Packed.Win32.PolyCrypt

[mozitron82]

ComboFix 11-01-06.06 - Mozi 07.01.2011 15:41:38.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.2619 [GMT 1:00]
Spuštěný z: c:\dokumenty moje\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\delfile.dll
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\dudl.tmp
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\eb.sys
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\energy.drv
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\FW.drv
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\grid.tmp
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\hymt.sys
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\pal.sys
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\SM.sys
c:\users\Mozi\AppData\Roaming\Microsoft\Windows\Recent\std.tmp

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-07 do 2011-01-07 )))))))))))))))))))))))))))))))
.

2011-01-07 15:09 . 2011-01-07 15:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-07 12:08 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E0D4E1E-2E9C-4650-BC0E-157B909CD3E1}\mpengine.dll
2011-01-06 18:15 . 2011-01-07 11:28 -------- d-----w- c:\program files\trend micro
2011-01-06 18:15 . 2011-01-06 18:15 -------- d-----w- C:\rsit
2011-01-06 15:52 . 2011-01-06 15:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-01-04 02:15 . 2011-01-04 02:15 -------- d-----w- c:\users\Mozi\AppData\Roaming\DAEMON Tools Lite
2011-01-04 02:11 . 2011-01-04 02:11 -------- d-----w- c:\program files (x86)\Microsoft WSE
2010-12-29 21:14 . 2010-12-29 21:14 -------- d-----w- c:\users\Mozi\AppData\Local\Apps
2010-12-29 18:12 . 2010-12-29 18:19 8897336 ----a-w- c:\users\Mozi\asc-setup.exe
2010-12-28 22:04 . 2010-12-28 22:04 -------- d-----w- c:\programdata\IObit
2010-12-28 19:01 . 2010-12-28 19:01 -------- d-----w- c:\users\Mozi\AppData\Roaming\IObit
2010-12-28 19:01 . 2010-12-28 19:01 -------- d-----w- c:\program files (x86)\IObit
2010-12-27 15:31 . 2011-01-07 08:53 -------- d-----w- c:\users\Mozi\AppData\Roaming\Spy Emergency
2010-12-27 15:31 . 2010-12-27 15:31 -------- d-----w- c:\programdata\NETGATE
2010-12-27 15:31 . 2010-12-27 15:31 -------- d-----w- c:\program files\NETGATE
2010-12-26 09:06 . 2010-12-26 09:18 -------- d-----w- c:\users\Mozi\AppData\Local\Diagnostics
2010-12-26 08:30 . 2010-12-26 08:30 -------- d-----w- c:\program files (x86)\Crawler
2010-12-26 02:55 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2010-12-26 02:55 . 2010-12-31 20:06 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-26 02:55 . 2010-12-26 02:55 -------- d-----w- c:\programdata\Alwil Software
2010-12-26 02:55 . 2010-12-26 02:55 -------- d-----w- c:\program files\Alwil Software
2010-12-26 02:36 . 2010-12-26 02:36 -------- d-----w- c:\programdata\MFAData
2010-12-26 01:48 . 2010-12-26 01:48 -------- d-sh--w- c:\programdata\PIQJWSWS
2010-12-26 01:48 . 2010-12-26 08:39 -------- d-sh--w- c:\programdata\805b31
2010-12-18 22:03 . 2010-12-18 22:03 -------- d-----w- c:\users\Mozi\AppData\Local\2K Games
2010-12-15 13:55 . 2010-12-15 13:57 -------- d-----w- c:\program files (x86)\SMBX
2010-12-15 08:50 . 2010-12-15 08:50 -------- d-----w- c:\users\Mozi\AppData\Local\id Software
2010-12-15 08:45 . 2010-12-15 08:45 -------- d-----w- c:\program files\Activision
2010-12-15 08:40 . 2010-12-15 08:40 -------- d-----w- c:\program files (x86)\Ostatní programy
2010-12-14 14:51 . 2010-12-15 02:10 -------- d-----w- c:\users\Mozi\AppData\Local\Google
2010-12-14 14:51 . 2010-12-14 14:51 -------- d-----w- c:\program files\Google
2010-12-14 14:50 . 2010-12-14 14:51 -------- d-----w- c:\program files (x86)\Google
2010-12-14 14:10 . 2010-12-24 01:43 -------- d-----w- c:\users\Mozi\AppData\Local\PokerStars
2010-12-14 13:45 . 2010-12-14 13:45 -------- d-----w- c:\program files (x86)\THQ
2010-12-14 13:23 . 2010-12-31 23:43 -------- d-----w- c:\users\Mozi\AppData\Roaming\skypePM
2010-12-14 13:20 . 2010-12-14 13:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-14 13:20 . 2011-01-01 05:32 -------- d-----w- c:\users\Mozi\AppData\Roaming\Skype
2010-12-14 13:20 . 2010-12-14 13:20 -------- d-----r- c:\program files (x86)\Skype
2010-12-14 13:20 . 2010-12-14 13:20 -------- d-----w- c:\programdata\Skype
2010-12-14 13:19 . 2010-12-28 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-14 13:06 . 2010-12-14 13:06 -------- d-----w- c:\program files (x86)\Conduit
2010-12-14 13:06 . 2010-12-14 13:06 -------- d-----w- C:\extensions
2010-12-14 13:05 . 2010-12-14 13:05 -------- d-----w- c:\program files (x86)\uTorrent
2010-12-14 13:04 . 2011-01-07 15:04 -------- d-----w- c:\users\Mozi\AppData\Roaming\uTorrent
2010-12-13 16:53 . 2010-12-13 16:53 -------- d-----w- c:\program files (x86)\MSXML 4.0
2010-12-13 16:47 . 2010-12-13 16:47 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-13 16:40 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-12-13 16:31 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-12-13 16:31 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-12-13 16:31 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-12-13 16:31 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-12-13 16:31 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-12-13 15:50 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2010-12-13 15:46 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-12-13 15:46 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2010-12-13 13:02 . 2010-12-13 15:40 -------- d-----w- c:\programdata\f-secure
2010-12-13 09:50 . 2010-12-13 09:50 -------- d-----w- c:\windows\Roaming
2010-12-13 09:50 . 2010-12-13 09:50 -------- d-----w- c:\programdata\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 18:40 . 2010-09-28 07:13 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-11-29 18:40 . 2010-09-28 07:13 262144 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-02 04:34 . 2010-12-15 05:47 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2009-09-08 14:48 64735 --sha-r- c:\windows\ConfigSetRoot\command.com
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-25 10:33 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin0.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-25 10:33 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTo1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTo1.dll" [2010-12-25 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2010-12-25 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"="c:\program files\NETGATE\Spy Emergency\SpyEmergency.exe" [2010-12-22 3683456]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 136176]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 SpyEmrgAccess;Spy Emergency OnAccess Driver;c:\windows\system32\Drivers\spyemrg_access.sys [2009-09-17 22584]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-13 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-24 834544]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-06 254528]
S1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [2009-09-17 15416]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 SpyEmrgSrv;Spy Emergency Engine Service;c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe [2010-09-30 3628672]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-27 67072]
S3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [2009-09-17 16952]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-07 c:\windows\Tasks\AWC Startup.job
- c:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-12-29 12:51]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 14:51]

2011-01-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 14:51]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25411
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,fc,55,39,9c,7b,70,41,af,f7,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,fc,55,39,9c,7b,70,41,af,f7,b0,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-07 16:13:21
ComboFix-quarantined-files.txt 2011-01-07 15:13

Před spuštěním: Volných bajtů: 393 737 457 664
Po spuštění: Volných bajtů: 393 395 900 416

- - End Of File - - 8E7EA695B941CAB9B2E93E68E0804C5C

[mozitron82]

Spy Emergency jsem zatím neodinstaloval,Advanced system care taky ne.Mám sice Avast,ale není to placená verze,jen free.Mám strach,že když dám Emegency i Advanced pryč,free Avast nenajde většinu infekci pokud nějaká napadne můj pc.

[Diallix]

Dobre.

Do poznamkoveho bloku skopirujte:

killall::

driver::
SpyEmrgAccess
SpyEmrg
SpyEmrgSrv
SpyEmrgGuard

file::
c:\windows\system32\Drivers\spyemrg.sys
c:\windows\system32\Drivers\spyemrg_access.sys
c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
c:\windows\system32\Drivers\spyemrg_guard.sys

rootkit::
c:\windows\system32\Drivers\spyemrg.sys
c:\windows\system32\Drivers\spyemrg_access.sys
c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe
c:\windows\system32\Drivers\spyemrg_guard.sys

folder::
c:\users\Mozi\AppData\Roaming\Spy Emergency
c:\program files\NETGATE\Spy Emergency

dirlook::
c:\programdata\805b31

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpyEmergency"=-

Ulozte ho na plochu ako CFScript.txt, chytte mysou, presunte nad ComboFix a pustite ako na obrazku dole. Po skene ComboFix vygeneruje a ulozi do lokalnej jednotky novy log ktoreho obsah skopirujte sem.

[mozitron82]

Dobré ráno,čeho se týká tento proces?Odstranění Spy Emergency a všech jeho součástí?

[Marek-26]

Dobré ráno,čeho se týká tento proces?Odstranění Spy Emergency a všech jeho součástí?

Také SpyEmergency nejdříve normálně odinstalujte. Jako doplňkový scaner můžete použít k Avastu MBAM nebo SAS (viz můj podpis). Odinstalujte i všechno od IObit. Rozhodně to nejsou doporučované softwary.

[mozitron82]

Takže teda co nejdříve? Odinstalovat Spy Emergency i Advanced a pak teprve vyzkoušet zmíněný proces s Combofixem? (vložení poznámkového bloku do Combofixu na ploše)?Moc si cením rad vás obou,ale nerad bych něco pokazil.

[Marek-26]

Ano nejdříve odinstalujte a poté proveďte kroky s combofixem

[mozitron82]

ComboFix 11-01-06.06 - Mozi 08.01.2011 16:44:30.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.4095.3081 [GMT 1:00]
Spuštěný z: c:\dokumenty moje\ComboFix.exe
Použité ovládací přepínače :: c:\users\Mozi\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
SP: avast! Antivirus *Disabled/Updated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

FILE ::
"c:\program files\NETGATE\Spy Emergency\SpyEmergencySrv.exe"
"c:\windows\system32\Drivers\spyemrg.sys"
"c:\windows\system32\Drivers\spyemrg_access.sys"
"c:\windows\system32\Drivers\spyemrg_guard.sys"
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_SPYEMRG
-------\Legacy_SPYEMRGGUARD


((((((((((((((((((((((((( Soubory vytvořené od 2010-12-08 do 2011-01-08 )))))))))))))))))))))))))))))))
.

2011-01-07 12:08 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7E0D4E1E-2E9C-4650-BC0E-157B909CD3E1}\mpengine.dll
2011-01-06 18:15 . 2011-01-07 11:28 -------- d-----w- c:\program files\trend micro
2011-01-06 15:52 . 2011-01-06 15:52 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-01-04 02:15 . 2011-01-07 15:24 -------- d-----w- c:\users\Mozi\AppData\Roaming\DAEMON Tools Lite
2011-01-04 02:11 . 2011-01-04 02:11 -------- d-----w- c:\program files (x86)\Microsoft WSE
2010-12-29 21:14 . 2010-12-29 21:14 -------- d-----w- c:\users\Mozi\AppData\Local\Apps
2010-12-29 18:12 . 2010-12-29 18:19 8897336 ----a-w- c:\users\Mozi\asc-setup.exe
2010-12-28 22:04 . 2010-12-28 22:04 -------- d-----w- c:\programdata\IObit
2010-12-28 19:01 . 2010-12-28 19:01 -------- d-----w- c:\users\Mozi\AppData\Roaming\IObit
2010-12-26 09:06 . 2010-12-26 09:18 -------- d-----w- c:\users\Mozi\AppData\Local\Diagnostics
2010-12-26 08:30 . 2010-12-26 08:30 -------- d-----w- c:\program files (x86)\Crawler
2010-12-26 02:55 . 2010-12-31 20:06 38848 ----a-w- c:\windows\avastSS.scr
2010-12-26 02:55 . 2010-12-31 20:06 188216 ----a-w- c:\windows\SysWow64\aswBoot.exe
2010-12-26 02:55 . 2010-12-26 02:55 -------- d-----w- c:\programdata\Alwil Software
2010-12-26 02:55 . 2010-12-26 02:55 -------- d-----w- c:\program files\Alwil Software
2010-12-26 02:36 . 2010-12-26 02:36 -------- d-----w- c:\programdata\MFAData
2010-12-26 01:48 . 2010-12-26 01:48 -------- d-sh--w- c:\programdata\PIQJWSWS
2010-12-26 01:48 . 2010-12-26 08:39 -------- d-sh--w- c:\programdata\805b31
2010-12-18 22:03 . 2010-12-18 22:03 -------- d-----w- c:\users\Mozi\AppData\Local\2K Games
2010-12-15 13:55 . 2010-12-15 13:57 -------- d-----w- c:\program files (x86)\SMBX
2010-12-15 08:50 . 2010-12-15 08:50 -------- d-----w- c:\users\Mozi\AppData\Local\id Software
2010-12-15 08:45 . 2010-12-15 08:45 -------- d-----w- c:\program files\Activision
2010-12-15 08:40 . 2010-12-15 08:40 -------- d-----w- c:\program files (x86)\Ostatní programy
2010-12-14 14:51 . 2010-12-15 02:10 -------- d-----w- c:\users\Mozi\AppData\Local\Google
2010-12-14 14:51 . 2010-12-14 14:51 -------- d-----w- c:\program files\Google
2010-12-14 14:50 . 2010-12-14 14:51 -------- d-----w- c:\program files (x86)\Google
2010-12-14 14:10 . 2010-12-24 01:43 -------- d-----w- c:\users\Mozi\AppData\Local\PokerStars
2010-12-14 13:45 . 2010-12-14 13:45 -------- d-----w- c:\program files (x86)\THQ
2010-12-14 13:23 . 2010-12-31 23:43 -------- d-----w- c:\users\Mozi\AppData\Roaming\skypePM
2010-12-14 13:20 . 2010-12-14 13:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2010-12-14 13:20 . 2011-01-01 05:32 -------- d-----w- c:\users\Mozi\AppData\Roaming\Skype
2010-12-14 13:20 . 2010-12-14 13:20 -------- d-----r- c:\program files (x86)\Skype
2010-12-14 13:20 . 2010-12-14 13:20 -------- d-----w- c:\programdata\Skype
2010-12-14 13:19 . 2010-12-28 18:30 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2010-12-14 13:06 . 2010-12-14 13:06 -------- d-----w- c:\program files (x86)\Conduit
2010-12-14 13:06 . 2010-12-14 13:06 -------- d-----w- C:\extensions
2010-12-14 13:05 . 2010-12-14 13:05 -------- d-----w- c:\program files (x86)\uTorrent
2010-12-14 13:04 . 2011-01-08 16:13 -------- d-----w- c:\users\Mozi\AppData\Roaming\uTorrent
2010-12-13 16:53 . 2010-12-13 16:53 -------- d-----w- c:\program files (x86)\MSXML 4.0
2010-12-13 16:47 . 2010-12-13 16:47 -------- d-----w- c:\windows\SysWow64\Wat
2010-12-13 16:40 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-12-13 16:31 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-12-13 16:31 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-12-13 16:31 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-12-13 16:31 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-12-13 16:31 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-12-13 15:50 . 2010-08-21 05:36 224256 ----a-w- c:\windows\SysWow64\schannel.dll
2010-12-13 15:46 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-12-13 15:46 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2010-12-13 13:02 . 2010-12-13 15:40 -------- d-----w- c:\programdata\f-secure
2010-12-13 09:50 . 2010-12-13 09:50 -------- d-----w- c:\windows\Roaming
2010-12-13 09:50 . 2010-12-13 09:50 -------- d-----w- c:\programdata\Motive

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-29 18:40 . 2010-09-28 07:13 86016 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2010-11-29 18:40 . 2010-09-28 07:13 262144 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-02 04:34 . 2010-12-15 05:47 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2009-09-08 14:48 64735 --sha-r- c:\windows\ConfigSetRoot\command.com
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
---- Directory of c:\programdata\805b31 ----



((((((((((((((((((((((((((((( SnapShot@2011-01-07_15.09.07 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-01-07 12:55 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-01-08 16:13 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-01-07 12:55 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-08 16:13 49152 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-10-06 13:48 . 2011-01-08 13:55 30976 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-01-08 13:55 42634 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-09-01 17:49 . 2011-01-08 13:55 10958 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1606871171-427154764-2346358250-1000_UserData.bin
- 2010-09-01 15:30 . 2011-01-07 11:56 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-01 15:30 . 2011-01-08 06:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-01 15:30 . 2011-01-07 11:56 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-01 15:30 . 2011-01-08 06:43 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-07 11:56 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-08 06:43 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-02 14:03 . 2011-01-07 08:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-02 14:03 . 2011-01-08 13:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-02 14:03 . 2011-01-08 13:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-09-02 14:03 . 2011-01-07 08:53 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-02 14:03 . 2011-01-08 13:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-02 14:03 . 2011-01-07 08:53 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-09-01 17:30 . 2011-01-07 08:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-01 17:30 . 2011-01-08 13:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-01 17:30 . 2011-01-07 08:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-01 17:30 . 2011-01-08 13:53 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-01-07 08:51 . 2011-01-07 08:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-08 16:12 . 2011-01-08 16:12 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:54 . 2011-01-08 16:13 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-07 12:55 180224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 02:36 . 2011-01-08 13:57 627482 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-01-07 08:56 627482 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-01-08 13:57 643002 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-01-07 08:56 643002 c:\windows\system32\perfh005.dat
- 2009-07-14 02:36 . 2011-01-07 08:56 111060 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-01-08 13:57 111060 c:\windows\system32\perfc009.dat
- 2009-07-14 15:18 . 2011-01-07 08:56 127850 c:\windows\system32\perfc005.dat
+ 2009-07-14 15:18 . 2011-01-08 13:57 127850 c:\windows\system32\perfc005.dat
- 2009-07-14 05:12 . 2011-01-07 11:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-01-07 15:15 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 02:34 . 2011-01-07 12:18 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
+ 2009-07-14 02:34 . 2011-01-08 14:06 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-12-25 10:33 3911776 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngin0.dll

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]
2010-12-25 10:33 3911776 ----a-w- c:\program files (x86)\uTorrentBar\tbuTo1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}"= "c:\program files (x86)\uTorrentBar\tbuTo1.dll" [2010-12-25 3911776]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngin0.dll" [2010-12-25 3911776]

[HKEY_CLASSES_ROOT\clsid\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}]

[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2010-12-14 395128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 2 (0x2)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 136176]
R3 MSICDSetup;MSICDSetup;D:\CDriver64.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-13 1255736]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-24 834544]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-06 254528]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2010-09-07 61008]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2009-11-27 67072]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]

.
Obsah adresáře 'Naplánované úlohy'

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 14:51]

2011-01-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-14 14:51]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF28284.cfxxe" [X]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = http=127.0.0.1:25411
Handler: tbr - {4D25FB7A-8902-4291-960E-9ADA051CFBBF} - c:\progra~2\Crawler\Toolbar\ctbr.dll
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,fc,55,39,9c,7b,70,41,af,f7,b0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e8,fc,55,39,9c,7b,70,41,af,f7,b0,\

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Alwil Software\Avast5\AvastSvc.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Celkový čas: 2011-01-08 17:16:59 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-08 16:16
ComboFix2.txt 2011-01-07 15:13

Před spuštěním: Volných bajtů: 397 479 841 792
Po spuštění: Volných bajtů: 397 261 127 680

- - End Of File - - A78740E4AE0A533A2017C925A3DE21D4

[mozitron82]

Celý sken proběhl v pořádku,ale na konci kdy jsem čekal až Combofix vytvoří log,otevřelo se okno,že program PEV.cfxee přestal pracovat

[Marek-26]

Už by mělo být čisto. Zkuste ještě provést úplný scan s MBAM Možná se tam ještě něco neaktivního válí

[mozitron82]

Ještě bych se chtěl zeptat,po použití Combofixu se mi objevila složka qoobox,nic jsem s ní zatim nedělal,jelikož nevím o co jde.Ale mám pocit,že jsem už někde četl,že je to znamení,že je v pc něco nelegálního.Přemýšlím ale co,MS Office je jen zkušební,který nepoužívám,win 7 jsem dostal při zakoupení pc,nic mě nenapadá.

[mozitron82]

Ale vzpomínám si,že asi zhruba po měsíci co jsem win 7 nainstaloval se mi jednoho dne po startu pc objevila dole na panelu hláška,že mám pravděpodobně nelegální win.To jsem ještě internet neměl,tak jsem zadal vyřešit problem systemem,objevilo se mi že mám zavolat na nějakou službu od microsoft,tam jsem si opsal nějaké jakoby klíče a zadal do pc.Od té doby se mi tato hláška nezobrazila.

[mozitron82]

Test MBAM provedu ráno,musím teď bohužel do práce.Pak napíšu co se z toho vyklubalo.

[Marek-26]

Složku qoobox vytváří automaticky combofix je to složka se zálohami toho co combofix odstranil.

[mozitron82]

Nějak jsem se k tomu skenu ještě nedostal,až teď.Vyžaduje MBAM taky abych vypl funkce a štíty Avastu?Popřípadě firewall?