Prosim help s haveti, log prilozen :(

Zpráva

#16 Příspěvek od **stell** » 05 kvě 2011 16:43

a: Zapnite alebo reštartujte pc
b: Vložte inštalačný disk do mechaniky
c:Skontrolujte v BIOSu pc, či máte na prvom mieste nastavené spúšťanie pc z mechaniky
d: Po výzve ľubovoľným klávesom potvrďte spustenie z inštalačného disku.
e: zvoľte nastavenie jazyka, času a rozloženie klávesnice.
f:Vyberte Oprava počítača.
g: Prípade zistenia problémov bude ponúknutá automatická oprava a reštart pc.

Alfonso222 · #17 Příspěvek od **Alfonso222** » 05 kvě 2011 19:53

tak konecne se mi podarilo jakz takz obnovit system ,

zde prikladam log z OTL po restartu jestli muzete mrknout:

OTL logfile created on: 5.5.2011 20:46:01 - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Users\Ales Urban\Downloads
64bit- An unknown product Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

4,00 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 74,00% Memory free
8,00 Gb Paging File | 7,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 464,87 Gb Total Space | 124,85 Gb Free Space | 26,86% Space Free | Partition Type: NTFS
Drive E: | 6,51 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS

Computer Name: ALLA | User Name: Ales Urban | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011.05.05 20:29:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ales Urban\Downloads\OTL.exe
PRC - [2011.04.18 19:25:12 | 003,460,784 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011.02.11 19:48:58 | 000,011,504 | ---- | M] () -- C:\Program Files (x86)\ProgDVB\ProgDvbService.exe
PRC - [2011.01.20 11:20:12 | 001,305,408 | ---- | M] (DT Soft Ltd) -- C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.03.05 18:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe

========== Modules (SafeList) ==========

MOD - [2011.05.05 20:29:03 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Users\Ales Urban\Downloads\OTL.exe
MOD - [2011.04.18 19:25:09 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2010.11.20 13:55:09 | 001,680,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV:64bit: - [2011.04.18 19:25:10 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV:64bit: - [2010.10.28 12:14:30 | 000,357,456 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2009.08.04 13:52:00 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2008.07.15 19:09:48 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2011.02.11 19:48:58 | 000,011,504 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ProgDVB\ProgDvbService.exe -- (ProgDVBService)
SRV - [2010.03.18 15:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 18:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 18:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)

========== Driver Services (SafeList) ==========

DRV:64bit: - [2011.04.18 19:13:13 | 000,064,344 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2011.03.31 23:39:35 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.24 19:29:32 | 000,057,936 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2010.08.24 19:29:10 | 000,063,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2010.06.04 04:18:56 | 001,379,376 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.09.28 11:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.08.04 14:26:00 | 006,037,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2009.07.24 04:49:00 | 000,119,312 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.07.08 02:45:50 | 002,769,400 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 23:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem)
DRV:64bit: - [2009.06.10 22:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand | Running] -- C:\Windows\SysNative\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 19:31:56 | 000,497,152 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.seznam.cz/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = :

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.seznam.cz"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.type: 0

FF - user.js..network.proxy.type: 0
FF - user.js..network.proxy.http: ""
FF - user.js..network.proxy.http_port:
FF - user.js..network.proxy.no_proxies_on: ""

FF - HKLM\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.05.05 20:27:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.05.01 23:38:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.04.25 15:04:00 | 000,000,000 | ---D | M]

[2011.03.14 21:37:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ales Urban\AppData\Roaming\Mozilla\Extensions
[2011.05.02 02:15:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Ales Urban\AppData\Roaming\Mozilla\Firefox\Profiles\rveugx3d.default\extensions
[2011.04.20 15:00:14 | 000,000,000 | ---D | M] (Разпознаване на устройство Logitech) -- C:\Users\Ales Urban\AppData\Roaming\Mozilla\Firefox\Profiles\rveugx3d.default\extensions\DeviceDetection@logitech.com
[2011.03.22 21:08:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2011.03.15 15:18:03 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
[2011.05.01 23:38:12 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\Mozilla Firefox\components\browsercomps.dll
[2010.01.01 10:00:00 | 000,002,208 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\heureka-cz.xml
[2010.01.01 10:00:00 | 000,000,638 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010.01.01 10:00:00 | 000,001,367 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010.01.01 10:00:00 | 000,000,654 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010.01.01 10:00:00 | 000,001,179 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2011.05.02 13:33:59 | 000,433,294 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14910 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - No CLSID value found.
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [R8388QA8U8] File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Ales Urban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk = C:\Program Files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe (Leader Technologies/Logitech)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe (PokerStars)
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Ales Urban\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\Ales Urban\Desktop\PartyPoker.lnk ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O13 - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 83.240.0.214 83.240.0.215
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Users\Ales Urban\AppData\Roaming\svchost.exe) - C:\Users\Ales Urban\AppData\Roaming\svchost.exe (Ysdkyguj Software)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - Reg Error: Key error. - c:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.09.27 20:23:35 | 000,000,000 | ---D | M] - E:\AutoRun -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 15:21:17 | 000,439,056 | R--- | M] (Electronic Arts) - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 15:21:16 | 008,098,816 | R--- | M] () - E:\autorun.dat -- [ CDFS ]
O32 - AutoRun File - [2010.09.27 14:57:43 | 000,000,141 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{28478692-5b31-11e0-9970-00247eb597c7}\Shell - "" = AutoRun
O33 - MountPoints2\{28478692-5b31-11e0-9970-00247eb597c7}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.09.27 15:21:17 | 000,439,056 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011.05.05 17:03:12 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.05.04 16:03:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Trend Micro
[2011.05.04 01:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Audio Pack
[2011.05.03 00:08:41 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\Malwarebytes
[2011.05.03 00:08:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.05.03 00:08:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.05.02 23:20:44 | 000,000,000 | ---D | C] -- C:\ProgramData\MillieSoft
[2011.05.02 23:20:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MillieSoft
[2011.05.02 21:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProgDVB
[2011.05.02 21:12:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ProgDVB
[2011.05.02 20:04:24 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\vlc
[2011.05.02 20:04:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2011.05.02 20:04:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.05.02 18:03:11 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{58D55C4A-8BBE-4521-80BD-1C6A76D8B48E}
[2011.05.02 12:52:13 | 000,077,824 | ---- | C] (Ysdkyguj Software) -- C:\Users\Ales Urban\AppData\Roaming\svchost.exe
[2011.05.02 02:38:59 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\Documents\My Videos
[2011.05.02 02:38:58 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011.05.02 02:38:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BBC iPlayer Desktop
[2011.05.02 02:38:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR
[2011.05.02 02:29:34 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\Documents\Video Download Capture
[2011.05.02 02:29:24 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\Apowersoft
[2011.05.02 02:08:42 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\Application Data
[2011.05.02 02:04:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ConvertHelper
[2011.05.02 01:39:35 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\Hide IP NG
[2011.04.25 15:55:23 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\Documents\DonationCoder
[2011.04.25 15:55:23 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\DonationCoder
[2011.04.25 15:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ScreenshotCaptor
[2011.04.25 15:54:40 | 000,000,000 | ---D | C] -- C:\ProgramData\DonationCoder
[2011.04.21 23:36:12 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{BE10CB41-8D24-4089-829C-3554DA613E44}
[2011.04.19 19:02:20 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\postgresql
[2011.04.19 13:56:34 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{994F8E93-CEC8-4FC5-A839-294004049699}
[2011.04.18 15:02:37 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{CAE4D664-8A68-45F1-AAB9-BBEBE3F4B52C}
[2011.04.17 15:33:37 | 000,331,776 | ---- | C] (AdminSystem Software Limited) -- C:\Windows\SysWow64\ANPOP.dll
[2011.04.17 15:33:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mail Recovery
[2011.04.17 15:33:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Mail Recovery
[2011.04.17 13:55:49 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{9D0A640F-47C0-4ED3-B430-A56D27055C12}
[2011.04.16 22:12:14 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{6176D971-6FDF-4225-8D76-8CE1BC626569}
[2011.04.13 14:49:44 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{DBB05415-273F-4B09-85E8-5A46225F38CE}
[2011.04.12 04:02:29 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\FullTiltPoker
[2011.04.12 04:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Full Tilt Poker
[2011.04.12 04:02:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Full Tilt Poker
[2011.04.10 13:49:07 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\{F55BBEE6-6B40-4A6E-9BE9-071156A88A77}
[2011.04.08 02:26:19 | 000,000,000 | ---D | C] -- C:\Poker
[2011.04.08 02:15:47 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Roaming\Mozilla-Cache
[2011.04.08 02:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PartyPoker
[2011.04.08 02:14:47 | 000,000,000 | ---D | C] -- C:\Programs
[2011.04.08 02:13:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Party Poker
[2011.04.08 01:56:58 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\Adobe
[2011.04.08 01:56:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe
[2011.04.08 01:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2011.04.08 01:56:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2011.04.06 14:27:13 | 000,000,000 | ---D | C] -- C:\Users\Ales Urban\AppData\Local\Logishrd
[2011.04.06 13:55:50 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile

========== Files - Modified Within 30 Days ==========

[2011.05.05 20:50:33 | 001,470,062 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.05.05 20:50:33 | 000,631,292 | ---- | M] () -- C:\Windows\SysNative\perfh005.dat
[2011.05.05 20:50:33 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.05.05 20:50:33 | 000,121,914 | ---- | M] () -- C:\Windows\SysNative\perfc005.dat
[2011.05.05 20:50:33 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.05.05 20:45:10 | 000,000,306 | -H-- | M] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.05.05 20:44:00 | 000,000,318 | -HS- | M] () -- C:\Windows\tasks\Dypwcrsf.job
[2011.05.05 20:43:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.05.05 20:43:35 | 3193,122,816 | -HS- | M] () -- C:\hiberfil.sys
[2011.05.05 20:39:45 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.05.05 20:39:45 | 000,015,184 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.05.05 20:31:33 | 000,001,841 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.05.05 20:31:27 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2011.05.05 16:15:02 | 000,158,244 | ---- | M] () -- C:\Users\Ales Urban\Desktop\GetSystemInfo_ALLA_Ales Urban_2011_05_05_16_14_10.zip
[2011.05.05 16:06:01 | 000,158,422 | ---- | M] () -- C:\Users\Ales Urban\Desktop\GetSystemInfo_ALLA_Ales Urban_2011_05_05_16_05_07.zip
[2011.05.05 16:01:27 | 000,158,267 | ---- | M] () -- C:\Users\Ales Urban\Desktop\GetSystemInfo_ALLA_Ales Urban_2011_05_05_16_00_09.zip
[2011.05.05 15:41:22 | 000,231,403 | ---- | M] () -- C:\Users\Ales Urban\Desktop\Steam_2011_05_05__13_41_22_353.mdmp
[2011.05.02 21:13:54 | 000,001,008 | ---- | M] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2011.05.02 20:04:19 | 000,001,066 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.05.02 13:33:59 | 000,433,294 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2011.05.02 12:52:05 | 000,077,824 | ---- | M] (Ysdkyguj Software) -- C:\Users\Ales Urban\AppData\Roaming\svchost.exe
[2011.05.02 12:51:18 | 000,126,976 | RHS- | M] () -- C:\Windows\SysWow64\msyuv7.dll
[2011.05.02 02:38:55 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2011.04.25 15:55:23 | 000,000,058 | ---- | M] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.04.25 15:55:23 | 000,000,058 | ---- | M] () -- C:\Users\Ales Urban\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.04.25 15:54:46 | 000,001,103 | ---- | M] () -- C:\Users\Ales Urban\Desktop\Screenshot Captor.lnk
[2011.04.25 15:04:01 | 000,002,014 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.23 13:50:12 | 000,001,354 | ---- | M] () -- C:\Users\Ales Urban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
[2011.04.21 16:04:27 | 000,432,840 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110502-133359.backup
[2011.04.19 19:08:35 | 000,001,233 | ---- | M] () -- C:\Users\Public\Desktop\HoldemManager.lnk
[2011.04.18 19:25:12 | 000,040,112 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2011.04.18 19:25:10 | 000,199,304 | ---- | M] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2011.04.18 19:25:00 | 000,253,888 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2011.04.18 19:18:01 | 000,287,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2011.04.18 19:17:59 | 000,600,920 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2011.04.18 19:16:23 | 000,053,592 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2011.04.18 19:13:24 | 000,031,064 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr.sys
[2011.04.18 19:13:13 | 000,064,344 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2011.04.18 19:13:01 | 000,022,360 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2011.04.17 18:43:47 | 000,432,374 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20110421-150427.backup
[2011.04.17 15:33:37 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Windows Mail Recovery.lnk
[2011.04.15 21:00:50 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011.04.13 15:31:43 | 000,274,736 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.04.12 04:02:17 | 000,001,051 | ---- | M] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.04.08 02:26:20 | 000,000,772 | ---- | M] () -- C:\Users\Public\Desktop\William Hill Poker.lnk
[2011.04.08 02:15:08 | 000,001,695 | ---- | M] () -- C:\Users\Ales Urban\Desktop\PartyPoker.lnk

========== Files Created - No Company Name ==========

[2011.05.05 20:31:33 | 000,001,841 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2011.05.05 16:14:25 | 000,158,244 | ---- | C] () -- C:\Users\Ales Urban\Desktop\GetSystemInfo_ALLA_Ales Urban_2011_05_05_16_14_10.zip
[2011.05.05 16:05:20 | 000,158,422 | ---- | C] () -- C:\Users\Ales Urban\Desktop\GetSystemInfo_ALLA_Ales Urban_2011_05_05_16_05_07.zip
[2011.05.05 16:00:38 | 000,158,267 | ---- | C] () -- C:\Users\Ales Urban\Desktop\GetSystemInfo_ALLA_Ales Urban_2011_05_05_16_00_09.zip
[2011.05.05 15:41:22 | 000,231,403 | ---- | C] () -- C:\Users\Ales Urban\Desktop\Steam_2011_05_05__13_41_22_353.mdmp
[2011.05.02 21:13:54 | 000,001,008 | ---- | C] () -- C:\Users\Public\Desktop\ProgDVB 6.lnk
[2011.05.02 20:04:19 | 000,001,066 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2011.05.02 13:35:45 | 000,000,306 | -H-- | C] () -- C:\Windows\tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job
[2011.05.02 12:51:18 | 000,126,976 | RHS- | C] () -- C:\Windows\SysWow64\msyuv7.dll
[2011.05.02 12:51:18 | 000,000,318 | -HS- | C] () -- C:\Windows\tasks\Dypwcrsf.job
[2011.05.02 02:38:55 | 000,000,993 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BBC iPlayer Desktop.lnk
[2011.05.02 02:38:55 | 000,000,981 | ---- | C] () -- C:\Users\Public\Desktop\BBC iPlayer Desktop.lnk
[2011.04.25 15:55:23 | 000,000,058 | ---- | C] () -- C:\Windows\SysWow64\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.04.25 15:55:23 | 000,000,058 | ---- | C] () -- C:\Users\Ales Urban\AppData\Local\DonationCoder_ScreenshotCaptor_InstallInfo.dat
[2011.04.25 15:54:45 | 000,001,103 | ---- | C] () -- C:\Users\Ales Urban\Desktop\Screenshot Captor.lnk
[2011.04.23 13:50:12 | 000,001,354 | ---- | C] () -- C:\Users\Ales Urban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech . Registrace produktu.lnk
[2011.04.17 15:33:37 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Windows Mail Recovery.lnk
[2011.04.15 21:00:50 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2011.04.12 04:02:17 | 000,001,051 | ---- | C] () -- C:\Users\Public\Desktop\Full Tilt Poker.lnk
[2011.04.08 02:26:20 | 000,000,784 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\William Hill Poker.lnk
[2011.04.08 02:26:20 | 000,000,772 | ---- | C] () -- C:\Users\Public\Desktop\William Hill Poker.lnk
[2011.04.08 02:15:08 | 000,001,695 | ---- | C] () -- C:\Users\Ales Urban\Desktop\PartyPoker.lnk
[2011.04.08 01:56:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk
[2011.04.08 01:56:37 | 000,002,014 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2011.04.06 13:56:11 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2011.03.25 19:56:04 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2011.03.21 16:23:31 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.03.14 20:10:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2009.07.14 07:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 04:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 04:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 02:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 23:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 23:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat

========== LOP Check ==========

[2011.05.02 02:29:24 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\Apowersoft
[2011.05.05 19:14:24 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
[2011.04.04 14:54:14 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\BitLord
[2011.05.05 20:25:44 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\BitTorrent
[2011.03.15 16:34:10 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\BSplayer
[2011.03.14 22:07:30 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\BSplayer Pro
[2011.03.31 23:40:48 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\DAEMON Tools Lite
[2011.04.25 15:55:23 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\DonationCoder
[2011.03.21 16:14:21 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\HEM Data
[2011.05.02 13:20:47 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\Hide IP NG
[2011.03.15 14:46:15 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\Leadertech
[2011.04.19 19:02:20 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\postgresql
[2011.03.15 16:12:59 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\Python-Eggs
[2011.04.13 14:52:22 | 000,000,000 | ---D | M] -- C:\Users\Ales Urban\AppData\Roaming\Windows Live Writer
[2011.05.05 20:44:00 | 000,000,318 | -HS- | M] () -- C:\Windows\Tasks\Dypwcrsf.job
[2009.07.14 07:08:49 | 000,017,812 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011.05.05 20:45:10 | 000,000,306 | -H-- | M] () -- C:\Windows\Tasks\{22116563-108C-42c0-A7CE-60161B75E508}.job

========== Purity Check ==========

< End of report >

Alfonso222 · #18 Příspěvek od **Alfonso222** » 05 kvě 2011 20:15

Prikladam zde jeste posledni log z combofixu :

ComboFix 11-05-04.04 - Ales Urban 05.05.2011 21:06:00.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4060.2791 [GMT 2:00]
Spuštěný z: c:\users\Ales Urban\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ales Urban\AppData\Roaming\Svchost.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-05 do 2011-05-05 )))))))))))))))))))))))))))))))
.
.
2011-05-05 19:10 . 2011-05-05 19:10 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-05-05 19:10 . 2011-05-05 19:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-05 15:03 . 2011-05-05 15:03 -------- d-----w- C:\_OTL
2011-05-04 14:03 . 2011-05-04 14:03 -------- d-----w- c:\program files (x86)\Trend Micro
2011-05-03 23:31 . 2011-05-05 17:14 -------- d-----w- c:\program files (x86)\Free Audio Pack
2011-05-02 22:08 . 2011-05-02 22:08 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Malwarebytes
2011-05-02 22:08 . 2011-05-02 22:08 -------- d-----w- c:\programdata\Malwarebytes
2011-05-02 22:08 . 2011-05-05 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\programdata\MillieSoft
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\program files (x86)\MillieSoft
2011-05-02 19:12 . 2011-05-05 18:25 -------- d-----w- c:\program files (x86)\ProgDVB
2011-05-02 18:04 . 2011-05-05 18:25 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\vlc
2011-05-02 18:04 . 2011-05-02 18:04 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-02 16:03 . 2011-05-02 16:03 -------- d-----w- c:\users\Ales Urban\AppData\Local\{58D55C4A-8BBE-4521-80BD-1C6A76D8B48E}
2011-05-02 10:51 . 2011-05-02 10:51 126976 --sha-r- c:\windows\SysWow64\msyuv7.dll
2011-05-02 00:38 . 2011-05-05 17:14 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2011-05-02 00:38 . 2011-05-02 00:38 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop
2011-05-02 00:38 . 2011-05-02 00:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-05-02 00:29 . 2011-05-02 00:29 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Apowersoft
2011-05-02 00:04 . 2011-05-02 00:04 -------- d-----w- c:\program files (x86)\ConvertHelper
2011-05-01 23:39 . 2011-05-02 11:20 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Hide IP NG
2011-04-30 16:15 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7302A70-2C4F-4C33-BC51-5572A70B3E8B}\mpengine.dll
2011-04-25 13:55 . 2011-04-25 13:55 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\DonationCoder
2011-04-25 13:54 . 2011-05-01 23:27 -------- d-----w- c:\program files (x86)\ScreenshotCaptor
2011-04-25 13:54 . 2011-04-25 13:54 -------- d-----w- c:\programdata\DonationCoder
2011-04-21 21:36 . 2011-04-21 21:36 -------- d-----w- c:\users\Ales Urban\AppData\Local\{BE10CB41-8D24-4089-829C-3554DA613E44}
2011-04-19 17:02 . 2011-04-19 17:02 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\postgresql
2011-04-19 11:56 . 2011-04-19 11:56 -------- d-----w- c:\users\Ales Urban\AppData\Local\{994F8E93-CEC8-4FC5-A839-294004049699}
2011-04-18 13:02 . 2011-04-18 13:02 -------- d-----w- c:\users\Ales Urban\AppData\Local\{CAE4D664-8A68-45F1-AAB9-BBEBE3F4B52C}
2011-04-17 13:33 . 2005-05-02 10:05 331776 ----a-w- c:\windows\SysWow64\ANPOP.dll
2011-04-17 13:33 . 2011-04-17 13:33 -------- d-----w- c:\program files (x86)\Windows Mail Recovery
2011-04-17 11:55 . 2011-04-17 11:55 -------- d-----w- c:\users\Ales Urban\AppData\Local\{9D0A640F-47C0-4ED3-B430-A56D27055C12}
2011-04-16 20:12 . 2011-04-16 20:12 -------- d-----w- c:\users\Ales Urban\AppData\Local\{6176D971-6FDF-4225-8D76-8CE1BC626569}
2011-04-15 21:53 . 2011-04-15 21:53 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx
2011-04-15 21:53 . 2011-04-15 21:53 140288 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2011-04-15 21:53 . 2011-04-15 21:53 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx
2011-04-14 11:09 . 2011-04-14 11:09 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-14 02:39 . 2011-04-14 02:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-13 12:49 . 2011-04-13 12:49 -------- d-----w- c:\users\Ales Urban\AppData\Local\{DBB05415-273F-4B09-85E8-5A46225F38CE}
2011-04-12 02:02 . 2011-05-01 23:17 -------- d-----w- c:\users\Ales Urban\AppData\Local\FullTiltPoker
2011-04-12 02:02 . 2011-05-01 23:20 -------- d-----w- c:\program files (x86)\Full Tilt Poker
2011-04-10 11:49 . 2011-04-10 11:49 -------- d-----w- c:\users\Ales Urban\AppData\Local\{F55BBEE6-6B40-4A6E-9BE9-071156A88A77}
2011-04-08 00:26 . 2011-04-08 00:26 -------- d-----w- C:\Poker
2011-04-08 00:15 . 2011-04-08 00:15 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Mozilla-Cache
2011-04-08 00:14 . 2011-04-08 00:14 -------- d-----w- C:\Programs
2011-04-08 00:13 . 2011-04-08 00:13 -------- d-----w- c:\program files (x86)\Party Poker
2011-04-07 23:56 . 2011-05-02 00:37 -------- d-----w- c:\users\Ales Urban\AppData\Local\Adobe
2011-04-07 23:56 . 2011-04-07 23:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-04-06 12:27 . 2011-04-06 12:27 53248 ----a-r- c:\users\Ales Urban\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-06 12:27 . 2011-04-06 12:27 -------- d-----w- c:\users\Ales Urban\AppData\Local\Logishrd
2011-04-06 11:55 . 2011-05-05 17:14 -------- d-----w- c:\windows\WindowsMobile
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 13:39 . 2011-03-15 12:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-18 17:25 . 2011-03-14 20:14 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-04 18:47 . 2011-04-04 18:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-04 18:47 . 2011-04-04 18:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-04 18:47 . 2011-04-04 18:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-04 18:47 . 2011-04-04 18:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-04 18:47 . 2011-04-04 18:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-04 18:47 . 2011-04-04 18:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-04 18:47 . 2011-04-04 18:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-04 18:47 . 2011-04-04 18:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-04 18:47 . 2011-04-04 18:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-04 18:47 . 2011-04-04 18:47 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-04 18:47 . 2011-04-04 18:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-04 18:47 . 2011-04-04 18:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-04 18:47 . 2011-04-04 18:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-04 18:47 . 2011-04-04 18:47 448512 ----a-w- c:\windows\system32\html.iec
2011-04-04 18:47 . 2011-04-04 18:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-04 18:47 . 2011-04-04 18:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-04 18:47 . 2011-04-04 18:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-04 18:47 . 2011-04-04 18:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-04 18:47 . 2011-04-04 18:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-04 18:47 . 2011-04-04 18:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-04 18:47 . 2011-04-04 18:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-04 18:47 . 2011-04-04 18:47 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-04 18:47 . 2011-04-04 18:47 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-04 18:47 . 2011-04-04 18:47 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-04 18:47 . 2011-04-04 18:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-04 18:47 . 2011-04-04 18:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-04 18:47 . 2011-04-04 18:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-04 18:47 . 2011-04-04 18:47 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-04 18:47 . 2011-04-04 18:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-04 18:47 . 2011-04-04 18:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-04 18:47 . 2011-04-04 18:47 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-04 18:47 . 2011-04-04 18:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-04 18:47 . 2011-04-04 18:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-04 18:47 . 2011-04-04 18:47 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-04 18:47 . 2011-04-04 18:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-04 18:47 . 2011-04-04 18:47 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-04 18:47 . 2011-04-04 18:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-04 18:47 . 2011-04-04 18:47 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-04 18:47 . 2011-04-04 18:47 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-04 18:47 . 2011-04-04 18:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-04 18:47 . 2011-04-04 18:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-04 18:47 . 2011-04-04 18:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-31 21:39 . 2011-03-31 21:39 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-17 16:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-17 16:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-17 15:47 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 03:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 03:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-17 15:09 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-17 15:09 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-17 15:09 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-17 15:09 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-17 15:09 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
.
c:\users\Ales Urban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Ales Urban\AppData\Roaming\Mozilla\Firefox\Profiles\rveugx3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-542441507-3757921571-2509968487-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-542441507-3757921571-2509968487-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{66F175D2-0BDB-6977-155B-BED83790D42B}\InProcServer32*]
"bbcnkklcalbdbejjjakhhomihagcoadphfah"=hex:61,61,00,01
"nacnjkgcgkonebeldlipgfojgcmi"=hex:61,61,00,01
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-05-05 21:13:30
ComboFix-quarantined-files.txt 2011-05-05 19:13
.
Před spuštěním: Volných bajtů: 133 850 030 080
Po spuštění: Volných bajtů: 133 692 444 672
.
- - End Of File - - 7A7DA9D2784FF1DA5904043018E8BD24

Alfonso222 · #19 Příspěvek od **Alfonso222** » 05 kvě 2011 20:20

muzete mi jeste nekdo prosim poradit,jak znovu zapnout centrum zabezpeceni systemu windows???

od te doby co jsem to mel zavirovano tak nejde zapnout???

Diky

Alfonso222 · #20 Příspěvek od **Alfonso222** » 05 kvě 2011 20:41

tak vypada to ze je vse ok ..... diky moc za navod jede vse co nejelo a comp vypada cisty....

#21 Příspěvek od **stell** » 06 kvě 2011 06:15

Neodinstaloval si SpybotSD, preco??

Otestuj na www.virusotal.com
C:\Windows\SysWow64\msyuv7.dll
link z testu vloz sem.
A napis ako sa chova pc.

Alfonso222 · #22 Příspěvek od **Alfonso222** » 06 kvě 2011 11:59

tak jsem odinstaloval spybot ... bohuzel na odkaz se nedostanu - je nefunkcni,

Jinak Pc se zda byt ok po obnove a pouziti combofixu...

windows deffender jede ... nestava se ze by se otevirali weby s podivnym obsahem jako predtim...

Ja to holt z logu nepoznam jestli tam nejak havet jeste zustala.... ale zda se byt vse jakz takz v poradku ...???

Alfonso222 · #23 Příspěvek od **Alfonso222** » 06 kvě 2011 12:08

tak ted jsem jeste zkusil otevrit odkaz v ie .... a bohuzel nejede explorer ..... hlasi potize s pripojenim... mozilla funguje ok, az teda na vyse uvedeny odkaz.... tak asi jeste neni uplne vse tak v poradku jak jsem si myslel...

Alfonso222 · #24 Příspěvek od **Alfonso222** » 06 kvě 2011 12:19

tak ie uz jede .... jen jsem v moznostech pripojeni nastavil automatickou konfiguraci, pravdepodobne to nejakym zpusobem blokovalo vpn, ktere jsem oddelal:

ten odkaz mel byt pravdepodobne www.virustotal.com , snazil jsem se najit a projet ten *.dll ale nasel jsem jen C:\Windows\SysWow64\msyuv.dll a ne C:\Windows\SysWow64\msyuv7.dll , tak jsem to projel :

link zde : http://www.virustotal.com/file-scan/rep ... 1297414381

Alfonso222 · #25 Příspěvek od **Alfonso222** » 06 kvě 2011 12:38

jeste maly dotaz ... jdou nejakym zpusobem odstranit slozky co se vytvorily na c: ????
myslim tim zamceny slozky recovery,Qoobox a found.000 ???

printscreen zde:

http://leteckaposta.cz/407631469

#26 Příspěvek od **stell** » 06 kvě 2011 14:19

Nieco ine si testoval, uz nevadi, kde sa ponahlas. aj na qoobox pride cas.
Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
RegNull::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{66F175D2-0BDB-6977-155B-BED83790D42B}\InProcServer32*]
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
FileLook::
c:\windows\SysWow64\msyuv7.dll
Folder::
c:\found.000

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :
Obrázek

Po skonceni skenu vlož log čo ComboFix vytvorí

Alfonso222 · #27 Příspěvek od **Alfonso222** » 06 kvě 2011 14:53

Combofix log :

ComboFix 11-05-05.04 - Ales Urban 06.05.2011 15:39:42.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4060.2897 [GMT 2:00]
Spuštěný z: c:\users\Ales Urban\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ales Urban\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\found.000
c:\found.000\dir0001.chk\index_i_41.ix
c:\found.000\dir0001.chk\index_klh_41.ix
c:\found.000\dir0002.chk\comphelp4MSC.dll
c:\found.000\dir0002.chk\configmgr2.uno.dll
c:\found.000\dir0002.chk\cppcanvasmi.dll
c:\found.000\dir0002.chk\ctlmi.dll
c:\found.000\dir0002.chk\cuimi.dll
c:\found.000\dir0002.chk\datemi.dll
c:\found.000\dir0002.chk\dbacfgmi.dll
c:\found.000\dir0002.chk\dbami.dll
c:\found.000\dir0002.chk\dbasemi.dll
c:\found.000\dir0002.chk\dbaxmlmi.dll
c:\found.000\dir0002.chk\dbmmmi.dll
c:\found.000\dir0002.chk\dbpmi.dll
c:\found.000\dir0002.chk\dbpool2.dll
c:\found.000\dir0002.chk\dbtoolsmi.dll
c:\found.000\dir0002.chk\dbumi.dll
c:\found.000\dir0002.chk\deploymentguimi.uno.dll
c:\found.000\dir0002.chk\deploymentmi.uno.dll
c:\found.000\dir0002.chk\deploymentmiscmi.dll
c:\found.000\dir0002.chk\dict_ja.dll
c:\found.000\dir0002.chk\dict_zh.dll
c:\found.000\dir0002.chk\directx9canvas.uno.dll
c:\found.000\dir0002.chk\dlgprovmi.uno.dll
c:\found.000\dir0002.chk\dnd.dll
c:\found.000\dir0002.chk\drawinglayermi.dll
c:\found.000\dir0002.chk\dtrans.dll
c:\found.000\dir0002.chk\embobj.dll
c:\found.000\dir0002.chk\emboleobj.dll
c:\found.000\dir0002.chk\emsermi.dll
c:\found.000\dir0002.chk\evtatt.dll
c:\found.000\dir0002.chk\fastsax.uno.dll
c:\found.000\dir0002.chk\fileacc.dll
c:\found.000\dir0002.chk\filemi.dll
c:\found.000\dir0002.chk\filterconfig1.dll
c:\found.000\dir0002.chk\flashmi.dll
c:\found.000\dir0002.chk\flatmi.dll
c:\found.000\dir0002.chk\fop.dll
c:\found.000\dir0002.chk\formi.dll
c:\found.000\dir0002.chk\libcurl.dll
c:\found.000\dir0002.chk\libdb42.dll
c:\found.000\dir0002.chk\libeay32.dll
c:\found.000\dir0003.chk\cd_dvd.bmp
c:\found.000\dir0003.chk\cd_dvd.png
c:\found.000\dir0003.chk\CLOSE_down.png
c:\found.000\dir0003.chk\CLOSE_NORMAL.png
c:\found.000\dir0003.chk\CLOSE_over.png
c:\found.000\dir0003.chk\Complete_System_Restore_Rect_1.png
c:\found.000\dir0003.chk\Complete_System_Restore_Rect_2.png
c:\found.000\dir0003.chk\computer.png
c:\found.000\dir0003.chk\computer_disable.png
c:\found.000\dir0003.chk\Copy of button_down.png
c:\found.000\dir0003.chk\Copy of button_normal.png
c:\found.000\dir0003.chk\Copy of button_over.png
c:\found.000\dir0003.chk\Copy of Icon_Exclamation.png
c:\found.000\dir0003.chk\Copy of Welcome_bg.png
c:\found.000\dir0003.chk\disk.png
c:\found.000\dir0003.chk\disk_1_small.png
c:\found.000\dir0003.chk\disk_nonsystem.png
c:\found.000\dir0003.chk\edit_folder.png
c:\found.000\dir0003.chk\edit_pc.png
c:\found.000\dir0003.chk\ez_restore_files.png
c:\found.000\dir0003.chk\fanda.png
c:\found.000\dir0003.chk\favorite.png
c:\found.000\dir0003.chk\file_ext_1.png
c:\found.000\dir0003.chk\file_ext_2.png
c:\found.000\dir0003.chk\file_ext_3.png
c:\found.000\dir0003.chk\file_ext_4.png
c:\found.000\dir0003.chk\go.png
c:\found.000\dir0003.chk\Icon_Exclamation.png
c:\found.000\dir0003.chk\JobDestnation.PNG
c:\found.000\dir0003.chk\JobDestnation_disable.PNG
c:\found.000\dir0003.chk\JobDestnationIcon.png
c:\found.000\dir0003.chk\JobEditSourcel.png
c:\found.000\dir0003.chk\JobMyComputerSource.PNG
c:\found.000\dir0003.chk\JobNormal.png
c:\found.000\dir0003.chk\jobpanel.png
c:\found.000\dir0003.chk\JobSelected.png
c:\found.000\dir0003.chk\JobSchedule.png
c:\found.000\dir0003.chk\JobSchedule_disable.png
c:\found.000\dir0003.chk\jobstate_button_down.png
c:\found.000\dir0003.chk\jobstate_button_normal.png
c:\found.000\dir0003.chk\jobstate_button_over.png
c:\found.000\dir0003.chk\jobstatebkimg.png
c:\found.000\dir0003.chk\jobstatus.png
c:\found.000\dir0003.chk\jobstatus_backup_disabled.png
c:\found.000\dir0003.chk\jobstatus_backup_down.png
c:\found.000\dir0003.chk\jobstatus_backup_normal.png
c:\found.000\dir0003.chk\jobstatus_backup_over.png
c:\found.000\dir0003.chk\jobstatus_bg.png
c:\found.000\dir0003.chk\jobstatus_big_Error.png
c:\found.000\dir0003.chk\jobstatus_big_right.png
c:\found.000\dir0003.chk\jobstatus_big_Warn.png
c:\found.000\dir0003.chk\jobstatus_clock_bg.png
c:\found.000\dir0003.chk\jobstatus_error.png
c:\found.000\dir0003.chk\jobstatus_file.png
c:\found.000\dir0003.chk\jobstatus_harddisc.png
c:\found.000\dir0003.chk\jobstatus_check_off.png
c:\found.000\dir0003.chk\jobstatus_check_off2.png
c:\found.000\dir0003.chk\jobstatus_check_on.png
c:\found.000\dir0003.chk\jobstatus_check_on2.png
c:\found.000\dir0003.chk\jobstatus_i.png
c:\found.000\dir0003.chk\jobstatus_pc.png
c:\found.000\dir0003.chk\jobstatus_pending.png
c:\found.000\dir0003.chk\jobstatus_point.png
c:\found.000\dir0003.chk\jobstatus_point_left.png
c:\found.000\dir0003.chk\jobstatus_point_left_down.png
c:\found.000\dir0003.chk\restorebk2.png
c:\found.000\file0000.chk
c:\found.000\file0001.chk
c:\found.000\file0002.chk
c:\found.000\file0003.chk
c:\found.000\file0004.chk
c:\found.000\file0005.chk
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-06 do 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 13:45 . 2011-05-06 13:45 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-05-06 13:45 . 2011-05-06 13:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-05 19:36 . 2011-04-18 17:13 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-05 19:36 . 2011-04-18 17:18 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-05 19:36 . 2011-04-18 17:13 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-05 19:36 . 2011-04-18 17:16 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-05 19:36 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-05 19:36 . 2011-04-18 17:13 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-05 19:36 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-05 19:36 . 2011-04-18 17:25 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-03 23:31 . 2011-05-05 17:14 -------- d-----w- c:\program files (x86)\Free Audio Pack
2011-05-02 22:08 . 2011-05-02 22:08 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Malwarebytes
2011-05-02 22:08 . 2011-05-02 22:08 -------- d-----w- c:\programdata\Malwarebytes
2011-05-02 22:08 . 2011-05-05 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\programdata\MillieSoft
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\program files (x86)\MillieSoft
2011-05-02 19:12 . 2011-05-05 18:25 -------- d-----w- c:\program files (x86)\ProgDVB
2011-05-02 18:04 . 2011-05-05 18:25 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\vlc
2011-05-02 18:04 . 2011-05-02 18:04 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-02 16:03 . 2011-05-02 16:03 -------- d-----w- c:\users\Ales Urban\AppData\Local\{58D55C4A-8BBE-4521-80BD-1C6A76D8B48E}
2011-05-02 10:51 . 2011-05-02 10:51 126976 --sha-r- c:\windows\SysWow64\msyuv7.dll
2011-05-02 00:38 . 2011-05-05 17:14 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2011-05-02 00:38 . 2011-05-02 00:38 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop
2011-05-02 00:38 . 2011-05-02 00:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-05-02 00:29 . 2011-05-02 00:29 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Apowersoft
2011-05-02 00:04 . 2011-05-02 00:04 -------- d-----w- c:\program files (x86)\ConvertHelper
2011-05-01 23:39 . 2011-05-02 11:20 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Hide IP NG
2011-04-30 16:15 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7302A70-2C4F-4C33-BC51-5572A70B3E8B}\mpengine.dll
2011-04-25 13:55 . 2011-04-25 13:55 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\DonationCoder
2011-04-25 13:54 . 2011-05-01 23:27 -------- d-----w- c:\program files (x86)\ScreenshotCaptor
2011-04-25 13:54 . 2011-04-25 13:54 -------- d-----w- c:\programdata\DonationCoder
2011-04-21 21:36 . 2011-04-21 21:36 -------- d-----w- c:\users\Ales Urban\AppData\Local\{BE10CB41-8D24-4089-829C-3554DA613E44}
2011-04-19 17:02 . 2011-04-19 17:02 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\postgresql
2011-04-19 11:56 . 2011-04-19 11:56 -------- d-----w- c:\users\Ales Urban\AppData\Local\{994F8E93-CEC8-4FC5-A839-294004049699}
2011-04-18 13:02 . 2011-04-18 13:02 -------- d-----w- c:\users\Ales Urban\AppData\Local\{CAE4D664-8A68-45F1-AAB9-BBEBE3F4B52C}
2011-04-17 13:33 . 2005-05-02 10:05 331776 ----a-w- c:\windows\SysWow64\ANPOP.dll
2011-04-17 13:33 . 2011-04-17 13:33 -------- d-----w- c:\program files (x86)\Windows Mail Recovery
2011-04-17 11:55 . 2011-04-17 11:55 -------- d-----w- c:\users\Ales Urban\AppData\Local\{9D0A640F-47C0-4ED3-B430-A56D27055C12}
2011-04-16 20:12 . 2011-04-16 20:12 -------- d-----w- c:\users\Ales Urban\AppData\Local\{6176D971-6FDF-4225-8D76-8CE1BC626569}
2011-04-15 21:53 . 2011-04-15 21:53 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx
2011-04-15 21:53 . 2011-04-15 21:53 140288 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2011-04-15 21:53 . 2011-04-15 21:53 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx
2011-04-14 11:09 . 2011-04-14 11:09 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-14 02:39 . 2011-04-14 02:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-13 12:49 . 2011-04-13 12:49 -------- d-----w- c:\users\Ales Urban\AppData\Local\{DBB05415-273F-4B09-85E8-5A46225F38CE}
2011-04-12 02:02 . 2011-05-01 23:17 -------- d-----w- c:\users\Ales Urban\AppData\Local\FullTiltPoker
2011-04-12 02:02 . 2011-05-01 23:20 -------- d-----w- c:\program files (x86)\Full Tilt Poker
2011-04-10 11:49 . 2011-04-10 11:49 -------- d-----w- c:\users\Ales Urban\AppData\Local\{F55BBEE6-6B40-4A6E-9BE9-071156A88A77}
2011-04-08 00:26 . 2011-04-08 00:26 -------- d-----w- C:\Poker
2011-04-08 00:15 . 2011-04-08 00:15 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Mozilla-Cache
2011-04-08 00:14 . 2011-04-08 00:14 -------- d-----w- C:\Programs
2011-04-08 00:13 . 2011-04-08 00:13 -------- d-----w- c:\program files (x86)\Party Poker
2011-04-07 23:56 . 2011-05-02 00:37 -------- d-----w- c:\users\Ales Urban\AppData\Local\Adobe
2011-04-07 23:56 . 2011-04-07 23:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 13:39 . 2011-03-15 12:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-18 17:25 . 2011-03-14 20:14 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-06 12:27 . 2011-04-06 12:27 53248 ----a-r- c:\users\Ales Urban\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-04 18:47 . 2011-04-04 18:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-04 18:47 . 2011-04-04 18:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-04 18:47 . 2011-04-04 18:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-04 18:47 . 2011-04-04 18:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-04 18:47 . 2011-04-04 18:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-04 18:47 . 2011-04-04 18:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-04 18:47 . 2011-04-04 18:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-04 18:47 . 2011-04-04 18:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-04 18:47 . 2011-04-04 18:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-04 18:47 . 2011-04-04 18:47 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-04 18:47 . 2011-04-04 18:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-04 18:47 . 2011-04-04 18:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-04 18:47 . 2011-04-04 18:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-04 18:47 . 2011-04-04 18:47 448512 ----a-w- c:\windows\system32\html.iec
2011-04-04 18:47 . 2011-04-04 18:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-04 18:47 . 2011-04-04 18:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-04 18:47 . 2011-04-04 18:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-04 18:47 . 2011-04-04 18:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-04 18:47 . 2011-04-04 18:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-04 18:47 . 2011-04-04 18:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-04 18:47 . 2011-04-04 18:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-04 18:47 . 2011-04-04 18:47 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-04 18:47 . 2011-04-04 18:47 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-04 18:47 . 2011-04-04 18:47 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-04 18:47 . 2011-04-04 18:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-04 18:47 . 2011-04-04 18:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-04 18:47 . 2011-04-04 18:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-04 18:47 . 2011-04-04 18:47 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-04 18:47 . 2011-04-04 18:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-04 18:47 . 2011-04-04 18:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-04 18:47 . 2011-04-04 18:47 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-04 18:47 . 2011-04-04 18:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-04 18:47 . 2011-04-04 18:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-04 18:47 . 2011-04-04 18:47 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-04 18:47 . 2011-04-04 18:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-04 18:47 . 2011-04-04 18:47 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-04 18:47 . 2011-04-04 18:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-04 18:47 . 2011-04-04 18:47 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-04 18:47 . 2011-04-04 18:47 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-04 18:47 . 2011-04-04 18:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-04 18:47 . 2011-04-04 18:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-04 18:47 . 2011-04-04 18:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-31 21:39 . 2011-03-31 21:39 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-17 16:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-17 16:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-17 15:47 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 03:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 03:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-17 15:09 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-17 15:09 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-17 15:09 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-17 15:09 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-17 15:09 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\msyuv7.dll ---
Company: ------
File Description: ------
File Version: ------
Product Name: ------
Copyright: ------
Original Filename: ------
File size: 126976
Created time: 2011-05-02 10:51
Modified time: 2011-05-02 10:51
MD5: !HASH: COULD NOT OPEN FILE !!!!!
SHA1: !HASH: COULD NOT OPEN FILE !!!!!
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-05_19.11.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-05-05 18:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-06 10:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-05 18:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-06 10:54 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-06 10:54 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-05 18:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-14 20:21 . 2011-05-06 10:54 29152 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-06 10:54 40202 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-14 19:31 . 2011-05-06 10:54 7568 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-542441507-3757921571-2509968487-1001_UserData.bin
+ 2011-05-06 13:46 . 2011-05-06 13:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-05 18:43 . 2011-05-05 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-05 18:43 . 2011-05-05 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-06 13:46 . 2011-05-06 13:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-28 19:15 . 2011-05-05 18:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-28 19:15 . 2011-05-05 19:36 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2011-05-06 12:03 616008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-05 18:50 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-05-06 12:03 631292 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-05-05 18:50 631292 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-05-06 12:03 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-05 18:50 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2011-05-06 12:03 121914 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2011-05-05 18:50 121914 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-05-06 13:45 226304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-05-05 18:42 226304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-23 05:12 . 2011-05-06 13:45 3472424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-542441507-3757921571-2509968487-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
c:\users\Ales Urban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 ProgDVBService;ProgDVB Scheduler Service;c:\program files (x86)\ProgDVB\ProgDVBService.exe [2011-02-11 11504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Ales Urban\AppData\Roaming\Mozilla\Firefox\Profiles\rveugx3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKCU-Run-SpybotSD TeaTimer - c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-542441507-3757921571-2509968487-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-542441507-3757921571-2509968487-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
.
**************************************************************************
.
Celkový čas: 2011-05-06 15:52:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-06 13:52
.
Před spuštěním: Volných bajtů: 126 207 766 528
Po spuštění: Volných bajtů: 126 113 488 896
.
- - End Of File - - 5FBDF5489404A3AE31F191546E5839BA

#28 Příspěvek od **stell** » 06 kvě 2011 15:25

Zazipsuj tento subor
c:\windows\SysWow64\msyuv7.dll
a uploadni na letecku postu, link vloz sem

spust este TDSSKILLER
Stiahnite si prosím TDSSKiller a uložte ho na plochu.

2x-klik na TDSSKiller.exe- spustiť aplikáciu, potom na Spustiť kontrolu-klik- Start Scan.
Ak je infikovaný súbor detekovaný, bude predvolená akcia Cure, kliknite na tlačidlo Continue.
Ak podozrivý[suspicious] súbor je detekovaný, bude predvolená akcia Skip, kliknite na Continue.
Môže vás požiadať, aby ste reštartovali počítač na dokončenie procesu. Kliknite na Reboot Now.
Ak nevyžaduje reštart, kliknite na tlačidlo Report. Log súbor by sa mal objaviť. Prosím, skopírujte a vložte obsah súboru tu.
Ak je vyžadované reštartovanie počítača, správa je k dispozícii vo vašom koreňovom adresári (zvyčajne C:\ zložka) vo forme "TDSSKiller. _log.txt". Prosím, skopírujte a vložte obsah súboru tu.

Alfonso222 · #29 Příspěvek od **Alfonso222** » 06 kvě 2011 15:59

no problem je ten ze tento soubor c:\windows\SysWow64\msyuv7.dll se u me na disku nenachazi ..mam jen c:\windows\SysWow64\msyuv.dll bez te 7 ...co delat????

#30 Příspěvek od **stell** » 06 kvě 2011 16:33

Ale, je tam, len je skryty.
http://download.bleepingcomputer.com/grinler/unhide.exe
stiahni na plochu a spust ako admin, program nechaj spustene.

1. Stlačiť Kláves s logom Windows + R.
2. Do prázdneho poľa Zadajte príkaz cmd .
3. Kliknite na tlačidlo OK.
4:Do čierneho okna napísať príkaz
cacls c:\windows\SysWow64\msyuv7.dll /E /T /C /G System:F everyone:R Administrators:F

A otestuj na www.virustotal.com
a neskusaj tu nam na vselijake finty, ze otestujes nieco ine.
link z testu vloz sem.

VIRY.CZ

Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(

Re: Prosim help s haveti, log prilozen :(