preventivka

[vyosek]

Spustte znovu OTL

• Pokud pouzivate Win Vista ci W7, kliknete na OTL pravym a dejte Run As Administrator ci Spustit jako spravce
• Do spodniho okenka Vlastni skenovani/opravy vlozte skript nize

• Kód: Vybrat vše

  :otl
  DRV - [2010.06.29 21:42:21 | 000,025,616 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Users\hp\AppData\Local\Temp\YODA64A.tmp -- (GarenaPEngine)
  IE - HKLM\..\URLSearchHook: {2c650b7d-aa32-4798-af1a-fd8ef806d89f} - Reg Error: Key error. File not found
  FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
  O3 - HKU\S-1-5-21-1772001885-842767137-95017056-1000\..\Toolbar\WebBrowser: (no name) - {2C650B7D-AA32-4798-AF1A-FD8EF806D89F} - No CLSID value found.
  O3 - HKU\S-1-5-21-1772001885-842767137-95017056-1000\..\Toolbar\WebBrowser: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
  O3 - HKU\S-1-5-21-1772001885-842767137-95017056-1000\..\Toolbar\WebBrowser: (no name) - {4B3803EA-5230-4DC3-A7FC-33638F3D3542} - No CLSID value found.
  O4 - HKLM..\Run: [hpqSRMon] File not found
  O4 - HKLM..\Run: [mspaint] C:\Windows\System32\Paint.exe File not found
  O4 - HKLM..\Run: [Z810SysStart] D:\internet\sysctrl.exe File not found
  O4 - HKU\S-1-5-21-1772001885-842767137-95017056-1000..\Run: [Z810SysStart] D:\internet\sysctrl.exe File not found
  O33 - MountPoints2\{017b8185-7ecb-11df-8e51-00238b893fd6}\Shell - "" = AutoRun
  O33 - MountPoints2\{c0e4589d-fc7e-11dd-8eb3-806e6f6e6963}\Shell - "" = AutoRun
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
  O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
  
  :files
  C:\WINDOWS\system32\*.tmp.dll /s
  C:\WINDOWS\system32\SET*.tmp /s
  C:\WINDOWS\*.tmp /s
  
  :reg
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
  "Z810SysStart"=-
  [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\not active]
  "DAEMON Tools Lite"=-
  "UIWatcher"=-
  
  :commands
  [EMPTYTEMP]
  [EMPTYFLASH]
  [CLEARALLRESTOREPOINTS]

• Nasledne kliknete na Opravit
• PC provede opravu, restartuje se a da Vam log, jeho obsah vlozte sem

[stancoj]

All processes killed
========== OTL ==========
Service GarenaPEngine stopped successfully!
Service GarenaPEngine deleted successfully!
C:\Users\hp\AppData\Local\Temp\YODA64A.tmp moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{2c650b7d-aa32-4798-af1a-fd8ef806d89f} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2c650b7d-aa32-4798-af1a-fd8ef806d89f}\ not found.
Prefs.js: "http://en-US.start3.mozilla.com/firefox ... S:official" removed from browser.startup.homepage
Registry value HKEY_USERS\S-1-5-21-1772001885-842767137-95017056-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2C650B7D-AA32-4798-AF1A-FD8EF806D89F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2C650B7D-AA32-4798-AF1A-FD8EF806D89F}\ not found.
Registry value HKEY_USERS\S-1-5-21-1772001885-842767137-95017056-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{32099AAC-C132-4136-9E9A-4E364A424E17} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{32099AAC-C132-4136-9E9A-4E364A424E17}\ not found.
Registry value HKEY_USERS\S-1-5-21-1772001885-842767137-95017056-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{4B3803EA-5230-4DC3-A7FC-33638F3D3542} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4B3803EA-5230-4DC3-A7FC-33638F3D3542}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\hpqSRMon deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\mspaint deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Z810SysStart deleted successfully.
Registry value HKEY_USERS\S-1-5-21-1772001885-842767137-95017056-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Z810SysStart deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{017b8185-7ecb-11df-8e51-00238b893fd6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{017b8185-7ecb-11df-8e51-00238b893fd6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c0e4589d-fc7e-11dd-8eb3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c0e4589d-fc7e-11dd-8eb3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Control Panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ deleted successfully.
========== FILES ==========
File\Folder C:\WINDOWS\system32\*.tmp.dll not found.
File\Folder C:\WINDOWS\system32\SET*.tmp not found.
C:\WINDOWS\temp\CouB311.tmp moved successfully.
C:\WINDOWS\temp\NUP599F.tmp moved successfully.
C:\WINDOWS\temp\NUP6589.tmp moved successfully.
C:\WINDOWS\temp\NUP7666.tmp moved successfully.
C:\WINDOWS\temp\NUPEA11.tmp moved successfully.
========== REGISTRY ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Z810SysStart not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\not active\\DAEMON Tools Lite deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\not active\\UIWatcher deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: hp
->Temp folder emptied: 3082092 bytes
->Temporary Internet Files folder emptied: 711930 bytes
->Java cache emptied: 315081 bytes
->FireFox cache emptied: 92202009 bytes
->Opera cache emptied: 0 bytes
->Flash cache emptied: 1549 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 119282 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 92,00 mb


[EMPTYFLASH]

User: Administrator

User: All Users

User: Default

User: Default User

User: hp
->Flash cache emptied: 0 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb



OTL by OldTimer - Version 3.2.7.0 log created on 07012010_191029

Files\Folders moved on Reboot...
C:\Users\hp\AppData\Local\Temp\ehmsas.txt moved successfully.

Registry entries deleted on Reboot...

[vyosek]

Co na to pocitac, jak se chova

[stancoj]

teraz my zamrzol ale to robieval a davnejsie, potom ho to preslo adufam ze to aj prejde teraz

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[stancoj]

MBAM nic nenasiel

[stancoj]

pocitac my zamrzava po zapnuti cca kazdych 1,5 hodiny. uz som to tu raz riesil s mitji a prestalo to.

[Caroprd111]

Dobrý den,
zaskočím za kolegu.


Odinstalujte všechny emulátory virtuálních mechanik.

Stáhněte SPTD http://www.duplexsecure.com/en/downloads

• Vyberte verzi podle svého operačního systému (64 & 32b). Uložte na plochu a spusťte.
• zvolte možnost Uninstall a restartujte PC.

Stáhněte a spusťte http://www.jpshortstuff.247fixes.com/Defogger.exe

• Klikněte na "Disable" a restartujte PC.

Stáhněte MBR na plochu http://www2.gmer.net/mbr/mbr.exe

Start > Spustit (Win + R)

• Vyskočí okénko, zkopírujte do něj:

Kód: Vybrat vše

"%userprofile%\plocha\mbr" -t

• Klikněte na OK

• Vytvoří se log s názvem mbr.log, vložte ho sem.

Dejte log z Gmer http://www.viry.cz/forum/viewtopic.php?f=29&t=62878

[stancoj]

ked do spustit program nahodim "%userprofile%\plocha\mbr" -t napise: umistneni neni dostupne

[Caroprd111]

Zadejte:"%userprofile%\desktop\mbr" -t

[stancoj]

Stealth MBR rootkit/Mebroot/Sinowal detector 0.3.7 by Gmer, http://www.gmer.net

device: opened successfully
user: error reading MBR
kernel: error reading MBR

[stancoj]

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-07-02 15:00:57
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\hp\AppData\Local\Temp\pgldipoc.sys


---- Devices - GMER 1.0.15 ----

_________________________________________________________________________________________________________

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-07-02 15:16:21
Windows 6.0.6002 Service Pack 2
Running: gmer.exe; Driver: C:\Users\hp\AppData\Local\Temp\pgldipoc.sys


---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\ESET\ESET Smart Security\ekrn.exe[2084] kernel32.dll!SetUnhandledExceptionFilter 761CA84F 4 Bytes [C2, 04, 00, 00]

---- User IAT/EAT - GMER 1.0.15 ----

IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [73B77817] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [73BCA86D] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [73B7BB22] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [73B6F695] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [73B775E9] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [73B6E7CA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStreamICM] [73BA8395] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromStream] [73B7DA60] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [73B6FFFA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [73B6FF61] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [73B671CF] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFileICM] [73BFCAE2] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipLoadImageFromFile] [73B9C8D8] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [73B6D968] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [73B66853] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [73B6687E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[792] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [73B72AD1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.0.6002.18005_none_9e50b396ca17ae07\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernel Mode Driver Framework Runtime/Microsoft Corporation)

---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbad005
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbad005@001e45d5aa2d 0xB0 0x93 0xA5 0x4A ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbad005@001fe499e305 0x31 0x27 0x59 0xEC ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbad005@00221566b75b 0x9B 0xAE 0xA9 0x1C ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\BTHPORT\Parameters\Keys\001a6bbad005@0023f1017e20 0x91 0xC3 0x83 0xBF ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0x52 0xE0 0xA2 ...
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\CurrentControlSet\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0x3C 0x26 0xA3 ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbad005 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbad005@001e45d5aa2d 0xB0 0x93 0xA5 0x4A ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbad005@001fe499e305 0x31 0x27 0x59 0xEC ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbad005@00221566b75b 0x9B 0xAE 0xA9 0x1C ...
Reg HKLM\SYSTEM\ControlSet003\Services\BTHPORT\Parameters\Keys\001a6bbad005@0023f1017e20 0x91 0xC3 0x83 0xBF ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@u0 0xD4 0xC3 0x97 0x02 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@h0 1
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\14919EA49A8F3B4AA3CF1058D9A64CEC@hdf12 0x30 0x52 0xE0 0xA2 ...
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@h0 0
Reg HKLM\SYSTEM\ControlSet003\Services\sptd\Cfg\19659239224E364682FA4BAF72C53EA4@khjeh 0xC2 0x3C 0x26 0xA3 ...
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System
Reg HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OOCC06.00.00.01WSSV 13E1904BC791F3C0A7DDB5C6FA44206BA2C0A1FB2834E7D50794105058FCD45AC26B1FC85546CD12AC7338610E20A133518BBAFC495DD9840A6F00E4AB89696E72F42ADA0AEC22879CD1C42E909BFC40A3F734733618B4978303F9C0028BAA64C7AE41761B7F24A30AE13F26B638CCEAB94CE6FA40919656BD8CE93D69F4DB91DB6E835977DA5AEE7AB21C8668DC7C8CA7EC3E71EC57710B79695079269F13D5BB2B26033BC0A1F767F5E75144D34D81716639FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA6A0AC4980AC7933A9C6AECB7A5D1407C038D530D6EB3452C038D530D6EB3452A8451BDF34AC7AEFB2F4EB7940166C23C20654EF545518C7B02EE3EE698F6E6941F808917DE1C8E900A164667EAD04B431CEAF4B4035273DD0112C167F89254F9D3FA38A7DC21F31B8120024A1124692D79FE8AEB59A3FCD801C7BB02521A379D4EE051F59010747F5995F6B9F0316B270694B561B72BA87BA7CE520500F5E2B4515AB773AC1AE4395C28B487032F922F7D285565B1C9909BF15641CFD80EEB70DEFF70ECD9FE64F3749EB9D13471EFE32B42C12E4EA018790FB532F2E9791891273AE35C2A9A62AC19C519E88DCCFFC249CB6C2AA28384BF67DF2B86368A79DFBC77A0E4F6008A5DDE2EC55D6030363184BFE79A30F2B2F7B9668EAA

---- EOF - GMER 1.0.15 ----

[Caroprd111]

Stáhněte a uložte, nejlépe na plochu http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypněte všechny rezidentní bezpečnostní programy - firewally, antiviry, antispywary
• Vložte do PC všechny flash disky, které používáte.
• Spusťte aplikaci pod účtem s oprávněním Administrátora (Správce), ihned po startu se zobrazí stránka s licenčními podmínkami, pokračujte stisknutím tlačítka "Ano"
• Dále postupujte dle pokynů, během scanu nespouštějte jiné aplikace a neklikejte do zobrazujícího se okna
• Scan by měl trvat okolo 5 - 10 minut, po dokončení Combofix zobrazí log C:\ComboFix.txt , který sem vložte.
• Během skenování může být počítač restartován.

[stancoj]

ked dam stiahnut combofix tak my eset vyhodi ze nasiel virus a mozila zamrzne a nestahuje

[Caroprd111]

ESS vypněte, je to falešná detekce.