Winlogon.exe - vir? - 100 CPU ? další blbosti?

[nardeus]

No zdravím, pišu sem, protože se mi asi stáhl totálně zajebný vir :(

Když zapnu PC, tak mi naběhne vše v poho až na to že v procesech mám asi 50x Winlogon.exe

Potom když zapnu "Google Chrome" Tak se winlogony změní na Chrome.exe a těch je tam zas 50x.. Potom se to změní na Dwwin.exe a pak na drtwsn32.exe (bo tak nějak) Musím to vše vypnout, a pak je vše v poho až na to že mám v procesech 2 WinLogony. Jeden je v poho, ale druhý zabírá 100 CPU.. Díky za odpovědí.. A jestli píšu do špatné sekce tak se omlouvám.

[Reklama]

[memphisto]

Vlož sem log z programu HijackThis (návod na vytvoření logu mám v podpise). To sis stáhnul crack na legalizaci Windows, co?

[nardeus]

Nn, nic takového jsem nestahoval :) Log jsem dodám nejpozdějí zítra.

[nardeus]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:10:59, on 19.7.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
E:\WINDOWS\System32\smss.exe
E:\WINDOWS\system32\winlogon.exe
E:\WINDOWS\system32\services.exe
E:\WINDOWS\system32\lsass.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\system32\svchost.exe
E:\WINDOWS\System32\svchost.exe
E:\WINDOWS\system32\Ati2evxx.exe
E:\WINDOWS\Explorer.EXE
E:\WINDOWS\system32\spoolsv.exe
E:\Program Files\Common Files\WUDHost.exe
E:\Program Files\Java\jre6\bin\jusched.exe
C:\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe
C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe
E:\WINDOWS\system32\Rundll32.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
E:\WINDOWS\Mixer.exe
E:\WINDOWS\system32\RunDll32.exe
C:\Program Files\Razer\Lachesis\razerhid.exe
E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
E:\WINDOWS\system32\ctfmon.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\1.2.183.29\GoogleCrashHandler.exe
E:\Program Files\Messenger\msmsgs.exe
E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
E:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe
E:\Program Files\Orbitdownloader\orbitdm.exe
E:\Program Files\Orbitdownloader\orbitnet.exe
C:\Program Files\Razer\Lachesis\OSD.exe
E:\WINDOWS\System32\svchost.exe
E:\Program Files\Bonjour\mDNSResponder.exe
E:\Program Files\Creative\Diagnostics\diagent.exe
E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
E:\WINDOWS\system32\CTsvcCDA.exe
E:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Razer\Lachesis\razertra.exe
E:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\MySQL\MySQL Server 5.0\bin\mysqld-nt.exe
C:\Program Files\Razer\Lachesis\razerofa.exe
E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
E:\WINDOWS\system32\svchost.exe
E:\Documents and Settings\Administrator\Data aplikací\winlogon.exe
E:\Program Files\Skype\Plugin Manager\skypePM.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\imp_doc573725.exe
E:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\imp_doc702970.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Chrome\Application\chrome.exe
E:\WINDOWS\system32\msiexec.exe
E:\Program Files\Hijack\Trend Micro\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zaparit.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: btorbit.com - {000123B4-9B42-4900-B3F7-F4B073EFC214} - E:\Program Files\Orbitdownloader\orbitcth.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - E:\Program Files\The_Pirate_Bay\toolbar.ni.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - E:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - E:\Program Files\The_Pirate_Bay\toolbar.ni.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe"
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\SBAudigy\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [P17Helper] Rundll32 P17.dll,P17Helper
O4 - HKLM\..\Run: [UpdReg] E:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [egui] "E:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [diagent] "E:\Program Files\Creative\Diagnostics\diagent.exe" startup
O4 - HKLM\..\Run: [C-Media Mixer] Mixer.exe /startup
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [Lachesis] C:\Program Files\Razer\Lachesis\razerhid.exe
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HKLM] E:\WINDOWS\system32\Winlog\Winlogon.exe
O4 - HKLM\..\Run: [Windows Audio Driver] "E:\WINDOWS\system32\audiohd.exe"
O4 - HKLM\..\Run: [Microsoft SecureAssist] E:\Documents and Settings\Administrator\Data aplikací\winlogon.exe
O4 - HKLM\..\Run: [Windows Firewall] E:\Documents and Settings\Administrator\Data aplikací\galaxy.exe
O4 - HKLM\..\Run: [] E:\Documents and Settings\Administrator\Data aplikací\SsLxT.exe
O4 - HKLM\..\Run: [NVIDIA] E:\Documents and Settings\Administrator\Data aplikací\nvdisp.exe
O4 - HKLM\..\RunOnce: [MixerDef] MixerDef.Exe
O4 - HKCU\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "E:\Documents and Settings\Administrator\Local Settings\Data aplikací\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Skype] "E:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "E:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [LightScribe Control Panel] E:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [Steam] "c:\program files\steam\steam.exe" -silent
O4 - HKCU\..\Run: [CTRegRun] E:\WINDOWS\CTRegRun.EXE
O4 - HKCU\..\Run: [DriverUpdaterPro] E:\Program Files\iXi Tools\Driver Updater Pro\DriverUpdaterPro.exe -t
O4 - HKCU\..\Run: [HKCU] E:\WINDOWS\system32\Winlog\Winlogon.exe
O4 - HKCU\..\Run: [Microsoft SecureAssist] E:\Documents and Settings\Administrator\Data aplikací\winlogon.exe
O4 - HKCU\..\Run: [Windows Firewall] E:\Documents and Settings\Administrator\Data aplikací\galaxy.exe
O4 - HKCU\..\Run: [] E:\Documents and Settings\Administrator\Data aplikací\SsLxT.exe
O4 - HKCU\..\Run: [NVIDIA] E:\Documents and Settings\Administrator\Data aplikací\nvdisp.exe
O4 - HKCU\..\Run: [Startup ] E:\Documents and Settings\Administrator\Data aplikací\Microsoft\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] E:\WINDOWS\system32\Winlog\Winlogon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows-Network Component] "E:\Program Files\Common Files\WUDHost.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Policies] E:\WINDOWS\system32\Winlog\Winlogon.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] E:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = E:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Startup: hamachi.lnk = E:\Program Files\Hamachi\hamachi.exe
O4 - Startup: Registration Prince of Persia Warrior Within.LNK = C:\Program Files\Ubisoft\Prince of Persia Warrior Within\Support\Register\RegistrationReminder.exe
O4 - Global Startup: Orbit.lnk = E:\Program Files\Orbitdownloader\orbitdm.exe
O8 - Extra context menu item: &Download by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/201
O8 - Extra context menu item: &Grab video by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/204
O8 - Extra context menu item: Do&wnload selected by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/203
O8 - Extra context menu item: Down&load all by Orbit - res://E:\Program Files\Orbitdownloader\orbitmxt.dll/202
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - E:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - E:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - E:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - E:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - E:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe LM Service - Adobe Systems - E:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - E:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - E:\WINDOWS\system32\ati2sgag.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - E:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Capture Device Service - InterVideo Inc. - E:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - E:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Eset HTTP Server (EhttpSrv) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: Eset Service (ekrn) - ESET - E:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - E:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - E:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - E:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: MySQL - Unknown owner - E:\Program.exe (file missing)
O23 - Service: MySQL4 - Unknown owner - E:\Program.exe (file missing)
O23 - Service: MySQL41 - Unknown owner - C:\Program.exe (file missing)
O23 - Service: NBService - Nero AG - E:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: NMIndexingService - Nero AG - E:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Performance Driver Service - Unknown owner - E:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - E:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: XAMPP Service (XAMPP) - Unknown owner - E:\Program Files\xampp\service.exe (file missing)

--
End of file - 13240 bytes

[TheSkeleton]

pokud vím tak winlogon.exe není vir

[nardeus]

Pokud vím, tak se mi asi do winlogonu dostal vir :)

[jaro3]

To TheSkeleton: winlogon může být vir , pokud není na správném místě , nebo může být infikovaný..

To nardeus : určitě si stahoval aktivátor, že?

Odinstaluj:
The Pirate Bay Toolbar
Ask Toolbar
Ask Search
Ask.com

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: (no name) - {9CB65206-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - E:\Program Files\The_Pirate_Bay\toolbar.ni.dll
O2 - BHO: Ask Search Assistant BHO - {9CB65201-89C4-402c-BA80-02D8C59F9B1D} - (no file)
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O2 - BHO: Ask Toolbar BHO - {FE063DB1-4EC0-403e-8DD8-394C54984B2C} - (no file)
O3 - Toolbar: PandoraTV Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - E:\Program Files\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: The Pirate Bay Toolbar - {5B291E6C-9A74-4034-971B-A4B007A0B313} - E:\Program Files\The_Pirate_Bay\toolbar.ni.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "E:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] E:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKLM\..\Run: [QuickTime Task] "E:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [Adobe ARM] "E:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HKLM] E:\WINDOWS\system32\Winlog\Winlogon.exe
O4 - HKLM\..\Run: [Windows Audio Driver] "E:\WINDOWS\system32\audiohd.exe"
O4 - HKLM\..\Run: [Microsoft SecureAssist] E:\Documents and Settings\Administrator\Data aplikací\winlogon.exe
O4 - HKLM\..\Run: [Windows Firewall] E:\Documents and Settings\Administrator\Data aplikací\galaxy.exe
O4 - HKLM\..\Run: [] E:\Documents and Settings\Administrator\Data aplikací\SsLxT.exe
O4 - HKCU\..\Run: [HKCU] E:\WINDOWS\system32\Winlog\Winlogon.exe
O4 - HKCU\..\Run: [Microsoft SecureAssist] E:\Documents and Settings\Administrator\Data aplikací\winlogon.exe
O4 - HKCU\..\Run: [Windows Firewall] E:\Documents and Settings\Administrator\Data aplikací\galaxy.exe
O4 - HKCU\..\Run: [] E:\Documents and Settings\Administrator\Data aplikací\SsLxT.exe
O4 - HKCU\..\Run: [Startup ] E:\Documents and Settings\Administrator\Data aplikací\Microsoft\svchost.exe
O4 - HKLM\..\Policies\Explorer\Run: [Policies] E:\WINDOWS\system32\Winlog\Winlogon.exe
O4 - HKLM\..\Policies\Explorer\Run: [Windows-Network Component] "E:\Program Files\Common Files\WUDHost.exe"
O4 - HKCU\..\Policies\Explorer\Run: [Policies] E:\WINDOWS\system32\Winlog\Winlogon.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - E:\Program Files\ICQ6.5\ICQ.exe (file missing)

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.


Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

[nardeus]

Problém je, že používám Google Chrome.

EDIT - No, nic se nespravilo:) A nevím jak spustit v nouzovém režimu, ale ted mi zabírá 100 CPU necinne procesy.

[jaro3]

ATF Cleaner nedělej.

vyčisti systém CCleanerem

Ten MbAM nejde udělat nebo co??

[skunkicz]

Problém je, že používám Google Chrome.

EDIT - No, nic se nespravilo:) A nevím jak spustit v nouzovém režimu, ale ted mi zabírá 100 CPU necinne procesy.

100 cpu nečinné procesy je správně viz tento topic

viewtopic.php?f=46&t=55245

[bledulka]

nardeus - než přijde Jaro3

Ten mbam Ti jde,nebo ne?
Máš pc zavirované, tak prosím Tě dělej to, co psal Jaro3 už výš.
Pokud potřebuješ do nouzového režimu, tak po testartu mačkej F8 a vyber nouzový režim s prací v síti (nebo safe mode).

[nardeus]

Už je to v pohodě, díky všem za help! Nod32 mi sám našel ten wir " Winlogon.exe" A normální Winlogon.exe mi tam nechal.. Takže už pohoda dík moc!