Neuvěřitelně pomalé zapínání.

[Deagledoubleg]

Dobrý den,chtěl bych vás požádat o pomoc.
Můj počítač se zapíná cca 15 minut...a potom co mi naběhne plocha tak se počítač tak 10 minut neuvěřitelně seká...potom je to v celku normální ale je vidět že je i potom nějak zpomalený.
Předem děkuji.

[vyosek]

Zdravim, pekny den preji a vitam Vas u nas na foru

Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic pri zatazenem pocasi jake ted v okrese Kromeriz panuje, neni nic videt

Ale dosti legracek, kouknem na to Kliknete do meho podpisu na RSIT a dejte log z nej - navod Vas povede...

[Deagledoubleg]

Dobře,tohle mi tu vyskočilo...

Logfile of random's system information tool 1.08 (written by random/random)
Run by DeaGle DouBle G at 2011-01-08 12:05:31
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 93 GB (19%) free of 475 GB
Total RAM: 3070 MB (55% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:05:37, on 8.1.2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Program Files\Secunia\PSI\PSI_TRAY.exe
C:\Program Files\Secunia\PSI\psi.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\explorer.exe
C:\Users\DeaGle DouBle G\Downloads\RSIT.exe
C:\Program Files\trend micro\DeaGle DouBle G.exe
C:\Program Files\Skype\Toolbars\Shared\SkypeNames2.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://fullarticles.net
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
R3 - URLSearchHook: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing)
O1 - Hosts: ::1 localhost
O2 - BHO: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing)
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - (no file)
O3 - Toolbar: BitTorrentBar Toolbar - {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - C:\Program Files\BitTorrentBar\tbBitT.dll (file missing)
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [RtHDVCpl] RtHDVCpl.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware (reboot)] "C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe" /runcleanupscript
O4 - HKCU\..\Run: [Exetender] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup
O4 - HKCU\..\Run: [NVIDIA driver monitor] c:\users\public\nvsvc32.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [Exetender] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [Exetender] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Exetender] "C:\Program Files\Frag Games\GPlayer.exe" /runonstartup (User 'Default user')
O4 - Global Startup: Secunia PSI Tray.lnk = C:\Program Files\Secunia\PSI\psi_tray.exe
O9 - Extra button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{812622B4-B866-45DB-BBAA-0A60372EE8EC}: NameServer = 217.117.216.76,217.117.216.7
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files\PDF Complete\pdfsvc.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: 9-ay rota Drivers Auto Removal (pr2armgl) (pr2armgl) - Techland - C:\Windows\system32\pr2armgl.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TunngleService - Unknown owner - C:\Program Files\Tunngle\TnglCtrl.exe (file missing)

--
End of file - 6296 bytes

======Scheduled tasks folder======

C:\Windows\tasks\User_Feed_Synchronization-{B46C21C8-00B7-4AC8-A82D-A608730462A9}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\tbBitT.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-02-08 804136]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-10-26 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
{88c7f2aa-f93f-432c-8f0e-b7d85967a527} - BitTorrentBar Toolbar - C:\Program Files\BitTorrentBar\tbBitT.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"=C:\Program Files\Windows Defender\MSASCui.exe [2008-01-21 1008184]
"amd_dc_opt"=C:\Program Files\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"PDF Complete"=C:\Program Files\PDF Complete\pdfsty.exe [2008-04-07 318488]
"RtHDVCpl"=C:\Windows\RtHDVCpl.exe [2007-12-12 4710400]
"Malwarebytes' Anti-Malware (reboot)"=C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Exetender"=C:\Program Files\Frag Games\GPlayer.exe [2010-08-02 4752896]
"NVIDIA driver monitor"=c:\users\public\nvsvc32.exe [2010-12-11 65024]
"Steam"=C:\Program Files\Steam\steam.exe [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ClubCooee]
C:\Users\DeaGle DouBle G\AppData\Local\ClubCooee\Program\cooee.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2010-04-12 1135912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe [2010-12-20 963976]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
C:\Windows\system32\NvCpl.dll [2007-12-11 8530464]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NVIDIA driver monitor]
C:\Windows\nvsvc32.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
C:\Windows\system32\NvMcTray.dll [2007-12-11 81920]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
C:\Windows\system32\nvsvc.dll [2007-12-11 86016]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ruzited]
C:\Users\DeaGle DouBle G\AppData\Roaming\Microsoft\toocugou.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
C:\Program Files\HP\SetRefresh\SetRefresh.exe [2003-11-20 525824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
C:\Program Files\Skype\Phone\Skype.exe [2010-04-20 26192680]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
C:\Windows\Skytel.exe [2007-11-20 1826816]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files\Steam\steam.exe [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^DeaGle DouBle G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
C:\PROGRA~1\Ubisoft\GHOSTR~1\Support\Register\REGIST~1.EXE -d 804348 -l english -r 7 -g Ghost Recon Advanced Warfighter -c us -i 2528 []

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Secunia PSI Tray.lnk - C:\Program Files\Secunia\PSI\psi_tray.exe

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Users\DeaGle DouBle G\Downloads\P17535732.JPG-www.facebook.exe"="C:\Windows\nvsvc32.exe:*:Enabled:NVIDIA driver monitor"
"C:\Users\DeaGle DouBle G\AppData\Roaming\Microsoft\toocugou.exe"="C:\Users\DeaGle DouBle G\AppData\Roaming\Microsoft\toocugou.exe:*:Enabled:hetouf32"
"C:\Users\DeaGle DouBle G\AppData\Roaming\Microsoft\vecowe.exe"="C:\Users\DeaGle DouBle G\AppData\Roaming\Microsoft\vecowe.exe:*:Enabled:hetouf32"
"C:\Users\DeaGle DouBle G\AppData\Roaming\Microsoft\wousoo.exe"="C:\Users\DeaGle DouBle G\AppData\Roaming\Microsoft\wousoo.exe:*:Enabled:hetouf32"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======List of files/folders created in the last 1 months======

2011-01-08 12:05:31 ----D---- C:\rsit
2011-01-08 12:05:31 ----D---- C:\Program Files\trend micro
2011-01-08 11:39:46 ----D---- C:\Program Files\Secunia
2011-01-05 22:56:56 ----A---- C:\Windows\system32\tsccvid.dll
2011-01-05 22:56:55 ----D---- C:\Windows\system32\QuickTime
2011-01-05 22:56:46 ----D---- C:\Program Files\QuickTime
2011-01-05 22:56:36 ----D---- C:\Program Files\Common Files\TechSmith Shared
2011-01-05 22:56:35 ----D---- C:\ProgramData\TechSmith
2011-01-05 22:56:35 ----D---- C:\Program Files\TechSmith
2011-01-05 19:47:54 ----D---- C:\Program Files\Heroes of Newerth
2011-01-02 22:14:16 ----D---- C:\Users\DeaGle DouBle G\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2011-01-01 04:11:31 ----D---- C:\ProgramData\Age of Empires 3
2011-01-01 03:37:53 ----D---- C:\Program Files\Common Files\Microsoft Games
2010-12-31 17:40:50 ----D---- C:\models
2010-12-31 17:40:48 ----D---- C:\materials
2010-12-31 10:26:38 ----D---- C:\Windows\TiMoC
2010-12-28 21:23:06 ----D---- C:\Users\DeaGle DouBle G\AppData\Roaming\.minecraft
2010-12-27 22:29:51 ----D---- C:\ProgramData\EA Core
2010-12-27 22:25:22 ----D---- C:\Program Files\Adobe
2010-12-27 22:25:20 ----D---- C:\Program Files\Common Files\Adobe AIR
2010-12-25 14:35:40 ----D---- C:\Program Files\StarCraft II
2010-12-25 13:41:07 ----D---- C:\Program Files\Common Files\Blizzard Entertainment
2010-12-25 10:20:02 ----SHD---- C:\found.001
2010-12-24 18:57:49 ----D---- C:\Program Files\Mass Effect 2
2010-12-23 22:08:57 ----D---- C:\Program Files\Activision
2010-12-23 18:10:21 ----D---- C:\Windows\system32\AGEIA
2010-12-23 18:10:20 ----D---- C:\Program Files\AGEIA Technologies
2010-12-17 21:37:51 ----D---- C:\Program Files\Deep Silver
2010-12-17 21:35:19 ----D---- C:\ProgramData\Solidshield
2010-12-16 06:59:01 ----D---- C:\Program Files\2K Games
2010-12-15 14:19:01 ----A---- C:\Windows\system32\wmicmiplugin.dll
2010-12-15 14:19:01 ----A---- C:\Windows\system32\win32k.sys
2010-12-15 14:19:01 ----A---- C:\Windows\system32\taskschd.dll
2010-12-15 14:19:01 ----A---- C:\Windows\system32\taskeng.exe
2010-12-15 14:19:01 ----A---- C:\Windows\system32\taskcomp.dll
2010-12-15 14:19:01 ----A---- C:\Windows\system32\schedsvc.dll
2010-12-15 14:19:00 ----A---- C:\Windows\system32\consent.exe
2010-12-15 14:18:59 ----A---- C:\Windows\system32\fontsub.dll
2010-12-15 14:18:59 ----A---- C:\Windows\system32\atmlib.dll
2010-12-15 14:18:59 ----A---- C:\Windows\system32\atmfd.dll
2010-12-15 14:18:57 ----A---- C:\Windows\system32\mstime.dll
2010-12-15 14:18:56 ----A---- C:\Windows\system32\ieframe.dll
2010-12-15 14:18:55 ----A---- C:\Windows\system32\msfeeds.dll
2010-12-15 14:18:54 ----A---- C:\Windows\system32\mshtmled.dll
2010-12-15 14:18:54 ----A---- C:\Windows\system32\mshtml.dll
2010-12-15 14:18:53 ----A---- C:\Windows\system32\wininet.dll
2010-12-15 14:18:53 ----A---- C:\Windows\system32\urlmon.dll
2010-12-15 14:18:53 ----A---- C:\Windows\system32\iepeers.dll
2010-12-15 14:18:53 ----A---- C:\Windows\system32\ieencode.dll
2010-12-15 14:18:53 ----A---- C:\Windows\system32\ieapfltr.dll
2010-12-15 14:18:44 ----A---- C:\Windows\system32\tzres.dll
2010-12-09 20:26:19 ----RA---- C:\Program Files\Stronghold.exe

======List of files/folders modified in the last 1 months======

2011-01-08 12:05:33 ----D---- C:\Windows\Temp
2011-01-08 12:05:31 ----D---- C:\Program Files
2011-01-08 11:39:47 ----D---- C:\Windows\system32\drivers
2011-01-08 11:35:29 ----D---- C:\Program Files\Steam
2011-01-08 09:38:53 ----D---- C:\Program Files\Common Files\Steam
2011-01-08 09:36:22 ----D---- C:\Windows
2011-01-07 22:10:30 ----D---- C:\Users\DeaGle DouBle G\AppData\Roaming\BitTorrent
2011-01-07 19:56:45 ----D---- C:\Windows\Resources
2011-01-07 18:54:18 ----SHD---- C:\System Volume Information
2011-01-07 18:34:48 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2011-01-06 20:10:47 ----D---- C:\Fraps
2011-01-06 19:32:25 ----D---- C:\Windows\Prefetch
2011-01-06 19:23:37 ----SHD---- C:\Windows\Installer
2011-01-06 17:46:53 ----HD---- C:\Program Files\InstallShield Installation Information
2011-01-05 22:56:56 ----D---- C:\Windows\System32
2011-01-05 22:56:36 ----D---- C:\Program Files\Common Files
2011-01-05 22:56:35 ----HD---- C:\ProgramData
2011-01-05 22:36:12 ----D---- C:\Users\DeaGle DouBle G\AppData\Roaming\gtk-2.0
2011-01-05 20:26:05 ----D---- C:\Windows\inf
2011-01-05 20:26:05 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-02 22:22:46 ----D---- C:\Windows\system32\catroot2
2011-01-02 11:59:49 ----D---- C:\Windows\winsxs
2011-01-02 11:38:49 ----D---- C:\Program Files\Electronic Arts
2011-01-01 17:25:08 ----D---- C:\Users\DeaGle DouBle G\AppData\Roaming\Skype
2011-01-01 16:02:16 ----D---- C:\Users\DeaGle DouBle G\AppData\Roaming\skypePM
2011-01-01 14:49:59 ----A---- C:\Windows\system32\PnkBstrB.exe
2011-01-01 14:22:56 ----A---- C:\Windows\system32\PnkBstrA.exe
2011-01-01 03:28:35 ----RSD---- C:\Windows\assembly
2010-12-31 11:27:48 ----A---- C:\Windows\BlendSettings.ini
2010-12-31 10:39:54 ----D---- C:\Program Files\Bethesda Softworks
2010-12-27 22:26:30 ----D---- C:\ProgramData\Electronic Arts
2010-12-27 22:26:22 ----D---- C:\Users\DeaGle DouBle G\AppData\Roaming\Adobe
2010-12-27 22:26:22 ----D---- C:\ProgramData\Adobe
2010-12-25 15:06:18 ----D---- C:\ProgramData\Blizzard Entertainment
2010-12-24 19:13:43 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-12-24 19:13:15 ----D---- C:\Program Files\Common Files\BioWare
2010-12-23 18:10:48 ----D---- C:\Windows\system32\catroot
2010-12-20 17:15:13 ----D---- C:\Program Files\EA Games
2010-12-18 16:16:04 ----D---- C:\Program Files\Mozilla Firefox
2010-12-17 06:54:53 ----RSD---- C:\Windows\Fonts
2010-12-16 03:55:30 ----D---- C:\Windows\rescache
2010-12-16 03:34:12 ----D---- C:\Program Files\Windows Mail
2010-12-16 03:17:49 ----D---- C:\Windows\system32\cs-CZ
2010-12-16 03:00:27 ----A---- C:\Windows\system32\mrt.exe
2010-12-11 14:07:57 ----D---- C:\Program Files\Cheat Engine
2010-12-10 11:27:40 ----D---- C:\Program Files\Common Files\DVDVideoSoft
2010-12-10 11:26:04 ----D---- C:\Program Files\Google
2010-12-10 11:26:02 ----D---- C:\Windows\Tasks
2010-12-10 11:25:32 ----D---- C:\Program Files\Image-Line
2010-12-09 22:00:19 ----D---- C:\Program Files\Firefly Studios

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 nvstor32;nvstor32; C:\Windows\system32\drivers\nvstor32.sys [2007-10-26 110624]
R0 pe3armgl;9-ay rota Environment Driver (pe3armgl); C:\Windows\system32\drivers\pe3armgl.sys [2008-11-01 68728]
R0 ps7armgl;9-ay rota Synchronization Driver (ps7armgl); C:\Windows\system32\drivers\ps7armgl.sys [2008-11-01 67712]
R0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a); C:\Windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-06-14 13680]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-06-05 691696]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-09-13 281760]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-09-13 25888]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
R3 AmdLLD;AMD Low Level Device Driver; C:\Windows\system32\DRIVERS\AmdLLD.sys [2007-06-29 34304]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdLH3.sys [2010-09-24 99856]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2007-12-12 2030488]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvmfdx32.sys [2007-07-30 1025024]
R3 PSI;PSI; C:\Windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
S2 X4HSEx_Pr298;X4HSEx_Pr298; \??\C:\Program Files\Frag Games\X4HSEx.Sys []
S3 aac8e4mt;aac8e4mt; C:\Windows\system32\drivers\aac8e4mt.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-03-09 104464]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
S3 drmkaud;Dekodér zvuků DRM jádra společnosti Microsoft; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 5632]
S3 ENTECH;ENTECH; \??\C:\Windows\system32\DRIVERS\ENTECH.sys [2007-09-07 27672]
S3 GarenaPEngine;GarenaPEngine; \??\C:\Users\DEAGLE~1\AppData\Local\Temp\IFA4F48.tmp []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2010-02-03 26176]
S3 HdAudAddService;Ovladač funkce Microsoft 1.1 UAA pro službu zvuku High Definition Audio; C:\Windows\system32\drivers\HdAudio.sys [2009-04-10 236544]
S3 MSKSSRV;Server proxy služby datových proudů Microsoft; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 8192]
S3 MSPCLOCK;Server proxy hodin datových proudů Microsoft; C:\Windows\system32\drivers\MSPCLOCK.sys [2008-01-21 5888]
S3 MSPQM;Server proxy správce kvality datových proudů Microsoft; C:\Windows\system32\drivers\MSPQM.sys [2008-01-21 5504]
S3 MSTEE;Konvertor jímka-jímka typu T datových proudů Microsoft; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 6016]
S3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2007-12-11 8238688]
S3 TPM;TPM; C:\Windows\system32\drivers\tpm.sys [2008-01-21 45624]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 40448]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 83328]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 6656]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 386616]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files\PDF Complete\pdfsvc.exe [2008-04-07 576024]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2011-01-01 75136]
R2 Secunia PSI Agent;Secunia PSI Agent; C:\Program Files\Secunia\PSI\PSIA.exe [2011-01-05 988216]
R2 Secunia Update Agent;Secunia Update Agent; C:\Program Files\Secunia\PSI\sua.exe [2011-01-05 399416]
R3 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 21504]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 pr2armgl;9-ay rota Drivers Auto Removal (pr2armgl); C:\Windows\system32\pr2armgl.exe [2008-11-01 415088]
S2 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe []
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2011-01-07 407336]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

[vyosek]

Vy jste se dal na chov konicku trojskych

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

• Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
• Pokud mate Win XP spustte pod uctem Spravce\Administratora
• Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
• Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
• Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
• Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
• Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
• Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
• Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

[Deagledoubleg]

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-08 13:33
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

[0] 0x00000EA5

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...


c:\windows\TEMP\TMP0000008EDFCD91160134D890 524288 bytes

sken byl úspešně dokončen
skryté soubory: 1

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\DEAGLE~1\AppData\Local\Temp\IFA4F48.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3209739466-3585837341-1438635011-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9e,7f,5f,7f,5c,c7,80,bf,ef,cf,37,cb,f1,e9,87,4f,ad,e0,66,e8,0e,61,93,
f5,06,8c,9b,13,79,c7,7c,b5,c1,5e,29,f1,b2,7f,c4,f7,b3,05,c5,0f,80,42,e7,97,\
"??"=hex:e2,dc,cf,01,3d,43,6d,ee,63,48,3c,2c,e8,3c,15,c0

[HKEY_USERS\S-1-5-21-3209739466-3585837341-1438635011-1000\Software\SecuROM\License information*]
"datasecu"=hex:0e,aa,76,88,cc,fe,86,d8,e0,e9,38,29,12,d0,1d,e8,d7,80,7a,3c,49,
d8,d2,89,66,7e,b4,f3,4b,88,02,18,b2,26,9b,70,ce,08,ba,10,39,bd,e5,71,7b,ee,\
"rkeysecu"=hex:e9,45,1a,8d,4f,ed,d5,83,3a,00,59,03,d9,08,d6,0b
.
Celkový čas: 2011-01-08 13:35:26
ComboFix-quarantined-files.txt 2011-01-08 12:35

Před spuštěním: Volných bajtů: 187 092 590 592
Po spuštění: Volných bajtů: 186 220 670 976

- - End Of File - - 72675A9541C39E14453BC6A22583C228

[vyosek]

To je vse

Zabalte mi prosim slozku C:\Qoobox a uploadnete na LP http://leteckaposta.cz/

[Deagledoubleg]

Jaký máte Email a to druhý? Mimochodem stalo se mi že po tom co se ten Combo Fix dodělal tak sem musel restartovat pc aby mi šel internet...to znamenalo asi 40 minut...

[vyosek]

mail mam vyosek@forum.viry.cz

[Deagledoubleg]

Posláno

[vyosek]

Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) (viz muj podpis)

• Provedte aktualizaci - treti zalozka
• Provedte uplny sken - nic nemazte
• MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni

[Deagledoubleg]

Jak dlouho to tak trvá? Už mi to tu jede Hodinu a půl...Vím že antivirům trvá dlouho než všechno prohledají ale nevíte za jak dlouho by to už mohlo být?

[Deagledoubleg]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 5477

Windows 6.0.6002 Service Pack 2
Internet Explorer 7.0.6002.18005

9.1.2011 11:33:32
mbam-log-2011-01-09 (11-33-32).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 417476
Uplynulý čas: 1 hodin, 44 minut, 17 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 0

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
(Žádné škodlivé položky nebyly zjištěny)

[vyosek]

Prihlaste se do nouzoveho rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti)

Prejmenujte ikonu Combofixu na Beruska

Spustte CFko (Berusku) - log pak sem...

[Deagledoubleg]

ComboFix 11-01-08.04 - DeaGle DouBle G 09.01.2011 12:42:27.2.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.3070.2568 [GMT 1:00]
Spuštěný z: c:\users\DeaGle DouBle G\Desktop\Beruska.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\DeaGle DouBle G\AppData\Roaming\Local
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\Post_Install_RB_HiQ_de.divx.ddr
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2).ddp
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(3).ddp
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(4).ddp
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\.ddp
c:\users\DeaGle DouBle G\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\Post_Install_RB_HiQ_de.divx.ddp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-09 do 2011-01-09 )))))))))))))))))))))))))))))))
.

2011-01-09 11:48 . 2011-01-09 11:49 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Local\temp
2011-01-09 11:48 . 2011-01-09 11:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-09 11:36 . 2011-01-09 11:36 -------- d-----w- C:\Beruska
2011-01-08 21:46 . 2011-01-08 21:46 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Local\Apple Computer
2011-01-08 20:30 . 2011-01-08 20:30 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Roaming\Apple Computer
2011-01-08 20:29 . 2011-01-08 20:29 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Roaming\MPEG Streamclip
2011-01-08 20:26 . 2011-01-08 20:26 -------- d-----w- c:\programdata\Apple Computer
2011-01-08 20:23 . 2011-01-08 20:23 -------- d-----w- c:\program files\Common Files\Apple
2011-01-08 20:22 . 2011-01-08 20:22 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Local\Apple
2011-01-08 20:22 . 2011-01-08 20:22 -------- d-----w- c:\program files\Apple Software Update
2011-01-08 20:22 . 2011-01-08 20:22 -------- d-----w- c:\programdata\Apple
2011-01-08 12:23 . 2011-01-08 12:35 -------- d-----w- C:\ComboFix
2011-01-08 11:05 . 2011-01-08 11:05 -------- d-----w- C:\rsit
2011-01-08 10:40 . 2011-01-08 10:40 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Local\Secunia PSI
2011-01-08 10:39 . 2011-01-08 10:39 -------- d-----w- c:\program files\Secunia
2011-01-07 17:54 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{59FB82AD-1F3F-48A0-B098-008674A604FC}\mpengine.dll
2011-01-05 21:58 . 2011-01-05 21:58 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Local\TechSmith
2011-01-05 21:56 . 2010-03-04 16:27 411480 ----a-w- c:\windows\system32\tsccvid.dll
2011-01-05 21:56 . 2011-01-08 20:28 -------- d-----w- c:\program files\QuickTime
2011-01-05 21:56 . 2011-01-05 21:56 -------- d-----w- c:\program files\Common Files\TechSmith Shared
2011-01-05 21:56 . 2011-01-05 21:56 -------- d-----w- c:\programdata\TechSmith
2011-01-05 21:56 . 2011-01-05 21:56 -------- d-----w- c:\program files\TechSmith
2011-01-05 18:47 . 2011-01-05 18:48 -------- d-----w- c:\program files\Heroes of Newerth
2011-01-02 21:14 . 2011-01-02 21:14 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Roaming\Command & Conquer 3 Tiberium Wars
2011-01-01 03:11 . 2011-01-01 03:11 -------- d-----w- c:\programdata\Age of Empires 3
2011-01-01 02:37 . 2011-01-01 02:42 -------- d-----w- c:\program files\Common Files\Microsoft Games
2010-12-31 16:40 . 2010-12-31 16:40 -------- d-----w- C:\models
2010-12-31 16:40 . 2010-12-31 16:40 -------- d-----w- C:\materials
2010-12-31 09:38 . 2005-04-03 21:59 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2010-12-31 09:26 . 2010-12-31 09:26 -------- d-----w- c:\windows\TiMoC
2010-12-28 20:23 . 2010-12-31 17:06 -------- d-----w- c:\users\DeaGle DouBle G\AppData\Roaming\.minecraft
2010-12-27 21:29 . 2010-12-27 21:29 -------- d-----w- c:\programdata\EA Core
2010-12-27 21:25 . 2010-12-27 21:27 -------- d-----w- c:\program files\Common Files\Adobe AIR
2010-12-25 12:41 . 2011-01-08 16:08 -------- d-----w- c:\program files\Common Files\Blizzard Entertainment
2010-12-25 09:20 . 2010-12-25 09:20 -------- d-----w- C:\found.001
2010-12-23 21:08 . 2011-01-08 14:43 -------- d-----w- c:\program files\Activision
2010-12-23 17:10 . 2010-12-23 17:10 -------- d-----w- c:\windows\system32\AGEIA
2010-12-23 17:10 . 2010-12-24 18:13 -------- d-----w- c:\program files\AGEIA Technologies
2010-12-21 22:15 . 2010-12-21 21:56 -------- d-----w- c:\users\DeaGle DouBle G\Part2
2010-12-21 22:15 . 2010-12-21 21:55 -------- d-----w- c:\users\DeaGle DouBle G\Part1
2010-12-17 20:35 . 2010-12-27 20:50 -------- d-----w- c:\programdata\Solidshield
2010-12-15 13:19 . 2010-10-12 15:53 33280 ----a-w- c:\program files\Windows Mail\wabfind.dll
2010-12-15 13:19 . 2010-10-12 13:41 66048 ----a-w- c:\program files\Windows Mail\wabmig.exe
2010-12-15 13:19 . 2010-10-12 13:41 515584 ----a-w- c:\program files\Windows Mail\wab.exe
2010-12-15 13:19 . 2010-11-04 18:56 345600 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-12-15 13:19 . 2010-11-04 18:55 352768 ----a-w- c:\windows\system32\taskschd.dll
2010-12-15 13:19 . 2010-11-04 18:55 270336 ----a-w- c:\windows\system32\taskcomp.dll
2010-12-15 13:19 . 2010-11-04 18:55 601600 ----a-w- c:\windows\system32\schedsvc.dll
2010-12-15 13:19 . 2010-11-04 16:34 171520 ----a-w- c:\windows\system32\taskeng.exe
2010-12-15 13:19 . 2010-10-18 13:31 2038272 ----a-w- c:\windows\system32\win32k.sys
2010-12-15 13:19 . 2010-10-18 13:37 81920 ----a-w- c:\windows\system32\consent.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-01-01 13:50 . 2010-06-02 12:20 139080 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2011-01-01 13:49 . 2010-06-16 12:03 270240 ----a-w- c:\windows\system32\PnkBstrB.xtr
2011-01-01 13:49 . 2010-06-02 12:20 270240 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-01-01 13:25 . 2010-06-02 12:20 138056 ----a-w- c:\users\DeaGle DouBle G\AppData\Roaming\PnkBstrK.sys
2011-01-01 13:23 . 2010-06-02 12:20 189248 ----a-w- c:\windows\system32\PnkBstrB.ex0
2011-01-01 13:22 . 2010-06-02 12:20 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-12-20 17:09 . 2010-11-10 11:12 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-12-20 17:08 . 2010-11-10 11:12 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-29 16:38 . 2010-11-29 16:38 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2010-11-29 16:38 . 2010-11-29 16:38 69632 ----a-w- c:\windows\system32\QuickTime.qts
2010-11-24 17:18 . 2010-06-02 12:20 2373712 ----a-w- c:\windows\system32\pbsvc.exe
2010-11-12 00:44 . 2010-11-12 00:44 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-11-10 11:03 . 2010-04-11 15:53 319456 ----a-w- c:\windows\DIFxAPI.dll
2010-11-08 22:57 . 2010-11-08 22:57 353592 ----a-w- c:\windows\system32\DivXControlPanelApplet.cpl
2010-11-06 13:48 . 2010-08-18 20:12 2427248 ----a-w- c:\windows\system32\pbsvc_heroes.exe
2010-10-27 03:59 . 2010-10-27 03:59 6573568 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2010-10-27 03:08 . 2010-10-27 03:08 16281600 ----a-w- c:\windows\system32\atioglxx.dll
2010-10-27 02:55 . 2010-10-27 02:55 143360 ----a-w- c:\windows\system32\atiapfxx.exe
2010-10-27 02:55 . 2010-10-27 02:55 547328 ----a-w- c:\windows\system32\aticfx32.dll
2010-10-27 02:52 . 2010-10-27 02:52 450560 ----a-w- c:\windows\system32\ATIDEMGX.dll
2010-10-27 02:51 . 2010-10-27 02:51 393216 ----a-w- c:\windows\system32\atieclxx.exe
2010-10-27 02:51 . 2010-10-27 02:51 176128 ----a-w- c:\windows\system32\atiesrxx.exe
2010-10-27 02:50 . 2010-10-27 02:50 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2010-10-27 02:50 . 2010-10-27 02:50 356352 ----a-w- c:\windows\system32\atipdlxx.dll
2010-10-27 02:49 . 2010-10-27 02:49 278528 ----a-w- c:\windows\system32\Oemdspif.dll
2010-10-27 02:49 . 2010-10-27 02:49 15872 ----a-w- c:\windows\system32\atimuixx.dll
2010-10-27 02:49 . 2010-10-27 02:49 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2010-10-27 02:46 . 2010-10-27 02:46 4020736 ----a-w- c:\windows\system32\atidxx32.dll
2010-10-27 02:35 . 2010-10-27 02:35 46080 ----a-w- c:\windows\system32\aticalrt.dll
2010-10-27 02:35 . 2010-10-27 02:35 44032 ----a-w- c:\windows\system32\aticalcl.dll
2010-10-27 02:33 . 2010-10-27 02:33 5441536 ----a-w- c:\windows\system32\aticaldd.dll
2010-10-27 02:28 . 2010-04-07 01:40 4094464 ----a-w- c:\windows\system32\atiumdag.dll
2010-10-27 02:14 . 2010-04-07 01:46 52736 ----a-w- c:\windows\system32\coinst.dll
2010-10-27 02:14 . 2010-10-27 02:14 249856 ----a-w- c:\windows\system32\atiadlxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 12800 ----a-w- c:\windows\system32\atiglpxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 27136 ----a-w- c:\windows\system32\atigktxx.dll
2010-10-27 02:14 . 2010-10-27 02:14 229888 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2010-10-27 02:13 . 2010-10-27 02:13 30720 ----a-w- c:\windows\system32\atiuxpag.dll
2010-10-27 02:13 . 2010-04-07 01:22 28672 ----a-w- c:\windows\system32\atiu9pag.dll
2010-10-27 02:13 . 2010-04-07 01:22 23040 ----a-w- c:\windows\system32\atitmpxx.dll
2010-10-27 02:12 . 2010-10-27 02:12 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2010-10-27 01:50 . 2010-04-07 01:21 3460096 ----a-w- c:\windows\system32\atiumdva.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\atimpc32.dll
2010-10-27 01:37 . 2010-10-27 01:37 52736 ----a-w- c:\windows\system32\amdpcom32.dll
2010-10-26 13:52 . 2010-10-26 13:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-10-19 09:41 . 2010-04-15 05:59 222080 ------w- c:\windows\system32\MpSigStub.exe
2002-06-21 13:29 . 2010-12-09 19:26 2381312 ----a-r- c:\program files\Stronghold.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2010-11-17 1242448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"amd_dc_opt"="c:\program files\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"PDF Complete"="c:\program files\PDF Complete\pdfsty.exe" [2008-04-07 318488]
"RtHDVCpl"="RtHDVCpl.exe" [2007-12-12 4710400]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2010-11-29 421888]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"GrpConv"="grpconv -o" [X]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Secunia PSI Tray.lnk - c:\program files\Secunia\PSI\psi_tray.exe [2011-1-5 291896]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv

[HKLM\~\startupfolder\C:^Users^DeaGle DouBle G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
path=c:\users\DeaGle DouBle G\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Registration Ghost Recon Advanced Warfighter.LNK
backup=c:\windows\pss\Registration Ghost Recon Advanced Warfighter.LNK.Startup
backupExtension=.Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-12-09 19:28 1226608 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
2010-12-20 17:08 963976 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvCplDaemon]
2007-12-11 16:06 8530464 ----a-w- c:\windows\System32\nvcpl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvMediaCenter]
2007-12-11 16:06 81920 ----a-w- c:\windows\System32\nvmctray.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NvSvc]
2007-12-11 16:06 86016 ----a-w- c:\windows\System32\nvsvc.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SetRefresh]
2003-11-20 18:01 525824 ----a-w- c:\program files\HP\SetRefresh\SetRefresh.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2010-04-20 11:14 26192680 ----a-r- c:\program files\Skype\Phone\Skype.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skytel]
2007-11-20 18:15 1826816 ----a-w- c:\windows\SkyTel.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-11-17 08:17 1242448 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2010-05-14 09:44 248552 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe

R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-06-05 691696]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-10-27 176128]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 pdfcDispatcher;PDF Document Manager;c:\program files\PDF Complete\pdfsvc.exe [2008-04-07 576024]
R2 Secunia PSI Agent;Secunia PSI Agent;c:\program files\Secunia\PSI\PSIA.exe [2011-01-05 988216]
R2 Secunia Update Agent;Secunia Update Agent;c:\program files\Secunia\PSI\sua.exe [2011-01-05 399416]
R2 TunngleService;TunngleService;c:\program files\Tunngle\TnglCtrl.exe [x]
R2 X4HSEx_Pr298;X4HSEx_Pr298;c:\program files\Frag Games\X4HSEx.Sys [x]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2010-10-27 6573568]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2010-10-27 229888]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdLH3.sys [2010-09-24 99856]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-21 179712]
R3 GarenaPEngine;GarenaPEngine;c:\users\DEAGLE~1\AppData\Local\Temp\IFA4F48.tmp [x]
R3 PSI;PSI;c:\windows\system32\DRIVERS\psi_mf.sys [2010-09-01 15544]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sfdrv01a;StarForce Protection Environment Driver (version 1.x.a);c:\windows\System32\drivers\sfdrv01a.sys [2006-07-05 63352]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]


--- Ostatní služby/ovladače v paměti ---

*NewlyCreated* - ECACHE

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Obsah adresáře 'Naplánované úlohy'

2011-01-09 c:\windows\Tasks\User_Feed_Synchronization-{B46C21C8-00B7-4AC8-A82D-A608730462A9}.job
- c:\windows\system32\msfeedssync.exe [2008-01-21 02:24]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://fullarticles.net
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=cs_cz&c=93&bd=all&pf=cmdt
uInternet Settings,ProxyOverride = *.local
TCP: {812622B4-B866-45DB-BBAA-0A60372EE8EC} = 217.117.216.76,217.117.216.7
FF - ProfilePath - c:\users\DeaGle DouBle G\AppData\Roaming\Mozilla\Firefox\Profiles\vle4rbuf.default\
FF - prefs.js: browser.startup.homepage - hxxp://gb.toolbarhome.com/?hp=df
FF - prefs.js: keyword.URL - hxxp://gb.toolbarhome.com/search.aspx?srch=ku&q=
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Battlefield Heroes Updater: battlefieldheroespatcher@ea.com - %profile%\extensions\battlefieldheroespatcher@ea.com
FF - Ext: GameBox: gb@toolbar - %profile%\extensions\gb@toolbar
FF - Ext: Softonic-Eng7 Toolbar: {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - %profile%\extensions\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}
FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: Conduit Engine : engine@conduit.com - %profile%\extensions\engine@conduit.com
FF - Ext: BitTorrentBar Community Toolbar: {88c7f2aa-f93f-432c-8f0e-b7d85967a527} - %profile%\extensions\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}
FF - Ext: Battlefield Play4Free: battlefieldplay4free@ea.com - %profile%\extensions\battlefieldplay4free@ea.com
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKLM-RunOnce-<NO NAME> - (no file)



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-01-09 12:49
Windows 6.0.6002 Service Pack 2 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\pdfcDispatcher]
"ImagePath"="c:\program files\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\GarenaPEngine]
"ImagePath"="\??\c:\users\DEAGLE~1\AppData\Local\Temp\IFA4F48.tmp"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-3209739466-3585837341-1438635011-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:9e,7f,5f,7f,5c,c7,80,bf,ef,cf,37,cb,f1,e9,87,4f,ad,e0,66,e8,0e,61,93,
f5,06,8c,9b,13,79,c7,7c,b5,c1,5e,29,f1,b2,7f,c4,f7,b3,05,c5,0f,80,42,e7,97,\
"??"=hex:e2,dc,cf,01,3d,43,6d,ee,63,48,3c,2c,e8,3c,15,c0

[HKEY_USERS\S-1-5-21-3209739466-3585837341-1438635011-1000\Software\SecuROM\License information*]
"datasecu"=hex:0e,aa,76,88,cc,fe,86,d8,e0,e9,38,29,12,d0,1d,e8,d7,80,7a,3c,49,
d8,d2,89,66,7e,b4,f3,4b,88,02,18,b2,26,9b,70,ce,08,ba,10,39,bd,e5,71,7b,ee,\
"rkeysecu"=hex:e9,45,1a,8d,4f,ed,d5,83,3a,00,59,03,d9,08,d6,0b
.
Celkový čas: 2011-01-09 12:50:28
ComboFix-quarantined-files.txt 2011-01-09 11:50
ComboFix2.txt 2011-01-08 12:35

Před spuštěním: Volných bajtů: 268 736 942 080
Po spuštění: Volných bajtů: 268 709 543 936

- - End Of File - - 883BF8DB97B283DC6EF276BEF0121A90

[vyosek]

Pokud nemate, tak presunte Combofix na plochu

• Spustte poznamkovy blok (Start-spustit-notepad)
• Zkopirujte skript nize

• Kód: Vybrat vše

  RegLock::
  [HKEY_USERS\S-1-5-21-3209739466-3585837341-1438635011-1000\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
  [HKEY_USERS\S-1-5-21-3209739466-3585837341-1438635011-1000\Software\SecuROM\License information*]
  
  Registry::
  [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "Steam"=-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
  "PDF Complete"=-
  "Malwarebytes' Anti-Malware (reboot)"=-
  "QuickTime Task"=-
  "DivXUpdate"=-
  "DivX Download Manager"=-
  [-HKLM\~\startupfolder\C:^Users^DeaGle DouBle G^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Registration Ghost Recon Advanced Warfighter.LNK]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Malwarebytes Anti-Malware (reboot)]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
  [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
  
  Driver::
  TunngleService
  X4HSEx_Pr298
  
  Folder::
  c:\program files\Tunngle
  c:\program files\Frag Games
  
  DDS::
  uStart Page = hxxp://fullarticles.net
  mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE= ... ll&pf=cmdt
  
  Firefox::
  FF - ProfilePath - c:\users\DeaGle DouBle G\AppData\Roaming\Mozilla\Firefox\Profiles\vle4rbuf.default\
  FF - prefs.js: browser.startup.homepage - hxxp://gb.toolbarhome.com/?hp=df
  FF - prefs.js: keyword.URL - hxxp://gb.toolbarhome.com/search.aspx?srch=ku&q=
  FF - Ext: Zynga Toolbar: {7b13ec3e-999a-4b70-b9cb-2617b8323822} - %profile%\extensions\{7b13ec3e-999a-4b70-b9cb-2617b8323822}
  FF - Ext: <?xmlversion=1.0?><RDF xmlns=http://www.w3.org/1999/02/22-rdf-syntax-ns# xmlns:em=http://www.mozilla.org/2004/em-rdf#><Description about=urn:mozilla:install-manifest><em:id>fbdislike@doweb.fr: fbdislike@doweb.fr - %profile%\extensions\fbdislike@doweb.fr

• Ulozte vytvoreny TXT jako CFScript.txt
• Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
  
• Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci