Prosím o kontrolu logu

[Macmanik]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:15:43, on 13.8.2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Users\Manik\Downloads\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKCU\..\Run: [Google Update] "C:\Users\Manik\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [Infium] "C:\Program Files (x86)\QIP 2010\qip.exe" /autorun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-382369283-753846922-1978406153-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-382369283-753846922-1978406153-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~2\Office12\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8334 bytes

[Reklama]

[jaro3]

Zavři ostatní aplikace a prohlížeče, odpoj se od netu a fixni v HJT:
Návod

Kód: Vybrat vše

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-382369283-753846922-1978406153-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected. Poté klikni na Main (hlavní stránku ) a klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Aktualizace Malwarebytes' Anti-Malware a Spustit aplikaci Malwarebytes' Anti-Malware, pokud jo tak klikni na tlačítko konec
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Provést rychlý sken a klikni na tlačítko Skenovat
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Zobrazit výsledky
- pak zvol možnost uložit log a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud budou problémy , spusť v nouz. režimu.

Nainstaluj si javu:
Java SE Runtime Environment 6u26

Klikni na Accept License Agreement
Vyber si OS (Windows nebo Windows x64, Offline Installation)
jre-6u26-windows-i586-p.exe nebo
jre-6u26-windows-x64.exe
Stáhni ( download) a nainstaluj.

+
Adobe Reader

Máš nějaké problémy?

[Macmanik]

No, zdá se mi, že pc je trochu pomalej na ten výkon :-)

[Macmanik]

Malwarebytes' Anti-Malware 1.51.1.1800
http://www.malwarebytes.org

Verze databáze: 7454

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

13.8.2011 11:16:46
mbam-log-2011-08-13 (11-16-46).txt

Typ: Rychlá kontrola
Kontrolované objekty: 195911
Uplynulý čas: 1 minut, 48 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[album]458[/album]

- nezdá se mi to Bgmonitor a GrooveMonitor

[jaro3]

http://www.spywareterminator.com/cs/ite ... nitor.html

http://www.processlibrary.com/directory ... tor/73791/

Stáhni si na svojí plochu StartupLite .exe by MalwareBytes

Tento program identifikuje a dává volbu k odstranění nepotřebných položek k vyprázdnění paměti.
Poklepej na ikonu StartupLite.exe (by MalwareBytes ) ke spuštění programu. Ve vistě a windows 7 spusť jako správce (pravým klik na ikonu a vyber-spustit jako správce).Vytvoří se list nepotřebných vstupů po spuštění. Nech všechny položky jako deaktivované a klikni na Continue . Restartuj PC.

+
Vypni rez. ochranu u antiviru a antispywaru,příp. firewall..

Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud budou problémy , spusť ho v nouz. režimu.

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

[Macmanik]

Všehcno v pohodě akorát jedna chybová hláška těsně před restartem pc :-)


ComboFix 11-08-13.02 - Manik 13.08.2011 16:42:47.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.420.1029.18.6142.3832 [GMT 2:00]
Spuštěný z: c:\users\Manik\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\Config.ini
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-07-13 do 2011-08-13 )))))))))))))))))))))))))))))))
.
.
2011-08-13 14:46 . 2011-08-13 14:46 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2011-08-13 14:46 . 2011-08-13 14:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-13 10:14 . 2011-08-13 10:15 -------- d-----w- c:\program files (x86)\AIDA64 Extreme Edition
2011-08-13 09:43 . 2011-08-13 09:43 -------- d-----w- c:\program files\CCleaner
2011-08-13 09:28 . 2011-08-13 09:28 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-08-13 09:25 . 2011-08-13 09:25 -------- d-----w- c:\programdata\McAfee
2011-08-13 09:24 . 2011-08-13 09:28 -------- d-----w- c:\users\Manik\AppData\Local\Solid State Networks
2011-08-13 09:20 . 2011-08-13 09:20 525544 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-13 09:20 . 2011-08-13 09:20 -------- d-----w- c:\program files\Java
2011-08-13 09:14 . 2011-08-13 09:14 -------- d-----w- c:\users\Manik\AppData\Roaming\Malwarebytes
2011-08-13 09:13 . 2011-08-13 09:13 -------- d-----w- c:\programdata\Malwarebytes
2011-08-13 09:13 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-13 07:57 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{6E50E826-6029-45E4-9048-CCD604B0C88F}\mpengine.dll
2011-08-12 18:19 . 2011-08-13 10:50 -------- d-----w- c:\users\Manik\AppData\Roaming\Bioshock2
2011-08-12 18:19 . 2011-08-12 18:19 -------- d-----w- c:\windows\SysWow64\xlive
2011-08-12 18:19 . 2011-08-12 18:19 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-08-12 18:18 . 2011-08-12 18:18 -------- d-sh--w- c:\programdata\SecuROM
2011-08-11 07:34 . 2011-06-28 08:01 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-11 07:34 . 2011-06-28 08:01 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AA5F5AF3-2C2B-4C93-A2C0-BFFFB9E41788}\gapaengine.dll
2011-08-10 06:41 . 2011-06-21 06:34 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-08-10 06:40 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-08-10 06:40 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-08-10 06:40 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-08-10 06:40 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-08-10 06:40 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-08-10 06:40 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-08-10 06:40 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-08-09 19:17 . 2011-08-09 19:17 -------- d-----w- c:\windows\system32\appmgmt
2011-08-09 12:03 . 2011-08-09 12:03 270912 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-08-09 07:35 . 2011-08-09 12:03 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-08-08 14:45 . 1999-12-17 08:13 86016 ----a-w- c:\windows\unvise32.exe
2011-08-08 14:40 . 2011-08-08 14:40 -------- d-----w- c:\program files (x86)\Mplayer
2011-08-08 14:40 . 1999-10-09 15:30 305152 ----a-w- c:\windows\IsUninst.exe
2011-08-08 08:01 . 2011-08-08 08:01 -------- d-----w- c:\users\Administrator
2011-08-07 20:56 . 2011-08-07 20:56 -------- d-----w- c:\users\Manik\AppData\Local\Criterion Games
2011-08-04 18:52 . 2011-08-04 18:52 -------- d-----w- c:\users\Manik\AppData\Local\SKIDROW
2011-08-04 18:15 . 2011-08-07 14:43 -------- d-----w- c:\users\Manik\AppData\Local\ElevatedDiagnostics
2011-08-03 01:31 . 2011-08-03 01:31 311912 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2011-07-22 10:41 . 2011-08-08 21:52 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-22 10:41 . 2011-08-08 21:25 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-07-22 10:41 . 2011-08-08 21:52 268952 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-07-22 10:40 . 2011-07-22 10:40 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-22 10:40 . 2011-08-08 11:19 -------- d-----w- c:\users\Manik\AppData\Local\PunkBuster
2011-07-18 15:17 . 2011-07-18 15:18 -------- d-----w- c:\users\Manik\AppData\Roaming\vlc
2011-07-18 15:17 . 2011-07-18 15:17 -------- d-----w- c:\program files (x86)\VLC
2011-07-18 15:14 . 2011-07-18 15:14 -------- d-----w- c:\users\Manik\AppData\Local\DDMSettings
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-03 11:50 . 2011-06-28 07:48 980072 ----a-w- c:\windows\system32\nvvsvc.exe
2011-08-03 11:50 . 2011-06-28 07:48 836200 ----a-w- c:\windows\system32\easyupdatusapiu64.dll
2011-08-03 11:50 . 2011-06-28 07:48 61544 ----a-w- c:\windows\system32\nvshext.dll
2011-08-03 11:50 . 2011-06-28 07:48 6136936 ----a-w- c:\windows\system32\nvcpl.dll
2011-08-03 11:50 . 2011-06-28 07:48 3021416 ----a-w- c:\windows\system32\nvsvc64.dll
2011-08-03 11:50 . 2011-06-28 07:48 2560616 ----a-w- c:\windows\system32\nvsvcr.dll
2011-08-03 11:50 . 2011-06-28 07:48 117864 ----a-w- c:\windows\system32\nvmctray.dll
2011-08-03 11:50 . 2011-06-28 07:48 2758760 ----a-w- c:\windows\system32\nvapi64.dll
2011-08-03 11:50 . 2011-06-28 07:48 2412136 ----a-w- c:\windows\SysWow64\nvapi.dll
2011-08-03 11:50 . 2009-07-13 21:59 8355944 ----a-w- c:\windows\system32\nvwgf2umx.dll
2011-08-03 11:50 . 2009-06-10 20:37 12636776 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2011-07-16 04:26 . 2011-08-10 06:42 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-13 04:53 . 2011-06-29 11:51 8578896 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-04 09:45 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-04 09:45 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-02 18:12 . 2011-07-02 18:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-28 08:36 . 2011-06-28 08:36 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-06-28 08:36 . 2011-06-28 08:36 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-06-28 08:36 . 2011-06-28 08:36 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-06-28 08:36 . 2011-06-28 08:36 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-06-28 08:36 . 2011-06-28 08:36 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-06-28 08:36 . 2011-06-28 08:36 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-06-28 08:36 . 2011-06-28 08:36 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-06-28 08:36 . 2011-06-28 08:36 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-06-28 08:36 . 2011-06-28 08:36 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-06-28 08:36 . 2011-06-28 08:36 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-06-28 08:36 . 2011-06-28 08:36 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-06-28 08:36 . 2011-06-28 08:36 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-06-28 08:36 . 2011-06-28 08:36 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-06-28 08:36 . 2011-06-28 08:36 222208 ----a-w- c:\windows\system32\msls31.dll
2011-06-28 08:36 . 2011-06-28 08:36 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-06-28 08:36 . 2011-06-28 08:36 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-06-28 08:36 . 2011-06-28 08:36 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-06-28 08:36 . 2011-06-28 08:36 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-06-28 08:36 . 2011-06-28 08:36 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-06-28 08:36 . 2011-06-28 08:36 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-06-28 08:36 . 2011-06-28 08:36 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-06-28 08:36 . 2011-06-28 08:36 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-06-28 08:36 . 2011-06-28 08:36 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-06-28 08:36 . 2011-06-28 08:36 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-06-28 08:36 . 2011-06-28 08:36 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-06-28 08:36 . 2011-06-28 08:36 12288 ----a-w- c:\windows\system32\mshta.exe
2011-06-28 08:36 . 2011-06-28 08:36 114176 ----a-w- c:\windows\system32\admparse.dll
2011-06-28 08:36 . 2011-06-28 08:36 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-06-28 08:36 . 2011-06-28 08:36 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-06-28 08:36 . 2011-06-28 08:36 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-06-28 08:36 . 2011-06-28 08:36 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-06-28 08:36 . 2011-06-28 08:36 448512 ----a-w- c:\windows\system32\html.iec
2011-06-28 08:36 . 2011-06-28 08:36 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-28 08:36 . 2011-06-28 08:36 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-06-28 08:36 . 2011-06-28 08:36 160256 ----a-w- c:\windows\system32\wextract.exe
2011-06-28 08:36 . 2011-06-28 08:36 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-28 05:12 . 2011-07-03 18:27 1552896 ----a-w- c:\windows\system32\VSFilter.dll
2011-06-20 06:57 . 2011-06-28 08:00 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4377E4D4-2BA0-4383-851B-05F7DB5877E2}\mpengine.dll
2011-06-20 05:11 . 2011-07-03 18:27 3747328 ----a-w- c:\windows\system32\x264vfw.dll
2011-06-17 07:36 . 2011-07-03 18:27 87040 ----a-w- c:\windows\system32\xvid.ax
2011-06-17 07:27 . 2011-07-03 18:27 258560 ----a-w- c:\windows\system32\xvidvfw.dll
2011-06-17 07:20 . 2011-07-03 18:27 703488 ----a-w- c:\windows\system32\xvidcore.dll
2011-06-11 03:07 . 2011-07-13 18:37 3137536 ----a-w- c:\windows\system32\win32k.sys
2011-06-02 17:53 . 2011-06-02 17:53 94208 ----a-w- c:\windows\SysWow64\dpl100.dll
2011-05-25 07:25 . 2011-06-28 07:48 1496168 ----a-w- c:\windows\system32\nvdispco6420150.dll
2011-05-25 07:25 . 2011-06-28 07:48 1427048 ----a-w- c:\windows\system32\nvgenco642090.dll
2011-05-24 11:42 . 2011-06-29 11:44 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-05-24 10:40 . 2011-06-29 11:44 64512 ----a-w- c:\windows\SysWow64\devobj.dll
2011-05-24 10:40 . 2011-06-29 11:44 44544 ----a-w- c:\windows\SysWow64\devrtl.dll
2011-05-24 10:39 . 2011-06-29 11:44 145920 ----a-w- c:\windows\SysWow64\cfgmgr32.dll
2011-05-24 10:37 . 2011-06-29 11:44 252928 ----a-w- c:\windows\SysWow64\drvinst.exe
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-03-12 153136]
"Infium"="c:\program files (x86)\QIP 2010\qip.exe" [2011-07-18 6812032]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-08-02 4910912]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-08-03 2255464]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-08-03 379496]
.
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78563e8d-c27f-11e0-a89b-001d60ea32de}]
\shell\AutoRun\command - f:\.autorun\autorun.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2011-08-12 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-382369283-753846922-1978406153-1001Core.job
- c:\users\Manik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 07:56]
.
2011-08-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-382369283-753846922-1978406153-1001UA.job
- c:\users\Manik\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-28 07:56]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.254
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe
c:\program files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
.
**************************************************************************
.
Celkový čas: 2011-08-13 16:49:50 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-08-13 14:49
.
Před spuštěním: Volných bajtů: 65 185 644 544
Po spuštění: Volných bajtů: 64 780 746 752
.
- - End Of File - - EE08D26DEB350A8960A2FC972DEB00E7

[bledulka]

Co je jednotka F?
Ted to s počítačem vypadá jak?

[Macmanik]

Jednotka F je virtuální jednotka čili Daemon tools :-) Já tu změnu vůbec nepoznám... Promiňte, že sem vás zatěžoval.. Sem asi zvyklej na tu rychlost jen mi to nepřišlo .. Ale start je hrozně pomalej

[jaro3]

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::
File::
f:\.autorun\autorun.exe
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-382369283-753846922-1978406153-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-382369283-753846922-1978406153-1001UA.job

Folder::
c:\programdata\McAfee
f:\.autorun

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{78563e8d-c27f-11e0-a89b-001d60ea32de}]

RegNull::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.