VIRY.CZ

ComboFix 11-04-15.05 - Home . 04. 2011 12:38:42.4.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1789.1355 [GMT 2:00]
Running from: c:\documents and settings\Home\Dokumenty\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
D:\install.exe
.
-- Previous Run --
.
c:\windows\system32\kernel32.dll . . . is infected!!
.
--------
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-12 17:06 . 2011-04-12 17:06 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\GamePlayLabs Plugin
2011-04-07 09:25 . 2011-04-07 09:32 -------- d-----w- c:\program files\Common Files\BioWare
2011-04-05 23:00 . 2011-04-05 23:00 312371 ----a-w- c:\windows\system32\binkw32.dll
2011-04-05 22:59 . 2011-04-05 22:58 53248 ----a-w- c:\windows\system32\ogg.dll
2011-04-05 22:57 . 2011-04-05 22:56 999424 ----a-w- c:\windows\system32\vorbisfile.dll
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\program files\Common Files\Steam
2011-04-04 19:56 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 18:53 . 2011-03-29 18:53 -------- d-----w- C:\AMD
2011-03-28 19:05 . 2011-03-28 19:08 -------- d-----w- c:\documents and settings\Home\-= Suicide Girls
2011-03-27 22:26 . 2011-03-27 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
2011-03-27 10:52 . 2011-03-27 11:58 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\ReaJPEG
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\program files\ReaSoft
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\documents and settings\Home\Data aplikací\ReaSoft
2011-03-18 09:04 . 2011-03-18 09:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-18 09:04 . 2011-03-18 09:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-18 09:04 . 2011-03-18 09:04 -------- d-----w- c:\documents and settings\Home\Data aplikací\PunkBuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 10:31 . 2010-11-27 15:59 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-03-28 18:05 . 2011-02-08 00:23 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2011-03-14 21:07 . 2011-03-14 21:07 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2011-02-23 14:04 . 2010-07-29 01:09 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-07-28 23:53 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-07-28 23:53 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-07-28 23:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-07-28 23:53 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2010-07-28 23:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2010-07-28 23:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2010-07-28 23:53 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2010-07-28 23:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-18 12:29 . 2010-12-21 07:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-18 12:24 . 2011-03-02 11:49 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-15 00:41 . 2011-02-08 00:23 88 --sh--r- c:\documents and settings\All Users\Data aplikací\60F90C9A4B.sys
2011-02-09 08:44 . 2010-11-14 10:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-02 20:40 . 2011-03-15 12:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-08-04 17:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-10-20 19:28 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-01-08 04:47 392424 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 12:43 884736 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2009-12-14 22:43 515560 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="d:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\program files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe PCD\\cache\\cache.db"=
"c:\\Program Files\\Common Files\\Adobe\\dynamiclink\\CS5\\dynamiclinkmanager.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\program files\\Steam\\Steam.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX9.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX11.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2010 2:59 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.4.2011 21:56 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.7.2010 1:53 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.7.2010 1:53 19544]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [27.11.2010 18:30 77824]
R2 RadeonPro Support Service;RadeonPro Support Service;c:\program files\RadeonPro\RadeonProSupport.exe [2.2.2011 17:25 12800]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.2.2011 14:27 1517376]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2010 1:53 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14.4.2008 8:52 14336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [15.12.2009 0:43 515560]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [1.2.2008 23:37 99968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [15.2.2011 11:04 16240]
S4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [15.2.2011 12:22 4869488]
S4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [15.2.2011 12:22 416112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
uInternet Settings,ProxyServer = 210.193.178.187:80
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Home\Data aplikací\Mozilla\Firefox\Profiles\8zbisoz5.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ&psa=&ind=2010121913&ptnrS=GRfox000&si=&st=kwd&n=77d006b9&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 12:47
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{1EB5AADC-51A7-F9CF-0161-58F13607C63F}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92FDF409-EEE7-10C8-BA44-A79E405ABB26}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"iaplgjionoemilafmc"=hex:6a,61,6c,66,68,70,64,6e,67,62,69,64,6a,64,67,67,61,6c,
67,6c,00,00
"hanlakbkkfboedpg"=hex:6a,61,6c,66,68,70,64,6e,67,62,69,64,6a,64,67,67,61,6c,
67,6c,00,09
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:d4,bd,bd,06,65,88,dc,e4,72,f0,8e,85,11,b3,6d,fd,41,e5,d0,71,cb,00,fd,
f7,10,e1,65,c6,19,63,68,91,1b,43,9a,01,38,6a,55,5e,5a,62,f3,7f,26,a7,48,d9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WLDAP32.dll
.
- - - - - - - > 'explorer.exe'(16780)
c:\windows\system32\msi.dll
c:\progra~1\MICROS~2\OFFICE11\MCPS.DLL
.
Completion time: 2011-04-16 12:51:25
ComboFix-quarantined-files.txt 2011-04-16 10:51
.
Pre-Run: 6 064 558 080
Post-Run: 6 018 867 200
.
- - End Of File - - EDF415AD0201527DC2DFA4187F06F59F

Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:

FCopy::
C:\WINDOWS\ServicePackFiles\i386\kernel32.dll | c:\windows\system32\kernel32.dll

Regnull::
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{92FDF409-EEE7-10C8-BA44-A79E405ABB26}*]

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

ComboFix 11-04-15.05 - Home . 04. 2011 13:06:36.5.1 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1029.18.1789.1065 [GMT 2:00]
Running from: c:\documents and settings\Home\Plocha\ComboFix.exe
Command switches used :: c:\documents and settings\Home\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *Disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.
.
((((((((((((((((((((((((( Files Created from 2011-03-16 to 2011-04-16 )))))))))))))))))))))))))))))))
.
.
2011-04-12 17:06 . 2011-04-12 17:06 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\GamePlayLabs Plugin
2011-04-07 09:25 . 2011-04-07 09:32 -------- d-----w- c:\program files\Common Files\BioWare
2011-04-05 23:00 . 2011-04-05 23:00 312371 ----a-w- c:\windows\system32\binkw32.dll
2011-04-05 22:59 . 2011-04-05 22:58 53248 ----a-w- c:\windows\system32\ogg.dll
2011-04-05 22:57 . 2011-04-05 22:56 999424 ----a-w- c:\windows\system32\vorbisfile.dll
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\documents and settings\All Users\Nabdka Start
2011-04-05 22:34 . 2011-04-05 22:34 -------- d-----w- c:\program files\Common Files\Steam
2011-04-04 19:56 . 2011-02-23 13:56 371544 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-03-29 18:53 . 2011-03-29 18:53 -------- d-----w- C:\AMD
2011-03-28 19:05 . 2011-03-28 19:08 -------- d-----w- c:\documents and settings\Home\-= Suicide Girls
2011-03-27 22:26 . 2011-03-27 22:26 -------- d-----w- c:\documents and settings\All Users\Data aplikací\EA Core
2011-03-27 10:52 . 2011-03-27 11:58 -------- d-----w- c:\documents and settings\Home\Local Settings\Data aplikací\ReaJPEG
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\program files\ReaSoft
2011-03-27 10:51 . 2011-03-27 10:51 -------- d-----w- c:\documents and settings\Home\Data aplikací\ReaSoft
2011-03-18 09:04 . 2011-03-18 09:04 189248 ----a-w- c:\windows\system32\PnkBstrB.exe
2011-03-18 09:04 . 2011-03-18 09:04 75136 ----a-w- c:\windows\system32\PnkBstrA.exe
2011-03-18 09:04 . 2011-03-18 09:04 -------- d-----w- c:\documents and settings\Home\Data aplikací\PunkBuster
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-16 10:31 . 2010-11-27 15:59 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2011-03-28 18:05 . 2011-02-08 00:23 2828 --sha-w- c:\documents and settings\All Users\Data aplikací\KGyGaAvL.sys
2011-03-14 21:07 . 2011-03-14 21:07 2330880 ----a-w- c:\windows\system32\TUKernel.exe
2011-02-23 14:04 . 2010-07-29 01:09 40648 ----a-w- c:\windows\avastSS.scr
2011-02-23 14:04 . 2010-07-28 23:53 190016 ----a-w- c:\windows\system32\aswBoot.exe
2011-02-23 13:56 . 2010-07-28 23:53 301528 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-02-23 13:55 . 2010-07-28 23:53 49240 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-02-23 13:55 . 2010-07-28 23:53 102232 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-02-23 13:55 . 2010-07-28 23:53 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-02-23 13:55 . 2010-07-28 23:53 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-02-23 13:54 . 2010-07-28 23:53 30680 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-02-23 13:54 . 2010-07-28 23:53 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-02-18 12:29 . 2010-12-21 07:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2011-02-18 12:24 . 2011-03-02 11:49 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2011-02-15 00:41 . 2011-02-08 00:23 88 --sh--r- c:\documents and settings\All Users\Data aplikací\60F90C9A4B.sys
2011-02-09 08:44 . 2010-11-14 10:00 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
2011-02-02 20:40 . 2011-03-15 12:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-02 18:19 . 2010-08-04 17:58 73728 ----a-w- c:\windows\system32\javacpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 14:04 122512 ----a-w- c:\program files\Alwil Software\Avast5\ashShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avast5"="c:\progra~1\ALWILS~1\Avast5\avastUI.exe" [2011-02-23 3451496]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2010-05-26 1043968]
"NotebookHardwareControl"="c:\program files\Notebook Hardware Control\nhc.exe" [2007-05-04 2629632]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-09-20 21:07 932288 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2011-01-31 08:44 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-10-20 19:28 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-01-08 04:47 392424 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTFMON.EXE]
2008-04-14 06:52 15360 ----a-w- c:\windows\system32\ctfmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2010-04-01 09:16 357696 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
2009-06-17 10:13 2363392 ----a-w- c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 13:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMAX]
2008-03-24 12:43 884736 ----a-w- c:\program files\Analog Devices\SoundMAX\SMax4.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2008-01-21 10:17 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2009-12-14 22:43 515560 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"ctfmon.exe"=c:\windows\system32\ctfmon.exe
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Steam"="d:\program files\Steam\Steam.exe" -silent
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"HP Software Update"=c:\program files\Hp\HP Software Update\HPWuSchd2.exe
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=
"d:\\program files\\StrongDC\\StrongDC.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Common Files\\Adobe\\Adobe PCD\\cache\\cache.db"=
"c:\\Program Files\\Common Files\\Adobe\\dynamiclink\\CS5\\dynamiclinkmanager.exe"=
"c:\\Program Files\\Vuze\\Azureus.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\program files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"d:\\program files\\Steam\\Steam.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX9.exe"=
"d:\\program files\\CAPCOM\\LOST PLANET 2\\LP2DX11.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:*:Disabled:@xpsp2res.dll,-22009
.
R0 SFAUDIO;Sonic Focus DSP Driver;c:\windows\system32\drivers\sfaudio.sys [28.3.2008 11:14 24064]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [29.7.2010 2:59 691696]
R1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [4.4.2011 21:56 371544]
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [29.7.2010 1:53 301528]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [29.7.2010 1:53 19544]
R2 Notebook Hardware Control Service;Notebook Hardware Control Service;c:\program files\Notebook Hardware Control\nhcservice.exe [27.11.2010 18:30 77824]
R2 RadeonPro Support Service;RadeonPro Support Service;c:\program files\RadeonPro\RadeonProSupport.exe [2.2.2011 17:25 12800]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe [18.2.2011 14:27 1517376]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [29.7.2010 1:53 136176]
S3 nosGetPlusHelper;getPlus(R) Helper 3004;c:\windows\System32\svchost.exe -k nosGetPlusHelper [14.4.2008 8:52 14336]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [15.12.2009 0:43 515560]
S3 TF1D091010;TF1D091010;c:\windows\system32\drivers\TF1D091010.sys [1.2.2008 23:37 99968]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys [29.11.2010 20:27 10064]
S3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\drivers\wacmoumonitor.sys [15.2.2011 11:04 16240]
S4 TabletServicePen;TabletServicePen;c:\program files\Tablet\Pen\Pen_Tablet.exe [15.2.2011 12:22 4869488]
S4 TouchServicePen;Wacom Consumer Touch Service;c:\program files\Tablet\Pen\Pen_TouchService.exe [15.2.2011 12:22 416112]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
nosGetPlusHelper REG_MULTI_SZ nosGetPlusHelper
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 10:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
2011-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-07-28 23:53]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
uInternet Settings,ProxyServer = 210.193.178.187:80
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Home\Data aplikací\Mozilla\Firefox\Profiles\8zbisoz5.default\
FF - prefs.js: browser.search.selectedEngine - My Web Search
FF - prefs.js: browser.startup.homepage - hxxp://home.mywebsearch.com/index.jhtml?n=77C09F4F&ptnrS=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ
FF - prefs.js: keyword.URL - hxxp://search.mywebsearch.com/mywebsearch/GGmain.jhtml?id=GRfox000&ptb=.CbhC69GUmPN5syOmgtgYQ&psa=&ind=2010121913&ptnrS=GRfox000&si=&st=kwd&n=77d006b9&searchfor=
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
FF - Ext: Adobe DLM (powered by getPlus(R)): {E2883E8F-472F-4fb0-9522-AC9BF37916A7} - %profile%\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: GamePlayLabs Plugin: plugin2@gameplaylabs.com - %profile%\extensions\plugin2@gameplaylabs.com
FF - user.js: network.http.max-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-16 13:21
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-725345543-630328440-682003330-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"??"=hex:d4,bd,bd,06,65,88,dc,e4,72,f0,8e,85,11,b3,6d,fd,41,e5,d0,71,cb,00,fd,
f7,10,e1,65,c6,19,63,68,91,1b,43,9a,01,38,6a,55,5e,5a,62,f3,7f,26,a7,48,d9,\
"??"=hex:35,fc,c6,3d,c9,02,ad,db,37,1f,61,de,0f,33,8f,50
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1112)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\WLDAP32.dll
.
- - - - - - - > 'explorer.exe'(31132)
c:\windows\system32\msi.dll
.
Completion time: 2011-04-16 13:42:34
ComboFix-quarantined-files.txt 2011-04-16 11:42
ComboFix2.txt 2011-04-16 10:51
.
Pre-Run: 6 026 833 920
Post-Run: 6 006 661 120
.
- - End Of File - - 030851E37A29C580DD94F58DD5A0F210

1 soubor byl překopírován ze zálohy a byl odstraněn 1 klíč z registry. Zbytek logu už vypadá čistý.

jj pomohlo to ale ajtak to neni ono robim scan cez MBAM a zatial našlo nejakych 5 infikovanych suborov

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 6373

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

16. 4. 2011 15:53:58
mbam-log-2011-04-16 (15-53-58).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 176827
Uplynulý čas: 1 hodin, 37 minut, 36 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
c:\documents and settings\Home\dokumenty\downloads\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.
c:\documents and settings\Home\dokumenty\downloads\mediapluginsetup (1).exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\dokumenty\downloads\mediapluginsetup.exe (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\local settings\data aplikací\gameplaylabs plugin\BHO.dll (Spyware.GamePlayLabs) -> Quarantined and deleted successfully.
c:\documents and settings\Home\Plocha\desktop.exe (Joke.Stressreducer) -> Quarantined and deleted successfully.

OK. Tyto soubory tam mohly být. CF vyhledá převážně ty spuštěné. Tyto patrně spuštěny nebyly. MBAM je smazal.

hm len stale to neni ono ..občas mi zamrzne nejaka aplikacia a ešte aj ked chcem cez task manager ju dam zrušiť uplne tak zamrzne aj ten task manager...

Zkuste obnovu systému ki datu, kdy korketně fungoval.

VIRY.CZ

poprosim kontrolu našla sa haveď

poprosim kontrolu našla sa haveď

Re: poprosim kontrolu našla sa haveď

Re: poprosim kontrolu našla sa haveď

Re: poprosim kontrolu našla sa haveď

Re: poprosim kontrolu našla sa haveď

Re: poprosim kontrolu našla sa haveď

Re: poprosim kontrolu našla sa haveď

Re: poprosim kontrolu našla sa haveď