Prosím o kontrolu logu počítač se pomalý a nestabilní

[Gonycz]

No řekl bych že ne protože jak jsem poslal komentář tak mi spadl net a už nechtěl opět najed tak jsem zase udělal kontrolu přes Malwarebytes Anti-Malware a musel vymazat havět a restartovat pc potom zase najel net bez problému tu jsou logy před samazáním a po smazání

Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.06.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gonycz :: GONY [administrátor]

Ochrana: Zakázána

6.5.2013 20:12:17
MBAM-log-2013-05-06 (20-13-38).txt

Typ: Blesková kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: Registr | Systémové soubory | P2P
Kontrolované objekty: 166308
Uplynulý čas: 1 minut, 12 sekund

Nalezené procesy v paměti: 1
C:\WINDOWS\yndrive32.exe (Trojan.Zbot.HE) -> 84716 -> Nebyla provedena žádná instrukce.

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Driver Setup (Trojan.Zbot.HE) -> Data: C:\WINDOWS\yndrive32.exe -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Driver Setup (Trojan.Zbot.HE) -> Data: C:\WINDOWS\yndrive32.exe -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|proxzy0229 (Worm.Autorun) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.AutoRun) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe,explorer.exe,explorer.exe -> Nebyla provedena žádná instrukce.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe -> Nebyla provedena žádná instrukce.

Nalezené datové položky v registru: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Worm.Autorun) -> Špatný: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe) Dobrý: () -> Nebyla provedena žádná instrukce.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Špatný: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe,explorer.exe,explorer.exe) Dobrý: (Explorer.exe) -> Nebyla provedena žádná instrukce.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\WINDOWS\yndrive32.exe (Trojan.Zbot.HE) -> Nebyla provedena žádná instrukce.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe (Worm.Autorun) -> Nebyla provedena žádná instrukce.

(konec)


Malwarebytes Anti-Malware (Zkušební verze Malwarebytes Anti-Malware.) 1.75.0.1300
www.malwarebytes.org

Verze: v2013.05.06.05

Windows XP Service Pack 3 x86 NTFS
Internet Explorer 8.0.6001.18702
Gonycz :: GONY [administrátor]

Ochrana: Zakázána

6.5.2013 20:12:17
mbam-log-2013-05-06 (20-12-17).txt

Typ: Blesková kontrola
Nastavení kontroly povoleno: Paměť | Po spuštění | Heuristická analýza Extra | Heuristická analýza Shuriken | PUP | PUM
Nastavení kontroly zakázáno: Registr | Systémové soubory | P2P
Kontrolované objekty: 166308
Uplynulý čas: 1 minut, 12 sekund

Nalezené procesy v paměti: 1
C:\WINDOWS\yndrive32.exe (Trojan.Zbot.HE) -> 84716 -> Bude smazán při restartu.

Nalezené moduly v paměti: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené klíče v registru: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené hodnoty v registru: 5
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Microsoft Driver Setup (Trojan.Zbot.HE) -> Data: C:\WINDOWS\yndrive32.exe -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|Microsoft Driver Setup (Trojan.Zbot.HE) -> Data: C:\WINDOWS\yndrive32.exe -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|proxzy0229 (Worm.Autorun) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe -> Přesun do karantény a smazání se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Worm.AutoRun) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe,explorer.exe,explorer.exe -> Přesun do karantény a smazání se zdařilo.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Trojan.Agent) -> Data: C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe -> Přesun do karantény a smazání se zdařilo.

Nalezené datové položky v registru: 2
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Taskman (Worm.Autorun) -> Špatný: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe) Dobrý: () -> Přesun do karantény a opravení se zdařilo.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell) -> Špatný: (C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe,explorer.exe,explorer.exe) Dobrý: (Explorer.exe) -> Přesun do karantény a opravení se zdařilo.

Nalezené složky: 0
(Žádné škodlivé položky nebyly zjištěny)

Nalezené soubory: 2
C:\WINDOWS\yndrive32.exe (Trojan.Zbot.HE) -> Bude smazán při restartu.
C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe (Worm.Autorun) -> Přesun do karantény a smazání se zdařilo.

(konec)

[vyosek]

Odkud se ta mrcha porad natahuje

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  KillAll::
  
  Collect::
  C:\WINDOWS\yndrive32.exe
  C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
  
  Rootkit::
  C:\WINDOWS\yndrive32.exe
  C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259\proxzy129.exe
  
  Folder::
  C:\RECYCLER\S-1-5-21-0243556031-888888379-781863308-13259
  
  ClearJavaCache::
  
  Reboot::

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

[Gonycz]

ComboFix 13-05-06.03 - Gonycz 06.05.2013 21:14:32.3.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2047.1591 [GMT 2:00]
Spuštěný z: c:\documents and settings\Gonycz\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Gonycz\Plocha\CFScript.txt.txt
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Gonycz\Data aplikací\CF0.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-04-06 do 2013-05-06 )))))))))))))))))))))))))))))))
.
.
2013-05-06 18:15 . 2013-05-06 18:03 128512 ------w- c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr
2013-05-06 18:00 . 2013-05-06 18:00 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\CF2.exe
2013-05-06 18:00 . 2013-05-06 18:00 125458 --sh--w- c:\documents and settings\Gonycz\Data aplikací\CF1.exe
2013-05-06 18:00 . 2013-05-06 18:00 -------- d-----w- C:\_OTL
2013-05-06 17:10 . 2013-05-06 18:16 -------- d-----w- c:\documents and settings\Gonycz\Local Settings\Data aplikací\LogMeIn Hamachi
2013-05-06 17:10 . 2013-05-06 19:24 -------- d-----w- c:\documents and settings\LocalService\Local Settings\Data aplikací\LogMeIn Hamachi
2013-05-06 17:09 . 2013-05-06 17:09 -------- d-----w- c:\program files\LogMeIn Hamachi
2013-05-06 16:35 . 2013-05-06 16:35 512 ----a-w- C:\PhysicalMBR.bin
2013-05-04 04:40 . 2013-05-04 04:44 -------- d-----w- c:\program files\AMD
2013-05-04 04:33 . 2013-05-04 04:33 -------- d-----w- c:\windows\SxsCaPendDel
2013-05-03 18:44 . 2008-04-13 20:05 20992 -c--a-w- c:\windows\system32\dllcache\rtl8139.sys
2013-05-03 18:44 . 2008-04-13 20:05 20992 ----a-w- c:\windows\system32\drivers\RTL8139.sys
2013-05-03 11:37 . 2013-05-06 18:03 128512 ----a-w- c:\documents and settings\Gonycz\Data aplikací\temp.bin
2013-05-03 09:42 . 2013-05-03 09:42 -------- d-----w- c:\documents and settings\Gonycz\Local Settings\Data aplikací\Sun
2013-05-03 08:58 . 2013-05-03 08:58 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\Malwarebytes
2013-05-03 08:58 . 2013-05-03 08:58 -------- d-----w- c:\documents and settings\All Users\Data aplikací\Malwarebytes
2013-05-03 08:58 . 2013-05-03 09:01 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-05-03 08:58 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-05-03 08:23 . 2013-05-03 08:23 -------- d-----w- c:\program files\Common Files\Java
2013-05-03 08:22 . 2013-05-03 08:22 144896 ----a-w- c:\windows\system32\javacpl.cpl
2013-05-03 08:22 . 2013-05-03 08:22 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-05-02 20:05 . 2013-05-03 14:52 -------- d---a-w- c:\documents and settings\All Users\Data aplikací\TEMP
2013-05-02 20:05 . 2013-05-02 20:05 -------- d-----w- c:\documents and settings\All Users\Data aplikací\StarApp
2013-05-02 19:05 . 2013-05-02 19:05 -------- d-----w- c:\program files\trend micro
2013-05-02 19:05 . 2013-05-02 19:05 -------- d-----w- C:\rsit
2013-05-01 08:15 . 2013-05-01 08:15 53248 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\msihook.dll
2013-05-01 08:15 . 2013-05-01 08:15 126976 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\knlwrap.exe
2013-05-01 08:15 . 2013-05-01 08:15 114688 ----a-w- c:\program files\Common Files\InstallShield\engine\6\Intel 32\scpthdlr.dll
2013-04-27 07:55 . 2013-05-06 06:48 -------- d-----w- c:\documents and settings\Gonycz\Data aplikací\vlc
2013-04-26 13:39 . 2004-06-17 11:19 155648 ----a-w- c:\windows\system32\ssleay32.dll
2013-04-26 13:39 . 2004-06-17 11:19 688128 ----a-w- c:\windows\system32\libeay32.dll
2013-04-26 13:39 . 2000-01-31 02:00 25600 ----a-w- c:\windows\system32\BORLNDMM.DLL
2013-04-26 13:39 . 2000-01-31 02:00 219648 ----a-w- c:\windows\system32\cg32.dll
2013-04-26 13:39 . 2000-01-31 02:00 1496064 ----a-w- c:\windows\system32\cc3250mt.dll
2013-04-16 07:41 . 2013-04-16 07:41 -------- d-sh--w- c:\documents and settings\Gonycz\IECompatCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-03 08:22 . 2012-09-15 05:05 866720 ----a-w- c:\windows\system32\npdeployJava1.dll
2013-05-03 08:22 . 2012-07-22 10:25 788896 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-13 08:01 . 2013-02-12 07:18 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-13 08:01 . 2013-02-12 07:18 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 08:01 . 2013-03-13 08:01 16486616 ----a-w- c:\windows\system32\FlashPlayerInstaller.exe
2013-02-24 07:52 . 2013-01-20 08:33 445016 ----a-w- c:\windows\system32\wrap_oal.dll
2013-02-24 07:52 . 2013-01-20 08:33 109144 ----a-w- c:\windows\system32\OpenAL32.dll
2013-02-22 09:29 . 2013-02-22 09:29 43520 ----a-w- c:\windows\system32\CmdLineExt03.dll
2013-04-12 06:49 . 2013-04-12 06:49 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
"Screen Saver Pro 3.1"="c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr" [2013-05-06 128512]
"Screen Saver Pro 3.1"="c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr" [2013-05-06 128512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"="c:\program files\kX Audio Driver\3550\kxmixer.exe" [2009-09-17 546312]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-12-14 2255360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Hry\\Pro Evolution Soccer 2011\\pes2011.exe"=
"c:\\Programy\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Hry\\Counter-Strike 1.6\\hl.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Hry\\ANNO 1404\\Anno4.exe"=
"c:\\Hry\\ANNO 1404\\tools\\Anno4Web.exe"=
"c:\\Hry\\ANNO 1404\\tools\\Benchmark.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"5910:TCP"= 5910:TCP:vnc5910
.
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\drivers\dtsoftbus01.sys [15.7.2012 19:50 242240]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [14.12.2012 11:08 1436160]
R3 kxwdmdrv;kX WDM Driver Service;c:\windows\system32\drivers\kx.sys [22.1.2007 2:59 607496]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [3.5.2013 10:58 22856]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [3.5.2013 10:58 701512]
S3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\drivers\ewusbdev.sys [26.1.2013 20:40 100736]
S3 RT2400;RT2400 Wireless Driver;c:\windows\system32\drivers\RT2400.sys [24.8.2012 16:12 62848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 05:56 1642448 ----a-w- c:\program files\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.google.com
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Přizpůsobit Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: RF Nástrojová lišta - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Uložit formuláře - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
IE: Vyplnit formulář - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
TCP: Interfaces\{86996986-2DF9-4088-A446-6C8E01845350}: NameServer = 62.129.50.20,85.135.32.100
TCP: Interfaces\{E3B0F0E5-1AC6-405C-96B0-4072B3D1F944}: NameServer = 62.129.50.20,85.135.32.100
FF - ProfilePath - c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2013-05-03 07:18; auigebgve@aobo.com; c:\documents and settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\extensions\auigebgve@aobo.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-05-06 21:24
Windows 5.1.2600 Service Pack 3 NTFS
.
detected NTDLL code modification:
ZwEnumerateValueKey, ZwQueryDirectoryFile
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
Vaicix = c:\documents and settings\Gonycz\Data aplikac?\Microsoft\Vaicix.exe
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Vaicix"="c:\\Documents and Settings\\Gonycz\\Data aplikací\\Microsoft\\Vaicix.exe"
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(620)
c:\windows\system32\Ati2evxx.dll
.
- - - - - - - > 'explorer.exe'(2912)
c:\windows\system32\msi.dll
c:\windows\system32\webcheck.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\windows\system32\mspaint.exe
c:\progra~1\MICROS~4\rapimgr.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Celkový čas: 2013-05-06 21:27:12 - počítač byl restartován
ComboFix-quarantined-files.txt 2013-05-06 19:27
ComboFix2.txt 2013-05-05 06:55
ComboFix3.txt 2013-05-04 09:08
.
Před spuštěním: Volných bajtů: 36 318 679 040
Po spuštění: Volných bajtů: 36 310 577 152
.
- - End Of File - - CEF59723409FBEFA0A3CB29A2CB2FB85

[vyosek]

Otevrete si poznamkovy blok

• Start->spustit->notepad
• Vlozte text nize

• Kód: Vybrat vše

  REGEDIT4
  
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Vaicix"=-
  [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
  "26675:TCP"=-
  "5910:TCP"=-
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Screen Saver Pro 3.1"=-
  "Screen Saver Pro 3.1"=-

• Soubor ulozte jako oprava.reg
• Pri ukladani dejte ulozit jako typ Vsechny soubory (nastevni je uvedeno na obrazku nize)
• 
• Zavrit notepad ale vytvoreny soubor nespoustejte
• Soubor oprava.reg ulozte primo na disk c:\ tak aby nebyl v zadne slozce (cesta tedy bude c:\oprava.reg)

Stahnete Avenger http://forum.viry.cz//viewtopic.php?f=11&t=19832

• Pokud pouzivate Win Vista ci W7, kliknete na Avenger pravym a dejte Run As Administrator ci Spustit jako spravce
• Po spusteni Vas program upozorni, ze vse co delate, delate na vlastni riziko - Dejte OK
• Po potvrzeni uz na Vas koukne hlavni okno, kam vlozite skript, ktery mate nize

• Kód: Vybrat vše

  Files to delete:
  c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr
  c:\documents and settings\Gonycz\Data aplikací\temp.bin
  c:\documents and settings\Gonycz\Data aplikací\CF2.exe
  c:\documents and settings\Gonycz\Data aplikací\CF1.exe
  c:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe
  
  Programs launch on reboot:
  c:\oprava.reg
  

• Do ctverecku u Scan for rootkits a Automatically disable any rootkits found dejte fajecku
• Nyni uz kliknete na Execute a potvrdte Yes v nasledujicim okne - timto potvrdite spusteni skriptu
• Na otazku Reboot now odpovezte opet OK - timto se PC restartuje
• Po restartu by se mel otevrit poznamkovy blok s logem a jeho obsah vlozte sem. Pokud se tak nestane, naleznete pozadovany dokument v C:\avenger.txt

[Gonycz]

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!

File "c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr" deleted successfully.
File "c:\documents and settings\Gonycz\Data aplikací\temp.bin" deleted successfully.
File "c:\documents and settings\Gonycz\Data aplikací\CF2.exe" deleted successfully.
File "c:\documents and settings\Gonycz\Data aplikací\CF1.exe" deleted successfully.
File "c:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe" deleted successfully.

Error: file "Programs launch on reboot:" not found!
Deletion of file "Programs launch on reboot:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\oprava.reg" not found!
Deletion of file "c:\oprava.reg" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Completed script processing.

*******************

Finished! Terminate.

[vyosek]

Mel jste na c:\ ten soubor oprava.reg? dle logu z Avengeru to vypada ze ne

Pomalu se bojim zeptat, nastala nejaka zmena?

[Gonycz]

zatím jsem neměl žádný problém s ničím vypadá to, že to možná bude ok. Tady je log se správně vloženým souborem

Logfile of The Avenger Version 2.0, (c) by Swandog46
http://swandog46.geekstogo.com

Platform: Windows XP

*******************

Script file opened successfully.
Script file read successfully.

Backups directory opened successfully at C:\Avenger

*******************

Beginning to process script file:

Rootkit scan active.
No rootkits found!


Error: file "c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr" not found!
Deletion of file "c:\documents and settings\Gonycz\Data aplikací\ScreenSaverPro.scr" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\Gonycz\Data aplikací\temp.bin" not found!
Deletion of file "c:\documents and settings\Gonycz\Data aplikací\temp.bin" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\Gonycz\Data aplikací\CF2.exe" not found!
Deletion of file "c:\documents and settings\Gonycz\Data aplikací\CF2.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\documents and settings\Gonycz\Data aplikací\CF1.exe" not found!
Deletion of file "c:\documents and settings\Gonycz\Data aplikací\CF1.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "c:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe" not found!
Deletion of file "c:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist


Error: file "Programs launch on reboot:" not found!
Deletion of file "Programs launch on reboot:" failed!
Status: 0xc0000034 (STATUS_OBJECT_NAME_NOT_FOUND)
--> the object does not exist

File "c:\oprava.reg" deleted successfully.

Completed script processing.

*******************

Finished! Terminate.

[vyosek]

Ze by se nam zadarilo

Poprosim o novy log z RSIT http://forum.viry.cz/viewtopic.php?t=81939

[Gonycz]

Logfile of random's system information tool 1.09 (written by random/random)
Run by Gonycz at 2013-05-06 22:38:29
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 35 GB (26%) free of 131 GB
Total RAM: 2047 MB (78% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:38:33, on 6.5.2013
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\kX Audio Driver\3550\kxmixer.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Program Files\Microsoft ActiveSync\wcescomm.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\MICROS~4\rapimgr.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\Program Files\Google\Update\1.3.21.145\GoogleCrashHandler.exe
C:\WINDOWS\system32\inetsrv\inetinfo.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\WINDOWS\system32\HPZipm12.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\Gonycz\Plocha\RSIT.exe
C:\Program Files\trend micro\Gonycz.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: RoboForm BHO - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: &RoboForm Toolbar - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O4 - HKLM\..\Run: [kX Mixer] C:\Program Files\kX Audio Driver\3550\kxmixer.exe --startup
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe"
O4 - HKCU\..\Run: [Vaicix] C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe
O4 - HKCU\..\Run: [Screen Saver Pro 3.1] C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Přizpůsobit Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
O8 - Extra context menu item: RF Nástrojová lišta - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
O8 - Extra context menu item: Uložit formuláře - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
O8 - Extra context menu item: Vyplnit formulář - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
O9 - Extra button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra 'Tools' menuitem: Vytvořit mobilní oblíbenou položku… - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\PROGRA~1\MICROS~4\INetRepl.dll
O9 - Extra button: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Vyplnit formulář - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Uložit - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: Uložit formuláře - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Show Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra 'Tools' menuitem: RF Nástrojová lišta - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{86996986-2DF9-4088-A446-6C8E01845350}: NameServer = 62.129.50.20,85.135.32.100
O17 - HKLM\System\CCS\Services\Tcpip\..\{E3B0F0E5-1AC6-405C-96B0-4072B3D1F944}: NameServer = 62.129.50.20,85.135.32.100
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Proces mezipaměti kategorií součástí - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe

--
End of file - 7723 bytes

=========Mozilla firefox=========

ProfilePath - C:\Documents and Settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default

"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.180 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\WINDOWS\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Documents and Settings\Gonycz\Data aplikací\Mozilla\Firefox\Profiles\43y27pt6.default\extensions\
auigebgve@aobo.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{724d43a9-0d85-11d4-9908-00400523e39a}]
RoboForm Toolbar Helper - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2012-12-31 4868096]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-05-03 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-05-03 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{724d43a0-0d85-11d4-9908-00400523e39a} - &RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll [2012-12-31 4868096]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"kX Mixer"=C:\Program Files\kX Audio Driver\3550\kxmixer.exe [2009-09-18 546312]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-12-14 2255360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"=C:\Program Files\Microsoft ActiveSync\wcescomm.exe [2006-11-13 1289000]
"Vaicix"=C:\Documents and Settings\Gonycz\Data aplikací\Microsoft\Vaicix.exe []
"Screen Saver Pro 3.1"=C:\Documents and Settings\Gonycz\Data aplikací\ScreenSaverPro.scr []
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2010-02-11 155648]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe"="C:\Program Files\HP\HP Deskjet 2050 J510 series\Bin\USBSetup.exe:LocalSubNet:Enabled:Instalace zařízení HP"
"C:\Hry\Pro Evolution Soccer 2011\pes2011.exe"="C:\Hry\Pro Evolution Soccer 2011\pes2011.exe:*:Enabled:Pro Evolution Soccer 2011"
"C:\Programy\uTorrent\uTorrent.exe"="C:\Programy\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe"="C:\Program Files\Ubisoft\Ubisoft Game Launcher\UbisoftGameLauncher.exe:*:Enabled:Ubisoft Game Launcher"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"
"C:\Hry\Counter-Strike 1.6\hl.exe"="C:\Hry\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Hry\ANNO 1404\Anno4.exe"="C:\Hry\ANNO 1404\Anno4.exe:*:Enabled:ANNO 1404"
"C:\Hry\ANNO 1404\tools\Anno4Web.exe"="C:\Hry\ANNO 1404\tools\Anno4Web.exe:*:Enabled:Web ANNO 1404"
"C:\Hry\ANNO 1404\tools\Benchmark.exe"="C:\Hry\ANNO 1404\tools\Benchmark.exe:*:Enabled:Anno 1404 Setup Benchmark"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Mozilla Firefox"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Microsoft ActiveSync\rapimgr.exe"="C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager"
"C:\Program Files\Microsoft ActiveSync\wcescomm.exe"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager"
"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe"="C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"VIDC.FMVC"=fmcodec.dll
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv

======List of files/folders created in the last 1 month======

2013-05-06 22:24:00 ----A---- C:\avenger.txt
2013-05-06 21:52:12 ----D---- C:\Avenger
2013-05-06 21:27:18 ----D---- C:\WINDOWS\temp
2013-05-06 21:27:15 ----A---- C:\ComboFix.txt
2013-05-06 20:00:28 ----D---- C:\_OTL
2013-05-06 19:09:43 ----D---- C:\Program Files\LogMeIn Hamachi
2013-05-04 10:53:56 ----A---- C:\Boot.bak
2013-05-04 10:53:50 ----RASHD---- C:\cmdcons
2013-05-04 10:52:04 ----A---- C:\WINDOWS\zip.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\SWXCACLS.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\SWSC.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\SWREG.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\sed.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\PEV.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\NIRCMD.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\MBR.exe
2013-05-04 10:52:04 ----A---- C:\WINDOWS\grep.exe
2013-05-04 10:51:39 ----AD---- C:\Qoobox
2013-05-04 10:51:23 ----D---- C:\WINDOWS\erdnt
2013-05-04 07:02:46 ----ASH---- C:\pagefile.sys
2013-05-04 06:47:01 ----A---- C:\WINDOWS\UPGRADE.TXT
2013-05-04 06:40:38 ----D---- C:\Program Files\AMD
2013-05-04 06:33:15 ----D---- C:\WINDOWS\SxsCaPendDel
2013-05-03 20:44:35 ----A---- C:\WINDOWS\system32\drivers\RTL8139.sys
2013-05-03 20:26:42 ----A---- C:\AdwCleaner[R3].txt
2013-05-03 19:18:49 ----A---- C:\AdwCleaner[S1].txt
2013-05-03 19:14:08 ----A---- C:\AdwCleaner[R2].txt
2013-05-03 16:56:59 ----A---- C:\AdwCleaner[R1].txt
2013-05-03 10:58:15 ----D---- C:\Documents and Settings\Gonycz\Data aplikací\Malwarebytes
2013-05-03 10:58:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Malwarebytes
2013-05-03 10:58:04 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2013-05-03 10:58:04 ----A---- C:\WINDOWS\system32\drivers\mbam.sys
2013-05-03 10:23:26 ----D---- C:\Program Files\Common Files\Java
2013-05-03 10:22:48 ----A---- C:\WINDOWS\system32\javaws.exe
2013-05-03 10:22:45 ----A---- C:\WINDOWS\system32\WindowsAccessBridge.dll
2013-05-03 10:22:45 ----A---- C:\WINDOWS\system32\javaw.exe
2013-05-03 10:22:45 ----A---- C:\WINDOWS\system32\java.exe
2013-05-02 22:05:47 ----AD---- C:\Documents and Settings\All Users\Data aplikací\TEMP
2013-05-02 22:05:35 ----D---- C:\Documents and Settings\All Users\Data aplikací\StarApp
2013-05-02 21:05:21 ----D---- C:\Program Files\trend micro
2013-05-02 21:05:20 ----D---- C:\rsit
2013-04-27 09:55:44 ----D---- C:\Documents and Settings\Gonycz\Data aplikací\vlc
2013-04-26 15:39:56 ----A---- C:\WINDOWS\system32\ssleay32.dll
2013-04-26 15:39:56 ----A---- C:\WINDOWS\system32\libeay32.dll
2013-04-26 15:39:56 ----A---- C:\WINDOWS\system32\cg32.dll
2013-04-26 15:39:56 ----A---- C:\WINDOWS\system32\cc3250mt.dll
2013-04-26 15:39:56 ----A---- C:\WINDOWS\system32\BORLNDMM.DLL
2013-04-12 08:49:47 ----D---- C:\Program Files\Mozilla Firefox

======List of files/folders modified in the last 1 month======

2013-05-06 22:28:52 ----D---- C:\WINDOWS\system32
2013-05-06 22:28:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2013-05-06 22:24:58 ----D---- C:\WINDOWS\system32\inetsrv
2013-05-06 22:24:00 ----D---- C:\WINDOWS\system32\drivers
2013-05-06 22:24:00 ----D---- C:\WINDOWS
2013-05-06 22:23:11 ----A---- C:\WINDOWS\SchedLgU.Txt
2013-05-06 21:52:12 ----SD---- C:\Documents and Settings\Gonycz\Data aplikací\Microsoft
2013-05-06 21:24:13 ----A---- C:\WINDOWS\system.ini
2013-05-06 21:24:04 ----D---- C:\WINDOWS\system32\drivers\etc
2013-05-06 21:19:21 ----D---- C:\WINDOWS\AppPatch
2013-05-06 21:19:18 ----D---- C:\Program Files\Common Files
2013-05-06 21:13:08 ----D---- C:\WINDOWS\system32\CatRoot2
2013-05-06 21:12:19 ----D---- C:\WINDOWS\Prefetch
2013-05-06 20:53:33 ----D---- C:\Documents and Settings\Gonycz\Data aplikací\Centrum Mail
2013-05-06 20:15:11 ----D---- C:\WINDOWS\Network Diagnostic
2013-05-06 20:00:39 ----SD---- C:\WINDOWS\Tasks
2013-05-06 20:00:39 ----D---- C:\WINDOWS\twain_32
2013-05-06 19:10:15 ----SHD---- C:\WINDOWS\Installer
2013-05-06 19:10:14 ----D---- C:\Config.Msi
2013-05-06 19:09:53 ----HD---- C:\WINDOWS\inf
2013-05-06 19:09:43 ----RD---- C:\Program Files
2013-05-06 09:33:20 ----HDC---- C:\WINDOWS\ie8
2013-05-05 20:35:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2013-05-05 20:35:36 ----D---- C:\WINDOWS\system32\ReinstallBackups
2013-05-05 09:03:33 ----D---- C:\WINDOWS\SoftwareDistribution
2013-05-05 08:50:37 ----D---- C:\WINDOWS\system32\config
2013-05-05 08:16:41 ----D---- C:\WINDOWS\Provisioning
2013-05-04 16:16:03 ----D---- C:\WINDOWS\Registration
2013-05-04 10:53:56 ----RASH---- C:\boot.ini
2013-05-04 07:13:59 ----A---- C:\WINDOWS\win.ini
2013-05-04 07:12:56 ----D---- C:\WINDOWS\Resources
2013-05-04 07:03:45 ----D---- C:\WINDOWS\pss
2013-05-04 06:44:53 ----DC---- C:\WINDOWS\system32\DRVSTORE
2013-05-04 06:32:55 ----D---- C:\Documents and Settings\All Users\Data aplikací\Apple
2013-05-03 14:46:51 ----SHD---- C:\System Volume Information
2013-05-03 14:46:51 ----D---- C:\WINDOWS\system32\Restore
2013-05-03 13:36:39 ----D---- C:\WINDOWS\Logs
2013-05-03 10:50:06 ----D---- C:\Program Files\Aplikace MB
2013-05-03 10:40:09 ----D---- C:\Poker
2013-05-03 10:22:32 ----A---- C:\WINDOWS\system32\npdeployJava1.dll
2013-05-03 10:22:32 ----A---- C:\WINDOWS\system32\deployJava1.dll
2013-05-03 10:22:29 ----D---- C:\Program Files\Java
2013-05-03 10:21:38 ----D---- C:\Documents and Settings\Gonycz\Data aplikací\Adobe
2013-05-03 10:21:38 ----D---- C:\Documents and Settings\All Users\Data aplikací\Adobe
2013-05-01 15:23:27 ----D---- C:\Program Files\kX Audio Driver
2013-05-01 10:16:29 ----D---- C:\Hry
2013-04-29 19:57:28 ----D---- C:\Documents and Settings\Gonycz\Data aplikací\FileZilla
2013-04-27 22:03:55 ----D---- C:\Program Files\PokerStars
2013-04-13 08:42:58 ----D---- C:\Program Files\Mozilla Maintenance Service

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 gagp30kx;Filtr Microsoft Generic AGPv3.0 pro procesorovou platformu K8; C:\WINDOWS\system32\DRIVERS\gagp30kx.sys [2008-04-14 46464]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2012-11-18 9216]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\WINDOWS\system32\DRIVERS\dtsoftbus01.sys [2012-07-15 242240]
R1 kbdhid;Ovladač klávesnice standardu HID; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R1 WS2IFSL;Windows Socket 2.0 Non-IFS Service Provider Support Environment; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2013-01-06 281760]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2013-01-06 25888]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2010-02-11 3565056]
R3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 kxwdmdrv;kX WDM Driver Service; C:\WINDOWS\system32\drivers\kx.sys [2009-09-18 607496]
R3 MBAMProtector;MBAMProtector; \??\C:\WINDOWS\system32\drivers\mbam.sys []
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-25 12160]
R3 rtl8139;Realtek RTL8139(A/B/C)-based PCI Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\RTL8139.SYS [2008-04-13 20992]
R3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2012-11-18 14336]
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\system32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 FETNDIS;VIA PCI 10/100Mb Fast Ethernet Adapter NT Driver; C:\WINDOWS\system32\DRIVERS\fetnd5.sys [2001-08-17 27165]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2004-12-15 51120]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2004-12-15 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2004-12-15 21744]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\WINDOWS\system32\DRIVERS\ewusbmdm.sys [2009-09-10 102528]
S3 hwusbdev;Huawei DataCard USB PNP Device; C:\WINDOWS\system32\DRIVERS\ewusbdev.sys [2009-10-12 100736]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2012-06-11 19072]
S3 RT2400;RT2400 Wireless Driver; C:\WINDOWS\system32\DRIVERS\RT2400.sys [2004-03-01 62848]
S3 usb_rndisx;Adaptér USB RNDIS; C:\WINDOWS\system32\DRIVERS\usb8023x.sys [2008-04-14 12800]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2010-02-11 602112]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-12-14 1436160]
R2 IISADMIN;Správa služby IIS; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2004-09-29 69632]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2013-01-05 75136]
R2 W3SVC;Publikování na webu; C:\WINDOWS\system32\inetsrv\inetinfo.exe [2008-04-14 15872]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2010-02-10 593920]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05 116648]
S2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-03-13 253656]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2013-02-05 116648]
S3 idsvc;Služba Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetTcpPortSharing;Služba sdílení portů Net.Tcp; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

[vyosek]

Skript pro OTL, klik na Opravit, log pak sem

Kód: Vybrat vše

:reg
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Vaicix"=-
"Screen Saver Pro 3.1"=-
"ctfmon.exe"=-

:commands
[REBOOT]

[Gonycz]

kde prosim najdu log?Nezobrazily jse mi po restartu pc

[vyosek]

C:\_OTL\MovedFiles\datum_cas_aplikace

[Gonycz]

========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Vaicix deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Screen Saver Pro 3.1 deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ctfmon.exe deleted successfully.
========== COMMANDS ==========

OTL by OldTimer - Version 3.2.69.0 log created on 05062013_224732

[vyosek]

Tak jeste uklidime

Odinstalujte Combofix

• Prejmenujte ComboFix na Uninstall
• Spustte jej
• Tohle smaze Combofix a jeho slozky

MBAM muzete odinstalovat nebo nechat na obcasny sken - v pripade nalezu velmi doporucuji dat sem log na posouzeni, at si neodstrelite neco legitimniho

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

• Stahnete a spustte
• Pro potvrzeni volby mackejte A, Enter
• Po pouziti utilitu smazte
• Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

• Stahnete a spustte
• Kliknete na CleanUp a potvrdte YES
• Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

• Stahnete a spustte
• Kliknete na Start a potvrdte OK
• Program uklidi a restartuje pc
• Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

• Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

• dejte Hledej problémy
• nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
• postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

• Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92 jelikoz tam nevidim zadny bezpecnostni SW

Dejte novy log z RSIT a napiste ci jsou nejake problemy

[Gonycz]

Dlouhý seznam to uzž nechám na zítra upadám do komatu. Jinak Vám mnohokrát děkuji PC je výrazně rychlejší a já mohu bez nervů pracovat. Zítra se ozvu ještě jednou děkuji za vložení času a rad