Virus Policia

[hunterwx]

cavte vsetci... uz po niekolký krat sa mi stalo to ze v pc sa mi objavil tento virus policia SR zablokovala vas pc...
No spociatku to slo cez nudzovy rezim a obnovu systemu vymazat... na druhy krat uz obnova nepomohla a musel som pouzit rogue killer a to pomohlo, na dalsi krat to uz bolo problematicke lebo tento virus mi napadol aj nudzovy rezim a neslo nijako pustit nic az nejakym zazrakom slo pustit uz spominany soft rogue... a dnes uz bol problem enormny neslo absolutne nic len nudzovy rezim s prikazovym riadkom ale rogue nepomohol... bol som nuteny pustit z USB Combo Fix a ten problem vyriesil no neviem ci mam nieco v pc alebo preco sa toto deje skuste pozret nato ... podotikam te Combo bola posledna moznost a sory nemal som moznost netu tak som nemal ako kontaktovat odbornikov tu pridávam log z comba

ComboFix 13-03-20.02 - Administrator . 03. 2013 20:13:06.13.2 - x86 MINIMAL
Running from: G:\ComboFix.exe
.
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
ADS - WINDOWS: deleted 192 bytes in 1 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator.DOMACNOS-86456E\Start Menu\Programs\Startup\runctf.lnk
c:\documents and settings\All Users\Application Data\4115363.js
c:\documents and settings\All Users\Application Data\4115363.pad
c:\documents and settings\All Users\Application Data\6042281.js
c:\documents and settings\All Users\Application Data\6042281.pad
c:\documents and settings\Monička\1822406.dll
c:\favoritevideo\InvisibleFolder
c:\windows\system32\Cache
c:\windows\system32\Cache\07ba4884d5df1b6c.fb
c:\windows\system32\Cache\26c630d098e22dd5.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\6d4db1e0d0073606.fb
c:\windows\system32\Cache\76a3ec91bb901181.fb
c:\windows\system32\Cache\95f567698be8a182.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\b95cf15ef49aece2.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\URTTemp
c:\windows\system32\URTTemp\fusion.dll
c:\windows\system32\URTTemp\mscoree.dll
c:\windows\system32\URTTemp\mscoree.dll.local
c:\windows\system32\URTTemp\mscorsn.dll
c:\windows\system32\URTTemp\mscorwks.dll
c:\windows\system32\URTTemp\msvcr71.dll
c:\windows\system32\URTTemp\regtlib.exe
c:\windows\wt
c:\windows\wt\backup\1.6.1.001\_privacy.txt
c:\windows\wt\backup\1.6.1.001\info.txt
c:\windows\wt\info.txt
c:\windows\wt\updater\_privacy.txt
c:\windows\wt\updater\data.wts
c:\windows\wt\updater\wtlog.txt
c:\windows\wt\wtupdates\wtupdater\appinfo.dat
c:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\legacy\data.wts
c:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\nsiwthostplugin.xpt
c:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\wdcaps.ded
c:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\wildtangent.jar
c:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\wthost.jar
c:\windows\wt\wtupdates\wtwebdriver\files\3.3.1.001\wtmulti.jar
.
.
((((((((((((((((((((((((( Files Created from 2013-02-20 to 2013-03-20 )))))))))))))))))))))))))))))))
.
.
2013-03-18 17:03 . 2013-03-18 17:03 -------- d-----w- c:\documents and settings\Administrator.DOMACNOS-86456E\Application Data\GlarySoft
2013-03-18 15:48 . 2013-03-18 17:01 -------- d-----w- c:\windows\D8167CA8236B4334B77DF388F494EE18.TMP
2013-03-18 15:48 . 2013-03-18 15:48 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2013-03-18 15:33 . 2013-03-18 15:33 -------- d-----w- c:\windows\system32\wbem\Repository
2013-03-18 15:08 . 2013-03-18 15:08 -------- d-sh--w- c:\documents and settings\Administrator.DOMACNOS-86456E\PrivacIE
2013-03-18 14:42 . 2013-03-18 14:42 113152 ----a-w- c:\documents and settings\Monička\3635114.dll
2013-03-04 16:53 . 2013-03-04 16:53 -------- d-----w- c:\documents and settings\NetworkService\Application Data\DealPly
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-18 17:11 . 2012-04-15 06:29 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-18 17:11 . 2011-06-15 05:45 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-19 12:25 . 2012-12-17 14:00 33112 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2013-02-05 20:05 . 2004-08-03 23:56 916480 ----a-w- c:\windows\system32\wininet.dll
2013-02-05 20:05 . 2004-08-03 23:56 1469440 ------w- c:\windows\system32\inetcpl.cpl
2013-02-05 20:05 . 2004-08-03 23:56 43520 ------w- c:\windows\system32\licmgr10.dll
2013-02-05 05:53 . 2004-08-03 21:59 385024 ------w- c:\windows\system32\html.iec
2013-01-26 03:55 . 2004-08-03 23:56 552448 ------w- c:\windows\system32\oleaut32.dll
2013-01-07 01:19 . 2004-08-03 22:18 2148864 ------w- c:\windows\system32\ntoskrnl.exe
2013-01-07 00:37 . 2004-08-03 22:59 2027520 ------w- c:\windows\system32\ntkrnlpa.exe
2013-01-04 01:20 . 2004-08-03 22:17 1867264 ----a-w- c:\windows\system32\win32k.sys
2013-01-02 06:49 . 2004-08-03 23:56 148992 ------w- c:\windows\system32\mpg2splt.ax
2013-01-02 06:49 . 2004-08-03 23:56 1292288 ----a-w- c:\windows\system32\quartz.dll
2009-06-04 11:59 . 2009-06-04 11:59 23 ----a-w- c:\program files\hfkud16.sys
2009-04-12 12:41 . 2009-04-12 12:42 728858 ----a-w- c:\program files\Common Files\unins000.exe
2008-03-09 05:25 . 2009-04-12 12:42 236 ---ha-w- c:\program files\Common Files\dx.reg
2003-12-08 12:04 . 2009-04-11 14:18 827392 ----a-w- c:\program files\NPSWF32.dll
2007-11-06 23:19 . 2013-03-04 11:57 568832 ----a-w- c:\program files\opera\program\plugins\msvcp90.dll
2007-11-06 23:19 . 2013-03-04 11:57 655872 ----a-w- c:\program files\opera\program\plugins\msvcr90.dll
2012-10-24 17:50 . 2012-10-31 08:41 261600 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
2009-10-05 17:34 . 2009-11-09 16:20 118000 ----a-w- c:\program files\mozilla firefox\components\qippipe.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[-] 2008-04-14 . 561A50497324F378E30F55D09B4E1258 . 975872 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[-] 2004-08-03 . A5C1F2CF7C31874E66478910B43D6513 . 974336 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe
.
[-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\regedit.exe
[-] 2008-04-14 . 0B720CAE71F51A2B93811816F187BC0A . 224256 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\regedit.exe
[-] 2004-08-03 . 61F45E8000C6C5913D3D1DA451337364 . 224256 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\regedit.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-02-19 12:25 1929392 ----a-w- c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\14.2.0.1\AVG Secure Search_toolbar.dll" [2013-02-19 1929392]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-11 13574144]
"nwiz"="nwiz.exe" [2008-09-11 1657376]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-11 86016]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"RTHDCPL"="RTHDCPL.EXE" [2008-02-13 16857600]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2013-02-19 1151152]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-07-01 1447168]
.
c:\documents and settings\Monička\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
c:\documents and settings\Monička\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
ALFA plus - rýchle spustenie.lnk - c:\program files\KROS\ALFA plus\!System\ALFAplus.exe [2012-12-20 3363280]
.
c:\documents and settings\Monička\Start Menu\Programs\Startup\
RocketDock.lnk - c:\windows\BricoPacks\Vista Inspirat 2\RocketDock\RocketDock.exe [2007-3-18 630784]
TransBar.lnk - c:\windows\BricoPacks\Vista Inspirat 2\TransBar\TransBar.exe [2005-6-1 65536]
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2008-3-19 4742184]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Bonus.SSR.FR10]
2010-09-23 16:47 941320 ----a-w- d:\program files\ABBYY FineReader 10\Bonus.ScreenshotReader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
2012-12-10 16:29 2254768 ----a-w- c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TBPanel]
2008-09-05 16:24 2154496 ----a-w- c:\program files\Vtune\TBPANEL.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2009-04-10 17:29 37888 ----a-w- c:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Activision\\Call of Duty 2\\CoD2MP_s.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx9.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Dx10.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed\\AssassinsCreed_Launcher.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\SpacialAudio\\SAMBC\\SAMBC.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\javaw.exe"=
"c:\\Program Files\\Ares\\Ares.exe"=
"c:\\totalcmd\\TOTALCMD.EXE"=
"c:\\Program Files\\ICQ7.4\\ICQ.exe"=
"c:\\Program Files\\ICQ6.5\\ICQ.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBSP.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\ACBMP.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\AssassinsCreedBrotherhood.exe"=
"d:\\Program Files\\Ubisoft\\Assassin's Creed Brotherhood\\UPlayBrowser.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Winamp\\winamp.exe"=
"c:\\WINDOWS\\system32\\spool\\drivers\\w32x86\\3\\E_DUPA20.EXE"=
"c:\\Program Files\\LogMeIn Hamachi\\hamachi-2-ui.exe"=
"c:\\Program Files\\Opera\\pluginwrapper\\opera_plugin_wrapper.exe"=
"c:\\Program Files\\Ubisoft\\Ubisoft Game Launcher\\UbisoftGameLauncher.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRSP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\ACRMP.exe"=
"c:\\Program Files\\Ubisoft\\Assassin's Creed Revelations\\AssassinsCreedRevelations.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer.exe"=
"c:\\Program Files\\TeamViewer\\Version7\\TeamViewer_Service.exe"=
"d:\\Program Files\\EA GAMES\\MOHAA\\MOHAA.exe"=
"c:\\WINDOWS\\system32\\javaw.exe"=
"c:\\Program Files\\EA GAMES\\Need for Speed Most Wanted\\speed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1878:UDP"= 1878:UDP:Windows Media Format SDK (autorun.exe)
"1879:UDP"= 1879:UDP:Windows Media Format SDK (autorun.exe)
"1883:UDP"= 1883:UDP:Windows Media Format SDK (autorun.exe)
"20400:TCP"= 20400:TCP:KrosPort20400
"20401:TCP"= 20401:TCP:KrosPort20401
"20402:TCP"= 20402:TCP:KrosPort20402
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
R1 epfwtdir;epfwtdir;c:\windows\system32\DRIVERS\epfwtdir.sys [x]
R2 ABBYY.Licensing.FineReader.Corporate.10.0;ABBYY FineReader 10 CE Licensing Service;c:\program files\Common Files\ABBYY\FineReader\10.00\Licensing\CE\NetworkLicenseServer.exe [x]
R2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
R2 ekrn;Eset Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
R2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbguard.exe [x]
R2 FirebirdServerKROS_20400;Firebird Server - KROS_20400;c:\program files\KROS\KROS FBServer\Firebird001\bin\fbserver.exe [x]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R2 nlsX86cc;This service enables products that use the Nalpeiron Licensing System.;c:\windows\system32\nlssrv32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [x]
R3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files\Firebird\Firebird_2_1\bin\fbserver.exe [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-03-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-15 17:11]
.
2013-03-20 c:\windows\Tasks\GlaryInitialize.job
- c:\program files\Glary Utilities\initialize.exe [2012-09-13 06:46]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-13 10:28]
.
2013-03-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-06-13 10:28]
.
.
------- Supplementary Scan -------
.
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\documents and settings\Administrator.DOMACNOS-86456E\Application Data\Mozilla\Firefox\Profiles\8rhtratm.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - Ext: ICQ Toolbar: {800b5000-a755-47e1-992b-48a1c1357f07} - c:\program files\Mozilla Firefox\extensions\{800b5000-a755-47e1-992b-48a1c1357f07}
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\Java\jre6\lib\deploy\jqs\ff
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
AddRemove-{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2} - c:\program files\InstallShield Installation Information\{3B6E3FC6-274C-4B6C-BC85-5C3B15DE18E2}\setup.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2013-03-20 20:22
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
Completion time: 2013-03-20 20:24:46
ComboFix-quarantined-files.txt 2013-03-20 19:24
.
Pre-Run: 30 920 347 648 bytes free
Post-Run: 31 068 438 528 bytes free
.
- - End Of File - - EA30DE7F79C58E885B88ED877877997E

[Rudy]

Vzhledem k opakovanému svévolnému použití Combofixu vám nebude poskytnuta pomoc. Navíc vám uděluji 2. warn level.

[hunterwx]

ako som sa vyjadril ja som nemal inu moznost pisem nemam druhy pc a nemal som absolutne ziadnu inu moznost nedalo sa nic robit... nemam v okoli ziadneho kamosa ktory by kumne prisiel teraz vecer a pomohol mi s tym ze by mi poskytol svoj nb aby som sem mohol napisat

[Rudy]

Měl jste nejprve dát log ComboFix.

[hunterwx]

ale ako som sem mal dat hociaky log ked som nemal pristup vobec do pc a nie to este na net ja ani netusim ako sa mi podarilo spustit ten combofix cez prikazovy ale nic ine mi neslo nech som robil cokolvek skusal som najprv HJT ale po spusteni som sa nedokazal dostat k logu vobec nakolko ten sa mi ulozil na plochu a mne hned pc siel prec namal som sa knemu ako dostat ak by som nepouzil combofix tak som tu neni

[Rudy]

Hociaký? Dal jste log CF. Stejným způsobem jste mohl dát log RSIT. Logem CF jste smazal všechny stopy po případné nákaze.

[hunterwx]

tak skusim to vysvetlit este raz. Ja som nemal pristup do pc pristup do pc sa mi podarilo obnovit az po pouziti combofixu dovtedy som mal pristup len k prikazovemu rezimu aj to len ciastocne s tym ze mi slo len otvorit nieco na usb a nic viac takze nakolko na usb mam vela softov dufal som ze aj combo... dovtedy som nemal sancu spusit nic... spravil som toto spustil som HJT a dal som skenovat... dobre pc oskenovalo ale uz mi nevybehol log.. potom som siel do pc ci to nepojde ale hned ako mi naskocla obrazovka tak mi to vsetko opet seklo s tym virusom preto som pouzil combo. takze pustil som to a pc mi siel... log som mal uz ulozeny na C a od tial som ho skopiroval sem na forum podotikam opet nemal som inu moznost nemal som sa ako dostat do PC cize aj keby sa mi zazrakom podarilo spustit to RSIT alebo uz spominany HJT a slo by skopirovat log... nemal by som ho sem na forum ako dostat... ak by som aj mal nejaky iny pc co bohuzial nemam tak co spravim? nic ! skratka pri kazdom zapnuti pc mi skocil ten virus a mohol som akurat tak restartnut pc jeden a pol hod som to skusal nejako inak ale bohuzial neslo tak toto bola posledna moznost... viem ze CF sa nesmie ale co som si mal vybrat Combo alebo reinstal PC ved ma skus troska pochopit ... toto bola skutocne posledna moznost

[Rudy]

Pochopil bych vás, kdybyste již jednou neměl stejný prohřešek. Spouštění CF laikem je navýsost riskantní operace (ani odborník si to nedovolí bez předchozí kontroly jiným skenerem). Pokud jste to udělal opakovaně, stojím si za svým hodnocením. CF jste mohl spustit pouze po přístupu do PC (stejně tak jste mohl spustit RSIT). Takže se nevymlouvejte na to, že jste se bez CF do PC nemohl dostat.

[hunterwx]

CF som spustil cez nudzovy rezim s prikazovym riadkom, to bolo jedine co slo spustit nudzovy rezim s prikazovym riadkom dovtedy som cez tento prikazovy riadok spustil rogue killer taktiez hjt ale co som mal z toho ked mi potom neslo dostat do systemu? do systemu a prostredia windows cize na plochu som sa dostal az po pouziti CF... ktory som spustil cez prikazovy riadok v nudzovom rezime s prikazovym riadkom v ktorom som zadal prikaz G:\ComboFix.exe toto mi spustilo combofix ako aj ostatne programy ktore som skusal ale pri ostatnych som sa dostal len ku skenu ale nie k tomu aby som sem ten sken nejako dorucil... co je na tom nepochopitelne ? ked som pouzil CF pc mi uz nevyhadzovalo virus a dostal som pristup sem na forum a s tym aby som sem dal aj log prislusny... pisem bola to posledna moznost... co som mal ine robit? viem ze som ho pouzil uz 2x ale co som mal ine robit teraz? minule som povedal ze to uz pouzivat nebudem ale inak sa nedalo ako preco to nemozes pochopit? mimochodom RSIT ani nemam a neviem ako by som ho stiahol ked som nemal ani pristup na net velmi dobre viem od minuleho napomenutia ze ho pouzivat nemam ale co som mal robit? stale nechapem ako by si to riesil ty byt na mojom mieste a s rovnakym problemom

a ak mi neverite ze sa to da skuste pri starte pc stlacit F8 nasledne si spustite nudzovy rezim s prikazovym riadkom potom do prikazoveho riadka napiste pismeno jednotky v ktorej mate USB:\ComboFix.exe a uvidite ci sa vam to spusti

ziadam vas o poslednu sancu skutocne toto bola moja posledna moznost neviem ako inak by som sa tam dostal naozaj som mal na vyber uz len format disku a to som nehodlal a radsej to riskol s CF ved ak by som mal moznost dostania sa na net nemyslite si ze by bolo jednoduchsie napisat sem rovno ako sa hodinu a pol hrat s tym?

[Rudy]

Stejným způsobem jste mohl spustit RSIT, nebo DDS. 18.7.2012 jste byl upozorněn, že se log CF nedává jako primární, nebo kontrolní, nicméně jste to udělal znovu. Na opakované prohřešky proti pravidlům nebudeme reagovat. Lituji.

[hunterwx]

prosim vas zvaste to este raz po precitany tohoto poostu, snazte sa ma pochopit ja som nemal na vyber, nabuduce pri podobnom probleme si to asi natocim na video aby ste mi verili

http://forum.viry.cz/viewtopic.php?f=31&t=128953