Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
win 7 home security 2012
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
win 7 home security 2012
Zdravím,
mám veliký problém.....chytil jsem někde na jednom PC win 7 home security 2012......
Tady na foru jsem už něco četl, ale problém je, že mi nejde spustit žádný exe soubor,
tzn nespustim rsit ani combofix, total commander, proste nic.
Zkousel jsem to i v nouzáku a taktéž....
PLS o radu.
smirin
mám veliký problém.....chytil jsem někde na jednom PC win 7 home security 2012......
Tady na foru jsem už něco četl, ale problém je, že mi nejde spustit žádný exe soubor,
tzn nespustim rsit ani combofix, total commander, proste nic.
Zkousel jsem to i v nouzáku a taktéž....
PLS o radu.
smirin
Re: win 7 home security 2012
zdravim
Nakolko nestihame, sprav to podla mojho blogu, pozri aj bod 10.
logy vkladaj sem do fora.
navod
Nakolko nestihame, sprav to podla mojho blogu, pozri aj bod 10.
logy vkladaj sem do fora.
navod
Re: win 7 home security 2012
Fuj teda....díky za navod......
Problem jsem mel pouze se spustenim v nouzaku souboru RogueKiller.
- Vyřešeno spustenim rkill.(com,scr) nevim presne ktery to byl
Prikladam log:
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode
User: smirin [Admin rights]
Mode: Remove -- Date : 07/21/2011 18:47:00
Bad processes: 0
Registry Entries: 6
[ROGUE ST] HKCU\[...]\Run : 2642227359 (C:\Users\smirin\AppData\Local\ibs.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\smirin\AppData\Local\ibs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
HOSTS File:
Finished : << RKreport[1].txt >>
RKreport[1].txt
Momentalne mam spusteny mbam - prilozim log za mmnt.
Problem jsem mel pouze se spustenim v nouzaku souboru RogueKiller.
- Vyřešeno spustenim rkill.(com,scr) nevim presne ktery to byl
Prikladam log:
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode
User: smirin [Admin rights]
Mode: Remove -- Date : 07/21/2011 18:47:00
Bad processes: 0
Registry Entries: 6
[ROGUE ST] HKCU\[...]\Run : 2642227359 (C:\Users\smirin\AppData\Local\ibs.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\smirin\AppData\Local\ibs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)
HOSTS File:
Finished : << RKreport[1].txt >>
RKreport[1].txt
Momentalne mam spusteny mbam - prilozim log za mmnt.
Re: win 7 home security 2012
ok, ak by este bol problem v normalnom rezime s exe, pouzi bod 10, a restartuj pocitac.a zopakuj akcie, RK a MBAM
Logy vkladaj sem
Logy vkladaj sem
Re: win 7 home security 2012
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 7223
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
21.7.2011 19:38:12
mbam-log-2011-07-21 (19-38-12).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 359971
Uplynulý čas: 32 minut, 32 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Not selected for removal.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Not selected for removal.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Users\smirin\AppData\Local\Temp\0.6280231126333181.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
www.malwarebytes.org
Verze databáze: 7223
Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385
21.7.2011 19:38:12
mbam-log-2011-07-21 (19-38-12).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 359971
Uplynulý čas: 32 minut, 32 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Not selected for removal.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Not selected for removal.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Users\smirin\AppData\Local\Temp\0.6280231126333181.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.
Re: win 7 home security 2012
A toto??d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Not selected for removal.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Not selected for removal.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Not selected for removal.
znova chces infikovat pc??
No, ako je na tom pc??
Re: win 7 home security 2012
uf po restartu vypadá vše OK, ale radši podle tveho navodu ještě jednou:
(Ostatní viry v nouzovem rezimu nebyly oznaceny - projistotu vymazano, jednalo se pouze o patche nebo keygeny)
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: smirin [Admin rights]
Mode: Remove -- Date : 07/21/2011 19:44:06
Bad processes: 0
Registry Entries: 0
HOSTS File:
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 7223
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.7.2011 20:33:19
mbam-log-2011-07-21 (20-33-19).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 362358
Uplynulý čas: 47 minut, 48 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
(Ostatní viry v nouzovem rezimu nebyly oznaceny - projistotu vymazano, jednalo se pouze o patche nebo keygeny)
RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: smirin [Admin rights]
Mode: Remove -- Date : 07/21/2011 19:44:06
Bad processes: 0
Registry Entries: 0
HOSTS File:
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org
Verze databáze: 7223
Windows 6.1.7600
Internet Explorer 8.0.7600.16385
21.7.2011 20:33:19
mbam-log-2011-07-21 (20-33-19).txt
Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 362358
Uplynulý čas: 47 minut, 48 sekund
Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4
Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)
Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)
Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)
Infikované soubory:
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.
Re: win 7 home security 2012
, este vloz sem log z combofixu.
PROSIM CITAJTE POZORNE NAVOD!!!,
Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
PROSIM CITAJTE POZORNE NAVOD!!!,
Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.
Re: win 7 home security 2012
ComboFix 11-07-21.02 - smirin 21.07.2011 20:51:58.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3579.2537 [GMT 2:00]
Spuštěný z: d:\--==downloads==--\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\smirin\AppData\Roaming\Local
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\smirin\AppData\Roaming\Mikrotik
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\advtool.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\advtool.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\dhcp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\dhcp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\hotspot.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\hotspot.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ipv6.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ipv6.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ntp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ntp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\pim.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\pim.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ppp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ppp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roteros.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roteros.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roting2.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roting2.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\secure.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\secure.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\system.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\system.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ups.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ups.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\wlan2.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\wlan2.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-21 do 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 18:55 . 2011-07-21 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\users\smirin\AppData\Roaming\Malwarebytes
2011-07-21 16:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\programdata\Malwarebytes
2011-07-21 16:59 . 2011-07-21 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 16:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 05:14 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BE18012-4E5C-45C6-904A-42680A13AC7A}\mpengine.dll
2011-07-15 19:25 . 2011-07-15 19:25 -------- d-----w- c:\users\smirin\AppData\Local\Zoner
2011-07-15 19:22 . 2011-07-15 19:22 -------- d-----w- c:\program files\URUSoft
2011-06-28 19:52 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 19:51 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 19:51 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 19:51 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 19:51 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 19:51 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 19:51 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 19:51 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 19:51 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 19:51 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-23 05:33 . 2011-06-23 05:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 03:00 . 2011-06-17 05:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2010-01-30 15:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:43 . 2011-06-17 05:33 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-17 05:33 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-17 05:33 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-17 05:36 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-17 05:36 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-17 05:36 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-17 05:36 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33 . 2011-06-17 05:36 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56 . 2011-06-17 05:36 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35 . 2011-06-17 05:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36 . 2011-05-25 17:06 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31 . 2011-06-17 05:36 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31 . 2011-06-17 05:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 166424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-03 7866912]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\smirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2010-9-5 66952]
myiHome Server.lnk - c:\program files\myiHome\app\myiHome-server.exe [2010-10-31 10584640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-10-18 32408]
R3 Ext2Fsd;Ext2Fsd; [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:40]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:40]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925496254-1765041756-1834939049-1000Core.job
- c:\users\smirin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 16:29]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925496254-1765041756-1834939049-1000UA.job
- c:\users\smirin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 16:29]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EB5CE55A-49A1-4634-8CA0-E6A152031B72}: NameServer = 192.168.1.254,77.48.100.254
FF - ProfilePath - c:\users\smirin\AppData\Roaming\Mozilla\Firefox\Profiles\yt5577lr.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-21 20:57:38
ComboFix-quarantined-files.txt 2011-07-21 18:57
.
Před spuštěním: Volných bajtů: 59 545 395 200
Po spuštění: Volných bajtů: 59 252 011 008
.
- - End Of File - - C2744C2D44A85470189E34AF3BC9A9D6
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3579.2537 [GMT 2:00]
Spuštěný z: d:\--==downloads==--\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\smirin\AppData\Roaming\Local
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\smirin\AppData\Roaming\Mikrotik
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\advtool.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\advtool.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\dhcp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\dhcp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\hotspot.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\hotspot.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ipv6.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ipv6.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ntp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ntp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\pim.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\pim.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ppp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ppp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roteros.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roteros.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roting2.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roting2.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\secure.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\secure.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\system.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\system.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ups.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ups.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\wlan2.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\wlan2.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-21 do 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 18:55 . 2011-07-21 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\users\smirin\AppData\Roaming\Malwarebytes
2011-07-21 16:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\programdata\Malwarebytes
2011-07-21 16:59 . 2011-07-21 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 16:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 05:14 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BE18012-4E5C-45C6-904A-42680A13AC7A}\mpengine.dll
2011-07-15 19:25 . 2011-07-15 19:25 -------- d-----w- c:\users\smirin\AppData\Local\Zoner
2011-07-15 19:22 . 2011-07-15 19:22 -------- d-----w- c:\program files\URUSoft
2011-06-28 19:52 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 19:51 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 19:51 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 19:51 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 19:51 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 19:51 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 19:51 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 19:51 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 19:51 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 19:51 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-23 05:33 . 2011-06-23 05:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 03:00 . 2011-06-17 05:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2010-01-30 15:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:43 . 2011-06-17 05:33 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-17 05:33 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-17 05:33 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-17 05:36 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-17 05:36 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-17 05:36 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-17 05:36 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33 . 2011-06-17 05:36 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56 . 2011-06-17 05:36 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35 . 2011-06-17 05:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36 . 2011-05-25 17:06 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31 . 2011-06-17 05:36 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31 . 2011-06-17 05:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 166424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-03 7866912]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\smirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2010-9-5 66952]
myiHome Server.lnk - c:\program files\myiHome\app\myiHome-server.exe [2010-10-31 10584640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-10-18 32408]
R3 Ext2Fsd;Ext2Fsd; [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:40]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:40]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925496254-1765041756-1834939049-1000Core.job
- c:\users\smirin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 16:29]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925496254-1765041756-1834939049-1000UA.job
- c:\users\smirin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 16:29]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EB5CE55A-49A1-4634-8CA0-E6A152031B72}: NameServer = 192.168.1.254,77.48.100.254
FF - ProfilePath - c:\users\smirin\AppData\Roaming\Mozilla\Firefox\Profiles\yt5577lr.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-21 20:57:38
ComboFix-quarantined-files.txt 2011-07-21 18:57
.
Před spuštěním: Volných bajtů: 59 545 395 200
Po spuštění: Volných bajtů: 59 252 011 008
.
- - End Of File - - C2744C2D44A85470189E34AF3BC9A9D6
Re: win 7 home security 2012
podla mna je uz ok,
ak nie su problemy odinstaluj combofix a hotovo.
ak nie su problemy odinstaluj combofix a hotovo.
Re: win 7 home security 2012
Vše je OK diky moc.
smirin
smirin
Re: win 7 home security 2012
nemas zaco,