Dobrý den,
potřeboval bych pomoci s odstraněním Ransomware "Police Central E-crime Unit (PCEU)".
Předem děkuji za pomoc.
S pozdravem TH
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Police Central E-crime Unit (PCEU) Ransomware
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
Zdravim 
Funguje vam PC v nouzovem rezimu s\bez podpory site? To jest, je tam tenhle kram ransomware neaktivni = da se s PC delat...
Dle meho by mel aspon jit v nouzovem rezimu bez site
Funguje vam PC v nouzovem rezimu s\bez podpory site? To jest, je tam tenhle kram ransomware neaktivni = da se s PC delat...
Dle meho by mel aspon jit v nouzovem rezimu bez site
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
Ano, v nouzovém režimu bez podpory sítě pracovat mohu. Zkoušel jsem projet v nozovém režimu celý počítač AVG free 2012, ale to tento problém neodstranilo. Dále jsem zatím nepokročil.
Předem díky za kažkou radu.TH
Předem díky za kažkou radu.TH
Re: Police Central E-crime Unit (PCEU) Ransomware
s prominutim, avg je spise parodie na antivir Na zdravem PC si tedy stahnujte utility na flash disk, preneste je na poskozeny PC a logy pak z5 pres flashku na zdravy PC a postnete je sem Dejte log z RSIT http://forum.viry.cz/viewtopic.php?f=13&t=105895 Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe
- Ukoncete vsechny programy
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Pockejte na dokonceni PreScanu
- Zvolte moznost Prohledat (scan)
- Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte
- Detailni postup vc. obrazku mate zde http://forum.viry.cz/viewtopic.php?f=24&t=120452
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
Logy viz nize. Predem diky za dalsi instrukce!
RSIT log:
---------------------------------------------------------------------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-11-15 20:35:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 480 MB (2%) free of 30 GB
Total RAM: 2039 MB (85% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\efhzad3o.default
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"avg@toolbar"=C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\12.2.5.32\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{B13721C7-F507-4982-B2E5-502A71474FED}
C:\Program Files\Mozilla Firefox\\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\\plugins\
npdeployJava1.dll
NPOFFICE.DLL
C:\Program Files\Mozilla Firefox\\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-08-03 202080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-06-24 1417336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
SMART Notebook Download Utility - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2012-03-28 237424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-04 1734240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-08-03 1471832]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-04 1734240]
{8E1233B3-485A-4E51-B77E-9E075A68C588} - SMART Sync - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll [2011-06-22 527216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-11-17 18789408]
"RemoteDesktopManager"=D:\Software\remote desktop\RemoteDesktopManager.exe [2010-11-15 1801968]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-07-31 2596984]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-09-04 947808]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2011-12-13 190768]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"VantageService"=C:\Program Files\SMART Technologies\Education Software\VantageService.exe [2012-05-14 188272]
"SMART SNMP Agent"=C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe [2012-03-21 967536]
"SMART Board Tools"=C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [2012-03-09 10132336]
"SMART Ink"=C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [2012-03-21 94064]
"Response Desktop Menu"=C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"=C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [2011-06-22 485232]
"SMART Mirror Driver Monitor Service"=C:\Program Files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [2011-06-22 141680]
"ROC_ROC_JULY_P1"=C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe [2012-09-04 1022048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\MagicTune Premium\MagicTune.exe"="C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\OpenVPN\bin\openvpn.exe"="C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\SMART Technologies\Education Software\UCGui.exe"="C:\Program Files\SMART Technologies\Education Software\UCGui.exe:*:Enabled:SMART Universal Controller Interface"
"C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe:*:Enabled:SMART SNMP Agent"
"C:\Program Files\SMART Technologies\Education Software\UCService.exe"="C:\Program Files\SMART Technologies\Education Software\UCService.exe:*:Enabled:SMART Display Controller Service"
"C:\Program Files\SMART Technologies\Education Software\VantageService.exe"="C:\Program Files\SMART Technologies\Education Software\VantageService.exe:*:Enabled:Vantage Service"
"C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe"="C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe:*:Enabled:SMART Response Software Service"
"C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe"="C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe:*:Enabled:SMART Sync Software Teacher Application"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.xvid"=xvidvfw.dll
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
======List of files/folders created in the last 1 month======
2012-11-15 20:35:20 ----D---- C:\rsit
2012-11-15 20:35:20 ----D---- C:\Program Files\trend micro
2012-11-15 01:03:11 ----D---- C:\WINDOWS\LastGood
2012-11-15 01:03:02 ----D---- C:\Program Files\GridinSoft Trojan Killer
2012-11-15 00:54:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-11-15 00:50:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2012-11-15 00:50:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2012-11-15 00:49:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2012-11-14 21:48:01 ----A---- C:\WINDOWS\ntbtlog.txt
2012-11-14 21:44:49 ----ASH---- C:\pagefile.sys
2012-11-13 22:10:33 ----SHD---- C:\Config.Msi
2012-11-13 22:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-11-13 22:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$
2012-10-16 21:14:39 ----A---- C:\Documents and Settings\All Users\Data aplikací\lsass.exe
======List of files/folders modified in the last 1 month======
2012-11-15 20:35:20 ----RD---- C:\Program Files
2012-11-15 18:15:00 ----D---- C:\Program Files\Mozilla Firefox
2012-11-15 06:32:29 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-15 01:11:30 ----A---- C:\WINDOWS\wincmd.ini
2012-11-15 01:03:11 ----HD---- C:\WINDOWS\inf
2012-11-15 01:03:11 ----D---- C:\WINDOWS\system32\drivers
2012-11-15 01:03:11 ----D---- C:\WINDOWS
2012-11-15 00:54:52 ----D---- C:\WINDOWS\system32
2012-11-15 00:54:00 ----D---- C:\Program Files\Common Files
2012-11-15 00:35:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-15 00:34:53 ----D---- C:\WINDOWS\Temp
2012-11-15 00:33:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-15 00:32:19 ----D---- C:\WINDOWS\Prefetch
2012-11-14 18:16:00 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-11-14 18:15:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-11-14 07:59:04 ----D---- C:\WINDOWS\Microsoft.NET
2012-11-14 07:59:03 ----RSD---- C:\WINDOWS\assembly
2012-11-13 22:16:21 ----SHD---- C:\WINDOWS\Installer
2012-11-13 22:14:51 ----D---- C:\WINDOWS\WinSxS
2012-11-13 22:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2012-11-13 22:06:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-13 22:06:33 ----A---- C:\WINDOWS\imsins.BAK
2012-11-13 21:41:41 ----HD---- C:\WINDOWS\$hf_mig$
2012-11-12 00:16:07 ----D---- C:\Program Files\FinePixViewer
2012-11-07 22:33:46 ----A---- C:\WINDOWS\NeroDigital.ini
2012-11-06 23:34:08 ----D---- C:\Program Files\HF Designer 2.7
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-07-26 237408]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
S1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2012-08-24 301920]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
S2 UMAXPCLS;Ovladač skeneru na portu tiskárny; C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22912]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]
S3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-17 5956608]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-10-24 13184]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver; C:\WINDOWS\system32\DRIVERS\smrtdrv.sys [2004-04-22 2432]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-12-01 26112]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver; C:\WINDOWS\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 fkbvtnlhe;fkbvtnlhe; C:\DOCUME~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe --SERVICE []
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-18 153376]
S2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
S2 matlabserver;MATLAB Server; C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe []
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Response Hardware;Response Hardware; C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-03-02 19312]
S2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2012-03-21 2186096]
S2 SMART Display Controller;SMART Display Controller; C:\Program Files\SMART Technologies\Education Software\UCService.exe [2012-03-21 820592]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service; C:\Program Files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [2011-06-22 141680]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-03 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-10 77944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-09-02 1044816]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2010-12-01 36352]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
RogueKiller log:
--------------------------------------------------------------------------------------------
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Kontrola -- Datum : 11/15/2012 20:39:24
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[STARTUP][HJNAME] ctfmon.lnk @Tomáš : C:\Documents and Settings\All Users\Data aplikací\lsass.exe -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2000JD-00HBC0 +++++
--- User ---
[MBR] 62749921dee709fe2f5aec6c7ac68348
[BSP] 072ca6383063e68f0f356d96fd8c7a0f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 61432560 | Size: 160783 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++
--- User ---
[MBR] 47323d941d5866d42bec3dfc195e9ac4
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1144 | Size: 3823 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[1]_S_11152012_02d2039.txt >>
RKreport[1]_S_11152012_02d2039.txt
RSIT log:
---------------------------------------------------------------------------
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-11-15 20:35:20
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 480 MB (2%) free of 30 GB
Total RAM: 2039 MB (85% free)
HijackThis download failed
======Scheduled tasks folder======
C:\WINDOWS\tasks\Adobe Flash Player Updater.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\efhzad3o.default
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
"bkmrksync@nokia.com"=C:\Program Files\Nokia\Nokia PC Suite 7\bkmrksync\
"{1E73965B-8B48-48be-9C8D-68B920ABC1C4}"=C:\Program Files\AVG\AVG2012\Firefox4\
"avg@igeared"=C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
"jqs@sun.com"=C:\Program Files\Java\jre6\lib\deploy\jqs\ff
"avg@toolbar"=C:\Documents and Settings\All Users\Data aplikací\AVG Secure Search\12.2.5.32\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.287 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin]
"Description"=
"Path"=C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@canon.com/EPPEX]
"Description"=Canon Easy-PhotoPrint EX
"Path"=C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
C:\Program Files\Mozilla Firefox\\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{B13721C7-F507-4982-B2E5-502A71474FED}
C:\Program Files\Mozilla Firefox\\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\\plugins\
npdeployJava1.dll
NPOFFICE.DLL
C:\Program Files\Mozilla Firefox\\searchplugins\
avg-secure-search.xml
google.xml
heureka-cz.xml
jyxo-cz.xml
mall-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
AcroIEHlprObj Class - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll [2004-12-14 63136]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2009-08-03 202080]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG2012\avgssie.dll [2012-06-24 1417336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{67BCF957-85FC-4036-8DC4-D4D80E00A77B}]
SMART Notebook Download Utility - C:\Program Files\SMART Technologies\Education Software\Win32\NotebookPlugin.dll [2012-03-28 237424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-04 1734240]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
AcroIEToolbarHelper Class - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-10-18 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2011-10-18 79648]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll [2004-12-14 225280]
{759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - Canon Easy-WebPrint EX - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2009-08-03 1471832]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829}
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files\AVG Secure Search\12.2.5.32\AVG Secure Search_toolbar.dll [2012-09-04 1734240]
{8E1233B3-485A-4E51-B77E-9E075A68C588} - SMART Sync - C:\Program Files\SMART Technologies\Education Software\SyncIEToolbar.dll [2011-06-22 527216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"=C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe [2004-12-14 483328]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2009-11-17 18789408]
"RemoteDesktopManager"=D:\Software\remote desktop\RemoteDesktopManager.exe [2010-11-15 1801968]
"AVG_TRAY"=C:\Program Files\AVG\AVG2012\avgtray.exe [2012-07-31 2596984]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2010-05-14 248552]
"vProt"=C:\Program Files\AVG Secure Search\vprot.exe [2012-09-04 947808]
"NSU_agent"=C:\Program Files\Nokia\Nokia Software Updater\nsu3ui_agent.exe [2011-12-13 190768]
"ROC_roc_dec12"=C:\Program Files\AVG Secure Search\ROC_roc_dec12.exe /PROMPT /CMPID=roc_dec12 []
"VantageService"=C:\Program Files\SMART Technologies\Education Software\VantageService.exe [2012-05-14 188272]
"SMART SNMP Agent"=C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe [2012-03-21 967536]
"SMART Board Tools"=C:\Program Files\SMART Technologies\Education Software\SMARTBoardTools.exe [2012-03-09 10132336]
"SMART Ink"=C:\Program Files\SMART Technologies\Education Software\SMARTInk.exe [2012-03-21 94064]
"Response Desktop Menu"=C:\Program Files\SMART Technologies\Education Software\DesktopMenu.exe [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"=C:\Program Files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe [2011-06-22 485232]
"SMART Mirror Driver Monitor Service"=C:\Program Files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [2011-06-22 141680]
"ROC_ROC_JULY_P1"=C:\Program Files\AVG Secure Search\ROC_ROC_JULY_P1.exe [2012-09-04 1022048]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\System32\CTFMON.EXE [2008-04-14 15360]
C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe
Adobe Gamma Loader.exe.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
Akcelerátor spuštění AutoCADu.lnk - C:\Program Files\Common Files\Autodesk Shared\acstart17.exe
ExifLauncher2.lnk - C:\Program Files\FinePixViewer\QuickDCF2.exe
GammaTray.lnk - C:\Program Files\MagicTune Premium\GammaTray.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2006-03-23 139264]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-02-12 190976]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
UPnPMonitor - {e57ce738-33e8-4c51-8354-bb4de9d215d1} - C:\WINDOWS\system32\upnpui.dll [2008-04-14 239616]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MSIServer]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\uTorrent\uTorrent.exe"="C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe"="C:\Program Files\Nokia\Nokia Software Updater\nsu_ui_client.exe:*:Enabled:Nokia Software Updater"
"C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe"="C:\Program Files\Common Files\Nokia\Service Layer\A\nsl_host_process.exe:*:Enabled:Nokia Service Layer Host Process "
"C:\Program Files\MagicTune Premium\MagicTune.exe"="C:\Program Files\MagicTune Premium\MagicTune.exe:*:Enabled:MagicTune"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. Take a deep breath "
"C:\Program Files\OpenVPN\bin\openvpn.exe"="C:\Program Files\OpenVPN\bin\openvpn.exe:*:Enabled:openvpn"
"C:\Program Files\AVG\AVG2012\avgmfapx.exe"="C:\Program Files\AVG\AVG2012\avgmfapx.exe:*:Enabled:Instalátor AVG"
"C:\Program Files\SMART Technologies\Education Software\UCGui.exe"="C:\Program Files\SMART Technologies\Education Software\UCGui.exe:*:Enabled:SMART Universal Controller Interface"
"C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe"="C:\Program Files\SMART Technologies\Education Software\SMARTSNMPAgent.exe:*:Enabled:SMART SNMP Agent"
"C:\Program Files\SMART Technologies\Education Software\UCService.exe"="C:\Program Files\SMART Technologies\Education Software\UCService.exe:*:Enabled:SMART Display Controller Service"
"C:\Program Files\SMART Technologies\Education Software\VantageService.exe"="C:\Program Files\SMART Technologies\Education Software\VantageService.exe:*:Enabled:Vantage Service"
"C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe"="C:\Program Files\SMART Technologies\Education Software\ResponseSoftwareService.exe:*:Enabled:SMART Response Software Service"
"C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe"="C:\Program Files\SMART Technologies\Education Software\SMARTSyncTeacher.exe:*:Enabled:SMART Sync Software Teacher Application"
"C:\Program Files\AVG\AVG2012\avgnsx.exe"="C:\Program Files\AVG\AVG2012\avgnsx.exe:*:Enabled:Webový štít"
"C:\Program Files\AVG\AVG2012\avgdiagex.exe"="C:\Program Files\AVG\AVG2012\avgdiagex.exe:*:Enabled:AVG Diagnostika 2012"
"C:\Program Files\AVG\AVG2012\avgemcx.exe"="C:\Program Files\AVG\AVG2012\avgemcx.exe:*:Enabled:Obecná kontrola pošty"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"vidc.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvu9"=tsbyuv.dll
"vidc.yvyu"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.l3acm"=C:\WINDOWS\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.divx"=divx.dll
"vidc.xvid"=xvidvfw.dll
"msacm.ac3filter"=ac3filter.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
======List of files/folders created in the last 1 month======
2012-11-15 20:35:20 ----D---- C:\rsit
2012-11-15 20:35:20 ----D---- C:\Program Files\trend micro
2012-11-15 01:03:11 ----D---- C:\WINDOWS\LastGood
2012-11-15 01:03:02 ----D---- C:\Program Files\GridinSoft Trojan Killer
2012-11-15 00:54:00 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2012-11-15 00:50:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Macromedia
2012-11-15 00:50:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Adobe
2012-11-15 00:49:11 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mozilla
2012-11-14 21:48:01 ----A---- C:\WINDOWS\ntbtlog.txt
2012-11-14 21:44:49 ----ASH---- C:\pagefile.sys
2012-11-13 22:10:33 ----SHD---- C:\Config.Msi
2012-11-13 22:06:37 ----HDC---- C:\WINDOWS\$NtUninstallKB2727528$
2012-11-13 22:06:29 ----HDC---- C:\WINDOWS\$NtUninstallKB2761226$
2012-10-16 21:14:39 ----A---- C:\Documents and Settings\All Users\Data aplikací\lsass.exe
======List of files/folders modified in the last 1 month======
2012-11-15 20:35:20 ----RD---- C:\Program Files
2012-11-15 18:15:00 ----D---- C:\Program Files\Mozilla Firefox
2012-11-15 06:32:29 ----D---- C:\WINDOWS\system32\CatRoot2
2012-11-15 01:11:30 ----A---- C:\WINDOWS\wincmd.ini
2012-11-15 01:03:11 ----HD---- C:\WINDOWS\inf
2012-11-15 01:03:11 ----D---- C:\WINDOWS\system32\drivers
2012-11-15 01:03:11 ----D---- C:\WINDOWS
2012-11-15 00:54:52 ----D---- C:\WINDOWS\system32
2012-11-15 00:54:00 ----D---- C:\Program Files\Common Files
2012-11-15 00:35:09 ----A---- C:\WINDOWS\SchedLgU.Txt
2012-11-15 00:34:53 ----D---- C:\WINDOWS\Temp
2012-11-15 00:33:11 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-11-15 00:32:19 ----D---- C:\WINDOWS\Prefetch
2012-11-14 18:16:00 ----D---- C:\WINDOWS\system32\drivers\AVG
2012-11-14 18:15:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\MFAData
2012-11-14 07:59:04 ----D---- C:\WINDOWS\Microsoft.NET
2012-11-14 07:59:03 ----RSD---- C:\WINDOWS\assembly
2012-11-13 22:16:21 ----SHD---- C:\WINDOWS\Installer
2012-11-13 22:14:51 ----D---- C:\WINDOWS\WinSxS
2012-11-13 22:06:49 ----A---- C:\WINDOWS\system32\MRT.exe
2012-11-13 22:06:45 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-11-13 22:06:33 ----A---- C:\WINDOWS\imsins.BAK
2012-11-13 21:41:41 ----HD---- C:\WINDOWS\$hf_mig$
2012-11-12 00:16:07 ----D---- C:\Program Files\FinePixViewer
2012-11-07 22:33:46 ----A---- C:\WINDOWS\NeroDigital.ini
2012-11-06 23:34:08 ----D---- C:\Program Files\HF Designer 2.7
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHX;AVGIDSHX; C:\WINDOWS\system32\DRIVERS\avgidshx.sys [2012-04-19 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver; C:\WINDOWS\system32\DRIVERS\avgrkx86.sys [2012-01-31 31952]
R0 giveio;giveio; C:\WINDOWS\system32\giveio.sys [1996-04-03 5248]
R0 ohci1394;Hostitelský řadič IEEE 1394 dle standardu OHCI VIA; C:\WINDOWS\System32\DRIVERS\ohci1394.sys [2008-04-14 61696]
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-03-11 20640]
R0 speedfan;speedfan; C:\WINDOWS\system32\speedfan.sys [2006-09-24 5248]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2009-07-13 91904]
R1 avgtp;avgtp; \??\C:\WINDOWS\system32\drivers\avgtpx86.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\WINDOWS\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2004-04-01 10368]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\System32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\System32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S1 Avgldx86;AVG AVI Loader Driver; C:\WINDOWS\system32\DRIVERS\avgldx86.sys [2012-07-26 237408]
S1 Avgmfx86;AVG Mini-Filter Resident Anti-Virus Shield; C:\WINDOWS\system32\DRIVERS\avgmfx86.sys [2011-12-23 41040]
S1 Avgtdix;AVG TDI Driver; C:\WINDOWS\system32\DRIVERS\avgtdix.sys [2012-08-24 301920]
S1 intelppm;Řadič procesoru Intel; C:\WINDOWS\System32\DRIVERS\intelppm.sys [2008-04-14 40192]
S1 WS2IFSL;Podpůrné prostředí zprostředkovatele služeb Windows Socket 2.0 bez podpory IFS; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-10-25 12032]
S2 UMAXPCLS;Ovladač skeneru na portu tiskárny; C:\WINDOWS\system32\DRIVERS\umaxpcls.sys [2001-08-17 22912]
S3 Ambfilt;Ambfilt; C:\WINDOWS\system32\drivers\Ambfilt.sys [2008-08-05 1684736]
S3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\System32\DRIVERS\arp1394.sys [2008-04-14 60800]
S3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller; C:\WINDOWS\system32\DRIVERS\atl01_xp.sys [2006-10-31 35840]
S3 AVGIDSDriver;AVGIDSDriver; C:\WINDOWS\system32\DRIVERS\avgidsdriverx.sys [2011-12-23 139856]
S3 AVGIDSFilter;AVGIDSFilter; C:\WINDOWS\system32\DRIVERS\avgidsfilterx.sys [2011-12-23 24144]
S3 AVGIDSShim;AVGIDSShim; C:\WINDOWS\system32\DRIVERS\avgidsshimx.sys [2011-12-23 17232]
S3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2006-03-23 1166972]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2009-11-17 5956608]
S3 MagicTune;MagicTune; C:\WINDOWS\system32\drivers\MTiCtwl.sys [2008-10-24 13184]
S3 Monfilt;Monfilt; C:\WINDOWS\system32\drivers\Monfilt.sys [2006-01-04 1389056]
S3 NIC1394;1394 Net Driver; C:\WINDOWS\System32\DRIVERS\nic1394.sys [2008-04-14 61824]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\WINDOWS\system32\drivers\ccdcmb.sys [2011-05-18 18176]
S3 nmwcdc;Nokia USB Communication Driver; C:\WINDOWS\system32\drivers\ccdcmbo.sys [2011-05-18 23168]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\WINDOWS\system32\DRIVERS\pccsmcfd.sys [2008-08-26 18816]
S3 smrtdrv;SMART Technologies Inc. Mirror Driver; C:\WINDOWS\system32\DRIVERS\smrtdrv.sys [2004-04-22 2432]
S3 tap0901;TAP-Win32 Adapter V9; C:\WINDOWS\system32\DRIVERS\tap0901.sys [2010-12-01 26112]
S3 TrojanKillerDriver;GridinSoft Trojan Killer Driver; C:\WINDOWS\system32\DRIVERS\gtkdrv.sys [2012-01-04 16128]
S3 upperdev;upperdev; C:\WINDOWS\system32\DRIVERS\usbser_lowerflt.sys [2011-05-18 8192]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 usbser;USB Modem Driver; C:\WINDOWS\system32\drivers\usbser.sys [2008-04-13 26112]
S3 UsbserFilt;UsbserFilt; C:\WINDOWS\system32\DRIVERS\usbser_lowerfltj.sys [2011-05-18 8192]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2009-07-14 444136]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2009-07-13 132224]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 AVGIDSAgent;AVGIDSAgent; C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe [2012-08-13 5167736]
S2 avgwd;AVG WatchDog; C:\Program Files\AVG\AVG2012\avgwdsvc.exe [2012-02-14 193288]
S2 bgsvcgen;B's Recorder GOLD Library General Service; C:\WINDOWS\system32\bgsvcgen.exe [2005-04-30 86016]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 fkbvtnlhe;fkbvtnlhe; C:\DOCUME~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe --SERVICE []
S2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2011-10-18 153376]
S2 MagicTuneEngine;MagicTuneEngine; C:\Program Files\MagicTune Premium\MagicTuneEngine.exe [2007-08-23 45056]
S2 matlabserver;MATLAB Server; C:\MATLAB6p5\webserver\bin\win32\matlabserver.exe []
S2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
S2 Response Hardware;Response Hardware; C:\Program Files\SMART Technologies\Education Software\ResponseHardwareService.exe [2012-03-02 19312]
S2 SMART Board Service;Služba SMART Board; C:\Program Files\SMART Technologies\Education Software\SMARTBoardService.exe [2012-03-21 2186096]
S2 SMART Display Controller;SMART Display Controller; C:\Program Files\SMART Technologies\Education Software\UCService.exe [2012-03-21 820592]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service; C:\Program Files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [2011-06-22 141680]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6; C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-04 722528]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-01-03 72704]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 aspnet_state;Stavová služba ASP.NET; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-02-10 77944]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service; C:\Program Files\AVG\AVG10\Toolbar\ToolbarBroker.exe [2011-09-01 1025352]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-09-02 1044816]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gusvc;Google Updater Service; C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-13 114144]
S3 OpenVPNService;OpenVPN Service; C:\Program Files\OpenVPN\bin\openvpnserv.exe [2010-12-01 36352]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2011-03-21 632832]
S3 WMPNetworkSvc;Služba Windows Media Player Network Sharing; C:\Program Files\Windows Media Player\WMPNetwk.exe [2007-01-05 913920]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S4 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
RogueKiller log:
--------------------------------------------------------------------------------------------
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Kontrola -- Datum : 11/15/2012 20:39:24
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[STARTUP][HJNAME] ctfmon.lnk @Tomáš : C:\Documents and Settings\All Users\Data aplikací\lsass.exe -> NALEZENO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> NALEZENO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NALEZENO
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2000JD-00HBC0 +++++
--- User ---
[MBR] 62749921dee709fe2f5aec6c7ac68348
[BSP] 072ca6383063e68f0f356d96fd8c7a0f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 61432560 | Size: 160783 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++
--- User ---
[MBR] 47323d941d5866d42bec3dfc195e9ac4
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1144 | Size: 3823 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[1]_S_11152012_02d2039.txt >>
RKreport[1]_S_11152012_02d2039.txt
Re: Police Central E-crime Unit (PCEU) Ransomware
Spustte znovu RogueKiller
- Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
- Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
- Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
logy dle instrukcí:
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 11/15/2012 21:24:31
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[STARTUP][HJNAME] ctfmon.lnk @Tomáš : C:\Documents and Settings\All Users\Data aplikací\lsass.exe -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2000JD-00HBC0 +++++
--- User ---
[MBR] 62749921dee709fe2f5aec6c7ac68348
[BSP] 072ca6383063e68f0f356d96fd8c7a0f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 61432560 | Size: 160783 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++
--- User ---
[MBR] 47323d941d5866d42bec3dfc195e9ac4
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1144 | Size: 3823 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[3]_D_11152012_02d2124.txt >>
RKreport[1]_S_11152012_02d2039.txt ; RKreport[2]_S_11152012_02d2124.txt ; RKreport[3]_D_11152012_02d2124.txt
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Oprava HOSTS -- Datum : 11/15/2012 21:26:37
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[5]_H_11152012_02d2126.txt >>
RKreport[1]_S_11152012_02d2039.txt ; RKreport[2]_S_11152012_02d2124.txt ; RKreport[3]_D_11152012_02d2124.txt ; RKreport[4]_H_11152012_02d2125.txt ; RKreport[5]_H_11152012_02d2126.txt
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Odebrat -- Datum : 11/15/2012 21:24:31
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 3 ¤¤¤
[STARTUP][HJNAME] ctfmon.lnk @Tomáš : C:\Documents and Settings\All Users\Data aplikací\lsass.exe -> VYMAZÁNO
[HJPOL] HKLM\[...]\System : DisableRegistryTools (0) -> VYMAZÁNO
[HJ DESK] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> NAHRAZENO (0)
¤¤¤ Zvláštní soubory / Složky: ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Kontrola MBR: ¤¤¤
+++++ PhysicalDrive0: WDC WD2000JD-00HBC0 +++++
--- User ---
[MBR] 62749921dee709fe2f5aec6c7ac68348
[BSP] 072ca6383063e68f0f356d96fd8c7a0f : Windows XP MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 29996 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 61432560 | Size: 160783 Mo
User = LL1 ... OK!
User = LL2 ... OK!
+++++ PhysicalDrive1: Kingston DT 101 II USB Device +++++
--- User ---
[MBR] 47323d941d5866d42bec3dfc195e9ac4
[BSP] ec038f3ca5091360f60d743d6f1c7fdb : Standard MBR Code
Partition table:
0 - [XXXXXX] FAT32 (0x0b) [VISIBLE] Offset (sectors): 1144 | Size: 3823 Mo
User = LL1 ... OK!
Error reading LL2 MBR!
Dokončeno : << RKreport[3]_D_11152012_02d2124.txt >>
RKreport[1]_S_11152012_02d2039.txt ; RKreport[2]_S_11152012_02d2124.txt ; RKreport[3]_D_11152012_02d2124.txt
RogueKiller V8.2.3 [11/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Podpora: http://www.geekstogo.com/forum/files/fi ... guekiller/
Website: http://tigzy.geekstogo.com/roguekiller.php
Operační systém: Windows XP (5.1.2600 Service Pack 3) 32 bits version
Spuštěno v : Nouzový režim
Uživatel : Administrator [Práva správce]
Mód : Oprava HOSTS -- Datum : 11/15/2012 21:26:37
¤¤¤ Škodlivé procesy: : 0 ¤¤¤
¤¤¤ ¤¤¤ Záznamy Registrů: : 0 ¤¤¤
¤¤¤ Ovladač : [NENAHRÁNO] ¤¤¤
¤¤¤ Soubor HOSTS: ¤¤¤
--> C:\WINDOWS\system32\drivers\etc\hosts
127.0.0.1 localhost
¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost
Dokončeno : << RKreport[5]_H_11152012_02d2126.txt >>
RKreport[1]_S_11152012_02d2039.txt ; RKreport[2]_S_11152012_02d2124.txt ; RKreport[3]_D_11152012_02d2124.txt ; RKreport[4]_H_11152012_02d2125.txt ; RKreport[5]_H_11152012_02d2126.txt
Re: Police Central E-crime Unit (PCEU) Ransomware
Fajn, zkuste nyni do bezneho rezimu, uz by mel fungovat. Pokud ne, tak zpatky do nouzaku bez site. Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/15/2012 10:14:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (PID: 576) [FI]
* C:\WINDOWS\system32\bgsvcgen.exe (PID: 772) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/15/2012 10:16:38 PM
Execution time: 0 hours(s), 1 minute(s), and 54 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 11/15/2012 10:14:44 PM in x86 mode.
Windows Version: Microsoft Windows XP Service Pack 3
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (PID: 576) [FI]
* C:\WINDOWS\system32\bgsvcgen.exe (PID: 772) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
Program finished at: 11/15/2012 10:16:38 PM
Execution time: 0 hours(s), 1 minute(s), and 54 seconds(s)
Re: Police Central E-crime Unit (PCEU) Ransomware
Fajn, mrsknete tam ComboFix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
ComboFix 12-11-15.01 - Tomáš 15.11.2012 22:26:00.4.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1050 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\lsass.exe
c:\program files\codec
c:\program files\codec\AC3Filter\ac3config.exe
c:\program files\codec\AC3Filter\ac3filter_reg_reset.reg
c:\program files\codec\CoreAVC\coreavc.ico
c:\program files\codec\Divx6\config.exe
c:\program files\codec\Divx6\divx.ico
c:\program files\codec\Haali\avi.dll
c:\program files\codec\Haali\dxr.dll
c:\program files\codec\Haali\mkunicode.dll
c:\program files\codec\Haali\mkx.dll
c:\program files\codec\Haali\mkzlib.dll
c:\program files\codec\Haali\mmfinfo.dll
c:\program files\codec\Haali\mp4.dll
c:\program files\codec\Haali\ogm.dll
c:\program files\codec\Haali\splitter.ax
c:\program files\codec\Haali\ts.dll
c:\program files\codec\history.txt
c:\program files\codec\readme.txt
c:\program files\codec\Uninstall\unins000.dat
c:\program files\codec\Uninstall\unins000.exe
c:\program files\codec\XviD\xvid.ico
c:\windows\msmqinst.log
c:\windows\system32\Cache
c:\windows\system32\Cache\0b95dc403dc80504.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3175d9c0d63e4ec0.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\57fc2d0147917962.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5d637ab4467c1221.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\81c07382a1913690.fb
c:\windows\system32\Cache\821ea6facc7e9016.fb
c:\windows\system32\Cache\8304b11fba5c877a.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\str.sys
c:\windows\system32\SET37.tmp
c:\windows\system32\SET3C.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-15 do 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- C:\rsit
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- c:\program files\trend micro
2012-11-15 00:03 . 2012-11-15 21:21 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-11-14 23:54 . 2012-11-14 23:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-14 23:49 . 2012-11-14 23:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla
2012-11-06 22:34 . 2012-11-06 22:34 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\HF Designer 2.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 21:13 . 2012-09-04 20:49 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-06 22:33 . 2010-11-03 22:21 481724 ----a-w- c:\documents and settings\Tomáš\Data aplikací\mdbu.bin
2012-10-22 19:57 . 2002-09-20 15:41 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 18:26 . 2012-04-11 22:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:26 . 2011-12-18 22:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2001-10-25 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:18 . 2002-09-20 16:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2002-09-20 16:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-12-18 14:20 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2001-10-25 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 13:43 . 2011-02-10 05:54 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-23 06:27 . 2002-09-20 17:12 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2002-09-20 15:12 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2009-02-11 23:00 . 2009-04-15 21:07 323072 ------w- c:\program files\WgaTray.exe
2009-02-11 23:00 . 2009-04-15 21:07 190976 ------w- c:\program files\WgaLogon.dll
2009-02-11 23:00 . 2009-04-15 21:07 1481728 ------w- c:\program files\LegitCheckControl.dll
2012-09-13 04:53 . 2011-05-19 21:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-15 21:13 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-15 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"RemoteDesktopManager"="d:\software\remote desktop\RemoteDesktopManager.exe" [2010-11-15 1801968]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-15 997320]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [N/A]
"VantageService"="c:\program files\SMART Technologies\Education Software\VantageService.exe" [2012-05-14 188272]
"SMART SNMP Agent"="c:\program files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" [2012-03-21 967536]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"SMART Mirror Driver Monitor Service"="c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe" [2011-06-22 141680]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-12-18 25214]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-18 113664]
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-6-27 303104]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-9-6 36864]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\ResponseSoftwareService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSyncTeacher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4.9.2012 21:49 26984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13.8.2012 2:24 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 3:53 193288]
R2 Response Hardware;Response Hardware;c:\program files\SMART Technologies\Education Software\ResponseHardwareService.exe [2.3.2012 16:24 19312]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [21.3.2012 14:25 820592]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [15.11.2012 22:13 711112]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [18.12.2007 15:33 35840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 12:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 12:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 12:32 17232]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [22.4.2004 9:38 2432]
S2 fkbvtnlhe;fkbvtnlhe;"c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe" --SERVICE --> c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe [?]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [22.6.2011 7:42 141680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.7.2010 8:13 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [8.5.2011 21:31 1025352]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 78.156.32.2 192.168.10.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\cs8qi4m5.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - ExtSQL: !HIDDEN! 2009-08-22 21:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Codec_is1 - c:\program files\Codec\Uninstall\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-15 22:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\SMART Technologies\Education Software\ResponseSoftwareService.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2012-11-15 22:42:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-15 21:42
.
Před spuštěním: 2 803 404 800
Po spuštění: 4 558 110 720
.
- - End Of File - - 06282D1A61A2A1F923730E6EB20EFA5F
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1050 [GMT 1:00]
Spuštěný z: c:\documents and settings\Tomáš\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2012 *Disabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Data aplikací\lsass.exe
c:\program files\codec
c:\program files\codec\AC3Filter\ac3config.exe
c:\program files\codec\AC3Filter\ac3filter_reg_reset.reg
c:\program files\codec\CoreAVC\coreavc.ico
c:\program files\codec\Divx6\config.exe
c:\program files\codec\Divx6\divx.ico
c:\program files\codec\Haali\avi.dll
c:\program files\codec\Haali\dxr.dll
c:\program files\codec\Haali\mkunicode.dll
c:\program files\codec\Haali\mkx.dll
c:\program files\codec\Haali\mkzlib.dll
c:\program files\codec\Haali\mmfinfo.dll
c:\program files\codec\Haali\mp4.dll
c:\program files\codec\Haali\ogm.dll
c:\program files\codec\Haali\splitter.ax
c:\program files\codec\Haali\ts.dll
c:\program files\codec\history.txt
c:\program files\codec\readme.txt
c:\program files\codec\Uninstall\unins000.dat
c:\program files\codec\Uninstall\unins000.exe
c:\program files\codec\XviD\xvid.ico
c:\windows\msmqinst.log
c:\windows\system32\Cache
c:\windows\system32\Cache\0b95dc403dc80504.fb
c:\windows\system32\Cache\272512937d9e61a4.fb
c:\windows\system32\Cache\287204568329e189.fb
c:\windows\system32\Cache\28bc8f716fd76a47.fb
c:\windows\system32\Cache\2c53092c95605355.fb
c:\windows\system32\Cache\3175d9c0d63e4ec0.fb
c:\windows\system32\Cache\31a0997e9a5b5eb3.fb
c:\windows\system32\Cache\32c84fe32bb74d60.fb
c:\windows\system32\Cache\3917078cb68ec657.fb
c:\windows\system32\Cache\57fc2d0147917962.fb
c:\windows\system32\Cache\590ba23ce359fd0c.fb
c:\windows\system32\Cache\5d637ab4467c1221.fb
c:\windows\system32\Cache\610289e025a3ee9a.fb
c:\windows\system32\Cache\651c5d3cdbfb8bd1.fb
c:\windows\system32\Cache\6c59ac5e7e7a3ad0.fb
c:\windows\system32\Cache\6d03dad1035885d3.fb
c:\windows\system32\Cache\81c07382a1913690.fb
c:\windows\system32\Cache\821ea6facc7e9016.fb
c:\windows\system32\Cache\8304b11fba5c877a.fb
c:\windows\system32\Cache\a8556537add6dfc5.fb
c:\windows\system32\Cache\ad10a52aff5e038d.fb
c:\windows\system32\Cache\c1fa887b03019701.fb
c:\windows\system32\Cache\c4d28dca2e7648be.fb
c:\windows\system32\Cache\d201ef9910cd39de.fb
c:\windows\system32\Cache\d2e94710a5708128.fb
c:\windows\system32\Cache\d79b9dfe81484ec4.fb
c:\windows\system32\Cache\e0de16f883bea794.fb
c:\windows\system32\Cache\f998975c9cc711ee.fb
c:\windows\system32\drivers\str.sys
c:\windows\system32\SET37.tmp
c:\windows\system32\SET3C.tmp
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-15 do 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- C:\rsit
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- c:\program files\trend micro
2012-11-15 00:03 . 2012-11-15 21:21 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-11-14 23:54 . 2012-11-14 23:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-14 23:49 . 2012-11-14 23:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla
2012-11-06 22:34 . 2012-11-06 22:34 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\HF Designer 2.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-15 21:13 . 2012-09-04 20:49 26984 ----a-w- c:\windows\system32\drivers\avgtpx86.sys
2012-11-06 22:33 . 2010-11-03 22:21 481724 ----a-w- c:\documents and settings\Tomáš\Data aplikací\mdbu.bin
2012-10-22 19:57 . 2002-09-20 15:41 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 18:26 . 2012-04-11 22:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:26 . 2011-12-18 22:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2001-10-25 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:18 . 2002-09-20 16:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2002-09-20 16:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-12-18 14:20 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2001-10-25 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 13:43 . 2011-02-10 05:54 301920 ----a-w- c:\windows\system32\drivers\avgtdix.sys
2012-08-23 06:27 . 2002-09-20 17:12 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2002-09-20 15:12 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2009-02-11 23:00 . 2009-04-15 21:07 323072 ------w- c:\program files\WgaTray.exe
2009-02-11 23:00 . 2009-04-15 21:07 190976 ------w- c:\program files\WgaLogon.dll
2009-02-11 23:00 . 2009-04-15 21:07 1481728 ------w- c:\program files\LegitCheckControl.dll
2012-09-13 04:53 . 2011-05-19 21:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
Kód: Vybrat vše
<pre>
c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray .exe
c:\program files\Canon\MyPrinter\bjmyprt .exe
c:\program files\Canon\SolutionMenu\cnslmain .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\MultiScreen\multiscreen .exe
c:\program files\Nokia\Nokia PC Suite 7\pcsuite .exe
c:\program files\REGSHAVE\regshave .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb04 .exe
</pre>(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-15 21:13 1796552 ----a-w- c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-15 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"RemoteDesktopManager"="d:\software\remote desktop\RemoteDesktopManager.exe" [2010-11-15 1801968]
"AVG_TRAY"="c:\program files\AVG\AVG2012\avgtray.exe" [2012-07-31 2596984]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"vProt"="c:\program files\AVG Secure Search\vprot.exe" [2012-11-15 997320]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [N/A]
"VantageService"="c:\program files\SMART Technologies\Education Software\VantageService.exe" [2012-05-14 188272]
"SMART SNMP Agent"="c:\program files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" [2012-03-21 967536]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"SMART Mirror Driver Monitor Service"="c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe" [2011-06-22 141680]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [2012-09-04 1022048]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-12-18 25214]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-18 113664]
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-6-27 303104]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-9-6 36864]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0c:\progra~1\AVG\AVG2012\avgrsx.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgmfapx.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\ResponseSoftwareService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSyncTeacher.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgdiagex.exe"=
"c:\\Program Files\\AVG\\AVG2012\\avgemcx.exe"=
.
R0 AVGIDSHX;AVGIDSHX;c:\windows\system32\drivers\avgidshx.sys [19.4.2012 3:50 24896]
R0 Avgrkx86;AVG Anti-Rootkit Driver;c:\windows\system32\drivers\avgrkx86.sys [19.1.2011 3:32 31952]
R1 Avgldx86;AVG AVI Loader Driver;c:\windows\system32\drivers\avgldx86.sys [7.1.2011 5:41 237408]
R1 Avgtdix;AVG TDI Driver;c:\windows\system32\drivers\avgtdix.sys [10.2.2011 6:54 301920]
R1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx86.sys [4.9.2012 21:49 26984]
R2 AVGIDSAgent;AVGIDSAgent;c:\program files\AVG\AVG2012\avgidsagent.exe [13.8.2012 2:24 5167736]
R2 avgwd;AVG WatchDog;c:\program files\AVG\AVG2012\avgwdsvc.exe [14.2.2012 3:53 193288]
R2 Response Hardware;Response Hardware;c:\program files\SMART Technologies\Education Software\ResponseHardwareService.exe [2.3.2012 16:24 19312]
R2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [21.3.2012 14:25 820592]
R2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [15.11.2012 22:13 711112]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [18.12.2007 15:33 35840]
R3 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\drivers\avgidsdriverx.sys [23.12.2011 12:32 139856]
R3 AVGIDSFilter;AVGIDSFilter;c:\windows\system32\drivers\avgidsfilterx.sys [23.12.2011 12:32 24144]
R3 AVGIDSShim;AVGIDSShim;c:\windows\system32\drivers\avgidsshimx.sys [23.12.2011 12:32 17232]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [22.4.2004 9:38 2432]
S2 fkbvtnlhe;fkbvtnlhe;"c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe" --SERVICE --> c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe [?]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [22.6.2011 7:42 141680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.7.2010 8:13 1684736]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\AVG\AVG10\Toolbar\ToolbarBroker.exe [8.5.2011 21:31 1025352]
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-14 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:26]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 78.156.32.2 192.168.10.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\cs8qi4m5.default\
FF - prefs.js: browser.search.selectedEngine - AVG Secure Search
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - ExtSQL: !HIDDEN! 2009-08-22 21:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
URLSearchHooks-{A3BC75A2-1F87-4686-AA43-5347D756017C} - (no file)
Toolbar-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
SafeBoot-WudfPf
SafeBoot-WudfRd
AddRemove-Codec_is1 - c:\program files\Codec\Uninstall\unins000.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-15 22:37
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(3308)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_cze.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\progra~1\AVG\AVG2012\avgrsx.exe
c:\program files\AVG\AVG2012\avgcsrvx.exe
c:\windows\system32\bgsvcgen.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\MagicTune Premium\MagicTuneEngine.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\SMART Technologies\Education Software\SMARTBoardService.exe
c:\program files\AVG\AVG2012\avgnsx.exe
c:\windows\System32\wbem\wmiapsrv.exe
c:\windows\RTHDCPL.EXE
c:\windows\system32\wscntfy.exe
c:\program files\Adobe\Acrobat 7.0\Acrobat\acrobat_sl.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\SMART Technologies\Education Software\ResponseSoftwareService.exe
c:\program files\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files\Common Files\Java\Java Update\jucheck.exe
.
**************************************************************************
.
Celkový čas: 2012-11-15 22:42:27 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-11-15 21:42
.
Před spuštěním: 2 803 404 800
Po spuštění: 4 558 110 720
.
- - End Of File - - 06282D1A61A2A1F923730E6EB20EFA5F
-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
Systém zatím funguje standardně. Snad již bude vše v pořádku.
Moc děkuji za pomoc! Již podruhé mě Vaše forum zachránilo od kompletní reinstalace!
Jakou antivirovou ochranu mi doporučíte místo AVG?
Předem díky za odpověď.
TH
Moc děkuji za pomoc! Již podruhé mě Vaše forum zachránilo od kompletní reinstalace!
Jakou antivirovou ochranu mi doporučíte místo AVG?
Předem díky za odpověď.
TH
Re: Police Central E-crime Unit (PCEU) Ransomware
JEste tam ale nejake drobnosti mame, takze docistime Odinstalujte AVG a pak pouzijte jeste tohle http://download.avg.com/filedir/util/av ... 2_2125.exe Nainstalujte Avast Free http://www.avast.com/cs-cz/free-antivirus-download Odinstalujte GridinSoft Trojan Killer Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Folder:: c:\program files\GridinSoft Trojan Killer c:\program files\AVG Secure Search File:: c:\windows\Tasks\Adobe Flash Player Updater.job c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\Adobe Acrobat Speed Launcher.lnk c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AAdobe Gamma Loader.exe.lnk c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\AAkcelerátor spuštění AutoCADu.lnk RenV:: c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray .exe c:\program files\Canon\MyPrinter\bjmyprt .exe c:\program files\Canon\SolutionMenu\cnslmain .exe c:\program files\CyberLink\PowerDVD\pdvdserv .exe c:\program files\MultiScreen\multiscreen .exe c:\program files\Nokia\Nokia PC Suite 7\pcsuite .exe c:\program files\REGSHAVE\regshave .exe c:\windows\system32\spool\drivers\w32x86\3\hpztsb04 .exe Collect:: c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe Driver:: fkbvtnlhe AVG Security Toolbar Service Registry:: [-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{95B7759C-8C7F-4BF1-B163-73684A933233}"=- [-HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}] [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1] [-HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj] [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "PC Suite Tray"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Acrobat Assistant 7.0"=- "AVG_TRAY"=- "SunJavaUpdateSched"=- "vProt"=- "NSU_agent"=- "ROC_roc_dec12"=- "ROC_ROC_JULY_P1"=- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "CTFMON.EXE"=- DDS:: uSearchURL,(Default) = hxxp://www.google.com/search?q=%s Firefox:: FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\cs8qi4m5.default\ FF - prefs.js: browser.search.selectedEngine - AVG Secure Search FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q= RegLock:: [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*] RegNull:: [HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
maceoparker
- Návštěvník
- Příspěvky: 16
- Registrován: 21 lis 2009 23:08
Re: Police Central E-crime Unit (PCEU) Ransomware
ComboFix 12-11-15.01 - Tomáš 16.11.2012 0:26.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1180 [GMT 1:00]
Spuštěný z: c:\documents and settings\TomßÜ\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TomßÜ\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-15 do 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 23:14 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-15 23:14 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-15 23:14 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-15 23:14 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-15 23:14 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-15 23:13 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-15 23:13 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-15 23:13 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-15 23:13 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-15 23:13 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-15 23:13 . 2012-11-15 23:13 -------- d-----w- c:\program files\AVAST Software
2012-11-15 23:13 . 2012-11-15 23:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-11-15 22:14 . 2012-11-15 22:14 -------- d-----w- c:\program files\CPUID
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- C:\rsit
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- c:\program files\trend micro
2012-11-15 00:03 . 2012-11-15 21:21 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-11-14 23:54 . 2012-11-14 23:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-14 23:49 . 2012-11-14 23:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla
2012-11-06 22:34 . 2012-11-06 22:34 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\HF Designer 2.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 22:33 . 2010-11-03 22:21 481724 ----a-w- c:\documents and settings\Tomáš\Data aplikací\mdbu.bin
2012-10-22 19:57 . 2002-09-20 15:41 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 18:26 . 2012-04-11 22:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:26 . 2011-12-18 22:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2001-10-25 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:18 . 2002-09-20 16:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2002-09-20 16:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-12-18 14:20 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2001-10-25 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2002-09-20 17:12 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2002-09-20 15:12 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2009-02-11 23:00 . 2009-04-15 21:07 323072 ------w- c:\program files\WgaTray.exe
2009-02-11 23:00 . 2009-04-15 21:07 190976 ------w- c:\program files\WgaLogon.dll
2009-02-11 23:00 . 2009-04-15 21:07 1481728 ------w- c:\program files\LegitCheckControl.dll
2012-09-13 04:53 . 2011-05-19 21:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"RemoteDesktopManager"="d:\software\remote desktop\RemoteDesktopManager.exe" [2010-11-15 1801968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [N/A]
"VantageService"="c:\program files\SMART Technologies\Education Software\VantageService.exe" [2012-05-14 188272]
"SMART SNMP Agent"="c:\program files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" [2012-03-21 967536]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"SMART Mirror Driver Monitor Service"="c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe" [2011-06-22 141680]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [N/A]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-12-18 25214]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-18 113664]
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-6-27 303104]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-9-6 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\ResponseSoftwareService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSyncTeacher.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.11.2012 0:14 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.11.2012 0:14 21256]
R2 Response Hardware;Response Hardware;c:\program files\SMART Technologies\Education Software\ResponseHardwareService.exe [2.3.2012 16:24 19312]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [18.12.2007 15:33 35840]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [22.4.2004 9:38 2432]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.11.2012 0:14 738504]
S2 fkbvtnlhe;fkbvtnlhe;"c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe" --SERVICE --> c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe [?]
S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [21.3.2012 14:25 820592]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [22.6.2011 7:42 141680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.7.2010 8:13 1684736]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:26]
.
2012-11-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 78.156.32.2 192.168.10.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\cs8qi4m5.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - ExtSQL: !HIDDEN! 2009-08-22 21:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-16 00:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-11-16 00:34:53
ComboFix-quarantined-files.txt 2012-11-15 23:34
ComboFix2.txt 2012-11-15 21:42
.
Před spuštěním: 4 421 648 384
Po spuštění: 4 420 804 608
.
- - End Of File - - A819D7EE4838A2BE92DFAE62B1CCEA15
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2039.1180 [GMT 1:00]
Spuštěný z: c:\documents and settings\TomßÜ\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\TomßÜ\Plocha\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
AV: AVG Anti-Virus Free Edition 2012 *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-10-15 do 2012-11-15 )))))))))))))))))))))))))))))))
.
.
2012-11-15 23:14 . 2012-10-30 22:51 361032 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-11-15 23:14 . 2012-10-30 22:51 21256 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-11-15 23:14 . 2012-10-30 22:51 35928 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2012-11-15 23:14 . 2012-10-30 22:51 54232 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-11-15 23:14 . 2012-10-30 22:51 738504 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-11-15 23:13 . 2012-10-30 22:51 97608 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2012-11-15 23:13 . 2012-10-30 22:51 89752 ----a-w- c:\windows\system32\drivers\aswmon.sys
2012-11-15 23:13 . 2012-10-30 22:51 25256 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2012-11-15 23:13 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-11-15 23:13 . 2012-10-30 22:50 227648 ----a-w- c:\windows\system32\aswBoot.exe
2012-11-15 23:13 . 2012-11-15 23:13 -------- d-----w- c:\program files\AVAST Software
2012-11-15 23:13 . 2012-11-15 23:13 -------- d-----w- c:\documents and settings\All Users\Data aplikací\AVAST Software
2012-11-15 22:14 . 2012-11-15 22:14 -------- d-----w- c:\program files\CPUID
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- C:\rsit
2012-11-15 19:35 . 2012-11-15 19:35 -------- d-----w- c:\program files\trend micro
2012-11-15 00:03 . 2012-11-15 21:21 -------- d-----w- c:\program files\GridinSoft Trojan Killer
2012-11-14 23:54 . 2012-11-14 23:54 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2012-11-14 23:49 . 2012-11-14 23:49 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Data aplikací\Mozilla
2012-11-06 22:34 . 2012-11-06 22:34 -------- d-----w- c:\documents and settings\Tomáš\Local Settings\Data aplikací\HF Designer 2.7
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-06 22:33 . 2010-11-03 22:21 481724 ----a-w- c:\documents and settings\Tomáš\Data aplikací\mdbu.bin
2012-10-22 19:57 . 2002-09-20 15:41 1866368 ----a-w- c:\windows\system32\win32k.sys
2012-10-09 18:26 . 2012-04-11 22:01 696760 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-10-09 18:26 . 2011-12-18 22:20 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-02 18:04 . 2001-10-25 12:00 58368 ----a-w- c:\windows\system32\synceng.dll
2012-08-28 15:18 . 2002-09-20 16:05 916992 ----a-w- c:\windows\system32\wininet.dll
2012-08-28 15:18 . 2002-09-20 16:04 43520 ----a-w- c:\windows\system32\licmgr10.dll
2012-08-28 15:18 . 2002-09-20 16:05 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-28 12:07 . 2007-12-18 14:20 385024 ----a-w- c:\windows\system32\html.iec
2012-08-24 13:53 . 2001-10-25 12:00 177664 ----a-w- c:\windows\system32\wintrust.dll
2012-08-23 06:27 . 2002-09-20 17:12 2029568 ------w- c:\windows\system32\ntkrnlpa.exe
2012-08-23 06:27 . 2002-09-20 15:12 2150912 ------w- c:\windows\system32\ntoskrnl.exe
2009-02-11 23:00 . 2009-04-15 21:07 323072 ------w- c:\program files\WgaTray.exe
2009-02-11 23:00 . 2009-04-15 21:07 190976 ------w- c:\program files\WgaLogon.dll
2009-02-11 23:00 . 2009-04-15 21:07 1481728 ------w- c:\program files\LegitCheckControl.dll
2012-09-13 04:53 . 2011-05-19 21:33 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
Kód: Vybrat vše
<pre>
c:\program files\Adobe\Acrobat 7.0\Distillr\acrotray .exe
c:\program files\Canon\MyPrinter\bjmyprt .exe
c:\program files\Canon\SolutionMenu\cnslmain .exe
c:\program files\CyberLink\PowerDVD\pdvdserv .exe
c:\program files\MultiScreen\multiscreen .exe
c:\program files\Nokia\Nokia PC Suite 7\pcsuite .exe
c:\program files\REGSHAVE\regshave .exe
c:\windows\system32\spool\drivers\w32x86\3\hpztsb04 .exe
</pre>(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 121528 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 483328]
"RTHDCPL"="RTHDCPL.EXE" [2009-11-17 18789408]
"RemoteDesktopManager"="d:\software\remote desktop\RemoteDesktopManager.exe" [2010-11-15 1801968]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2011-12-13 190768]
"ROC_roc_dec12"="c:\program files\AVG Secure Search\ROC_roc_dec12.exe" [N/A]
"VantageService"="c:\program files\SMART Technologies\Education Software\VantageService.exe" [2012-05-14 188272]
"SMART SNMP Agent"="c:\program files\SMART Technologies\Education Software\SMARTSNMPAgent.exe" [2012-03-21 967536]
"SMART Board Tools"="c:\program files\SMART Technologies\Education Software\SMARTBoardTools.exe" [2012-03-09 10132336]
"SMART Ink"="c:\program files\SMART Technologies\Education Software\SMARTInk.exe" [2012-03-21 94064]
"Response Desktop Menu"="c:\program files\SMART Technologies\Education Software\DesktopMenu.exe" [2012-03-02 1960816]
"SMARTClassroomCoordinator.exe"="c:\program files\SMART Technologies\Education Software\SMARTClassroomCoordinator.exe" [2011-06-22 485232]
"SMART Mirror Driver Monitor Service"="c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe" [2011-06-22 141680]
"ROC_ROC_JULY_P1"="c:\program files\AVG Secure Search\ROC_ROC_JULY_P1.exe" [N/A]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\System32\CTFMON.EXE" [2008-04-14 15360]
.
c:\documents and settings\Tomáš\Nabídka Start\Programy\Po spuštění\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Nabídka Start\Programy\Po spuštění\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-C740-7760-100000000002}\SC_Acrobat.exe [2007-12-18 25214]
Adobe Gamma Loader.exe.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-12-18 113664]
Akcelerátor spuštění AutoCADu.lnk - c:\program files\Common Files\Autodesk Shared\acstart17.exe [2006-3-5 11000]
ExifLauncher2.lnk - c:\program files\FinePixViewer\QuickDCF2.exe [2008-6-27 303104]
GammaTray.lnk - c:\program files\MagicTune Premium\GammaTray.exe [2009-9-6 36864]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MSIServer]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"c:\\Program Files\\MagicTune Premium\\MagicTune.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\OpenVPN\\bin\\openvpn.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\VantageService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\ResponseSoftwareService.exe"=
"c:\\Program Files\\SMART Technologies\\Education Software\\SMARTSyncTeacher.exe"=
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [16.11.2012 0:14 361032]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [16.11.2012 0:14 21256]
R2 Response Hardware;Response Hardware;c:\program files\SMART Technologies\Education Software\ResponseHardwareService.exe [2.3.2012 16:24 19312]
R3 AtcL001;NDIS Miniport Driver for Attansic L1 Gigabit Ethernet Controller;c:\windows\system32\drivers\atl01_xp.sys [18.12.2007 15:33 35840]
R3 smrtdrv;SMART Technologies Inc. Mirror Driver;c:\windows\system32\drivers\smrtdrv.sys [22.4.2004 9:38 2432]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys [16.11.2012 0:14 738504]
S2 fkbvtnlhe;fkbvtnlhe;"c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe" --SERVICE --> c:\docume~1\TOM~1\LOCALS~1\Temp\DAT794.tmp.exe [?]
S2 SMART Display Controller;SMART Display Controller;c:\program files\SMART Technologies\Education Software\UCService.exe [21.3.2012 14:25 820592]
S2 SMART Mirror Driver Monitor Service;SMART Mirror Driver Monitor Service;c:\program files\Common Files\SMART Technologies\Mirror Driver\MonitorService.exe [22.6.2011 7:42 141680]
S3 Ambfilt;Ambfilt;c:\windows\system32\drivers\Ambfilt.sys [11.7.2010 8:13 1684736]
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - AAVMKER4
*NewlyCreated* - ASWFSBLK
*NewlyCreated* - ASWMON2
*NewlyCreated* - ASWRDR
*NewlyCreated* - ASWSP
*NewlyCreated* - ASWTDI
*NewlyCreated* - AVAST!_ANTIVIRUS
.
Obsah adresáře 'Naplánované úlohy'
.
2012-11-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 18:26]
.
2012-11-15 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-15 22:50]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.seznam.cz/
uDefault_Search_URL = hxxp://www.google.com/ie
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Převést cíl vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést cíl vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Převést vybrané vazby do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Převést vybrané vazby do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Převést výběr do Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Převést výběr do existujícího PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
TCP: DhcpNameServer = 78.156.32.2 192.168.10.1
DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\Tomáš\Data aplikací\Mozilla\Firefox\Profiles\cs8qi4m5.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz
FF - prefs.js: keyword.URL - hxxp://www.webhledani.cz/results.aspx?i=39&tp=ab&q=
FF - ExtSQL: !HIDDEN! 2009-08-22 21:58; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-11-16 00:33
Windows 5.1.2600 Service Pack 3 NTFS
.
skenování skrytých procesů ...
.
skenování skrytých položek 'Po spuštění' ...
.
skenování skrytých souborů ...
.
sken byl úspešně dokončen
skryté soubory: 0
.
**************************************************************************
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\€–€|˙˙˙˙Ŕ•€|ů•6~*]
"AB141C35E9F4BF344B9FC010BB17F68A"=""
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'explorer.exe'(2252)
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Celkový čas: 2012-11-16 00:34:53
ComboFix-quarantined-files.txt 2012-11-15 23:34
ComboFix2.txt 2012-11-15 21:42
.
Před spuštěním: 4 421 648 384
Po spuštění: 4 420 804 608
.
- - End Of File - - A819D7EE4838A2BE92DFAE62B1CCEA15
Re: Police Central E-crime Unit (PCEU) Ransomware
A jeje, zas problemy ComboFixu (diakritika v nazvu uctu) 
Dejte CF primo na c:\
Primo na c:\ vytvorte skript a pretahnete jej nad CF
Dejte CF primo na c:\
Primo na c:\ vytvorte skript a pretahnete jej nad CF
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?