Prosim help s haveti, log prilozen :(

[Alfonso222]

at delam co delam tak proste ten soubor tam neni ...
prikladam printscreen jako dukaz :

http://leteckaposta.cz/177417913

[Alfonso222]

zde jeste jeden printscreen, ja tam ten soubor proste nikde nevidim :

http://leteckaposta.cz/947604457

[stell]

1:prikazovy riadok si spustil ako user, treba spustit ako admin, no nevadi pojdes ako do nudzoveho rezimu, a tu v menu vyberies prikazovy riadok[ms-dos]
a zadas tento prikaz:
icacls c:\windows\SysWow64\msyuv7.dll /E /T /C /G System:F everyone:R Administrators:F

a sleduj ci prikaz bol vykonany.

[stell]

Uz nedavaj sem ziaden screenshot, nakolko o chvilku bude hokej, ak to budes mat tak spust, tu vo windows prikazovy riadok ako administrator, a skopiruj do cierneho okna tento prikaz, enter.
attrib -s -r -h c:\windows\SysWow64\msyuv7.dll

Ak to budes mat pozri sa ci vidis ten subor, a napis to ci vidis, alebo nie.

[Alfonso222]

přístup byl odepren, mam to zaple jako admin ....

jen mimochodem GL v hokeji ...

[stell]

Pri tejto akcii je nutné mať ComboFix na ploche.

Vypni>FIREWALL>Antivir>Antispyware>vsetko rezidentne.

Otvor Notepad (Poznámkový blok) a zkopíruj do neho celý zeleny tex:

Kód: Vybrat vše

KILLALL::
File::
c:\windows\SysWow64\msyuv7.dll
Rootkit::
c:\windows\SysWow64\msyuv7.dll

Potom klik na Subor -> Uložiť ako.. .. -> Ako je Názov souboru tak do toho riadku napiš:CFScript.txt
Typ súboru tak tam vyberies *všetky súbory
A ulož ho na plochu.> Pozor CFScript.txt>Neotvarat a nemoze byt ani>CFScript.txt.txt A Urobis Toto :


Po skonceni skenu vlož log čo ComboFix vytvorí

[Alfonso222]

ComboFix 11-05-05.04 - Ales Urban 06.05.2011 19:03:53.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4060.2819 [GMT 2:00]
Spuštěný z: c:\users\Ales Urban\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\Ales Urban\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\msyuv7.dll"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\msyuv7.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-04-06 do 2011-05-06 )))))))))))))))))))))))))))))))
.
.
2011-05-06 17:08 . 2011-05-06 17:08 -------- d-----w- c:\users\postgres\AppData\Local\temp
2011-05-06 17:08 . 2011-05-06 17:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-05-05 19:36 . 2011-04-18 17:13 22360 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-05-05 19:36 . 2011-04-18 17:18 287064 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-05-05 19:36 . 2011-04-18 17:13 31064 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-05-05 19:36 . 2011-04-18 17:16 53592 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-05-05 19:36 . 2011-04-18 17:17 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-05-05 19:36 . 2011-04-18 17:13 64344 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2011-05-05 19:36 . 2011-04-18 17:25 40112 ----a-w- c:\windows\avastSS.scr
2011-05-05 19:36 . 2011-04-18 17:25 199304 ----a-w- c:\windows\SysWow64\aswBoot.exe
2011-05-03 23:31 . 2011-05-05 17:14 -------- d-----w- c:\program files (x86)\Free Audio Pack
2011-05-02 22:08 . 2011-05-02 22:08 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Malwarebytes
2011-05-02 22:08 . 2011-05-02 22:08 -------- d-----w- c:\programdata\Malwarebytes
2011-05-02 22:08 . 2011-05-05 17:14 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\programdata\MillieSoft
2011-05-02 21:20 . 2011-05-02 21:20 -------- d-----w- c:\program files (x86)\MillieSoft
2011-05-02 19:12 . 2011-05-05 18:25 -------- d-----w- c:\program files (x86)\ProgDVB
2011-05-02 18:04 . 2011-05-05 18:25 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\vlc
2011-05-02 18:04 . 2011-05-02 18:04 -------- d-----w- c:\program files (x86)\VideoLAN
2011-05-02 16:03 . 2011-05-02 16:03 -------- d-----w- c:\users\Ales Urban\AppData\Local\{58D55C4A-8BBE-4521-80BD-1C6A76D8B48E}
2011-05-02 00:38 . 2011-05-05 17:14 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\BBCiPlayerDesktop.61DB7A798358575D6A969CCD73DDBBD723A6DA9D.1
2011-05-02 00:38 . 2011-05-02 00:38 -------- d-----w- c:\program files (x86)\BBC iPlayer Desktop
2011-05-02 00:38 . 2011-05-02 00:38 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2011-05-02 00:29 . 2011-05-02 00:29 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Apowersoft
2011-05-02 00:04 . 2011-05-02 00:04 -------- d-----w- c:\program files (x86)\ConvertHelper
2011-05-01 23:39 . 2011-05-02 11:20 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Hide IP NG
2011-04-30 16:15 . 2011-04-11 08:21 8802128 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A7302A70-2C4F-4C33-BC51-5572A70B3E8B}\mpengine.dll
2011-04-25 13:55 . 2011-04-25 13:55 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\DonationCoder
2011-04-25 13:54 . 2011-05-01 23:27 -------- d-----w- c:\program files (x86)\ScreenshotCaptor
2011-04-25 13:54 . 2011-04-25 13:54 -------- d-----w- c:\programdata\DonationCoder
2011-04-21 21:36 . 2011-04-21 21:36 -------- d-----w- c:\users\Ales Urban\AppData\Local\{BE10CB41-8D24-4089-829C-3554DA613E44}
2011-04-19 17:02 . 2011-04-19 17:02 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\postgresql
2011-04-19 11:56 . 2011-04-19 11:56 -------- d-----w- c:\users\Ales Urban\AppData\Local\{994F8E93-CEC8-4FC5-A839-294004049699}
2011-04-18 13:02 . 2011-04-18 13:02 -------- d-----w- c:\users\Ales Urban\AppData\Local\{CAE4D664-8A68-45F1-AAB9-BBEBE3F4B52C}
2011-04-17 13:33 . 2005-05-02 10:05 331776 ----a-w- c:\windows\SysWow64\ANPOP.dll
2011-04-17 13:33 . 2011-04-17 13:33 -------- d-----w- c:\program files (x86)\Windows Mail Recovery
2011-04-17 11:55 . 2011-04-17 11:55 -------- d-----w- c:\users\Ales Urban\AppData\Local\{9D0A640F-47C0-4ED3-B430-A56D27055C12}
2011-04-16 20:12 . 2011-04-16 20:12 -------- d-----w- c:\users\Ales Urban\AppData\Local\{6176D971-6FDF-4225-8D76-8CE1BC626569}
2011-04-15 21:53 . 2011-04-15 21:53 203576 ----a-w- c:\windows\SysWow64\richtx32.ocx
2011-04-15 21:53 . 2011-04-15 21:53 140288 ----a-w- c:\windows\SysWow64\comdlg32.ocx
2011-04-15 21:53 . 2011-04-15 21:53 124688 ----a-w- c:\windows\SysWow64\mswinsck.ocx
2011-04-14 11:09 . 2011-04-14 11:09 159080 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10138.bin
2011-04-14 02:39 . 2011-04-14 02:39 103864 ----a-w- c:\program files (x86)\Mozilla Firefox\plugins\nppdf32.dll
2011-04-13 12:49 . 2011-04-13 12:49 -------- d-----w- c:\users\Ales Urban\AppData\Local\{DBB05415-273F-4B09-85E8-5A46225F38CE}
2011-04-12 02:02 . 2011-05-01 23:17 -------- d-----w- c:\users\Ales Urban\AppData\Local\FullTiltPoker
2011-04-12 02:02 . 2011-05-01 23:20 -------- d-----w- c:\program files (x86)\Full Tilt Poker
2011-04-10 11:49 . 2011-04-10 11:49 -------- d-----w- c:\users\Ales Urban\AppData\Local\{F55BBEE6-6B40-4A6E-9BE9-071156A88A77}
2011-04-08 00:26 . 2011-04-08 00:26 -------- d-----w- C:\Poker
2011-04-08 00:15 . 2011-04-08 00:15 -------- d-----w- c:\users\Ales Urban\AppData\Roaming\Mozilla-Cache
2011-04-08 00:14 . 2011-04-08 00:14 -------- d-----w- C:\Programs
2011-04-08 00:13 . 2011-04-08 00:13 -------- d-----w- c:\program files (x86)\Party Poker
2011-04-07 23:56 . 2011-05-02 00:37 -------- d-----w- c:\users\Ales Urban\AppData\Local\Adobe
2011-04-07 23:56 . 2011-04-07 23:56 -------- d-----w- c:\program files (x86)\Common Files\Adobe
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-04-20 13:39 . 2011-03-15 12:45 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2011-04-18 17:25 . 2011-03-14 20:14 253888 ----a-w- c:\windows\system32\aswBoot.exe
2011-04-06 12:27 . 2011-04-06 12:27 53248 ----a-r- c:\users\Ales Urban\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2011-04-04 18:47 . 2011-04-04 18:47 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-04-04 18:47 . 2011-04-04 18:47 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-04-04 18:47 . 2011-04-04 18:47 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-04-04 18:47 . 2011-04-04 18:47 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-04-04 18:47 . 2011-04-04 18:47 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-04-04 18:47 . 2011-04-04 18:47 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-04-04 18:47 . 2011-04-04 18:47 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-04-04 18:47 . 2011-04-04 18:47 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-04-04 18:47 . 2011-04-04 18:47 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-04-04 18:47 . 2011-04-04 18:47 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-04-04 18:47 . 2011-04-04 18:47 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-04-04 18:47 . 2011-04-04 18:47 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-04-04 18:47 . 2011-04-04 18:47 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-04-04 18:47 . 2011-04-04 18:47 448512 ----a-w- c:\windows\system32\html.iec
2011-04-04 18:47 . 2011-04-04 18:47 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-04-04 18:47 . 2011-04-04 18:47 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-04-04 18:47 . 2011-04-04 18:47 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-04-04 18:47 . 2011-04-04 18:47 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-04-04 18:47 . 2011-04-04 18:47 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-04 18:47 . 2011-04-04 18:47 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-04 18:47 . 2011-04-04 18:47 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-04-04 18:47 . 2011-04-04 18:47 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-04 18:47 . 2011-04-04 18:47 222208 ----a-w- c:\windows\system32\msls31.dll
2011-04-04 18:47 . 2011-04-04 18:47 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-04 18:47 . 2011-04-04 18:47 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-04-04 18:47 . 2011-04-04 18:47 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-04-04 18:47 . 2011-04-04 18:47 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-04-04 18:47 . 2011-04-04 18:47 160256 ----a-w- c:\windows\system32\wextract.exe
2011-04-04 18:47 . 2011-04-04 18:47 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-04-04 18:47 . 2011-04-04 18:47 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-04-04 18:47 . 2011-04-04 18:47 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-04-04 18:47 . 2011-04-04 18:47 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-04-04 18:47 . 2011-04-04 18:47 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-04-04 18:47 . 2011-04-04 18:47 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-04-04 18:47 . 2011-04-04 18:47 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-04-04 18:47 . 2011-04-04 18:47 12288 ----a-w- c:\windows\system32\mshta.exe
2011-04-04 18:47 . 2011-04-04 18:47 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-04-04 18:47 . 2011-04-04 18:47 114176 ----a-w- c:\windows\system32\admparse.dll
2011-04-04 18:47 . 2011-04-04 18:47 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-04-04 18:47 . 2011-04-04 18:47 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-04-04 18:47 . 2011-04-04 18:47 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-04-04 18:47 . 2011-04-04 18:47 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-03-31 21:39 . 2011-03-31 21:39 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-03-17 16:28 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-03-17 16:28 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-17 15:47 . 2010-06-24 11:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 03:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 03:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2011-02-19 12:05 . 2011-03-17 15:09 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-02-19 12:04 . 2011-03-17 15:09 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-02-19 12:04 . 2011-03-17 15:09 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-02-19 06:30 . 2011-03-17 15:09 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-02-19 06:30 . 2011-03-17 15:09 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-05-05_19.11.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-05-05 18:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-05-06 17:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-05-05 18:44 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-06 17:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-05-06 17:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-05-05 18:44 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-14 20:21 . 2011-05-06 16:36 29424 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-05-06 16:36 40234 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-14 19:31 . 2011-05-06 16:36 8508 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-542441507-3757921571-2509968487-1001_UserData.bin
+ 2011-05-06 17:09 . 2011-05-06 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-05 18:43 . 2011-05-05 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-05-05 18:43 . 2011-05-05 18:43 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-05-06 17:09 . 2011-05-06 17:09 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-04-28 19:15 . 2011-05-05 18:44 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2011-04-28 19:15 . 2011-05-05 19:36 262144 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 02:36 . 2011-05-06 16:38 616008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-05-05 18:50 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 15:18 . 2011-05-06 16:38 631292 c:\windows\system32\perfh005.dat
- 2009-07-14 15:18 . 2011-05-05 18:50 631292 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2011-05-06 16:38 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2011-05-05 18:50 106388 c:\windows\system32\perfc009.dat
+ 2009-07-14 15:18 . 2011-05-06 16:38 121914 c:\windows\system32\perfc005.dat
- 2009-07-14 15:18 . 2011-05-05 18:50 121914 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2011-05-06 17:08 226304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-05-05 18:42 226304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-03-23 05:12 . 2011-05-06 17:08 3472424 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-542441507-3757921571-2509968487-1001-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-04-18 3460784]
.
c:\users\Ales Urban\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Logitech . Registrace produktu.lnk - c:\program files (x86)\Common Files\LogiShrd\eReg\SetPoint\eReg.exe [2009-11-16 517384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [x]
S2 postgresql-8.4;PostgreSQL Server 8.4;C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N postgresql-8.4 -D C:/Program Files (x86)/PostgreSQL/8.4/data -w [x]
S2 ProgDVBService;ProgDVB Scheduler Service;c:\program files (x86)\ProgDVB\ProgDVBService.exe [2011-02-11 11504]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-04-18 17:25 134384 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2010-10-28 1680976]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
FF - ProfilePath - c:\users\Ales Urban\AppData\Roaming\Mozilla\Firefox\Profiles\rveugx3d.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.proxy.type - 0
FF - user.js: network.proxy.http -
user_pref(network.proxy.http_port,);
FF - user.js: network.proxy.no_proxies_on -
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
WebBrowser-{34AB3C4C-DA1A-4067-96F4-31452C7CFE65} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\postgresql-8.4]
"ImagePath"="C:/Program Files (x86)/PostgreSQL/8.4/bin/pg_ctl.exe runservice -N \"postgresql-8.4\" -D \"C:/Program Files (x86)/PostgreSQL/8.4/data\" -w"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-542441507-3757921571-2509968487-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-542441507-3757921571-2509968487-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10o_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10o.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
c:\program files (x86)\PostgreSQL\8.4\bin\postgres.exe
.
**************************************************************************
.
Celkový čas: 2011-05-06 19:15:14 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-05-06 17:15
ComboFix2.txt 2011-05-06 13:52
.
Před spuštěním: Volných bajtů: 101 467 926 528
Po spuštění: Volných bajtů: 101 400 403 968
.
- - End Of File - - ABCF86AE2B7D3F3C7E902E73F3509FC6

[stell]

1:Uploadni c:\Qoobox>>na letecku postu>>link vloz sem
2:Premenuj ikonu combofixu na uninstall.exe
a spust, combofix sa odinstaluje.
3:Precisti pocitac CCleanerom,
4:A potom odskusaj, a napis ako sa chova pc.

[Alfonso222]

zde link s rarem:

http://leteckaposta.cz/987864230

[stell]

http://www.virustotal.com/file-scan/rep ... 1304702819
pozri sa co to za darebák bol.

[Alfonso222]

wow ..... diky mooccc za to trapeni se mnou ...

jen se mi nechce odinstalovat combofix

po prejmenovani se udelal jen autoscan s logem ale furt ho tu mam ...

[stell]

no, preto lebo urcite si zle premenoval,a teraz vola combofix.exe.exe
skontroluj a premenuj tak ako ma byt.

[Alfonso222]

takhle je to blbe?:::

http://leteckaposta.cz/211805040

[stell]

Tak je dobre,, vsak spust, on sa rozbehne ako keby chcel robit skan, a odinstaluje sa

[Alfonso222]

oki zkusim ,...