HJT-kontrola Vyřešeno

[jaro3]

Jo , takže dalšé script v Combofixu:

Kód: Vybrat vše

KillAll::
File::
c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.0.cs
c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.cmdline
c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.dll
c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.err
c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.out

Pak log z CF.

[Reklama]

[kevin31171]

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému


tohle udělam jak?

[kevin31171]

dobře...

[kevin31171]

Tady jo ce!Dneska jdu..takže mi když tak napiš ještě info na zítra díkes moc a čau..




ComboFix 10-05-20.02 - Admin 20.05.2010 21:25:53.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.3070.2348 [GMT 2:00]
Spuštěný z: c:\documents and settings\Admin\Dokumenty\Stažené soubory\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Admin\Plocha\CFScript.txt
AV: avast! antivirus 4.8.1368 [VPS 100305-0] *On-access scanning disabled* (Outdated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: Spyware Terminator *On-access scanning enabled* (Updated) {55EE49A8-16BE-4601-BBE6-607B7F7317DE}

FILE ::
"c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.0.cs"
"c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.cmdline"
"c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.dll"
"c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.err"
"c:\docume~1\Admin\LOCALS~1\Temp\_7hbs2ra.out"
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-04-20 do 2010-05-20 )))))))))))))))))))))))))))))))
.

2010-05-19 18:43 . 2010-04-29 13:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-05-19 18:43 . 2010-05-19 18:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-19 18:43 . 2010-04-29 13:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-05-19 17:30 . 2010-05-19 17:30 -------- d-----w- c:\program files\Trend Micro
2010-05-19 15:05 . 2010-05-19 15:05 -------- d-----w- c:\program files\SUPERAntiSpyware
2010-05-19 14:34 . 2010-05-19 14:34 -------- d-----w- c:\program files\CCleaner
2010-05-19 14:06 . 2010-05-20 16:01 -------- d-----w- c:\program files\Spybot - Search & Destroy
2010-05-19 13:26 . 2010-05-19 13:26 -------- d-----w- c:\program files\Fighters
2010-05-16 08:24 . 2010-05-19 12:17 -------- d-----w- c:\program files\WinClamAVShield
2010-05-11 17:47 . 2010-05-11 17:47 -------- d-----w- c:\documents and settings\Admin\.thumbnails
2010-05-11 17:20 . 2010-05-13 17:27 -------- d-----w- c:\documents and settings\Admin\.gimp-2.6
2010-05-11 17:19 . 2010-05-11 17:19 -------- d-----w- c:\program files\GIMP-2.0
2010-05-10 14:04 . 2010-05-10 14:09 -------- d-----w- c:\program files\DivX
2010-05-09 18:01 . 2010-05-09 18:01 -------- d-----w- c:\program files\Zoner
2010-05-09 18:01 . 2010-05-19 15:05 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-09 14:23 . 2010-05-11 15:22 -------- d-----w- c:\program files\Counter-Strike Source
2010-05-09 09:37 . 2010-05-09 10:12 -------- d-----w- c:\program files\Zaparit
2010-04-23 14:15 . 2010-04-23 14:15 142592 ----a-w- c:\windows\system32\drivers\sp_rsdrv2.sys
2010-04-23 14:15 . 2010-05-20 15:24 -------- d-----w- c:\program files\Spyware Terminator
2010-04-22 19:24 . 2010-04-22 19:24 -------- d--h--w- c:\windows\PIF

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-05-20 19:30 . 2009-12-13 06:47 17488 ----a-w- c:\windows\gdrv.sys
2010-05-19 19:20 . 2010-01-01 12:39 -------- d-----w- c:\program files\Cheat Engine
2010-05-19 18:51 . 2010-01-23 10:06 -------- d-----w- c:\program files\SwiftKit
2010-05-19 18:27 . 2009-12-13 06:10 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-05-19 15:55 . 2002-09-23 12:00 90816 ----a-w- c:\windows\system32\perfc005.dat
2010-05-19 15:55 . 2002-09-23 12:00 458148 ----a-w- c:\windows\system32\perfh005.dat
2010-05-17 10:39 . 2009-12-25 10:59 -------- d-----w- c:\program files\Lineage II
2010-05-16 06:35 . 2009-12-30 14:12 -------- d-----r- c:\program files\Skype
2010-03-29 10:15 . 2010-03-29 10:15 -------- d-----w- c:\program files\Common Files\Skype
2010-03-10 06:17 . 2002-09-23 12:00 420352 ----a-w- c:\windows\system32\vbscript.dll
2010-03-08 17:59 . 2010-03-08 17:59 94208 ----a-w- c:\windows\system32\dpl100.dll
2010-03-03 14:49 . 2010-03-03 14:49 82432 ----a-w- c:\windows\system32\msxml4r.dll
2010-02-25 06:18 . 2002-09-23 12:00 916480 ----a-w- c:\windows\system32\wininet.dll
2010-02-24 13:11 . 2002-09-23 12:00 455680 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-02-22 19:59 . 2009-12-25 07:11 215104 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-02-22 19:46 . 2009-12-25 07:11 138576 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-02-20 19:16 . 2009-12-25 07:11 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-20 10:33 . 2009-12-25 07:11 669184 ----a-w- c:\windows\system32\pbsvc.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\lib\NMBgMonitor.exe" [2005-12-16 94208]
"EA Core"="c:\program files\Electronic Arts\EADM\Core.exe" [2008-07-22 2772992]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2009-12-30 306088]
"Skype"="c:\program files\Skype\\Phone\Skype.exe" [2010-05-07 26211624]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-12-30 39408]
"Comrade.exe"="c:\program files\GameSpy\Comrade\Comrade.exe" [2007-06-29 36864]
"Steam"="c:\valve\steam\steam.exe" [2010-05-07 1238352]
"SpywareTerminatorUpdate"="c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe" [2010-04-23 3037696]
"StartServicePBFTTHRF"="c:\documents and settings\Admin\Local Settings\Data aplikací\PBFTTHRF\StartService.exe" [2010-05-13 409600]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2010-05-06 2017280]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-03-25 134656]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-03-25 166912]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-03-25 136192]
"RTHDCPL"="RTHDCPL.EXE" [2009-01-13 18084864]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-09-18 98304]
"SpywareTerminator"="c:\program files\Spyware Terminator\SpywareTerminatorShield.exe" [2010-04-23 2176512]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-04-12 1135912]
"StartServicePBFTTHRF"="c:\documents and settings\Admin\Local Settings\Data aplikací\PBFTTHRF\StartService.exe" [2010-05-13 409600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Admin\Nabˇdka Start\Programy\Po spuçtŘnˇ\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2009-05-24 304128]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 13:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FarCry2.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Launcher.exe"=
"c:\\Program Files\\Ubisoft\\Far Cry 2\\bin\\FC2Editor.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Původní data\\Plocha\\OpenLieroX\\OpenLieroX.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\FlatOut2\\FlatOut2.exe"=
"c:\\Program Files\\Electronic Arts\\EADM\\Core.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\Crysis.exe"=
"c:\\Program Files\\Electronic Arts\\Crytek\\Crysis\\Bin32\\CrysisDedicatedServer.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Valve\\hlds.exe"=
"c:\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Spyware Terminator\\SpywareTerminatorUpdate.exe"=
"c:\\Valve\\Steam\\steamapps\\pogrom5\\counter-strike\\hl.exe"=
"c:\\Valve\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4mp.exe"=
"c:\\Valve\\Steam\\steamapps\\common\\call of duty modern warfare 2\\iw4sp.exe"=
"c:\\Program Files\\Counter-Strike Source\\hl2.exe"=
"c:\\Program Files\\Counter-Strike Source\\srcds.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [20.12.2009 8:42 114768]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [17.2.2010 11:25 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [6.5.2010 17:10 68168]
R1 sp_rsdrv2;Spyware Terminator Driver 2;c:\windows\system32\drivers\sp_rsdrv2.sys [23.4.2010 16:15 142592]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [20.12.2009 8:42 20560]
R2 dvdmmg;dvdmmg;c:\windows\system32\drivers\dvdmmg.sys [6.9.2007 12:15 5504]
R2 ES lite Service;ES lite Service for program management.;c:\program files\Gigabyte\EasySaver\essvr.exe [13.12.2009 8:10 68136]
R3 NETDLWL;D-Link Air Wireless Adapter(DL) NT Driver;c:\windows\system32\drivers\NETDLWL.sys [13.12.2009 8:48 159104]
S2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [19.3.2010 19:35 135664]
.
Obsah adresáře 'Naplánované úlohy'

2010-05-19 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]

2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 17:34]

2010-05-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-03-19 17:34]

2010-05-20 c:\windows\Tasks\SLOW-PCfighter-Admin-Startup.job
- c:\program files\Fighters\SLOW-PCfighter\SLOW-PCfighter.exe [2010-03-18 15:41]

2010-05-20 c:\windows\Tasks\User_Feed_Synchronization-{DA571E9D-91C1-411B-8BF7-4644F5CF44B3}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 03:31]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.zaparit.cz/
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_96D6FF0C6D236BF8.dll/cmsidewiki.html
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\wquuy4nn.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - component: c:\documents and settings\Admin\Data aplikací\Mozilla\Firefox\Profiles\wquuy4nn.default\extensions\piclens@cooliris.com\components\coolirisstub.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

AddRemove-BarDiscover - c:\program files\BarDiscover\uninstall.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-05-20 21:32
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-602162358-790525478-839522115-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:2d,7f,98,69,04,d9,2f,5a,1a,20,a7,19,5e,39,5a,67,b5,68,fd,ad,9e,b5,33,
25,91,03,39,59,aa,d7,17,27,df,b5,d4,52,29,b8,4f,80,42,18,21,4e,b7,06,97,93,\
"??"=hex:a1,5e,47,db,25,65,bb,27,8b,92,55,34,10,3f,d9,49

[HKEY_USERS\S-1-5-21-602162358-790525478-839522115-1003\Software\SecuROM\License information*]
"datasecu"=hex:94,a4,95,22,d2,c1,93,43,61,7e,12,4d,62,4e,90,8c,a7,ce,26,c7,ca,
ca,37,f0,98,3c,ef,23,85,e0,10,6c,2c,50,91,36,4c,ce,c0,b1,da,14,8d,b8,a6,aa,\
"rkeysecu"=hex:5e,72,2e,c6,89,cb,d2,08,76,2c,7a,f5,44,47,da,fd
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(900)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(2640)
c:\progra~1\WINDOW~2\wmpband.dll
c:\program files\Windows Desktop Search\deskbar.dll
c:\program files\Windows Desktop Search\cs-cz\dbres.dll.mui
c:\program files\Windows Desktop Search\dbres.dll
c:\program files\Windows Desktop Search\wordwheel.dll
c:\program files\Windows Desktop Search\cs-cz\msnlExtRes.dll.mui
c:\program files\Windows Desktop Search\msnlExtRes.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\RTHDCPL.EXE
c:\program files\Skype\Phone\Skype.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\PnkBstrB.exe
c:\program files\Spyware Terminator\sp_rsser.exe
c:\windows\system32\SearchIndexer.exe
c:\program files\Alwil Software\Avast4\ashMaiSv.exe
c:\program files\Alwil Software\Avast4\ashWebSv.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\system32\wscntfy.exe
c:\program files\Skype\Plugin Manager\skypePM.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Celkový čas: 2010-05-20 21:36:13 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-05-20 19:36
ComboFix2.txt 2010-05-20 18:29
ComboFix3.txt 2010-05-20 14:23
ComboFix4.txt 2010-05-19 19:32

Před spuštěním: Volných bajtů: 304 820 801 536
Po spuštění: Volných bajtů: 304 783 970 304

- - End Of File - - 7A532030DA43A5E7F70B44CE9607B1B9

[jaro3]

Fajn , takže zítra.

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

vyčisti systém CCleanerem

a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj AVG či Avast, následně T-Cleaner smaž a zapni si AVG či Avast.

////////////////////////////////////////////////////////////

Vypni rez.ochrany a firewall.

Spusť F-Secure Online Scanner

Tento skener je možno použít jen v prohlížeči Internet Explorer (není již podmínkou)! Postupuj podle instrukcí na stránce F-Secure pro správnou instalaci. Akceptuj licenci. Po instalaci ActiveX, klikni na Full System Scan. Když stahování skončeno, automaticky začne sken . Vyčkej konce skenu, po jeho dobu neprováděj jiné operace ani neklikej myší. Když skončí sken klikni na tlačítko Automatic clearing (recommended). Poté klikni na tlačítko Show Report a zkopíruj a vlož sem .

[kevin31171]

Scanning Report
Friday, May 21, 2010 14:39:23 - 15:07:18

Computer name: GIGABYTE
Scanning type: Scan system for malware, spyware and rootkits
Target: C:\ E:\
4 malware found
TrackingCookie.Doubleclick (spyware)

* System (Disinfected)

Suspicious:W32/Malware!Gemini (virus)

* C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\SCRIPTABLE PROGRAMS\ELITE MACRO 1.1\ELITEMACRO.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\GUIDES & INFO\RS MILLIONS EBOOK 1.3.EXE (Not cleaned & Submitted)

Suspicious:W32/Malware!Gemini (virus)

* C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\CLIENTS\ELITE CLIENT 1.2\ELITECLIENT.EXE (Not cleaned & Submitted)

Statistics
Scanned:

* Files: 65780
* System: 4549
* Not scanned: 10

Actions:

* Disinfected: 1
* Renamed: 0
* Deleted: 0
* Not cleaned: 3
* Submitted: 3

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\WINDOWS\SYSTEM32\CONFIG\SAM
* C:\WINDOWS\SYSTEM32\CONFIG\SECURITY
* C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE
* C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM
* C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMIN\3776
* C:\DOCUMENTS AND SETTINGS\ADMIN\LOCAL SETTINGS\TEMP\HSPERFDATA_ADMIN\3304
* C:\DOCUMENTS AND SETTINGS\ADMIN\DATA APLIKACÍ\SKYPE\ETILQS_P3GGVH7HLOXFVLL00J7Z
* C:\DOCUMENTS AND SETTINGS\ADMIN\DATA APLIKACÍ\SKYPE\ETILQS_UQSU3YKUMQHRU9HJOWEL

Options
Scanning engines:

Scanning options:

* Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR
* Use advanced heuristics

Copyright © 1998-2009 Product support | Send virus sample to F-Secure
F-Secure assumes no responsibility for material created or published by third parties that F-Secure World Wide Web pages have a link to. Unless you have clearly stated otherwise, by submitting material to any of our servers, for example by E-mail or via our F-Secure's CGI E-mail, you agree that the material you make available may be published in the F-Secure World Wide Pages or hard-copy publications. You will reach F-Secure public web site by clicking on underlined links. While doing this, your access will be logged to our private access statistics with your domain name. This information will not be given to any third party. You agree not to take action against us in relation to material that you submit. Unless you have clearly stated otherwise, by submitting material you warrant that F-Secure may incorporate any concepts described in it in the F-Secure products/publications without liability.

[jaro3]

Tak ten ELITE CLIENT 1.2 , budeme muset smazat ( soubory), nebo to odinstaluj celý / napřed).

Potom (pro jistotu):

Stáhni si program OTM (by OldTimer)
a ulož si ho na disk C a spusť ho.
- Do levého sloupce (Paste Instructions for Items to be Moved) zkopíruj tyto cesty:
Poznámka: Nepoužij k označení funkci VYBRAT VŠE

Kód: Vybrat vše

:Processes
explorer.exe

:Services

:Reg

:Files
C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\SCRIPTABLE PROGRAMS\ELITE MACRO 1.1\ELITEMACRO.EXE
C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\GUIDES & INFO\RS MILLIONS EBOOK 1.3.EXE
C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\CLIENTS\ELITE CLIENT 1.2\ELITECLIENT.EXE

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]


- Po zkopírování klikni na tlačítko MoveIt! a vlož sem následně celý obsah z pravého sloupce, jinak uložený ve složce C:\_OTMoveIt\MovedFiles\, který bude informovat o výsledcích
- Je možné, že pokud nebudou moci být soubory odstraněny, budeš dotázán na restart počítače, v tom případě restart potvrď.

[kevin31171]

All processes killed
========== PROCESSES ==========
No active process named explorer.exe was found!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\SCRIPTABLE PROGRAMS\ELITE MACRO 1.1\EliteMacro.exe moved successfully.
C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\GUIDES & INFO\RS Millions eBook 1.3.exe moved successfully.
C:\PŮVODNÍ DATA\PLOCHA\RS\ULTIMATE CHEAT PACK\CLIENTS\ELITE CLIENT 1.2\Eliteclient.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Admin
->Temp folder emptied: 176394753 bytes
->Temporary Internet Files folder emptied: 11434559 bytes
->Java cache emptied: 66124 bytes
->FireFox cache emptied: 39651823 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2290 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1139202 bytes
%systemroot%\System32 .tmp files removed: 2514 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16985 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 218,00 mb


OTM by OldTimer - Version 3.1.12.0 log created on 05212010_154155

[jaro3]

Jak se chová PC? Je to v pořádku?

[kevin31171]

jojo už jo

[kevin31171]

Jestli je to vše tak moc děkuju!!!
když se něco bude dít tak napíšu fakt moc díky..

[jaro3]

Nemáš zač , můžeš smazat OTM.

Pokud nejsou problémy , je to vše a můžeš dát vyřešeno , zelenou fajfku.