win 7 home security 2012

[smirin]

Zdravím,

mám veliký problém.....chytil jsem někde na jednom PC win 7 home security 2012......
Tady na foru jsem už něco četl, ale problém je, že mi nejde spustit žádný exe soubor,
tzn nespustim rsit ani combofix, total commander, proste nic.

Zkousel jsem to i v nouzáku a taktéž....

PLS o radu.

smirin

[stell]

zdravim
Nakolko nestihame, sprav to podla mojho blogu, pozri aj bod 10.
logy vkladaj sem do fora.
navod

[smirin]

Fuj teda....díky za navod......

Problem jsem mel pouze se spustenim v nouzaku souboru RogueKiller.

- Vyřešeno spustenim rkill.(com,scr) nevim presne ktery to byl


Prikladam log:

RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Safe mode
User: smirin [Admin rights]
Mode: Remove -- Date : 07/21/2011 18:47:00

Bad processes: 0

Registry Entries: 6
[ROGUE ST] HKCU\[...]\Run : 2642227359 (C:\Users\smirin\AppData\Local\ibs.exe) -> DELETED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
[FILE ASSO] HKLM\[...]Software\Clients\StartMenuInternet\FIREFOX.EXE\shell\safemode\command : ("C:\Users\smirin\AppData\Local\ibs.exe" -a "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode) -> REPLACED : ("C:\Program Files\mozilla firefox\firefox.exe" -safe-mode)

HOSTS File:


Finished : << RKreport[1].txt >>
RKreport[1].txt


Momentalne mam spusteny mbam - prilozim log za mmnt.

[stell]

ok, ak by este bol problem v normalnom rezime s exe, pouzi bod 10, a restartuj pocitac.a zopakuj akcie, RK a MBAM

Logy vkladaj sem

[smirin]

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 7223

Windows 6.1.7600 (Safe Mode)
Internet Explorer 8.0.7600.16385

21.7.2011 19:38:12
mbam-log-2011-07-21 (19-38-12).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 359971
Uplynulý čas: 32 minut, 32 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 5

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Not selected for removal.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Not selected for removal.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Not selected for removal.
c:\Users\smirin\AppData\Local\Temp\0.6280231126333181.exe (Exploit.Drop.2) -> Quarantined and deleted successfully.

[stell]

d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Not selected for removal.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Not selected for removal.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Not selected for removal.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Not selected for removal.

A toto??
znova chces infikovat pc??
No, ako je na tom pc??

[smirin]

uf po restartu vypadá vše OK, ale radši podle tveho navodu ještě jednou:
(Ostatní viry v nouzovem rezimu nebyly oznaceny - projistotu vymazano, jednalo se pouze o patche nebo keygeny)


RogueKiller V5.2.7 [06/30/2011] by Tigzy
contact at http://www.sur-la-toile.com
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.sur-la-toile.com/discussion- ... ntees.html

Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: smirin [Admin rights]
Mode: Remove -- Date : 07/21/2011 19:44:06

Bad processes: 0

Registry Entries: 0

HOSTS File:


Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt







Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verze databáze: 7223

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

21.7.2011 20:33:19
mbam-log-2011-07-21 (20-33-19).txt

Typ kontroly: Úplný test (C:\|D:\|)
Testované objekty: 362358
Uplynulý čas: 47 minut, 48 sekund

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče v registru: 0
Infikované hodnoty v registru: 0
Infikované datové položky v registru: 0
Infikované složky: 0
Infikované soubory: 4

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované hodnoty v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky v registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\CORE10k.EXE (Dont.Steal.Our.Software) -> Quarantined and deleted successfully.
d:\--==downloads==--\cyberlink.powerdvd.ultra.v9.0.1501.multilingual.keymaker.only.repack-core\keygen.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
d:\--==downloads==--\flash doma 2gb červená\teamviewer.manager.5.0.813.0-patch.exe (PUP.Hacktool.Patcher) -> Quarantined and deleted successfully.
d:\--==downloads==--\flash práce\SW1\Nero\nero8x.exe (RiskWare.Tool.CK) -> Quarantined and deleted successfully.

[stell]

, este vloz sem log z combofixu.

PROSIM CITAJTE POZORNE NAVOD!!!,

Použij ComboFix podle tohoto návodu: http://www.bleepingcomputer.com/combofi ... t-combofix
Log znej vloz sem.

[smirin]

ComboFix 11-07-21.02 - smirin 21.07.2011 20:51:58.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.3579.2537 [GMT 2:00]
Spuštěný z: d:\--==downloads==--\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\smirin\AppData\Roaming\Local
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\.ddr
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\0.ddi
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\settings.ddi
c:\users\smirin\AppData\Roaming\Local\Temp\DDM\Settings\Temporary Downloaded Files\(2)
c:\users\smirin\AppData\Roaming\Mikrotik
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\advtool.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\advtool.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\dhcp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\dhcp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\hotspot.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\hotspot.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ipv6.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ipv6.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ntp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ntp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\pim.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\pim.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ppp.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ppp.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roteros.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roteros.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roting2.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\roting2.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\secure.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\secure.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\system.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\system.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ups.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\ups.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\wlan2.crc
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\3.30-1002800881\wlan2.dll
c:\users\smirin\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-21 do 2011-07-21 )))))))))))))))))))))))))))))))
.
.
2011-07-21 18:55 . 2011-07-21 18:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\users\smirin\AppData\Roaming\Malwarebytes
2011-07-21 16:59 . 2010-12-20 16:09 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-07-21 16:59 . 2011-07-21 16:59 -------- d-----w- c:\programdata\Malwarebytes
2011-07-21 16:59 . 2011-07-21 17:36 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-07-21 16:59 . 2010-12-20 16:08 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-07-20 05:14 . 2011-06-07 15:55 7074640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0BE18012-4E5C-45C6-904A-42680A13AC7A}\mpengine.dll
2011-07-15 19:25 . 2011-07-15 19:25 -------- d-----w- c:\users\smirin\AppData\Local\Zoner
2011-07-15 19:22 . 2011-07-15 19:22 -------- d-----w- c:\program files\URUSoft
2011-06-28 19:52 . 2011-05-24 10:35 294912 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-28 19:51 . 2011-05-04 04:53 1553920 ----a-w- c:\windows\system32\tquery.dll
2011-06-28 19:51 . 2011-05-04 04:52 1401856 ----a-w- c:\windows\system32\mssrch.dll
2011-06-28 19:51 . 2011-05-04 04:52 666624 ----a-w- c:\windows\system32\mssvp.dll
2011-06-28 19:51 . 2011-05-04 04:52 337408 ----a-w- c:\windows\system32\mssph.dll
2011-06-28 19:51 . 2011-05-04 04:52 428032 ----a-w- c:\windows\system32\SearchIndexer.exe
2011-06-28 19:51 . 2011-05-04 04:52 59392 ----a-w- c:\windows\system32\msscntrs.dll
2011-06-28 19:51 . 2011-05-04 04:52 197120 ----a-w- c:\windows\system32\mssphtb.dll
2011-06-28 19:51 . 2011-05-04 04:52 86528 ----a-w- c:\windows\system32\SearchFilterHost.exe
2011-06-28 19:51 . 2011-05-04 04:52 164352 ----a-w- c:\windows\system32\SearchProtocolHost.exe
2011-06-23 05:33 . 2011-06-23 05:33 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-28 03:00 . 2011-06-17 05:36 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-24 17:14 . 2010-01-30 15:03 222080 ------w- c:\windows\system32\MpSigStub.exe
2011-05-04 02:43 . 2011-06-17 05:33 222720 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-05-04 02:43 . 2011-06-17 05:33 96256 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-05-04 02:43 . 2011-06-17 05:33 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-05-03 04:50 . 2011-06-17 05:36 740864 ----a-w- c:\windows\system32\inetcomm.dll
2011-04-29 02:57 . 2011-06-17 05:36 311296 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 02:57 . 2011-06-17 05:36 309760 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 02:57 . 2011-06-17 05:36 114176 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:33 . 2011-06-17 05:36 78336 ----a-w- c:\windows\system32\drivers\dfsc.sys
2011-04-25 04:56 . 2011-06-17 05:36 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:35 . 2011-06-17 05:36 338944 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-22 19:36 . 2011-05-25 17:06 26496 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-04-22 19:31 . 2011-06-17 05:36 981504 ----a-w- c:\windows\system32\wininet.dll
2011-04-22 19:31 . 2011-06-17 05:36 44544 ----a-w- c:\windows\system32\licmgr10.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2007-06-27 152872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BCU"="c:\program files\DeviceVM\Browser Configuration Utility\BCU.exe" [2009-08-04 346320]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-11-13 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-11-13 175128]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-11-13 166424]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-11-03 7866912]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2007-05-14 35328]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-11-16 2054360]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2010-12-09 1226608]
"DivX Download Manager"="c:\program files\DivX\DivX Plus Web Player\DDmService.exe" [2010-12-08 63360]
"Malwarebytes' Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-12-20 963976]
.
c:\users\smirin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Věýezy obrazovky a spuçtŘnˇ aplikace OneNote 2007.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
MotionSD STUDIO - SD Browser auto start -.lnk - c:\program files\Panasonic\MotionSD STUDIO\SD_Browser\AutoLauncher.exe [2010-9-5 66952]
myiHome Server.lnk - c:\program files\myiHome\app\myiHome-server.exe [2010-10-31 10584640]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [2010-10-18 32408]
R3 Ext2Fsd;Ext2Fsd; [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-03-18 136176]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 106752]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-11-16 108792]
S1 Ext2fs;Ext2fs;c:\windows\system32\DRIVERS\ext2fs.sys [2008-09-25 181120]
S1 IfsMount;IfsMount;c:\windows\system32\DRIVERS\ifsmount.sys [2008-08-28 51072]
S2 BCUService;Browser Configuration Utility Service;c:\program files\DeviceVM\Browser Configuration Utility\BCUService.exe [2009-08-04 219360]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-11-16 735960]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-12-18 95896]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [2009-03-23 16384]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2009-10-29 209920]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-08-20 189440]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:40]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-05-17 19:40]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925496254-1765041756-1834939049-1000Core.job
- c:\users\smirin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 16:29]
.
2011-07-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-925496254-1765041756-1834939049-1000UA.job
- c:\users\smirin\AppData\Local\Google\Update\GoogleUpdate.exe [2010-01-30 16:29]
.
.
------- Doplňkový sken -------
.
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: Interfaces\{EB5CE55A-49A1-4634-8CA0-E6A152031B72}: NameServer = 192.168.1.254,77.48.100.254
FF - ProfilePath - c:\users\smirin\AppData\Roaming\Mozilla\Firefox\Profiles\yt5577lr.default\
FF - prefs.js: browser.startup.homepage - www.seznam.cz
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} - c:\program files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
FF - Ext: DivX Plus Web Player HTML5 <video>: {23fcfd51-4958-4f00-80a3-ae97e717ed8b} - c:\program files\DivX\DivX Plus Web Player\firefox\html5video
FF - Ext: DivX HiQ: {6904342A-8307-11DF-A508-4AE2DFD72085} - c:\program files\DivX\DivX Plus Web Player\firefox\wpa
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-21 20:57:38
ComboFix-quarantined-files.txt 2011-07-21 18:57
.
Před spuštěním: Volných bajtů: 59 545 395 200
Po spuštění: Volných bajtů: 59 252 011 008
.
- - End Of File - - C2744C2D44A85470189E34AF3BC9A9D6

[stell]

podla mna je uz ok,
ak nie su problemy odinstaluj combofix a hotovo.

[smirin]

Vše je OK diky moc.

smirin

[stell]

nemas zaco,