.04.09 -
Microsoft 1.5605 2010.04.09 -
NOD32 5014 2010.04.09 -
Norman 6.04.11 2010.04.09 -
nProtect 2009.1.8.0 2010.04.06 -
Panda 10.0.2.2 2010.04.09 -
PCTools 7.0.3.5 2010.04.09 -
Prevx 3.0 2010.04.09 -
Rising 22.42.04.03 2010.04.09 -
Sophos 4.52.0 2010.04.09 -
Sunbelt 6156 2010.04.09 -
Symantec 20091.2.0.41 2010.04.09 -
TheHacker 6.5.2.0.258 2010.04.09 -
TrendMicro 9.120.0.1004 2010.04.09 -
VBA32 3.12.12.4 2010.04.09 -
ViRobot 2010.4.9.2269 2010.04.09 -
VirusBuster 5.0.27.0 2010.04.09 -
Rozšiřující informace
File size: 1024 bytes
MD5...: 7704be5d321e456707a8f36262605757
SHA1..: a542bc860b7457e4ce83450ef1e781c0744f0a3c
SHA256: 44dfab24925cf2c89a67170485c4cd2a24f56b0b3e55edb5bc98531253cead0b
ssdeep: 24:EaTk0r5For24aBvShtAJ+2cgKE9ZyZXUlQCYyoyCn/NkrEwW0q+I/o:EaT9/5
+caE91pYyYkowW0go

PEiD..: -
PEInfo: -
RDS...: NSRL Reference Data Set
-
pdfid.: -
trid..: Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

[jaro3]

Ten log by měl být ve stejném místě jako OTL.

Restart se tedy provedl .

Poklepej znovu na ikonu OTL by OldTimer, pod Custom Scans/Fixes vlož následující text , zeleně zbarvený:

Kód: Vybrat vše

netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT

Neměň nastavení, jen klikni na Run Scan, nech sken dokončit. Až se se objeví textový soubor , tak sem vlož prosím jeho celý obsah.

[lambor]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3969

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

8.4.2010 19:18:06
mbam-log-2010-04-08 (19-18-06).txt

Typ skenu: Rychlý sken
Skenované objekty: 105597
Uplynulý čas: 4 minuta(y), 17 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 3
Infikované soubory: 11

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
C:\Program Files (x86)\FLV Direct Player (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV (Adware.BHO.FL) -> No action taken.

Infikované soubory:
C:\$Recycle.Bin\S-1-5-21-3198453933-1468843402-334695556-1001\$R06J6MQ.exe (HackTool.Snadboy) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\downloading.swf (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\player.swf (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\preload.swf (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Button.bmp (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Logo.bmp (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\skin.xml (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysCloseButton.bmp (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysMaxButton.bmp (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\SysMinButton.bmp (Adware.BHO.FL) -> No action taken.
C:\Program Files (x86)\FLV Direct Player\Skin\DirectFLV\Window.bmp (Adware.BHO.FL) -> No action taken.

[jaro3]

. Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Ukaž výsledky
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Odstranit označené
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Můžeš sem pak vložit nový log z MbAM.

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

pak ten Log z OTL.
Zítra se kouknu.

[lambor]

OK a diky moc

[lambor]

Malwarebytes' Anti-Malware 1.45
www.malwarebytes.org

Verze databáze: 3969

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

9.4.2010 22:30:06
mbam-log-2010-04-09 (22-30-06).txt

Typ skenu: Rychlý sken
Skenované objekty: 105505
Uplynulý čas: 3 minuta(y), 38 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 0
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[lambor]

doufám že je to ono Scanning Report
Friday, April 9, 2010 22:45:55 - 22:55:38
Computer name: FRANA-PC
Scanning type: Quick scan
Target: System


--------------------------------------------------------------------------------

4 malware found
TrackingCookie.2o7 (spyware)
System (Disinfected)
TrackingCookie.Revsci (spyware)
System (Disinfected)
TrackingCookie.Webtrends (spyware)
System (Disinfected)
TrackingCookie.Yieldmanager (spyware)
System (Disinfected)

--------------------------------------------------------------------------------

Statistics
Scanned:
Files: 6066
System: 6066
Not scanned: 0
Actions:
Disinfected: 4
Renamed: 0
Deleted: 0
Not cleaned: 0
Submitted: 0

--------------------------------------------------------------------------------

Options
Scanning engines:

[jaro3]

4 malware vyčištěny, tak znovu log z OTL ( bez toho scriptu).

[lambor]

Omlovám se ale nevim jaký script máte na mysli myslíte jenom toto ? OTL logfile created on: 10.4.2010 18:20:08 - Run 2
OTL by OldTimer - Version 3.2.1.1 Folder = C:\Users\FRANA\Music
64bit- Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 2,00 Gb Available Physical Memory | 56,00% Memory free
8,00 Gb Paging File | 6,00 Gb Available in Paging File | 74,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 37,05 Gb Free Space | 12,43% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 644,12 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: UDF
Drive G: | 1396,61 Gb Total Space | 1150,95 Gb Free Space | 82,41% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 1,86 Gb Total Space | 0,01 Gb Free Space | 0,43% Space Free | Partition Type: FAT
Drive K: | 7,46 Gb Total Space | 1,05 Gb Free Space | 14,11% Space Free | Partition Type: FAT32

Computer Name: FRANA-PC
Current User Name: FRANA
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Include 64bit Scans
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan