Služby ve Správci úloh Vyřešeno

[Lunaris]

"Administrator"

[Reklama]

[bledulka]

Tak pak by to mělo být ok.


Stahni AVPtool http://devbuilds.kaspersky-labs.com/devbuilds/AVPTool/
-nainstaluj, nech provést sken všechn jednotek
-co najde nech léčit
-pak sem vlož log.

[Lunaris]

xD ááh trvalo to den xD... tak tady to máš :-) :

Autoscan: completed 24 minutes ago (events: 52, objects: 1368582, time: 1 day 00:18:20)
13.8.2010 18:04:29 Task started
13.8.2010 19:03:27 Detected: Trojan.Win32.Genome.cge D:\Documents and Settings\Petr\Desktop\Lunaris\instalace\Any.Video.Converter.Pro.2.7.0\ChupaChu\any.video.converter.universal.patch.by_ChupaChu.exe
13.8.2010 19:19:28 Detected: Trojan-Downloader.Win32.Agent.eeoe D:\Documents and Settings\Petr\Downloads\iDetector-V1.0.exe
13.8.2010 20:05:15 Untreated: Trojan.Win32.Genome.cge D:\Documents and Settings\Petr\Desktop\Lunaris\instalace\Any.Video.Converter.Pro.2.7.0\ChupaChu\any.video.converter.universal.patch.by_ChupaChu.exe Skipped by user
13.8.2010 20:05:48 Deleted: Trojan-Downloader.Win32.Agent.eeoe D:\Documents and Settings\Petr\Downloads\iDetector-V1.0.exe
13.8.2010 20:46:58 Detected: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner(2).exe
13.8.2010 20:57:41 Untreated: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner(2).exe Skipped by user
13.8.2010 20:57:41 Detected: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner.exe
13.8.2010 20:57:44 Untreated: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner.exe Skipped by user
13.8.2010 22:57:48 Detected: Trojan.Win32.DelFiles.mj D:\Users\Petr\Downloads\T-Cleaner(2).exe
13.8.2010 22:57:51 Untreated: Trojan.Win32.DelFiles.mj D:\Users\Petr\Downloads\T-Cleaner(2).exe Skipped by user
13.8.2010 22:57:52 Detected: Trojan.Win32.DelFiles.mj D:\Users\Petr\Downloads\T-Cleaner.exe
13.8.2010 22:57:53 Untreated: Trojan.Win32.DelFiles.mj D:\Users\Petr\Downloads\T-Cleaner.exe Skipped by user
14.8.2010 0:11:01 Detected: Trojan.Win32.DelFiles.mj D:\Users\Petr\Downloads\T-Cleaner(2).exe
14.8.2010 0:54:00 Untreated: Trojan.Win32.DelFiles.mj D:\Users\Petr\Downloads\T-Cleaner(2).exe Skipped by user
14.8.2010 1:00:32 Detected: Trojan-GameThief.Win32.Magania.cldu C:\Documents and Settings\Lunaris\Plocha\win 7\7_Loader_China.rar/7 Loader China/win7loader_samblg_sch_1001.exe/win7loader_samblg.exe
14.8.2010 1:01:45 Untreated: Trojan-GameThief.Win32.Magania.cldu C:\Documents and Settings\Lunaris\Plocha\win 7\7_Loader_China.rar/7 Loader China/win7loader_samblg_sch_1001.exe/win7loader_samblg.exe Write not supported
14.8.2010 1:33:22 Detected: Trojan-Spy.Win32.KeyLogger.bmh C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP169\A0033025.exe/data0001
14.8.2010 11:07:41 Deleted: Trojan-Spy.Win32.KeyLogger.bmh C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP169\A0033025.exe
14.8.2010 11:08:07 Detected: Trojan-Spy.Win32.KeyLogger.bmh C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP169\A0033026.exe/data0001
14.8.2010 11:20:28 Deleted: Trojan-Spy.Win32.KeyLogger.bmh C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP169\A0033026.exe
14.8.2010 11:20:28 Detected: Trojan-Spy.Win32.KeyLogger.bmh C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP169\A0033027.exe/data0000
14.8.2010 11:36:39 Deleted: Trojan-Spy.Win32.KeyLogger.bmh C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP169\A0033027.exe
14.8.2010 11:38:47 Detected: not-a-virus:AdWare.Win32.Rabio.gn C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033849.exe
14.8.2010 11:38:47 Detected: not-a-virus:AdWare.Win32.Rabio.fv C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033852.exe
14.8.2010 11:38:53 Detected: not-a-virus:AdWare.Win32.Rabio.fj C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033857.exe
14.8.2010 11:39:07 Deleted: not-a-virus:AdWare.Win32.Rabio.gn C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033849.exe
14.8.2010 11:39:08 Deleted: not-a-virus:AdWare.Win32.Rabio.fv C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033852.exe
14.8.2010 11:39:08 Deleted: not-a-virus:AdWare.Win32.Rabio.fj C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033857.exe
14.8.2010 11:39:09 Detected: not-a-virus:AdWare.Win32.Rabio.hp C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033870.exe
14.8.2010 11:39:09 Detected: not-a-virus:AdWare.Win32.Rabio.fx C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033873.exe
14.8.2010 11:39:10 Detected: not-a-virus:AdWare.Win32.Rabio.ga C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033875.exe
14.8.2010 11:39:25 Deleted: not-a-virus:AdWare.Win32.Rabio.hp C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033870.exe
14.8.2010 11:39:25 Detected: not-a-virus:AdWare.Win32.Rabio.gm C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033876.exe
14.8.2010 11:39:25 Deleted: not-a-virus:AdWare.Win32.Rabio.fx C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033873.exe
14.8.2010 11:39:26 Deleted: not-a-virus:AdWare.Win32.Rabio.ga C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033875.exe
14.8.2010 11:39:29 Deleted: not-a-virus:AdWare.Win32.Rabio.gm C:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP174\A0033876.exe
14.8.2010 12:14:25 Detected: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner(2).exe
14.8.2010 13:13:36 Deleted: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner(2).exe
14.8.2010 13:13:36 Detected: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner.exe
14.8.2010 13:16:20 Deleted: Trojan.Win32.DelFiles.mj D:\Documents and Settings\Petr\Downloads\T-Cleaner.exe
14.8.2010 15:13:19 Detected: Trojan.Win32.Genome.cge F:\Documents and Settings\Petr\Desktop\Lunaris\instalace\Any.Video.Converter.Pro.2.7.0\ChupaChu\any.video.converter.universal.patch.by_ChupaChu.exe
14.8.2010 15:15:36 Detected: not-a-virus:AdWare.Win32.AdMedia.li F:\Documents and Settings\Petr\Desktop\Lunaris\instalace\NOD32 + 67years free\Updates-NOD32-License-automatically\TNODUP.exe
14.8.2010 15:49:16 Detected: Trojan-Downloader.Win32.Hilldoor.cf F:\Program Files\Digiarty\WinX_Video_Converter_Platnium\WinX_Video_Converter_Platinum.exe
14.8.2010 16:23:20 Untreated: not-a-virus:AdWare.Win32.AdMedia.li F:\Documents and Settings\Petr\Desktop\Lunaris\instalace\NOD32 + 67years free\Updates-NOD32-License-automatically\TNODUP.exe Skipped by user
14.8.2010 16:23:43 Deleted: Trojan.Win32.Genome.cge F:\Documents and Settings\Petr\Desktop\Lunaris\instalace\Any.Video.Converter.Pro.2.7.0\ChupaChu\any.video.converter.universal.patch.by_ChupaChu.exe
14.8.2010 16:24:10 Deleted: Trojan-Downloader.Win32.Hilldoor.cf F:\Program Files\Digiarty\WinX_Video_Converter_Platnium\WinX_Video_Converter_Platinum.exe
14.8.2010 17:01:36 Detected: Trojan-PSW.Win32.Dybalom.ala F:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP151\A0031097.exe
14.8.2010 17:17:02 Deleted: Trojan-PSW.Win32.Dybalom.ala F:\System Volume Information\_restore{43A8D48D-7A94-4EBE-B7A8-FC1C10488498}\RP151\A0031097.exe
14.8.2010 17:22:57 Detected: not-a-virus:AdWare.Win32.AdMedia.li F:\Users\Petr\Desktop\Lunaris\instalace\NOD32 + 67years free\Updates-NOD32-License-automatically\TNODUP.exe
14.8.2010 17:23:31 Deleted: not-a-virus:AdWare.Win32.AdMedia.li F:\Users\Petr\Desktop\Lunaris\instalace\NOD32 + 67years free\Updates-NOD32-License-automatically\TNODUP.exe
14.8.2010 18:22:50 Task completed


/edit: dal jsem restart PC...pak jsem to zkusil - nic... :( ... ale včera jsem udělal něco, že se mi zobrazuje v logon screenu účet: Administrator - nejde smazat, takže to bude asi ten nejhlavnější... ale proč nemám stejný pravomoce, když jsem taky admin (?) ... jinak na tom Administrator všechno jde, jak má..

[bledulka]

Učet administrátor nemaž.
Asi máš nějak pošramocené registry, možná virem.
Vyhoď ten nelegální NOD .

Mě napadá jedině udělat nový učet s admin právy .

[Lunaris]

ten NOD je v trial verzi... takže snad legal ...

ne, jen to ne :(

[bledulka]

Máš na mysli nekonečnou trial verzi?
14.8.2010 16:23:20 Untreated: not-a-virus:AdWare.Win32.AdMedia.li F:\Documents and Settings\Petr\Desktop\Lunaris\instalace\NOD32 + 67years free\Updates-NOD32-License-automatically\TNODUP.exe Skipped by user


Je docela možné, že Ti registry poškodil třeba zrovna tento vir...prostě ho odinstaluj, nebo jsme skončili.

[Lunaris]

Nene pouzivam mesicni verzi, ten 67 years update kswm nedmazal do komce, ale jdu na to

Edit: tak smazano, tady je log z hjt :-) + nevim jestli mi je k necemu tuneup utilities... Myslis, ze bych je mel smaznout?


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:22, on 24.7.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Windows\system32\taskeng.exe
D:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe
D:\Program Files\ASUS\AASP\1.01.02\aaCenter.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Program Files\Microsoft IntelliType Pro\itype.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Users\Petr\AppData\Local\Seznam.cz\postak.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Users\Petr\AppData\Roaming\Microsoft\v4.exe
D:\Program Files\QIP Infium\infium.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\taskmgr.exe
D:\Windows\eHome\EhTray.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [itype] "D:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "D:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Seznam Postak] "D:\Users\Petr\AppData\Local\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleApps] D:\Users\Petr\Documents\System32\v4.exe
O4 - HKCU\..\Run: [MSN] D:\Users\Petr\AppData\Roaming\Microsoft\v4.exe
O4 - Startup: v4.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - D:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - D:\Windows\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - D:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6567 bytes

[bledulka]

Otestuj na http://www.virustotal.com


D:\Users\Petr\Documents\System32\v4.exe
D:\Users\Petr\AppData\Roaming\Microsoft\v4.exe

-Do okénka zkopíruj cestu k souboru , pokud napíše, že soubor byl už testován, dej otestovat znovu.
-Sem vlož link s výsledky.


Tune Up není špatný, ale je moc provázaný se systémem a může ho až poškodit, někdy.

[Lunaris]

"Tento soubor nebyl nalezen" :(

[bledulka]

dej procházet a do spodního okénka nakopíruj cestu k tomu souboru.

[Lunaris]

není to tam, koukal jsem i přes průzkumníka


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:08:22, on 24.7.2010
Platform: Unknown Windows (WinNT 6.01.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal

Running processes:
D:\Windows\system32\taskhost.exe
D:\Windows\system32\Dwm.exe
D:\Windows\Explorer.EXE
D:\Windows\system32\taskeng.exe
D:\Program Files\ASUS\AI Suite\EnergySaving\PwSave.exe
D:\Program Files\ASUS\AASP\1.01.02\aaCenter.exe
D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe
D:\Program Files\ESET\ESET Smart Security\egui.exe
D:\Program Files\Microsoft IntelliPoint\ipoint.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
D:\Program Files\Microsoft IntelliType Pro\itype.exe
D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe
D:\Program Files\Microsoft IntelliType Pro\dpupdchk.exe
D:\Program Files\iTunes\iTunesHelper.exe
D:\Program Files\DU Meter\DUMeter.exe
D:\Users\Petr\AppData\Local\Seznam.cz\postak.exe
D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
D:\Windows\system32\SearchProtocolHost.exe
D:\Users\Petr\AppData\Roaming\Microsoft\v4.exe
D:\Program Files\QIP Infium\infium.exe
D:\Windows\system32\SearchFilterHost.exe
D:\Windows\system32\taskmgr.exe
D:\Windows\eHome\EhTray.exe
D:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 74.208.10.249 gs.apple.com
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - D:\Program Files\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: MegaIEMn - {bf00e119-21a3-4fd1-b178-3b8537e75c92} - D:\Program Files\Megaupload\Mega Manager\MegaIEMn.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - D:\Program Files\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [egui] "D:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [IntelliPoint] "D:\Program Files\Microsoft IntelliPoint\ipoint.exe"
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
O4 - HKLM\..\Run: [itype] "D:\Program Files\Microsoft IntelliType Pro\itype.exe"
O4 - HKLM\..\Run: [Ai Nap] "D:\Program Files\ASUS\AI Suite\AiNap\AiNap.exe"
O4 - HKLM\..\Run: [Cpu Level Up help] "D:\Program Files\ASUS\AI Suite\CpuLevelUpHelp.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "D:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [DU Meter] D:\Program Files\DU Meter\DUMeter.exe
O4 - HKCU\..\Run: [ccleaner] "D:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [Seznam Postak] "D:\Users\Petr\AppData\Local\Seznam.cz\postak.exe" -s
O4 - HKCU\..\Run: [Sidebar] D:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GoogleApps] D:\Users\Petr\Documents\System32\v4.exe
O4 - HKCU\..\Run: [MSN] D:\Users\Petr\AppData\Roaming\Microsoft\v4.exe
O4 - Startup: v4.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Zobrazit nebo skrýt HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - D:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O9 - Extra button: (no name) - Cmdmapping - (no file) (HKCU)
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AMD External Events Utility - AMD - D:\Windows\system32\atiesrxx.exe
O23 - Service: Apple Mobile Device - Apple Inc. - D:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: AST Service (astcc) - Nalpeiron Ltd. - D:\Windows\system32\astsrv.exe
O23 - Service: Bonjour Service - Apple Inc. - D:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DU Meter Service (DUMeterSvc) - Hagel Technologies Ltd. - D:\Program Files\DU Meter\DUMeterSvc.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - D:\Program Files\ESET\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - D:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: iPod Service - Apple Inc. - D:\Program Files\iPod\bin\iPodService.exe
O23 - Service: TeamViewer 5 (TeamViewer5) - TeamViewer GmbH - D:\Program Files\TeamViewer\Version5\TeamViewer_Service.exe
O23 - Service: @D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe

--
End of file - 6567 bytes

[bledulka]

Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož