[Preventivní] Kontrola HJT

[CZechBoY]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:25:55, on 7.2.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
F:\Programy(x86)\uTorrent\uTorrent.exe
F:\Programy(x86)\Desktop Sidebar_old\dsidebar.exe
F:\Programy(x86)\QIP Infium\infium.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
F:\Programy(x86)\Winamp\winamp.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
E:\WPE\WPE PRO.exe
C:\Users\CZechBoY\Desktop\new server\ServerJabko2.exe
C:\Program Files (x86)\TeamViewer\Version6\TeamViewer.exe
C:\Users\CZechBoY\Desktop\new server\CH admin UDP async_prava.exe
C:\Users\CZechBoY\Desktop\new server\Chmat Tools objednavky async.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
F:\Programy(x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Users\CZechBoY\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.cz/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: IE to GetRight Helper - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - F:\Programy(x86)\GetRight\xx2gr.dll
O2 - BHO: Pomocná služba pro přihlášení ke službě Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - F:\Programy(x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - F:\Programy(x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [uTorrent] "F:\Programy(x86)\uTorrent\uTorrent.exe"
O4 - HKCU\..\Run: [SIDEBAR] "F:\Programy(x86)\Desktop Sidebar_old\dsidebar.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Infium] "F:\Programy(x86)\QIP Infium\infium.exe" /autorun
O8 - Extra context menu item: Download with GetRight - F:\Programy(x86)\GetRight\GRdownload.htm
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://F:\Programy\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Open with GetRight Browser - F:\Programy(x86)\GetRight\GRbrowse.htm
O8 - Extra context menu item: Subscribe in Desktop Sidebar - res://F:\Programy(x86)\Desktop Sidebar_old\sbhelp.dll/menuhandler.html
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O17 - HKLM\System\CCS\Services\Tcpip\..\{2038154B-2980-46B6-B116-3AA4AF93D7AF}: NameServer = 10.0.0.100,10.0.0.200
O17 - HKLM\System\CCS\Services\Tcpip\..\{5E509714-6D82-46A5-88A5-B2A714A244E0}: NameServer = 10.0.0.100,10.0.0.200
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: SAMSUNG AllShare Service (AllShare) - Unknown owner - F:\Programy(x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Firewall (AntiVirFirewallService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe
O23 - Service: Avira AntiVir MailGuard (AntiVirMailService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Avira AntiVir WebGuard (AntiVirWebService) - Avira GmbH - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - F:\Programy(x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O&O Defrag (OODefragAgent) - O&O Software GmbH - C:\Program Files\OO Software\Defrag\oodag.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: TeamViewer 5 (TeamViewer5) - Unknown owner - C:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe (file missing)
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - F:\Programz(x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - RealVNC Ltd. - F:\Programy\RealVNC\VNC4\WinVNC4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)

--
End of file - 8206 bytes

předem díky

[Reklama]

[Žbeky]

Ahoj LOG vypadá čistě.

Fixni jen:
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
-Když používáš Firefox (Mozzila), klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
-Když používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.

Pokud bude Mbam čistý a nemáš žádné konkrétní problémy, můžeš označit za vyřešené

[CZechBoY]

tak je to v prdeli šéfe kromě WPE(který fakt nechci mazat ) tam mám KeyLogger :(

c:\Windows\System32\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
c:\Windows\SysWOW64\h@tkeysh@@k.dll (Trojan.Agent) -> No action taken.
c:\Windows\System32\28463\AKV.exe (Keylogger.Ardamax) -> No action taken.
c:\Windows\System32\28463\dec_23_2010__17_54_39.jpg (Keylogger.Ardamax) -> No action taken.
c:\Windows\System32\28463\dec_23_2010__17_54_42.jpg (Keylogger.Ardamax) -> No action taken.
c:\Windows\System32\28463\dec_23_2010__17_54_52.jpg (Keylogger.Ardamax) -> No action taken.
c:\Windows\System32\28463\dec_23_2010__17_54_55.jpg (Keylogger.Ardamax) -> No action taken.
c:\Windows\System32\28463\dec_23_2010__17_54_58.jpg (Keylogger.Ardamax) -> No action taken.

.
.
.
těhle souborů s názvem datumu v názvu tu bylo asi milion
.
.
.

c:\Windows\SysWOW64\28463\VBRF.001 (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\VBRF.002 (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\vbrf.002.tmp (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\VBRF.005 (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\vbrf.005.tmp (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\VBRF.006 (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\VBRF.007 (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\VBRF.009 (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\vbrf.009.tmp (Keylogger.Ardamax) -> No action taken.
c:\Windows\SysWOW64\28463\VBRF.exe (Keylogger.Ardamax) -> No action taken.

[memphisto]

Jsi cheater a nemám tě rád

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah

[CZechBoY]

nejsem cheater, používám to na jiný věci... navíc WPE používám na zneškodnění konkurence
tak jsem dal zkontrolovat, smazat a chce to restart, resetnu to a pošlu ComboFix až někdy dýl, nechce se mi teď vypínat PC

[CZechBoY]

ComboFix 11-02-06.02 - CZechBoY 07.02.2011 22:13:35.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.420.1029.18.4060.2945 [GMT 1:00]
Spuštěný z: c:\users\CZechBoY\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: Avira FireWall *Disabled* {31341D0C-2EA1-6D37-1CC3-F0344A49C2CC}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\Explorer
c:\windows\wpe pro.INI

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NPF


((((((((((((((((((((((((( Soubory vytvořené od 2011-01-07 do 2011-02-07 )))))))))))))))))))))))))))))))
.

2011-02-07 21:12 . 2011-02-07 21:12 -------- d-----w- C:\32788R22FWJFW
2011-02-07 18:03 . 2011-02-07 18:03 -------- d-----w- c:\users\CZechBoY\AppData\Local\Diagnostics
2011-01-28 22:04 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2011-01-28 22:04 . 2011-01-28 22:05 -------- d-----w- c:\users\CZechBoY\AppData\Local\OpenCandy
2011-01-28 22:04 . 2011-01-28 22:04 -------- d-----w- c:\users\CZechBoY\AppData\Roaming\OpenCandy
2011-01-28 22:04 . 2009-08-02 20:09 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2011-01-28 22:04 . 2011-01-28 22:04 -------- d-----w- c:\program files (x86)\VstPlugins
2011-01-28 22:04 . 2011-01-28 22:04 -------- d-----w- c:\program files (x86)\Image-Line
2011-01-28 22:04 . 2011-01-28 22:04 -------- d-----w- c:\program files (x86)\Outsim
2011-01-23 19:39 . 2010-10-16 05:17 720896 ----a-w- c:\windows\system32\odbc32.dll
2011-01-23 19:39 . 2010-10-16 05:16 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-23 19:39 . 2010-10-16 05:16 466944 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-23 19:39 . 2010-10-16 05:16 1425408 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-23 19:39 . 2010-10-16 05:16 258048 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2011-01-23 19:39 . 2010-10-16 04:34 573440 ----a-w- c:\windows\SysWow64\odbc32.dll
2011-01-23 19:39 . 2010-10-16 04:33 372736 ----a-w- c:\program files (x86)\Common Files\System\ado\msadox.dll
2011-01-23 19:39 . 2010-10-16 04:33 352256 ----a-w- c:\program files (x86)\Common Files\System\ado\msadomd.dll
2011-01-23 19:39 . 2010-10-16 04:33 987136 ----a-w- c:\program files (x86)\Common Files\System\ado\msado15.dll
2011-01-23 19:39 . 2010-10-16 04:33 208896 ----a-w- c:\program files (x86)\Common Files\System\msadc\msadco.dll
2011-01-21 23:00 . 2010-07-07 20:35 266714 ----a-w- c:\windows\KMSAct.exe
2011-01-21 20:41 . 2011-01-21 20:41 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2011-01-21 20:41 . 2011-01-21 20:41 -------- d-----w- c:\program files\Microsoft Analysis Services
2011-01-21 20:41 . 2011-01-21 20:41 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2011-01-20 17:02 . 2011-01-20 17:02 -------- d-----w- c:\users\CZechBoY\AppData\Local\Zoner
2011-01-13 10:23 . 2008-05-07 18:59 99840 ----a-w- c:\windows\system32\Spool\prtprocs\x64\HPZPPLHN.DLL
2011-01-12 09:42 . 2011-01-12 09:42 16376 ----a-w- c:\windows\system32\drivers\TVMonitor.sys
2011-01-12 09:42 . 2011-01-12 09:42 35112 ----a-w- c:\windows\system32\drivers\teamviewervpn.sys
2011-01-10 15:00 . 2011-01-10 15:00 -------- d-----w- c:\program files\iPod
2011-01-10 15:00 . 2011-01-10 15:01 -------- d-----w- c:\program files\iTunes
2011-01-10 14:53 . 2011-01-10 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-01-10 14:53 . 2011-01-10 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-01-10 14:53 . 2011-01-10 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-01-10 14:53 . 2011-01-10 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-01-10 14:53 . 2011-01-10 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-01-10 14:53 . 2011-01-10 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-01-10 14:53 . 2011-01-10 14:53 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-01-09 22:33 . 2011-01-09 22:40 -------- d-----w- c:\users\CZechBoY\VirtualBox VMs
2011-01-09 22:32 . 2010-12-22 14:08 226448 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-01-09 22:32 . 2010-12-22 14:08 54864 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-07 21:13 . 2010-12-18 01:55 6346 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-12-22 14:08 . 2010-12-22 14:08 173840 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2010-12-22 14:08 . 2010-12-22 14:08 154256 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2010-12-22 14:08 . 2010-12-22 14:08 318992 ----a-w- c:\windows\system32\VBoxNetFltNotify.dll
2010-12-20 17:09 . 2010-12-08 15:25 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-12-08 15:25 24152 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-12-14 13:43 . 2010-12-24 02:42 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2010-12-14 13:39 . 2010-12-24 02:42 25920 ----a-w- c:\windows\system32\authuitu.dll
2010-12-14 13:39 . 2010-12-24 02:42 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2010-12-14 13:39 . 2010-12-24 02:42 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2010-12-14 13:39 . 2010-12-24 02:42 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2010-12-08 15:09 . 2010-12-08 15:09 388096 ----a-r- c:\users\CZechBoY\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2010-11-29 06:56 . 2010-12-07 20:38 545 ----a-w- c:\windows\UC.PIF
2010-11-29 06:56 . 2010-12-07 20:38 545 ----a-w- c:\windows\RAR.PIF
2010-11-29 06:56 . 2010-12-07 20:38 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-29 06:56 . 2010-12-07 20:38 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-29 06:56 . 2010-12-07 20:38 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-29 06:56 . 2010-12-07 20:38 545 ----a-w- c:\windows\LHA.PIF
2010-11-29 06:56 . 2010-12-07 20:38 545 ----a-w- c:\windows\ARJ.PIF
2010-11-25 07:47 . 2010-11-25 07:47 2250568 ----a-w- c:\windows\system32\ooscrsav.scr
2010-11-25 07:46 . 2010-11-25 07:46 349512 ----a-w- c:\windows\system32\oodbs.exe
2010-11-25 07:45 . 2010-11-25 07:45 535880 ----a-w- c:\windows\system32\oodssrs.dll
2010-11-25 07:44 . 2010-11-25 07:44 9544 ----a-w- c:\windows\system32\oodbsrs.dll
2010-11-22 17:09 . 2010-10-14 13:32 83120 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-11-18 13:38 . 2010-10-13 15:33 24072 ----a-w- c:\windows\gdrv.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="c:\program files (x86)\Windows Live\Messenger\msnmsgr.exe" [2010-09-22 4240760]
"uTorrent"="f:\programy(x86)\uTorrent\uTorrent.exe" [2010-12-15 395640]
"SIDEBAR"="f:\programy(x86)\Desktop Sidebar_old\dsidebar.exe" [2004-09-04 1126400]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2010-12-03 14944136]
"Infium"="f:\programy(x86)\QIP Infium\infium.exe" [2010-12-23 6012800]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2010-11-02 281768]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="f:\programy(x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="f:\programy(x86)\iTunes\iTunesHelper.exe"

R2 AllShare;SAMSUNG AllShare Service;f:\programy(x86)\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-07-16 6638080]
R2 AntiVirFirewallService;Avira Firewall;c:\program files (x86)\Avira\AntiVir Desktop\avfwsvc.exe [2010-11-02 539304]
R2 AntiVirMailService;Avira AntiVir MailGuard;c:\program files (x86)\Avira\AntiVir Desktop\avmailc.exe [2010-11-02 339624]
R2 AntiVirWebService;Avira AntiVir WebGuard;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2010-11-02 403624]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 TeamViewer5;TeamViewer 5;c:\program files (x86)\TeamViewer\Version5\TeamViewer_Service.exe [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-08-26 7767040]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-08-26 279040]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2010-07-15 116240]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RivaTuner64;RivaTuner64;f:\programy(x86)\RivaTuner v2.24 MSI Master Overclocking Arena 2009 edition\RivaTuner64.sys [2010-11-24 19952]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2009-06-10 51712]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2010-09-28 51712]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2010-12-22 154256]
R3 VSPerfDrv100;Performance Tools Driver 10.0;f:\programy(x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2010-03-17 68440]
S1 avfwot;avfwot;c:\windows\system32\DRIVERS\avfwot.sys [2010-11-02 126792]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2010-12-22 226448]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2010-12-22 54864]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-08-26 203264]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2010-11-02 135336]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;f:\programy(x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2011-01-27 2253688]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;f:\programz(x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-12-14 2019648]
S3 avfwim;AvFw Packet Filter Miniport;c:\windows\system32\DRIVERS\avfwim.sys [2010-10-20 98120]
S3 MonitorFunction;Driver for Monitor;c:\windows\system32\DRIVERS\TVMonitor.sys [2011-01-12 16376]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [2011-01-12 35112]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;f:\programz(x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2010-12-22 173840]

.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF4804.cfxxe" [X]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-11-25 4011336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.cz/
mLocal Page = c:\windows\SYSTEM32\blank.htm
IE: Download with GetRight - f:\programy(x86)\GetRight\GRdownload.htm
IE: E&xportovat do aplikace Microsoft Excel - f:\programy\MICROS~1\Office14\EXCEL.EXE/3000
IE: Open with GetRight Browser - f:\programy(x86)\GetRight\GRbrowse.htm
IE: Subscribe in Desktop Sidebar - f:\programy(x86)\Desktop Sidebar_old\sbhelp.dll/menuhandler.html
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: {2038154B-2980-46B6-B116-3AA4AF93D7AF} = 10.0.0.100,10.0.0.200
TCP: {5E509714-6D82-46A5-88A5-B2A714A244E0} = 10.0.0.100,10.0.0.200
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
FF - ProfilePath - c:\users\CZechBoY\AppData\Roaming\Mozilla\Firefox\Profiles\s4n70o8v.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.cz/
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - f:\programy(x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - f:\programy(x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Firebug: firebug@software.joehewitt.com - %profile%\extensions\firebug@software.joehewitt.com
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Greasemonkey: {e4a8a97b-f2ed-450b-b12d-ee082ba24781} - %profile%\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="EFAEAE5E593D7C8716F89B3EA7E79BA1E805394141A7FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B9808A2D97226D213B555BA7FD869164D6794FEBC9E127BECC74C9125369EC5C7D3D1A668AA2C6AD5B15539F8B31581FD2B51542DF10E2B43A4D50719DE93B1F13434A8C98DA47367497E679B42FD1F6B2B0BA99254EF36914815BC48E444E9344D65566EDFA84177140B655C57381562E2A8B4AB9D0BD10774CCD5E746D798B1D6DB66CB5EA92237988D2092092075C74376B5D363BFF6D6289F09F1B45A3D107E33269C75FCB65E4F3A975A25F02883B1E08526EC55F13CD554A32794BAA67B63AC7762485877A926E9E313294D6A82897A0C06B6F6E3F4E4D50206014CFC2119ABCA5D2DD92F58FB1A2B62C9BACBB4177847977230C0C230B399D7C747393528B72C1730817CAD296AAC30EDA02E8F1F354C4304F65269879F71A469C5286D8C7C36D80E33D1F073A03928B14F4B8BD4AEBF37039F35352D71243B1BC76D84B6CA98B3BAB9F5EF1A2535BAE3762E25E386DA64BD65D972D725E02E46B17DB98A9518F85A3E04F7CC061C1B08ABB5DC69826D00B26685F2B3D66B530AC8A24EDF750E404AD36A5DB072F843D6E89738F80D590319A4CF8BDE4C9BC4B6BAFA8A0227E5E5186C6C786041ED6D3A8A5ABF16B3152A568626966CE9DAE05115F737B188200885E221A3E669B01BD3D2D9FE3DA92AF789574AF2E4BC2A4915CC5E25A31ECF0A89F071BFC589099075E6C608DB42B6B081C4500141711DE46EB84A257E119E13CE3A1FB073E0D6D4A65124ED52F86FDCC3E0A0A5F05DD85D7E92A610DEAB490EB4C03A5C57D5883523FCC9CA786C18C90924F8CBD7F51A211B7CB7BD555F1E2A4CEDAAB0CEF0A5C05B3DE2B9985C8A8ABCE56861CC56B062CE78120F653E03DADC8D2A1BAADE46CCF147EF5D6E31B771006755D61ABDFE96566E9EE507827057E0504A11B07018EF3E33C459AEF21F9A28C8F722FE8EFCF8A3299DA8A686F01B064A6A89991A5B08CC8009567ED0D9DF3C12DC3D2FCF34865B589E42244926E3AF74C3009375E6B45C8E3801F59A8F65792CE4A651ACC582570F8822D270C4B675AA6073BDBF24D96024230926C87F8E51E6C5DE80F364F1254694397BC314D8202E9E682DD80F9F01EA6C240F747C05E67486EBCB98D720075750FE5AAEEF57AE233267EB46B87198EE0C0CA7DAECB5136A05D636B0FA1AF1021F6E9E414A7FD311A07AF6B1C701B8224E7BD8DDC9D26344722EB579BB338E6BB4066D2F266576E44532BEE57441A25AD2B303042250175F5283374FA0813C981C485E509B6130EFCEA2A8558DEACF508C7975F798E7A27EFE6B98B5BDDD8BF6333CFC21588CCF64C0610E9572796A22C416F7066316"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
f:\programy(x86)\Fraps\fraps.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Bonjour\mDNSResponder.exe
f:\programy(x86)\Samsung\SAMSUNG PC Share Manager\http_ss_win_pro.exe
c:\program files (x86)\TeamViewer\Version6\TeamViewer.exe
c:\program files (x86)\Windows Live\Contacts\wlcomm.exe
.
**************************************************************************
.
Celkový čas: 2011-02-07 22:21:25 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-02-07 21:21

Před spuštěním: Volných bajtů: 16 584 040 448
Po spuštění: Volných bajtů: 16 124 993 536

- - End Of File - - F430F10D33C9250B0A95AE42EDCFA64A

je to po aktualizaci MbAM, kompletním testu C:\ a vyčištění MbAMem...

po restartu PC a následném automatickém přihlášení se mi objevila jen černá obrazovka, správce úloh vypíše asi 5 procesů, když dám zobrazit procesy všech uživatelů tak to chce potvrdit ale žádný okno se neobjeví, celá obrazovka černá a jen ten správce úloh kterej pusitm přes Ctrl+Shift+Esc
když jsem dal ctrl+alt+del a přepnout uživatele(na sebe) tak se ukáže normal Windows, nechápu ... ale hlavně že to jede

[CZechBoY]

co s tim?

[bledulka]

Ahoj,
tohle máš po smazání mbamem nebo po combofixu?

Restartoval jsi pc a je to pořád stejné?

Stáhni a spusť http://users.telenet.be/marcvn/tools/reglooks.exe
- objeví se červené okno a program bude pracovat.
-po dokončení skenu vyskočí poznámkový blok result.txt- obsah sem zkopíruj
- v případě že na Tebe nevyskočí, najdešho zde c:\result.txt

[CZechBoY]

napsalo mi to nepodporovaný systém

[bledulka]

Zkus to spustit v kompatibilitě a xp, uvidíme. Je to jen skener, chtěla jsem vidět, jeslti nemáš nějaké došahané registry.
I po restartu je pořád vše stejné? Je to po mbamu nebo combofixu? A v druhém uživatelském učtu je vše ok?

[CZechBoY]

nevim, mám tu jen účet svůj a Administratora(asi), ale toho neloguju
po restartu to bylo ok, zatim jsem ještě neresetoval, ale vypadá to v poho, akorát se to občas hryzne, přestane hrát hudba a za 2s se to zase rozjede, CPU graf zatížení běhá spíš ve vyšších hodnotách... paměť je překvapivě nízko využitá, cca 50%, předtim jsem míval i 80% (4GB)
po ComboFixu asi, mbam sem už pak nedělal myslim

[bledulka]

Odinstaluj combofix přes
Start >> Spustit zkopíruj do okénka:
ComboFix /Uninstall

stiskni Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


Stáhni OTL
http://oldtimer.geekstogo.com/OTL.exe
-do spodního okénka vlož tento skript:

Kód: Vybrat vše

netsvcs
drivers32
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s
c:\windows\*.* /U
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
nvrd32.sys
symmpi.sys
ndis.sys
winlogon.exe
explorer.exe
userinit.exe
lsass.exe
svchost.exe
smss.exe
hal.dll
ws2_32.dll
/md5stop
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c


-dej fajfku do čtverečku u řádku Pro všechny uživatele
-nech ostatní položky jak je nastaveno na screenu
- potvrď tlačítko Prohledat.
-provede se sken, log OTL.Txt sem vlož