PČR otravuje život

Zpráva

xxmirek · #1 Příspěvek od **xxmirek** » 27 čer 2013 18:53

Už se to tu řešilo, ale nevím jestli je to úplně totožný problém.

ComboFix 13-06-27.01 - 2283s 27.06.2013 19:37:01.1.2 - x86 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.3001.2427 [GMT 2:00]
Spuštěný z: c:\users\2283s\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Outdated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\WinZip\Icon_1.ico
c:\programdata\6zjehi.dat
c:\programdata\ihejz6.pad
c:\programdata\rundll32.exe
c:\users\2283\Documents\LotusInstall.log
c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
c:\windows\system32\System32\MASetupCleaner.exe
c:\windows\system32\System32\muzapp.exe
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2013-05-27 do 2013-06-27 )))))))))))))))))))))))))))))))
.
.
2013-06-27 17:44 . 2013-06-27 17:45 -------- d-----w- c:\users\2283s\AppData\Local\temp
2013-06-27 17:44 . 2013-06-27 17:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-27 17:44 . 2013-06-27 17:44 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-06-27 17:44 . 2013-06-27 17:44 -------- d-----w- c:\users\2283\AppData\Local\temp
2013-06-27 17:25 . 2013-06-27 17:25 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAED5351-ACC6-41BB-ADF1-36AFBE2ECA46}\offreg.dll
2013-06-26 05:01 . 2013-06-12 04:18 7068072 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DAED5351-ACC6-41BB-ADF1-36AFBE2ECA46}\mpengine.dll
2013-06-17 09:58 . 2013-06-17 09:58 81920 ----a-r- c:\users\2283\AppData\Roaming\Microsoft\Installer\{F5736970-B1D9-4A6B-8486-7A4E7782E641}\Notes.exe
2013-06-17 09:58 . 2013-06-17 09:58 81920 ----a-r- c:\users\2283\AppData\Roaming\Microsoft\Installer\{F5736970-B1D9-4A6B-8486-7A4E7782E641}\NMinder.exe
2013-06-17 09:58 . 2013-06-17 09:58 45056 ----a-r- c:\users\2283\AppData\Roaming\Microsoft\Installer\{F5736970-B1D9-4A6B-8486-7A4E7782E641}\NSD.exe
2013-06-17 09:55 . 2013-06-17 09:55 -------- d-----w- C:\IBM
2013-06-13 04:59 . 2013-05-10 03:20 24576 ----a-w- c:\windows\system32\cryptdlg.dll
2013-06-13 04:59 . 2013-04-26 04:55 492544 ----a-w- c:\windows\system32\win32spl.dll
2013-06-13 04:59 . 2013-05-13 03:08 903168 ----a-w- c:\windows\system32\certutil.exe
2013-06-13 04:59 . 2013-05-13 04:45 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2013-06-13 04:59 . 2013-05-13 04:45 1160192 ----a-w- c:\windows\system32\crypt32.dll
2013-06-13 04:59 . 2013-05-13 04:45 103936 ----a-w- c:\windows\system32\cryptnet.dll
2013-06-13 04:59 . 2013-05-13 03:08 43008 ----a-w- c:\windows\system32\certenc.dll
2013-06-13 04:59 . 2013-05-06 05:06 3913576 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-13 04:59 . 2013-05-06 05:06 3968872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-06-13 04:59 . 2013-05-08 05:38 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-06-04 07:15 . 2013-06-04 07:15 181912 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 07:48 . 2012-05-15 16:36 692104 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-06-12 07:48 . 2011-10-03 04:53 71048 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-05-13 05:02 . 2012-06-24 11:02 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-02 00:06 . 2010-01-14 11:18 238872 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 04:45 . 2013-05-16 05:12 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 05:12 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 13:45 . 2013-04-24 10:33 1211752 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 05:18 . 2013-05-16 05:11 728424 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-04-10 05:18 . 2013-05-16 05:11 218984 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-04-10 03:14 . 2013-05-16 05:12 2347520 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\Sidebar.exe" [2010-11-20 1174016]
"PC Suite Tray"="c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe" [2010-12-21 1483264]
"KiesAirMessage"="c:\program files\Samsung\Kies\KiesAirMessage.exe" [2012-10-09 580096]
"KiesPreload"="c:\program files\Samsung\Kies\Kies.exe" [2012-10-11 966072]
"PCSpeedUp"="c:\program files\Zrychleni Pocitace\PCSUNotifier.exe" [2012-06-05 188680]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2013-02-28 18642024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-06-18 1537320]
"ODDPwr"="c:\program files\Acer\Optical Drive Power Management\ODDPwr.exe" [2009-07-30 180224]
"Acer ePower Management"="c:\program files\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe" [2009-08-19 487424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"BackupManagerTray"="c:\program files\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"NortonOnlineBackupReminder"="c:\program files\Symantec\Norton Online Backup\Activation\NobuActivation.exe" [2009-07-24 588648]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-07-06 7600672]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-08-11 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-08-11 174104]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-08-11 151064]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"LManager"="c:\program files\Launch Manager\LManager.exe" [2009-08-27 1191432]
"VitaKeyPdtWzd"="c:\program files\Acer Bio Protection\PdtWzd.exe" [2009-07-21 3567616]
"Skytel"="c:\program files\Realtek\Audio\HDA\Skytel.exe" [2009-07-06 1833504]
"NWTRAY"="NWTRAY.EXE" [2009-03-27 30992]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-09-11 2054360]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"NSU_agent"="c:\program files\Nokia\Nokia Software Updater\nsu3ui_agent.exe" [2012-02-28 190768]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-10-11 309688]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"MSPCLOCK"="streamci" [X]
"MSPQM"="streamci" [X]
"MSKSSRV"="streamci" [X]
"MSTEE.CxTransform"="streamci" [X]
"MSTEE.Splitter"="streamci" [X]
"NoIE4StubProcessing"="c:\windows\system32\reg.exe DELETE HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components" [X]
"WDM_DRMKAUD"="streamci" [X]
"BrowserChoice"="browserchoice.exe" [2010-02-11 293376]
"!BingBar"="c:\program files\Microsoft\BingBar\7.1.361.0\MUExe\7.1.361.0\BingBarSetup-Partner.EXE" [2012-02-10 5674496]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SPReview"="c:\windows\System32\SPReview\SPReview.exe" [2013-03-20 280576]
.
c:\users\2283\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
regmonstd.lnk - c:\windows\System32\rundll32.exe c:\progra~2\6zjehi.dat,XFG00 [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Acer VCM.lnk - c:\program files\Acer\Acer VCM\AcerVCM.exe [2009-9-3 708608]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 795936]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2008-9-10 525664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ c:\program files\Acer Bio Protection\PwdFilter
Authentication Packages REG_MULTI_SZ msv1_0 ncv1_0
.
R1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-09-11 108792]
R2 DsiWMIService;Dritek WMI Service;c:\program files\Launch Manager\dsiwmis.exe [2009-08-24 107016]
R2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-09-11 95896]
R2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer PowerSmart Manager\ePowerSvc.exe [2009-08-19 688128]
R2 FPSensor;EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys);c:\windows\system32\Drivers\FPSensor.sys [2009-09-28 22528]
R2 Greg_Service;GRegService;c:\program files\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
R2 IGBASVC;EgisTec Service;c:\program files\Acer Bio Protection\BASVC.exe [2009-07-21 3450368]
R2 LNSUSvc;Služba pro inteligentní upgrade prostředí Lotus Notes ;c:\ibm\Lotus\Notes\SUService.exe [2011-09-16 189832]
R2 Lotus Notes Diagnostics;Lotus Notes Diagnostics;c:\ibm\Lotus\Notes\nsd.exe [2011-09-16 4453768]
R2 NCFSD;Novell Client File System Redirector;c:\program files\Novell\Client\XTier\Drivers\ncfsd.sys [2009-03-27 82456]
R2 NCIOCTL;Novell Xplat IoCtl Driver;c:\program files\Novell\Client\XTier\Drivers\ncioctl.sys [2009-03-27 54296]
R2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
R2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
R2 ODDPwrSvc;Acer ODD Power Service;c:\program files\Acer\Optical Drive Power Management\ODDPWRSvc.exe [2009-07-30 118784]
R2 PCSUService;PC Speed Up Service;c:\program files\Zrychleni Pocitace\PCSUService.exe [2012-06-05 289544]
R2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-18 11032]
R2 RS_Service;Raw Socket Service;c:\program files\Acer\Acer VCM\RS_Service.exe [2009-07-10 253952]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-02-28 161384]
R2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
R2 XTSvcMgr;Novell XTier Service Manager;c:\program files\Novell\Client\XTier\Services\XTSvcMgr.exe [2009-03-27 16656]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-07 29472]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 83168]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2013-06-04 181912]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-06-15 1343400]
R4 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2009-09-11 735960]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 NCFilter;Novell UNC Filter - Filter;c:\windows\system32\DRIVERS\NCFilter.sys [2009-03-27 91160]
S0 NCRecognizer;Novell UNC Filter - Recognizer;c:\windows\system32\DRIVERS\NCRecognizer.sys [2009-03-27 110616]
S0 NCUncFilter;Novell UNC Filter - UNC Filter;c:\windows\system32\DRIVERS\NCUncFilter.sys [2009-03-27 22552]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-08-22 4232192]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-05-22 167936]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2013-06-26 c:\windows\Tasks\Acer Registration Reminder.job
- c:\program files\Acer\Registration\GREG.exe [2009-07-31 06:55]
.
2013-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-15 07:48]
.
2013-06-27 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 10:59]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-02-05 10:59]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4160050864-2776469588-3755834221-1004Core.job
- c:\users\2283\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-05 15:13]
.
2013-06-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4160050864-2776469588-3755834221-1004UA.job
- c:\users\2283\AppData\Local\Google\Update\GoogleUpdate.exe [2013-04-05 15:13]
.
2013-06-26 c:\windows\Tasks\PC SpeedUp Service Deactivator.job
- c:\program files\Zrychleni Pocitace\PCSUSD.exe [2012-09-04 07:39]
.
.
------- Doplňkový sken -------
.
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0405&m=travelmate_8571&r=27050110d406l0361z265x47l1k715
TCP: Interfaces\{7C85DB1E-1D50-4880-9E6E-304118C78B74}: NameServer = 160.218.161.60 194.228.211.33
TCP: Interfaces\{A38859ED-7804-4494-94E0-C92454E9A625}: NameServer = 10.0.0.1
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft Office Outlook 2007.lnk - c:\windows\Installer\{90120000-0012-0000-0000-0000000FF1CE}\outicon.exe
SafeBoot-mcmscsvc
SafeBoot-MCODS
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000001
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'lsass.exe'(540)
c:\windows\system32\ncv1_0.DLL
c:\program files\Acer Bio Protection\PwdFilter.DLL
.
Celkový čas: 2013-06-27 19:47:37
ComboFix-quarantined-files.txt 2013-06-27 17:47
.
Před spuštěním: Volných bajtů: 228 604 239 872
Po spuštění: Volných bajtů: 228 506 333 184
.
- - End Of File - - F0082BF9E7B9E02A9EF491DBD5FAD7C3
A36C5E4F47E84449FF07ED3517B43A31

#2 Příspěvek od **Rudy** » 27 čer 2013 20:17

Zdravím!
Proč spouštíte ComboFix, utilitu určenou pouze odborníkům, bez pokynů rádce?. Hodláte si poškodit systém, nebo nějakou aplikaci?

Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Collect::
c:\users\2283\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\regmonstd.lnk
c:\progra~2\6zjehi.dat

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4160050864-2776469588-3755834221-1004Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-4160050864-2776469588-3755834221-1004UA.job

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

Driver::
Skype C2C Service

RegLock::
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

VIRY.CZ

PČR otravuje život

PČR otravuje život

Re: PČR otravuje život