log z rsit:
Logfile of random's system information tool 1.09 (written by random/random)
Run by milacek at 2011-11-08 10:46:23
Microsoft Windows 7 Home Premium
System drive C: has 191 GB (80%) free of 238 GB
Total RAM: 2009 MB (56% free)
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2010-04-26 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2010-04-26 174104]
"Persistence"=C:\Windows\system32\igfxpers.exe [2010-04-26 150552]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-26 307768]
"EnergyUtility"=C:\Program Files\Lenovo\Energy Management\utility.exe [2009-09-29 4114288]
"Energy Management"=C:\Program Files\Lenovo\Energy Management\Energy Management.exe [2009-09-29 5064560]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2008-10-25 31072]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-09-07 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"tray_ico0"=C:\Windows\update.tray-9-0\svchost.exe [2011-10-27 1198080]
"tray_ico1"=C:\Windows\update.tray-14-0\svchost.exe [2011-10-27 1198080]
"1372951.exe"=C:\Users\milacek\AppData\Local\Temp\1372951.exe [2011-11-08 257024]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-11-08 262656]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-11-08 257024]
"9358189.exe"=C:\Users\milacek\AppData\Local\Temp\9358189.exe [2011-11-08 257024]
"2990771.exe"=C:\Windows\TEMP\2990771.exe [2011-11-08 257024]
"4094962.exe"=C:\Windows\TEMP\4094962.exe [2011-11-08 1942528]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"=C:\Program Files\CONEXANT\SAII\SAIICpl.exe [2010-04-26 307768]
"PCSpeedUp"=C:\Program Files\Zrychleni Pocitace\PCSpeedUp.lnk [2011-08-14 2389]
"ICQ"=C:\Program Files\ICQ7.5\ICQ.exe [2011-08-01 124480]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2010-04-26 215552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-12 2217848]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\update.tray-14-0\svchost.exe"="C:\Windows\update.tray-14-0\svchost.exe:*:Enabled:C:\Windows\update.tray-14-0\svchost.exe"
"C:\Windows\update.tray-9-0\svchost.exe"="C:\Windows\update.tray-9-0\svchost.exe:*:Enabled:C:\Windows\update.tray-9-0\svchost.exe"
"C:\Windows\update.1\svchost.exe"="C:\Windows\update.1\svchost.exe:*:Enabled:C:\Windows\update.1\svchost.exe"
"C:\Windows\update.2\svchost.exe"="C:\Windows\update.2\svchost.exe:*:Enabled:C:\Windows\update.2\svchost.exe"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2011-11-08 10:46:23 ----D---- C:\rsit
2011-11-08 10:43:13 ----A---- C:\Windows\btc_client_iplist.txt
2011-11-08 10:42:50 ----HD---- C:\Windows\update.5.0
2011-11-08 10:42:26 ----A---- C:\Windows\iecheck_iplist.txt
2011-11-08 10:41:20 ----HD---- C:\Windows\update.2
2011-11-08 10:39:49 ----A---- C:\Windows\iplist.txt
2011-11-08 10:39:10 ----A---- C:\Windows\sysdriver32_.exe
2011-11-08 10:38:56 ----A---- C:\Windows\sysdriver32.exe
2011-11-08 10:38:39 ----A---- C:\Windows\front_ip_list.txt
2011-11-08 10:29:08 ----D---- C:\Windows\temp
2011-11-08 10:29:06 ----A---- C:\ComboFix.txt
2011-11-08 10:24:28 ----D---- C:\Windows\av_ico
2011-11-08 10:24:23 ----D---- C:\$RECYCLE.BIN
2011-11-08 10:16:35 ----A---- C:\Windows\zip.exe
2011-11-08 10:16:35 ----A---- C:\Windows\SWSC.exe
2011-11-08 10:16:35 ----A---- C:\Windows\SWREG.exe
2011-11-08 10:16:35 ----A---- C:\Windows\sed.exe
2011-11-08 10:16:35 ----A---- C:\Windows\PEV.exe
2011-11-08 10:16:35 ----A---- C:\Windows\NIRCMD.exe
2011-11-08 10:16:35 ----A---- C:\Windows\MBR.exe
2011-11-08 10:16:35 ----A---- C:\Windows\grep.exe
2011-11-08 10:16:20 ----D---- C:\Windows\ERDNT
2011-11-08 10:16:16 ----D---- C:\Qoobox
2011-11-08 10:15:12 ----HD---- C:\Windows\PIF
2011-11-08 09:25:38 ----A---- C:\Windows\system32\FntCache.dll
2011-11-08 09:25:38 ----A---- C:\Windows\system32\DWrite.dll
2011-11-08 09:25:37 ----A---- C:\Windows\system32\d2d1.dll
2011-11-08 08:59:57 ----A---- C:\Windows\system32\prevhost.exe
2011-11-08 08:54:31 ----A---- C:\Windows\system32\drivers\usbvideo.sys
2011-11-08 08:54:31 ----A---- C:\Windows\system32\drivers\ks.sys
2011-11-08 08:53:39 ----A---- C:\Windows\system32\wcncsvc.dll
2011-11-08 08:53:03 ----A---- C:\Windows\system32\ieframe.dll
2011-11-08 08:53:01 ----A---- C:\Windows\system32\mshtml.dll
2011-11-08 08:53:01 ----A---- C:\Windows\system32\iertutil.dll
2011-11-08 08:52:59 ----A---- C:\Windows\system32\wininet.dll
2011-11-08 08:52:59 ----A---- C:\Windows\system32\urlmon.dll
2011-11-08 08:52:58 ----A---- C:\Windows\system32\mstime.dll
2011-11-08 08:52:58 ----A---- C:\Windows\system32\msfeedsbs.dll
2011-11-08 08:52:58 ----A---- C:\Windows\system32\msfeeds.dll
2011-11-08 08:52:58 ----A---- C:\Windows\system32\iepeers.dll
2011-11-08 08:52:58 ----A---- C:\Windows\system32\iedkcs32.dll
2011-11-08 08:52:57 ----A---- C:\Windows\system32\url.dll
2011-11-08 08:52:57 ----A---- C:\Windows\system32\mshtmled.dll
2011-11-08 08:52:57 ----A---- C:\Windows\system32\msfeedssync.exe
2011-11-08 08:52:57 ----A---- C:\Windows\system32\licmgr10.dll
2011-11-08 08:52:57 ----A---- C:\Windows\system32\jsproxy.dll
2011-11-08 08:52:57 ----A---- C:\Windows\system32\ieui.dll
2011-11-08 08:52:44 ----A---- C:\Windows\system32\odbctrac.dll
2011-11-08 08:52:44 ----A---- C:\Windows\system32\odbcjt32.dll
2011-11-08 08:52:44 ----A---- C:\Windows\system32\odbccu32.dll
2011-11-08 08:52:44 ----A---- C:\Windows\system32\odbccr32.dll
2011-11-08 08:52:44 ----A---- C:\Windows\system32\odbccp32.dll
2011-11-08 08:52:41 ----A---- C:\Windows\system32\msdri.dll
2011-11-08 08:52:17 ----A---- C:\Windows\system32\inetcomm.dll
2011-11-08 08:52:11 ----A---- C:\Windows\system32\upnp.dll
2011-11-08 08:52:10 ----A---- C:\Windows\system32\msxml6.dll
2011-11-08 08:52:09 ----A---- C:\Windows\system32\wscsvc.dll
2011-11-08 08:52:09 ----A---- C:\Windows\system32\wscapi.dll
2011-11-08 08:52:09 ----A---- C:\Windows\system32\winhttp.dll
2011-11-08 08:52:09 ----A---- C:\Windows\system32\WebClnt.dll
2011-11-08 08:52:09 ----A---- C:\Windows\system32\slwga.dll
2011-11-08 08:52:09 ----A---- C:\Windows\system32\msxml3.dll
2011-11-08 08:52:09 ----A---- C:\Windows\system32\davclnt.dll
2011-11-08 08:51:51 ----A---- C:\Windows\system32\ntoskrnl.exe
2011-11-08 08:51:51 ----A---- C:\Windows\system32\ntkrnlpa.exe
2011-11-08 08:51:43 ----A---- C:\Windows\system32\d3d10warp.dll
2011-11-08 08:51:42 ----A---- C:\Windows\system32\mf.dll
2011-11-08 08:51:41 ----A---- C:\Windows\system32\WMVDECOD.DLL
2011-11-08 08:51:41 ----A---- C:\Windows\system32\mfreadwrite.dll
2011-11-08 08:51:41 ----A---- C:\Windows\system32\ExplorerFrame.dll
2011-11-08 08:51:41 ----A---- C:\Windows\system32\d3d10_1core.dll
2011-11-08 08:51:40 ----A---- C:\Windows\system32\XpsRasterService.dll
2011-11-08 08:51:30 ----A---- C:\Windows\system32\d3d10_1.dll
2011-11-08 08:51:26 ----D---- C:\Program Files\Trend Micro
2011-11-08 08:51:17 ----A---- C:\Windows\system32\tquery.dll
2011-11-08 08:51:17 ----A---- C:\Windows\system32\mssrch.dll
2011-11-08 08:51:16 ----A---- C:\Windows\system32\SearchIndexer.exe
2011-11-08 08:51:16 ----A---- C:\Windows\system32\mssvp.dll
2011-11-08 08:51:16 ----A---- C:\Windows\system32\mssph.dll
2011-11-08 08:51:15 ----A---- C:\Windows\system32\SearchProtocolHost.exe
2011-11-08 08:51:15 ----A---- C:\Windows\system32\mssphtb.dll
2011-11-08 08:51:14 ----A---- C:\Windows\system32\SearchFilterHost.exe
2011-11-08 08:51:14 ----A---- C:\Windows\system32\msscntrs.dll
2011-11-08 08:51:12 ----A---- C:\Windows\system32\dnsrslvr.dll
2011-11-08 08:51:12 ----A---- C:\Windows\system32\dnscacheugc.exe
2011-11-08 08:51:12 ----A---- C:\Windows\system32\dnsapi.dll
2011-11-08 08:51:11 ----A---- C:\Windows\system32\win32k.sys
2011-11-08 08:51:09 ----A---- C:\Windows\system32\ntdll.dll
2011-11-08 08:51:07 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2011-11-08 08:51:07 ----A---- C:\Windows\system32\winsrv.dll
2011-11-08 08:51:07 ----A---- C:\Windows\system32\KernelBase.dll
2011-11-08 08:51:07 ----A---- C:\Windows\system32\kernel32.dll
2011-11-08 08:51:07 ----A---- C:\Windows\system32\conhost.exe
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2011-11-08 08:51:06 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2011-11-08 08:51:04 ----A---- C:\Windows\system32\kerberos.dll
2011-11-08 08:51:02 ----A---- C:\Windows\system32\odbc32.dll
2011-11-08 08:50:56 ----A---- C:\Windows\system32\mstscax.dll
2011-11-08 08:50:55 ----A---- C:\Windows\system32\mstsc.exe
2011-11-08 08:50:53 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-11-08 08:50:53 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-11-08 08:50:53 ----A---- C:\Windows\system32\drivers\srv.sys
2011-11-08 08:50:51 ----A---- C:\Windows\system32\psisdecd.dll
2011-11-08 08:50:45 ----A---- C:\Windows\system32\tzres.dll
2011-11-08 08:50:28 ----A---- C:\Windows\system32\mfc42u.dll
2011-11-08 08:50:28 ----A---- C:\Windows\system32\mfc42.dll
2011-11-08 08:50:27 ----A---- C:\Windows\system32\drivers\tcpip.sys
2011-11-08 08:50:26 ----A---- C:\Windows\system32\vbscript.dll
2011-11-08 08:50:26 ----A---- C:\Windows\system32\jscript.dll
2011-11-08 08:50:25 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-11-08 08:50:25 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-11-08 08:50:25 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-11-08 08:50:24 ----A---- C:\Windows\system32\drivers\fvevol.sys
2011-11-08 08:50:24 ----A---- C:\Windows\system32\drivers\afd.sys
2011-11-08 08:50:22 ----A---- C:\Windows\system32\atmlib.dll
2011-11-08 08:50:22 ----A---- C:\Windows\system32\atmfd.dll
2011-11-08 08:50:19 ----A---- C:\Windows\system32\umpnpmgr.dll
2011-11-08 08:50:19 ----A---- C:\Windows\system32\oleaut32.dll
2011-11-08 08:50:19 ----A---- C:\Windows\system32\oleacc.dll
2011-11-08 08:50:15 ----A---- C:\Windows\system32\FXSCOVER.exe
2011-11-08 08:50:15 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-11-08 08:50:12 ----A---- C:\Windows\system32\xmllite.dll
2011-11-08 08:50:04 ----A---- C:\Windows\system32\poqexec.exe
2011-11-08 08:50:03 ----A---- C:\Windows\system32\sbe.dll
2011-11-08 08:50:03 ----A---- C:\Windows\system32\EncDec.dll
2011-11-08 08:50:03 ----A---- C:\Windows\system32\CPFilters.dll
2011-11-08 08:50:01 ----A---- C:\Windows\system32\XpsGdiConverter.dll
2011-11-08 08:50:00 ----A---- C:\Windows\explorer.exe
2011-11-08 08:49:53 ----A---- C:\Windows\system32\XpsPrint.dll
2011-11-08 08:49:52 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2011-11-08 08:49:51 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2011-11-08 08:49:51 ----A---- C:\Windows\system32\cdd.dll
2011-11-08 08:49:50 ----A---- C:\Windows\system32\secproc_ssp_isv.dll
2011-11-08 08:49:50 ----A---- C:\Windows\system32\secproc_ssp.dll
2011-11-08 08:49:50 ----A---- C:\Windows\system32\secproc_isv.dll
2011-11-08 08:49:50 ----A---- C:\Windows\system32\secproc.dll
2011-11-08 08:49:50 ----A---- C:\Windows\system32\RMActivate_ssp_isv.exe
2011-11-08 08:49:50 ----A---- C:\Windows\system32\RMActivate_ssp.exe
2011-11-08 08:49:50 ----A---- C:\Windows\system32\RMActivate_isv.exe
2011-11-08 08:49:50 ----A---- C:\Windows\system32\RMActivate.exe
2011-11-08 08:49:49 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2011-11-08 08:49:48 ----A---- C:\Windows\system32\drivers\bowser.sys
2011-10-27 12:02:31 ----D---- C:\Windows\ufa
2011-10-27 11:57:59 ----HD---- C:\Windows\update.8.1
2011-10-27 11:54:42 ----A---- C:\Windows\unrar.exe
2011-10-27 11:51:33 ----HD---- C:\Windows\update.tray-9-0-lnk
2011-10-27 11:51:33 ----HD---- C:\Windows\update.tray-9-0
2011-10-27 11:51:33 ----HD---- C:\Windows\update.tray-14-0-lnk
2011-10-27 11:51:33 ----HD---- C:\Windows\update.tray-14-0
======List of files/folders modified in the last 1 month======
2011-11-08 10:46:02 ----D---- C:\Windows\System32
2011-11-08 10:46:02 ----D---- C:\Windows
2011-11-08 10:43:45 ----D---- C:\Windows\system32\config
2011-11-08 10:41:48 ----D---- C:\Windows\system32\drivers\etc
2011-11-08 10:37:19 ----D---- C:\Windows\inf
2011-11-08 10:37:19 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-11-08 10:33:04 ----A---- C:\AtmApInit.txt
2011-11-08 10:29:09 ----D---- C:\Windows\system32\drivers
2011-11-08 10:24:28 ----A---- C:\Windows\system.ini
2011-11-08 10:20:25 ----D---- C:\Windows\AppPatch
2011-11-08 10:20:24 ----D---- C:\Program Files\Common Files
2011-11-08 09:54:18 ----D---- C:\Windows\Microsoft.NET
2011-11-08 09:54:17 ----RSD---- C:\Windows\assembly
2011-11-08 09:48:07 ----D---- C:\Windows\system32\Tasks
2011-11-08 09:48:07 ----D---- C:\Program Files\Google
2011-11-08 09:48:06 ----SHD---- C:\Windows\Installer
2011-11-08 09:48:06 ----D---- C:\Windows\Tasks
2011-11-08 09:44:31 ----D---- C:\Windows\winsxs
2011-11-08 09:26:18 ----D---- C:\Windows\Logs
2011-11-08 09:25:55 ----SHD---- C:\System Volume Information
2011-11-08 09:25:35 ----D---- C:\Windows\system32\catroot
2011-11-08 09:25:34 ----D---- C:\Windows\system32\catroot2
2011-11-08 09:18:06 ----D---- C:\Windows\Prefetch
2011-11-08 09:18:04 ----D---- C:\ProgramData\Google
2011-11-08 09:11:29 ----D---- C:\Program Files\Microsoft Silverlight
2011-11-08 09:10:19 ----D---- C:\Windows\system32\cs-CZ
2011-11-08 09:10:18 ----RSD---- C:\Windows\Fonts
2011-11-08 09:10:18 ----D---- C:\Windows\ehome
2011-11-08 09:10:18 ----D---- C:\Program Files\Internet Explorer
2011-11-08 09:10:16 ----D---- C:\Windows\system32\migration
2011-11-08 09:10:13 ----D---- C:\Windows\system32\DriverStore
2011-11-08 09:09:33 ----D---- C:\ProgramData\Microsoft Help
2011-11-08 08:59:43 ----D---- C:\Windows\debug
2011-11-08 08:54:10 ----D---- C:\Program Files\Common Files\microsoft shared
2011-11-08 08:51:27 ----SD---- C:\Users\milacek\AppData\Roaming\Microsoft
2011-11-08 08:51:26 ----RD---- C:\Program Files
2011-11-04 20:38:23 ----D---- C:\Program Files\Wroom
2011-10-27 11:51:38 ----D---- C:\ProgramData
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Blokace antiviru - enhanced protection mode, díky za pomoc
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: Blokace antiviru - enhanced protection mode, díky za pom
Zdravim a pekny den preji 
vy umite pouzivat ComboFix - aplikovat jej, vylustit log a napsat docistovaci skript - tato utilita je pro radce - ctete nize
Nebezpeci CFka
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
vy umite pouzivat ComboFix - aplikovat jej, vylustit log a napsat docistovaci skript - tato utilita je pro radce - ctete nize Nebezpeci CFka
- Je urcen primarne pro radce - jeho svevolnym pouzitim ztracite narok na podporu
- Maze stopy po haveti, takze v logu z RSIT neni nic videt
- Jeho log je treba dolustit, jelikoz neumi smazat vse - to ovsem tezko zvladnete pokud k tomu nejste vyskolen
- CF muze mit bug = sunda Vam system, pokud nevite kam co uklada, jak co obnovit, mate system v kytkam a ceka Vas reinstal
- CF taky bohuzel prozatim nekontroluje nektere dulezite knihovny (napr. hal.dll) - ty treba mazou nektere typy haveti (napr. angela) - smaze Vam po restartu hal.dll = nenajede Vam system a jste o radek vyse = reinstal
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost 2 a potvrte enterem
- Utilita provede svou cinnost a da log - ten sem vlozte
- Nyni znovu, ale zvolte moznost 3 a pote jeste 4 - logy opet vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: Blokace antiviru - enhanced protection mode, díky za pom
díky za pomoc, vše jsem udělal jak jste psal, ale nějak nemužu najit ten log.
Re: Blokace antiviru - enhanced protection mode, díky za pom
Mel by byt na plose, a to dokonce tri pac jsem chtel 3x jej aplikovat
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Blokace antiviru - enhanced protection mode, díky za pom
na ploše mám pouze složku RK_Quarantine a v ni same reg soubory, jediny txt soubor je prazdny.
Re: Blokace antiviru - enhanced protection mode, díky za pom
a navic při pokusu o další kroky 3 a4 to vypiše chybu a konec.
Re: Blokace antiviru - enhanced protection mode, díky za pom
ta chyba - nemáte oprávnění k přístupu k aplikaci, používám "spustit jako správce-administrátor"
Re: Blokace antiviru - enhanced protection mode, díky za pom
tak se mi restartl systém a na ploše uš nemám ani odkaz na RK, zůstala jen ta složka. Asi jsem v pr...., že? Reinstal mne nemine...
Re: Blokace antiviru - enhanced protection mode, díky za pom
Tak konečně se to hlo - udělal jsem pokus s bodem obnovení do dne kdy jsem zkousel ComboFix a pak jsem postupoval dle vasi rady. Tady jsou logy z RK:
RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: milacek [Admin rights]
Mode: Remove -- Date : 11/08/2011 11:54:00
¤¤¤ Bad processes: 16 ¤¤¤
[HJ NAME] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- C:\Windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SUSP PATH] systemup.exe -- C:\Windows\systemup.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- C:\Windows\l1rezerv.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\Windows\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\Windows\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\Windows\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\Windows\update.1\svchost.exe srv -> STOPPED
¤¤¤ Registry Entries: 26 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\Windows\update.tray-9-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico1 (C:\Windows\update.tray-14-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5109042.exe ("C:\Users\milacek\AppData\Local\temp\5109042.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3042608.exe ("C:\Users\milacek\AppData\Local\temp\3042608.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\Windows\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\Windows\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6383068.exe ("C:\Windows\Temp\6383068.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8333520.exe ("C:\Windows\Temp\8333520.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[SUSP PATH] CNET TechTracker.lnk : C:\Users\milacek\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: milacek [Admin rights]
Mode: Remove -- Date : 11/08/2011 11:54:00
¤¤¤ Bad processes: 16 ¤¤¤
[HJ NAME] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.5.0\svchost.exe -> KILLED [TermProc]
[SUSP PATH] sysdriver32.exe -- C:\Windows\sysdriver32.exe -> KILLED [TermProc]
[HJ NAME] svchost.exe -- C:\Windows\update.1\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SUSP PATH] systemup.exe -- C:\Windows\systemup.exe -> KILLED [TermProc]
[SUSP PATH] l1rezerv.exe -- C:\Windows\l1rezerv.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SVCHOST] svchost.exe -- C:\Windows\update.2\svchost.exe -> KILLED [TermProc]
[SERVICE] srvbtcclient -- C:\Windows\update.5.0\svchost.exe srv -> STOPPED
[SERVICE] srviecheck -- C:\Windows\update.2\svchost.exe srv -> STOPPED
[SERVICE] srvsysdriver32 -- C:\Windows\sysdriver32.exe srv -> STOPPED
[SERVICE] wxpdrivers -- C:\Windows\update.1\svchost.exe srv -> STOPPED
¤¤¤ Registry Entries: 26 ¤¤¤
[SUSP PATH] HKLM\[...]\Run : wxpdrv (C:\Windows\services32.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico0 (C:\Windows\update.tray-9-0\svchost.exe) -> DELETED
[HJ NAME] HKLM\[...]\Run : tray_ico1 (C:\Windows\update.tray-14-0\svchost.exe) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 5109042.exe ("C:\Users\milacek\AppData\Local\temp\5109042.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32.exe ("C:\Windows\sysdriver32.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : sysdriver32_.exe ("C:\Windows\sysdriver32_.exe" rezerv) -> DELETED
[SUSP PATH] HKLM\[...]\Run : 3042608.exe ("C:\Users\milacek\AppData\Local\temp\3042608.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : systemup ("C:\Windows\systemup.exe" stand) -> DELETED
[SUSP PATH] HKLM\[...]\Run : l1rezerv.exe ("C:\Windows\l1rezerv.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 6383068.exe ("C:\Windows\Temp\6383068.exe") -> DELETED
[SUSP PATH] HKLM\[...]\Run : 8333520.exe ("C:\Windows\Temp\8333520.exe") -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvbtcclient (C:\Windows\update.5.0\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srviecheck (C:\Windows\update.2\svchost.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : srvsysdriver32 (C:\Windows\sysdriver32.exe srv) -> DELETED
[BLACKLIST] HKLM\[...]\services : wxpdrivers (C:\Windows\update.1\svchost.exe srv) -> DELETED
[SUSP PATH] CNET TechTracker.lnk : C:\Users\milacek\AppData\Roaming\CBS Interactive\CNET TechTracker\TechTracker.exe -> DELETED
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : AntiVirusDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : FirewallDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\Security Center : UpdatesDisableNotify (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED ()
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED ()
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: Blokace antiviru - enhanced protection mode, díky za pom
log2:
RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: milacek [Admin rights]
Mode: HOSTSFix -- Date : 11/08/2011 11:54:29
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: milacek [Admin rights]
Mode: HOSTSFix -- Date : 11/08/2011 11:54:29
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
127.0.0.1 localhost
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
127.0.0.1 az-az.facebook.com
127.0.0.1 id-id.facebook.com
127.0.0.1 ms-my.facebook.com
127.0.0.1 bs-ba.facebook.com
127.0.0.1 ca-es.facebook.com
127.0.0.1 cs-cz.facebook.com
127.0.0.1 cy-gb.facebook.com
127.0.0.1 da-dk.facebook.com
127.0.0.1 de-de.facebook.com
127.0.0.1 et-ee.facebook.com
127.0.0.1 en-gb.facebook.com
127.0.0.1 es-la.facebook.com
127.0.0.1 eo-eo.facebook.com
127.0.0.1 eu-es.facebook.com
127.0.0.1 tl-ph.facebook.com
127.0.0.1 fo-fo.facebook.com
[...]
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt
Re: Blokace antiviru - enhanced protection mode, díky za pom
log3
RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: milacek [Admin rights]
Mode: ProxyFix -- Date : 11/08/2011 11:54:39
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
RogueKiller V6.1.7 [11/05/2011] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7600 ) 32 bits version
Started in : Normal mode
User: milacek [Admin rights]
Mode: ProxyFix -- Date : 11/08/2011 11:54:39
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [LOADED] ¤¤¤
¤¤¤ Registry Entries: 0 ¤¤¤
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Re: Blokace antiviru - enhanced protection mode, díky za pom
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: Blokace antiviru - enhanced protection mode, díky za pom
ComboFix 11-11-08.02 - milacek 08.11.2011 12:14:01.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2009.1398 [GMT 1:00]
Spuštěný z: c:\users\milacek\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\milacek\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\windows\$NtUninstallKB32766$
c:\windows\$NtUninstallKB32766$\2108620207\U\@800000c0
c:\windows\$NtUninstallKB32766$\219803575
c:\windows\av_ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-08 do 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 10:53 . 2011-11-08 10:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-08 09:46 . 2011-11-08 09:46 -------- d-----w- c:\windows\system32\%APPDATA%
2011-11-08 09:46 . 2011-11-08 09:46 -------- d-----w- C:\rsit
2011-11-08 09:15 . 2011-11-08 09:15 -------- d--h--w- c:\windows\PIF
2011-11-08 07:51 . 2011-11-08 11:22 -------- d-----w- c:\program files\Trend Micro
2011-10-27 11:02 . 2011-11-08 10:38 -------- d-----w- c:\windows\ufa
2011-10-27 10:57 . 2011-10-27 10:57 -------- d--h--w- c:\windows\update.8.1
2011-10-27 10:54 . 2011-10-27 11:02 246272 ----a-w- c:\windows\unrar.exe
2011-10-27 10:51 . 2011-11-08 10:38 -------- d--h--w- c:\windows\update.tray-9-0
2011-10-27 10:51 . 2011-11-08 10:38 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-10-27 10:51 . 2011-11-08 10:38 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-27 10:51 . 2011-10-27 10:51 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-26 20:06 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{648FAC96-D7F5-422D-9182-B145B297BED9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2010-11-16 13:14 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-26 307768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-16 39408]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-08-14 2389]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-26 307768]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"tray_ico"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKslae14c215;MpKslae14c215;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34B7F183-9682-44D1-9F23-709366BA7C0B}\MpKslae14c215.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-11-08 111872]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-04-26 278560]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 13:18]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 13:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4149293690-2455191134-2119388712-1000\Software\SecuROM\License information*]
"datasecu"=hex:2d,10,f8,bc,d7,1b,45,cf,27,93,a6,be,4c,1a,c7,03,9d,61,cc,d8,30,
77,04,bc,d9,a2,df,cb,50,25,60,4f,da,d7,ff,ac,0f,34,6e,cf,23,dd,77,c8,76,f8,\
"rkeysecu"=hex:52,eb,b9,72,0e,51,ed,dd,f6,62,a9,20,01,01,cf,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-11-08 12:27:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-08 11:27
ComboFix2.txt 2011-11-08 09:29
.
Před spuštěním: Volných bajtů: 200 860 917 760
Po spuštění: Volných bajtů: 200 604 631 040
.
- - End Of File - - E796DE3E4221B6D1CBA73E24E0B6B9C9
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.420.1029.18.2009.1398 [GMT 1:00]
Spuštěný z: c:\users\milacek\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\milacek\AppData\Roaming\Microsoft\Windows\Recent\Comfy Cakes.pif
c:\windows\$NtUninstallKB32766$
c:\windows\$NtUninstallKB32766$\2108620207\U\@800000c0
c:\windows\$NtUninstallKB32766$\219803575
c:\windows\av_ico
c:\windows\av_ico\ico_Essentials_start.ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\IsUn0405.exe
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-10-08 do 2011-11-08 )))))))))))))))))))))))))))))))
.
.
2011-11-08 10:53 . 2011-11-08 10:54 111872 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2011-11-08 09:46 . 2011-11-08 09:46 -------- d-----w- c:\windows\system32\%APPDATA%
2011-11-08 09:46 . 2011-11-08 09:46 -------- d-----w- C:\rsit
2011-11-08 09:15 . 2011-11-08 09:15 -------- d--h--w- c:\windows\PIF
2011-11-08 07:51 . 2011-11-08 11:22 -------- d-----w- c:\program files\Trend Micro
2011-10-27 11:02 . 2011-11-08 10:38 -------- d-----w- c:\windows\ufa
2011-10-27 10:57 . 2011-10-27 10:57 -------- d--h--w- c:\windows\update.8.1
2011-10-27 10:54 . 2011-10-27 11:02 246272 ----a-w- c:\windows\unrar.exe
2011-10-27 10:51 . 2011-11-08 10:38 -------- d--h--w- c:\windows\update.tray-9-0
2011-10-27 10:51 . 2011-11-08 10:38 -------- d--h--w- c:\windows\update.tray-9-0-lnk
2011-10-27 10:51 . 2011-11-08 10:38 -------- d--h--w- c:\windows\update.tray-14-0
2011-10-27 10:51 . 2011-10-27 10:51 -------- d--h--w- c:\windows\update.tray-14-0-lnk
2011-10-26 20:06 . 2011-10-07 03:48 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{648FAC96-D7F5-422D-9182-B145B297BED9}\mpengine.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-07 03:48 . 2010-11-16 13:14 6668624 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-26 307768]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-11-16 39408]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSpeedUp.lnk" [2011-08-14 2389]
"ICQ"="c:\program files\ICQ7.5\ICQ.exe" [2011-08-01 124480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 150552]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2010-04-26 307768]
"EnergyUtility"="c:\program files\Lenovo\Energy Management\utility.exe" [2009-09-29 4114288]
"Energy Management"="c:\program files\Lenovo\Energy Management\Energy Management.exe" [2009-09-29 5064560]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"MSSE"="c:\program files\Microsoft Security Essentials\msseces.exe" [BU]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-09-07 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"tray_ico"="" [BU]
"tray_ico2"="" [BU]
"tray_ico3"="" [BU]
"tray_ico4"="" [BU]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R1 MpKslae14c215;MpKslae14c215;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{34B7F183-9682-44D1-9F23-709366BA7C0B}\MpKslae14c215.sys [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2010-03-25 42368]
R3 TrueSight;TrueSight;c:\windows\system32\drivers\TrueSight.sys [2011-11-08 111872]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ICQ Service;ICQ Service;c:\program files\ICQ6Toolbar\ICQ Service.exe [2011-02-28 247096]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;c:\windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 21520]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2010-04-26 278560]
S3 usbsmi;Lenovo EasyCamera;c:\windows\system32\DRIVERS\SMIksdrv.sys [2009-10-16 171776]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 13:18]
.
2011-11-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-11-16 13:18]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: WikiKomentáře Google... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_7461B1589E8B4FB7.dll/cmsidewiki.html
IE: {{7578ADEA-D65F-4C89-A249-B1C88B6FFC20} - c:\program files\ICQ7.5\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
AddRemove-McAfee Security Scan - c:\program files\McAfee Security Scan\uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-4149293690-2455191134-2119388712-1000\Software\SecuROM\License information*]
"datasecu"=hex:2d,10,f8,bc,d7,1b,45,cf,27,93,a6,be,4c,1a,c7,03,9d,61,cc,d8,30,
77,04,bc,d9,a2,df,cb,50,25,60,4f,da,d7,ff,ac,0f,34,6e,cf,23,dd,77,c8,76,f8,\
"rkeysecu"=hex:52,eb,b9,72,0e,51,ed,dd,f6,62,a9,20,01,01,cf,eb
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-11-08 12:27:19 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-11-08 11:27
ComboFix2.txt 2011-11-08 09:29
.
Před spuštěním: Volných bajtů: 200 860 917 760
Po spuštění: Volných bajtů: 200 604 631 040
.
- - End Of File - - E796DE3E4221B6D1CBA73E24E0B6B9C9
Re: Blokace antiviru - enhanced protection mode, díky za pom
a co nyní??? Děkuju
Re: Blokace antiviru - enhanced protection mode, díky za pom
Uz pisi docistovaci skript, prosim o strpeni...jsme tu ve svem volnem case...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?