Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

Zebytobyl...havěť?

Nemáte v tuto chvíli žádný problém s pc a chcete se jen ujistit, že je vše v pořádku?
Vložte log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Zebytobyl...havěť?

#1 Příspěvek od pit »

Hoj, poslední dobou mám problémy s rychlostí počítače. Nevím, jestli jsem tak náročný (notebook už není nejmladší) nebo tam někde mám nějakou havěť. Byl bych vděčný, kdyby mi někdo zkontroloval RSIT log a řekl, jestli je čas na likvidaci havěti nebo zastaralého kompu :) předem veliké díky za ochotu a čas!

Logfile of random's system information tool 1.08 (written by random/random)
Run by pitris at 2010-11-09 11:19:36
Microsoft Windows 7 Professional
System drive C: has 14 GB (19%) free of 75 GB
Total RAM: 1015 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:20:27, on 9.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET Smart Security\egui.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\QIP\qip.exe
C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImgBurn.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Download\RSIT.exe
C:\Program Files\trend micro\pitris.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: ImgBurn.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E}: NameServer = 213.211.45.3,213.211.45.2
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ABB Industrial Robot Communication Server (RobComCtrlServer) - ABB - C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe
O23 - Service: ABB Industrial Robot Discovery Server (RobNetScanHost) - ABB - C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe

--
End of file - 3720 bytes

======Scheduled tasks folder======

C:\Windows\tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job
C:\Windows\tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"egui"=C:\Program Files\ESET Smart Security\egui.exe [2009-02-06 2021400]
"VirtualCloneDrive"=C:\Program Files\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"=C:\Program Files\QIP\qip.exe [2008-12-09 3259392]

C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ImgBurn.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-09 11:19:38 ----D---- C:\Program Files\trend micro
2010-11-09 11:19:36 ----D---- C:\rsit
2010-11-09 11:12:59 ----D---- C:\a7f7e9bcfaf8b821acbc1d7ea5c7b9be
2010-11-04 22:34:30 ----D---- C:\ProjectTemplates
2010-11-04 22:34:30 ----D---- C:\ItemTemplates
2010-11-04 22:30:59 ----D---- C:\ProgramData\ABB Industrial IT
2010-11-04 22:30:59 ----D---- C:\Program Files\Common Files\ABB Industrial IT
2010-11-04 22:21:28 ----D---- C:\Program Files\ABB Industrial IT
2010-11-04 20:03:25 ----D---- C:\Program Files\CCleaner
2010-11-04 19:07:25 ----D---- C:\ProgramData\RegCure
2010-10-27 17:15:30 ----A---- C:\Windows\system32\msdri.dll
2010-10-27 17:15:27 ----A---- C:\Windows\system32\CPFilters.dll
2010-10-27 17:14:38 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-10-14 17:33:34 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 17:33:12 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 17:33:07 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 17:32:56 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 17:32:55 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 17:32:52 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 17:32:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-14 17:32:49 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 17:32:48 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 17:32:48 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-14 17:32:47 ----A---- C:\Windows\system32\ieui.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 17:32:45 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-14 17:32:45 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 17:32:40 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 17:32:38 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 17:32:33 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 17:32:28 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 17:32:28 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 17:32:06 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 17:31:54 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 17:31:51 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 17:31:47 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 17:31:46 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 17:31:46 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 17:31:45 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 17:31:38 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 17:31:28 ----A---- C:\Windows\system32\StructuredQuery.dll

======List of files/folders modified in the last 1 months======

2010-11-09 11:20:13 ----D---- C:\Windows\Temp
2010-11-09 11:19:38 ----RD---- C:\Program Files
2010-11-09 11:15:53 ----A---- C:\Windows\wincmd.ini
2010-11-09 11:14:06 ----D---- C:\Windows
2010-11-09 11:13:42 ----D---- C:\Windows\system32\drivers
2010-11-09 11:12:31 ----SHD---- C:\System Volume Information
2010-11-09 11:10:12 ----D---- C:\Windows\system32\config
2010-11-08 21:29:21 ----D---- C:\Program Files\DOSBox-0.74
2010-11-08 16:45:03 ----D---- C:\Program Files\_instalace
2010-11-04 22:43:30 ----SHD---- C:\Windows\Installer
2010-11-04 22:43:21 ----SHD---- C:\Config.Msi
2010-11-04 22:43:06 ----D---- C:\Windows\winsxs
2010-11-04 22:42:50 ----RSD---- C:\Windows\assembly
2010-11-04 22:41:07 ----HD---- C:\ProgramData
2010-11-04 22:30:59 ----AD---- C:\Program Files\Common Files
2010-11-04 22:17:58 ----D---- C:\Windows\Prefetch
2010-11-04 20:32:01 ----D---- C:\Program Files\Winamp
2010-11-04 20:28:44 ----D---- C:\Windows\debug
2010-11-04 19:30:19 ----D---- C:\Windows\system32\Tasks
2010-11-04 19:30:03 ----D---- C:\Windows\Tasks
2010-11-04 14:24:50 ----D---- C:\Windows\System32
2010-11-04 14:24:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-04 14:24:45 ----D---- C:\Windows\inf
2010-11-04 07:47:18 ----D---- C:\Users\pitris\AppData\Roaming\uTorrent
2010-11-04 02:07:14 ----D---- C:\Windows\rescache
2010-11-01 20:01:04 ----D---- C:\Program Files\LG PC Suite II
2010-10-31 23:02:53 ----A---- C:\Windows\winamp.ini
2010-10-28 08:41:47 ----D---- C:\Windows\Microsoft.NET
2010-10-28 08:32:23 ----D---- C:\Windows\ehome
2010-10-28 08:31:51 ----D---- C:\Windows\AppPatch
2010-10-27 17:13:34 ----D---- C:\Windows\system32\catroot
2010-10-27 17:13:30 ----D---- C:\Windows\system32\catroot2
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-16 09:49:49 ----D---- C:\Program Files\ESET Smart Security
2010-10-15 22:18:56 ----D---- C:\Program Files\Internet Explorer
2010-10-15 22:18:55 ----D---- C:\Windows\system32\migration
2010-10-15 22:18:50 ----D---- C:\Program Files\Windows Media Player
2010-10-15 13:35:10 ----A---- C:\Windows\system32\MRT.exe
2010-10-14 18:38:47 ----A---- C:\Windows\wcx_ftp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-02 651720]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 RobComCtrlServer;ABB Industrial Robot Communication Server; C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe [2010-04-08 255816]
S3 RobNetScanHost;ABB Industrial Robot Discovery Server; C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe [2010-04-08 103240]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Zebytobyl...havěť?

#2 Příspěvek od motji »

Hezké odpoledne :)
Řekla bych že máte hodně malé Ramky, na win7
Total RAM: 1015 MB (12% free)


:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Re: Zebytobyl...havěť?

#3 Příspěvek od pit »

Krásný večer,
tak přece jen tam něco bylo...mým okem laika koukám, že se havěť vyskytuje v ACDSee. Zdědil jsem tento ntb po bráchovi, který to tam už měl nainstalovaný. Zajímavý je, že mi to ESET nikdy nenašel a že s prohlížením obrázků v tomto softu nebyly nikdy žádné problémy...mno, ale už nechám pracovat odborníky :)
zde je log z MBAM:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5088

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

10.11.2010 19:51:22
mbam-log-2010-11-10 (19-51-22).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 385272
Uplynulý čas: 3 hodina(y), 11 minuta(y), 44 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> No action taken.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\ACD Systems\ACDSee\ACDSee.Photo.Manager.2009.v11.0.113.Incl.Keymaker-CORE\cr-as2k9.exe (Trojan.Dropper.PGen) -> No action taken.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> No action taken.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> No action taken.
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Zebytobyl...havěť?

#4 Příspěvek od motji »

V mbamu vše smažte.
Ten program je placený, což bratr obešel :roll: . Nemusíte mít problém s fotkami, jen si díky keygenu dotáhnout do pc třeba rootkita a ani o tom nemusíte vědět :)

:arrow: Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Re: Zebytobyl...havěť?

#5 Příspěvek od pit »

Takže...v MBAMu vše úspěšně smazáno, přikládám pro jistotu log.
ComboFix jsem spustil dle návodu (doufám). Vše proběhlo OK, něco to našlo, jak bude vidět v logu. Potom ComboFix pc restartoval a po naběhnutí se mi začaly spouštět automatický aplikace (ESET, QIP atd). Rychle jsem je stopl, protože ComboFix ještě tvořil log.Nevím, jestli bylo na vině tohle nebo něco jiného, každopádně po vytvoření a zobrazení logu jsem nemohl spustit žádnou aplikaci(kromě Windows průzkumníka [tento počítač] a Winampu, který se spustil po dvojkliku na hudební soubor - nechápu). Každopádně při každém pokusu spustit cokoliv jiného mi to psalo následující červenou hlášku:"Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění" Pc jsem restartoval a teď už jde zase všechno "vpohodě".

MBAM log:
Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Verze databáze: 5088

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

11.11.2010 13:18:52
mbam-log-2010-11-11 (13-18-52).txt

Typ skenu: Úplný sken (C:\|)
Skenované objekty: 385272
Uplynulý čas: 3 hodina(y), 11 minuta(y), 44 sekunda(y)

Infikované procesy v paměti: 0
Infikované moduly v paměti: 0
Infikované klíče registru: 2
Infikované hodnoty registru: 0
Infikované datové položky registru: 0
Infikované složky: 0
Infikované soubory: 3

Infikované procesy v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče registru:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Handle (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MSSMGR (Trojan.Downloader) -> Quarantined and deleted successfully.

Infikované hodnoty registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované datové položky registru:
(Žádné škodlivé položky nebyly zjištěny)

Infikované složky:
(Žádné škodlivé položky nebyly zjištěny)

Infikované soubory:
C:\Program Files\ACD Systems\ACDSee\ACDSee.Photo.Manager.2009.v11.0.113.Incl.Keymaker-CORE\cr-as2k9.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{35DC3473-A719-4d14-B7C1-FD326CA84A0C}.job (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Windows\Tasks\{66BA574B-1E11-49b8-909C-8CC9E0E8E015}.job (Trojan.Downloader) -> Quarantined and deleted successfully.

ComboFix log:
ComboFix 10-11-10.03 - pitris 11.11.2010 19:13:01.1.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1015.309 [GMT 1:00]
Spuštěný z: c:\users\pitris\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\IDropPTB.dll

c:\windows\system32\userinit.exe . . . je infikován!!

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 18:31 . 2010-11-11 18:34 -------- d-----w- c:\users\pitris\AppData\Local\temp
2010-11-10 15:36 . 2010-11-10 15:36 -------- d-----w- c:\users\pitris\AppData\Roaming\Malwarebytes
2010-11-10 15:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 15:35 . 2010-11-10 15:35 -------- d-----w- c:\programdata\Malwarebytes
2010-11-10 15:35 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 15:35 . 2010-11-11 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 10:21 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28A5B438-6996-48B1-9F96-66E3E58773EE}\mpengine.dll
2010-11-09 10:19 . 2010-11-09 10:20 -------- d-----w- c:\program files\trend micro
2010-11-09 10:19 . 2010-11-09 10:20 -------- d-----w- C:\rsit
2010-11-09 10:12 . 2010-11-09 10:13 -------- d-----w- C:\a7f7e9bcfaf8b821acbc1d7ea5c7b9be
2010-11-04 21:34 . 2010-11-04 21:34 -------- d-----w- C:\ProjectTemplates
2010-11-04 21:34 . 2010-11-04 21:34 -------- d-----w- C:\ItemTemplates
2010-11-04 21:30 . 2010-11-04 21:30 -------- d-----w- c:\programdata\ABB Industrial IT
2010-11-04 21:30 . 2010-11-04 21:30 -------- d-----w- c:\program files\Common Files\ABB Industrial IT
2010-11-04 21:21 . 2010-11-04 21:21 -------- d-----w- c:\program files\ABB Industrial IT
2010-11-04 19:03 . 2010-11-04 19:03 -------- d-----w- c:\program files\CCleaner
2010-11-04 18:07 . 2010-11-04 18:25 -------- d-----w- c:\programdata\RegCure
2010-10-27 16:15 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 16:15 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 16:15 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 16:15 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 16:14 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-14 16:33 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 16:33 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 16:31 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 16:31 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 16:31 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 16:31 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 16:31 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 16:31 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 16:31 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 16:31 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-03-01 18:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 09:51 . 2010-09-28 09:51 40960 ----a-w- c:\windows\system32\maplec.dll
2010-09-28 09:51 . 2010-09-28 09:51 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-28 09:51 . 2010-09-28 09:51 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-08-21 05:32 . 2010-09-15 13:19 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-04-06 17:52 . 2010-04-14 19:35 31971272 ----a-w- c:\program files\MRT.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

c:\users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImgBurn.exe [2009-4-10 1700352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RobComCtrlServer;ABB Industrial Robot Communication Server;c:\program files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe [2010-04-08 255816]
R3 RobNetScanHost;ABB Industrial Robot Discovery Server;c:\program files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe [2010-04-08 103240]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15161&l=dis
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E} = 213.211.45.3,213.211.45.2
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ttffile"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-11-11 19:41:55 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-11 18:41

Před spuštěním: Volných bajtů: 14 596 313 088
Po spuštění: Volných bajtů: 15 939 313 664

- - End Of File - - 4A49D0B1DB935892D8E3EF2B5270EAD0
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Zebytobyl...havěť?

#6 Příspěvek od motji »

Máte pravděpodobně infikovaný systémový soubor, jdeme ho nahradit :)

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Restore::
c:\windows\system32\userinit.exe
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Re: Zebytobyl...havěť?

#7 Příspěvek od pit »

Takže, operace provedena. Výsledek:

1) během činnosti ComboFixu mi zmizel z plochy CFScript.txt - je to normálka?
2) CF odstranil nějaké dva soubory, viz log
3) po restartu Windows naběhly klasicky
4) po naběhnutí Windows vyskočila nová varovná hláška, že je poškozen Koš na disku C:/ a jestli si přeju ho vysypat Ano nebo Ne. Na nic jsem neklikal a čekal na dokončení činnosti CF
5) před dokončením činnosti a vytvořením logu varovná hláška zmizela
6) po zobrazení logu jsem opět nemohl spustit žádnou aplikaci (viz předchozí příspěvek), takže znovu restart a znovu vše funguje...

tady je 2.log z ComboFixu:
ComboFix 10-11-10.03 - pitris 11.11.2010 21:56:15.2.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1015.338 [GMT 1:00]
Spuštěný z: c:\users\pitris\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pitris\Desktop\CFScript.txt
* Rezidentní štít AV je zapnutý

.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat

Nakažená kopie c:\windows\system32\userinit.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\combofix\HarddiskVolumeShadowCopy2_!Windows!System32!userinit.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-10-11 do 2010-11-11 )))))))))))))))))))))))))))))))
.

2010-11-11 21:16 . 2010-11-11 21:18 -------- d-----w- c:\users\pitris\AppData\Local\temp
2010-11-11 21:16 . 2010-11-11 21:16 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-11-10 15:36 . 2010-11-10 15:36 -------- d-----w- c:\users\pitris\AppData\Roaming\Malwarebytes
2010-11-10 15:35 . 2010-04-29 14:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-11-10 15:35 . 2010-11-10 15:35 -------- d-----w- c:\programdata\Malwarebytes
2010-11-10 15:35 . 2010-04-29 14:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-11-10 15:35 . 2010-11-11 12:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-11-10 10:21 . 2010-10-07 23:21 6146896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{28A5B438-6996-48B1-9F96-66E3E58773EE}\mpengine.dll
2010-11-09 10:19 . 2010-11-09 10:20 -------- d-----w- c:\program files\trend micro
2010-11-09 10:19 . 2010-11-09 10:20 -------- d-----w- C:\rsit
2010-11-09 10:12 . 2010-11-09 10:13 -------- d-----w- C:\a7f7e9bcfaf8b821acbc1d7ea5c7b9be
2010-11-04 21:34 . 2010-11-04 21:34 -------- d-----w- C:\ProjectTemplates
2010-11-04 21:34 . 2010-11-04 21:34 -------- d-----w- C:\ItemTemplates
2010-11-04 21:30 . 2010-11-04 21:30 -------- d-----w- c:\programdata\ABB Industrial IT
2010-11-04 21:30 . 2010-11-04 21:30 -------- d-----w- c:\program files\Common Files\ABB Industrial IT
2010-11-04 21:21 . 2010-11-04 21:21 -------- d-----w- c:\program files\ABB Industrial IT
2010-11-04 19:03 . 2010-11-04 19:03 -------- d-----w- c:\program files\CCleaner
2010-11-04 18:07 . 2010-11-04 18:25 -------- d-----w- c:\programdata\RegCure
2010-10-27 16:15 . 2010-08-04 06:17 417792 ----a-w- c:\windows\system32\msdri.dll
2010-10-27 16:15 . 2010-08-04 06:18 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-10-27 16:15 . 2010-08-04 06:15 204288 ----a-w- c:\windows\system32\MSNP.ax
2010-10-27 16:15 . 2010-08-04 06:15 199680 ----a-w- c:\windows\system32\mpg2splt.ax
2010-10-27 16:14 . 2010-07-13 05:22 26504 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2010-10-14 16:33 . 2010-06-29 04:57 4247040 ----a-w- c:\program files\Windows NT\Accessories\wordpad.exe
2010-10-14 16:33 . 2010-06-29 05:02 1413632 ----a-w- c:\windows\system32\ole32.dll
2010-10-14 16:31 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\system32\wmploc.DLL
2010-10-14 16:31 . 2010-09-01 02:34 2327552 ----a-w- c:\windows\system32\win32k.sys
2010-10-14 16:31 . 2010-08-27 03:31 310784 ----a-w- c:\windows\system32\drivers\srv.sys
2010-10-14 16:31 . 2010-08-27 05:46 168448 ----a-w- c:\windows\system32\srvsvc.dll
2010-10-14 16:31 . 2010-08-27 03:30 308736 ----a-w- c:\windows\system32\drivers\srv2.sys
2010-10-14 16:31 . 2010-08-27 03:30 113664 ----a-w- c:\windows\system32\drivers\srvnet.sys
2010-10-14 16:31 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-10-14 16:31 . 2010-05-05 06:46 363520 ----a-w- c:\windows\system32\StructuredQuery.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-10-19 09:41 . 2010-03-01 18:16 222080 ------w- c:\windows\system32\MpSigStub.exe
2010-09-28 09:51 . 2010-09-28 09:51 40960 ----a-w- c:\windows\system32\maplec.dll
2010-09-28 09:51 . 2010-09-28 09:51 212992 ----a-w- c:\windows\system32\WMIMPLEX.dll
2010-09-28 09:51 . 2010-09-28 09:51 20480 ----a-w- c:\windows\system32\maplecompat.dll
2010-08-21 05:32 . 2010-09-15 13:19 316928 ----a-w- c:\windows\system32\spoolsv.exe
2010-04-06 17:52 . 2010-04-14 19:35 31971272 ----a-w- c:\program files\MRT.exe
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"="c:\program files\QIP\qip.exe" [2008-12-09 3259392]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET Smart Security\egui.exe" [2009-02-06 2021400]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]

c:\users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImgBurn.exe [2009-4-10 1700352]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv

R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 RobComCtrlServer;ABB Industrial Robot Communication Server;c:\program files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe [2010-04-08 255816]
R3 RobNetScanHost;ABB Industrial Robot Discovery Server;c:\program files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe [2010-04-08 103240]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
S2 ekrn;ESET Service;c:\program files\ESET Smart Security\ekrn.exe [2009-02-06 727720]
S2 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]

.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://eu.ask.com?o=15161&l=dis
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E} = 213.211.45.3,213.211.45.2
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bmp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cr2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.crw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.gif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpe"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpeg"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpg"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcx"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.png"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psd"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tga"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.tiff"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ttffile"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wmf"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"

[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2010-11-11 22:25:45 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-11-11 21:25
ComboFix2.txt 2010-11-11 18:41

Před spuštěním: Volných bajtů: 15 861 334 016
Po spuštění: Volných bajtů: 15 966 408 704

- - End Of File - - 1C7FF8C431EEFDA277C7121396A6B756
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Zebytobyl...havěť?

#8 Příspěvek od motji »

To že Vám po combofixu nic nefungovalo, na některých pc dělá, restart pomůže :) .
Koš Vám funguje? vyzkoušejte, vysypte ho, vložte do něj něco, vysypte.

:arrow: Stahněte z mého podpisu AVPTOOl http://www.viry.cz/forum/viewtopic.php?f=29&t=58179

-Podle návodu nainstalujte a proveďte sken
-co najde nechejte léčit, mazat
-sken může trvat několik hodin
-vložte zde log z výsledky
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Re: Zebytobyl...havěť?

#9 Příspěvek od pit »

Koš se mi zdá být normální, otevřel jsem - pohoda, vymazal jsem jednoduchý textový soubor - pohoda, odstranění souboru z koše - taky pohoda...

AVPTool jsem právě dostahoval, jdu na instalaci a sken.

Jestli sken trvá několik hodin, jak píšete, tak se tu už dnes asi neuvidíme, takže přeju dobrou noc :)
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Zebytobyl...havěť?

#10 Příspěvek od motji »

Dobrou :D
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Re: Zebytobyl...havěť?

#11 Příspěvek od pit »

Dobré ránko, poslušně hlásím, že AVPTool nic nenašel ( :) nebo :( )?
jestli je to divné, tak můžu test pro jistotu zopakovat přes den, abych měl jistotu, že se fakt něco dělo...

log z AVPTool:
Automatická kontrola: dokončeno před 4 hod. (události: 2, objekty: 689242, čas: 03:31:10)
11.11.2010 22:56:20 Úloha byla spuštěna
12.11.2010 2:27:32 Úloha byla dokončena
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Zebytobyl...havěť?

#12 Příspěvek od motji »

Proč tak smutně? :D To je dobře, že nic nenašel, takže se nikde žádná mrška neschovává. Jak se chová počítač?

Ještě pro můj klid otestujte na www.virustotal.com
c:\windows\system32\userinit.exe
-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Re: Zebytobyl...havěť?

#13 Příspěvek od pit »

Jestli už tam vážně nic není, tak je to paráda! :)

virustotal.com nenašel nic - tady je odkaz http://www.virustotal.com/file-scan/rep ... 1289571579

Chování PC:
1) Po restartu win naběhly normálně, bez problémů a hlášek...
2 Mám teď na C:/ viditelné složky, které předtím byly pouze skryté (Boot, Config.Msi, MSOCache, ProgramData, Recovery)...taky tam pořád zůstavají složky "qoobox" od ComboFixu a "rsit"...to se mi moc nelíbí, šlo by s tím něco udělat? :)
3) Taky jsem si všiml, že v Program Files je skrytá složka "Zero G Registry", obsahující jediný soubor ".com.zerog.registry.xml"; buďto je nová, nebo jsem si ji nikdy předtím nevšiml (používám totalcmdra a zobrazování skrytých složek mám vypnuté)
4) Co se týče rychlosti, tak jsem si nevšiml výraznější změny. Spustil jsem znovu RSIT a RAMka je pořád na 15%... :(

Logfile of random's system information tool 1.08 (written by random/random)
Run by pitris at 2010-11-12 15:35:25
Microsoft Windows 7 Professional
System drive C: has 14 GB (19%) free of 75 GB
Total RAM: 1015 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:36:10, on 12.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\system32\taskhost.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET Smart Security\egui.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QIP\qip.exe
C:\Windows\system32\igfxsrvc.exe
C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImgBurn.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Opera\opera.exe
C:\Download\RSIT.exe
C:\Program Files\trend micro\pitris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Startup: ImgBurn.exe
O4 - Startup: setup_9.0.0.722_12.11.2010_00-13.lnk = C:\Program Files\Virus Removal Tool\setup_9.0.0.722_12.11.2010_00-13\startup.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E}: NameServer = 213.211.45.3,213.211.45.2
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: ABB Industrial Robot Communication Server (RobComCtrlServer) - ABB - C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe
O23 - Service: ABB Industrial Robot Discovery Server (RobNetScanHost) - ABB - C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe

--
End of file - 3126 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"egui"=C:\Program Files\ESET Smart Security\egui.exe [2009-02-06 2021400]
"VirtualCloneDrive"=C:\Program Files\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"=C:\Program Files\QIP\qip.exe [2008-12-09 3259392]

C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ImgBurn.exe
setup_9.0.0.722_12.11.2010_00-13.lnk - C:\Program Files\Virus Removal Tool\setup_9.0.0.722_12.11.2010_00-13\startup.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-11 22:53:39 ----D---- C:\ProgramData\Kaspersky Lab
2010-11-11 22:50:09 ----A---- C:\Windows\system32\drivers\32777772.sys
2010-11-11 22:50:09 ----A---- C:\Windows\system32\drivers\32777771.sys
2010-11-11 22:50:09 ----A---- C:\Windows\system32\drivers\3277777.sys
2010-11-11 22:50:07 ----D---- C:\Program Files\Virus Removal Tool
2010-11-11 22:25:46 ----A---- C:\ComboFix.txt
2010-11-11 22:24:28 ----SHD---- C:\$RECYCLE.BIN
2010-11-11 21:52:03 ----A---- C:\Windows\SWXCACLS.exe
2010-11-11 19:41:59 ----D---- C:\Windows\temp
2010-11-11 19:09:41 ----A---- C:\Windows\zip.exe
2010-11-11 19:09:41 ----A---- C:\Windows\SWSC.exe
2010-11-11 19:09:41 ----A---- C:\Windows\SWREG.exe
2010-11-11 19:09:41 ----A---- C:\Windows\sed.exe
2010-11-11 19:09:41 ----A---- C:\Windows\PEV.exe
2010-11-11 19:09:41 ----A---- C:\Windows\NIRCMD.exe
2010-11-11 19:09:41 ----A---- C:\Windows\MBR.exe
2010-11-11 19:09:41 ----A---- C:\Windows\grep.exe
2010-11-11 19:09:26 ----D---- C:\Windows\ERDNT
2010-11-11 19:08:40 ----D---- C:\Qoobox
2010-11-10 16:36:11 ----D---- C:\Users\pitris\AppData\Roaming\Malwarebytes
2010-11-10 16:35:47 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-10 16:35:44 ----D---- C:\ProgramData\Malwarebytes
2010-11-10 16:35:43 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-10 16:35:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-09 11:19:38 ----D---- C:\Program Files\trend micro
2010-11-09 11:19:36 ----D---- C:\rsit
2010-11-09 11:12:59 ----D---- C:\a7f7e9bcfaf8b821acbc1d7ea5c7b9be
2010-11-04 22:34:30 ----D---- C:\ProjectTemplates
2010-11-04 22:34:30 ----D---- C:\ItemTemplates
2010-11-04 22:30:59 ----D---- C:\ProgramData\ABB Industrial IT
2010-11-04 22:30:59 ----D---- C:\Program Files\Common Files\ABB Industrial IT
2010-11-04 22:21:28 ----D---- C:\Program Files\ABB Industrial IT
2010-11-04 20:03:25 ----D---- C:\Program Files\CCleaner
2010-11-04 19:07:25 ----D---- C:\ProgramData\RegCure
2010-10-27 17:15:30 ----A---- C:\Windows\system32\msdri.dll
2010-10-27 17:15:27 ----A---- C:\Windows\system32\CPFilters.dll
2010-10-27 17:14:38 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-10-14 17:33:34 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 17:33:12 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 17:33:07 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 17:32:56 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 17:32:55 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 17:32:52 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 17:32:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-14 17:32:49 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 17:32:48 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 17:32:48 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-14 17:32:47 ----A---- C:\Windows\system32\ieui.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 17:32:45 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-14 17:32:45 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 17:32:40 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 17:32:38 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 17:32:33 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 17:32:28 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 17:32:28 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 17:32:06 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 17:31:54 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 17:31:51 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 17:31:47 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 17:31:46 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 17:31:46 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 17:31:45 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 17:31:38 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 17:31:28 ----A---- C:\Windows\system32\StructuredQuery.dll

======List of files/folders modified in the last 1 months======

2010-11-12 15:34:52 ----D---- C:\Windows\system32\config
2010-11-12 15:31:18 ----A---- C:\Windows\wincmd.ini
2010-11-12 15:30:00 ----D---- C:\Windows
2010-11-12 15:26:59 ----A---- C:\Windows\winamp.ini
2010-11-12 15:26:55 ----D---- C:\Program Files\Winamp
2010-11-12 15:23:23 ----D---- C:\Windows\Prefetch
2010-11-12 15:15:02 ----D---- C:\Windows\system32\catroot2
2010-11-12 15:14:51 ----SHD---- C:\System Volume Information
2010-11-12 08:16:03 ----SHD---- C:\Windows\Installer
2010-11-11 22:53:39 ----D---- C:\ProgramData
2010-11-11 22:51:19 ----D---- C:\Windows\debug
2010-11-11 22:50:39 ----D---- C:\Windows\system32\drivers
2010-11-11 22:50:07 ----RD---- C:\Program Files
2010-11-11 22:18:23 ----A---- C:\Windows\system.ini
2010-11-11 22:17:52 ----D---- C:\Windows\system32\drivers\etc
2010-11-11 22:05:44 ----D---- C:\Windows\System32
2010-11-11 22:05:43 ----D---- C:\Windows\AppPatch
2010-11-11 22:05:40 ----AD---- C:\Program Files\Common Files
2010-11-11 19:30:45 ----D---- C:\Windows\Downloaded Program Files
2010-11-11 19:04:17 ----D---- C:\Config.Msi
2010-11-11 19:04:07 ----D---- C:\Program Files\ESET Smart Security
2010-11-11 18:51:01 ----D---- C:\Program Files\_instalace
2010-11-11 18:11:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-11 18:11:06 ----D---- C:\Windows\inf
2010-11-11 13:18:58 ----D---- C:\Windows\system32\Tasks
2010-11-11 13:18:51 ----D---- C:\Windows\Tasks
2010-11-11 13:14:01 ----A---- C:\Windows\system32\MRT.exe
2010-11-09 23:16:22 ----D---- C:\Program Files\DOSBox-0.74
2010-11-04 22:43:06 ----D---- C:\Windows\winsxs
2010-11-04 22:42:50 ----RSD---- C:\Windows\assembly
2010-11-04 07:47:18 ----D---- C:\Users\pitris\AppData\Roaming\uTorrent
2010-11-04 02:07:14 ----D---- C:\Windows\rescache
2010-11-01 20:01:04 ----D---- C:\Program Files\LG PC Suite II
2010-10-28 08:41:47 ----D---- C:\Windows\Microsoft.NET
2010-10-28 08:32:23 ----D---- C:\Windows\ehome
2010-10-27 17:13:34 ----D---- C:\Windows\system32\catroot
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-15 22:18:56 ----D---- C:\Program Files\Internet Explorer
2010-10-15 22:18:55 ----D---- C:\Windows\system32\migration
2010-10-15 22:18:50 ----D---- C:\Program Files\Windows Media Player
2010-10-14 18:38:47 ----A---- C:\Windows\wcx_ftp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 32777772;32777772 Boot Guard Driver; C:\Windows\system32\DRIVERS\32777772.sys [2009-10-22 37392]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 32777771;32777771; C:\Windows\system32\DRIVERS\32777771.sys [2009-09-25 128016]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 setup_9.0.0.722_12.11.2010_00-13drv;setup_9.0.0.722_12.11.2010_00-13drv; C:\Windows\system32\DRIVERS\3277777.sys [2009-10-09 311312]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 catchme;catchme; \??\C:\Users\pitris\AppData\Local\Temp\catchme.sys []
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-02 651720]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 RobComCtrlServer;ABB Industrial Robot Communication Server; C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobComCtrlServer.exe [2010-04-08 255816]
S3 RobNetScanHost;ABB Industrial Robot Discovery Server; C:\Program Files\Common Files\ABB Industrial IT\Robotics IT\RobAPI\RobNetScanHost.exe [2010-04-08 103240]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
motji
VIP
VIP
Příspěvky: 23302
Registrován: 23 říj 2008 08:02

Re: Zebytobyl...havěť?

#14 Příspěvek od motji »

Povypínáme zbytečné věci a uvidíme, ale na 1GB RAM nečekejte žádný zázrak :)

:arrow: Odinstalujte Avptool

:arrow: Máte program 3dsmax

:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech



***********

:arrow: Vložte nový log ze RSIT a řekněte co počítač, jak se chová, už je vše v pořádku?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data :!:
Chcete podpořit naše forum? Informace zde

Obrázek

K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Nahoru
pit
Návštěvník
Návštěvník
Příspěvky: 20
Registrován: 09 lis 2010 11:24

Re: Zebytobyl...havěť?

#15 Příspěvek od pit »

Tož...

:!: AVPTool odinstalován úspěšně
:!: pokud to s 3dsmaxem byla otázka, tak "ne, nemám, ani brácha tuším neměl". Pokud to byla oznamovací věta, tak "vážně?co teď s tím?" :)
:!: ComboFix odinstalován úspěšně
:!: T-Cleaner přes protesty ESETu stažen, spuštěn a smazán
:!: Ccleaner jsem měl nainstalovaný už předtím, nicméně temp i registry pročištěny
:!: Po stažení a spuštění OTC pc restartován..

Win pak nabíhaly o něco déle než obvykle, ale nic hrozného. Opět naběhly vpořádku. Co se týče složek na céčku, tak zmizela jen "qoobox", jinak ostatní jsou stále vidět - můžu jim přiřadit atribut skrytý? V Program Files stále "trčí" složky "trend micro" a "Virus removal tool" - můžu smazat? Co MBAM, mám ho taky odinstalovat?

Jinak žádné další problémy s pc zatím nepozoruju, vypadá to ok.

Nejnovější log z RSIT:
Logfile of random's system information tool 1.08 (written by random/random)
Run by pitris at 2010-11-12 19:57:11
Microsoft Windows 7 Professional
System drive C: has 15 GB (21%) free of 75 GB
Total RAM: 1015 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:57:30, on 12.11.2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16671)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\ESET Smart Security\egui.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\QIP\qip.exe
C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImgBurn.exe
C:\Program Files\Winamp\winamp.exe
C:\Program Files\Total Commander\TOTALCMD.EXE
C:\Program Files\Opera\opera.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Download\RSIT.exe
C:\Program Files\trend micro\pitris.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://eu.ask.com?o=15161&l=dis
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKCU\..\Run: [QIP2005] C:\Program Files\QIP\qip.exe
O4 - Startup: ImgBurn.exe
O4 - Startup: _uninst_setup_9.0.0.722_12.11.2010_00-13.exe.lnk = C:\Users\pitris\AppData\Local\temp\_uninst_setup_9.0.0.722_12.11.2010_00-13.exe.bat
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E}: NameServer = 213.211.45.3,213.211.45.2
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET Smart Security\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe

--
End of file - 2889 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"egui"=C:\Program Files\ESET Smart Security\egui.exe [2009-02-06 2021400]
"VirtualCloneDrive"=C:\Program Files\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"QIP2005"=C:\Program Files\QIP\qip.exe [2008-12-09 3259392]

C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ImgBurn.exe
_uninst_setup_9.0.0.722_12.11.2010_00-13.exe.lnk - C:\Users\pitris\AppData\Local\temp\_uninst_setup_9.0.0.722_12.11.2010_00-13.exe.bat

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 months======

2010-11-12 19:57:10 ----D---- C:\rsit
2010-11-11 22:53:39 ----D---- C:\ProgramData\Kaspersky Lab
2010-11-11 22:50:07 ----D---- C:\Program Files\Virus Removal Tool
2010-11-11 22:24:28 ----SHD---- C:\$RECYCLE.BIN
2010-11-11 19:41:59 ----D---- C:\Windows\temp
2010-11-10 16:36:11 ----D---- C:\Users\pitris\AppData\Roaming\Malwarebytes
2010-11-10 16:35:47 ----A---- C:\Windows\system32\drivers\mbamswissarmy.sys
2010-11-10 16:35:44 ----D---- C:\ProgramData\Malwarebytes
2010-11-10 16:35:43 ----A---- C:\Windows\system32\drivers\mbam.sys
2010-11-10 16:35:42 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2010-11-09 11:19:38 ----D---- C:\Program Files\trend micro
2010-11-09 11:12:59 ----D---- C:\a7f7e9bcfaf8b821acbc1d7ea5c7b9be
2010-11-04 22:30:59 ----D---- C:\ProgramData\ABB Industrial IT
2010-11-04 20:03:25 ----D---- C:\Program Files\CCleaner
2010-11-04 19:07:25 ----D---- C:\ProgramData\RegCure
2010-10-27 17:15:30 ----A---- C:\Windows\system32\msdri.dll
2010-10-27 17:15:27 ----A---- C:\Windows\system32\CPFilters.dll
2010-10-27 17:14:38 ----A---- C:\Windows\system32\drivers\Diskdump.sys
2010-10-14 17:33:34 ----A---- C:\Windows\system32\ole32.dll
2010-10-14 17:33:12 ----A---- C:\Windows\system32\iertutil.dll
2010-10-14 17:33:07 ----A---- C:\Windows\system32\mshtml.dll
2010-10-14 17:32:56 ----A---- C:\Windows\system32\ieframe.dll
2010-10-14 17:32:55 ----A---- C:\Windows\system32\msfeeds.dll
2010-10-14 17:32:52 ----A---- C:\Windows\system32\urlmon.dll
2010-10-14 17:32:51 ----A---- C:\Windows\system32\licmgr10.dll
2010-10-14 17:32:49 ----A---- C:\Windows\system32\wininet.dll
2010-10-14 17:32:48 ----A---- C:\Windows\system32\mstime.dll
2010-10-14 17:32:48 ----A---- C:\Windows\system32\iedkcs32.dll
2010-10-14 17:32:47 ----A---- C:\Windows\system32\ieui.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\mshtmled.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\msfeedsbs.dll
2010-10-14 17:32:46 ----A---- C:\Windows\system32\iepeers.dll
2010-10-14 17:32:45 ----A---- C:\Windows\system32\msfeedssync.exe
2010-10-14 17:32:45 ----A---- C:\Windows\system32\jsproxy.dll
2010-10-14 17:32:40 ----A---- C:\Windows\system32\t2embed.dll
2010-10-14 17:32:38 ----A---- C:\Windows\system32\schannel.dll
2010-10-14 17:32:33 ----A---- C:\Windows\system32\comctl32.dll
2010-10-14 17:32:28 ----A---- C:\Windows\system32\mfc40u.dll
2010-10-14 17:32:28 ----A---- C:\Windows\system32\mfc40.dll
2010-10-14 17:32:06 ----A---- C:\Windows\system32\wmp.dll
2010-10-14 17:31:54 ----A---- C:\Windows\system32\wmploc.DLL
2010-10-14 17:31:51 ----A---- C:\Windows\system32\win32k.sys
2010-10-14 17:31:47 ----A---- C:\Windows\system32\drivers\srv.sys
2010-10-14 17:31:46 ----A---- C:\Windows\system32\srvsvc.dll
2010-10-14 17:31:46 ----A---- C:\Windows\system32\drivers\srv2.sys
2010-10-14 17:31:45 ----A---- C:\Windows\system32\drivers\srvnet.sys
2010-10-14 17:31:38 ----A---- C:\Windows\system32\wmpmde.dll
2010-10-14 17:31:28 ----A---- C:\Windows\system32\StructuredQuery.dll

======List of files/folders modified in the last 1 months======

2010-11-12 19:57:25 ----D---- C:\Windows\Prefetch
2010-11-12 19:55:49 ----D---- C:\Windows\system32\config
2010-11-12 19:55:02 ----RD---- C:\Program Files
2010-11-12 19:53:55 ----A---- C:\Windows\wincmd.ini
2010-11-12 19:52:09 ----D---- C:\Windows
2010-11-12 19:42:47 ----SHD---- C:\Windows\Installer
2010-11-12 19:42:47 ----D---- C:\Config.Msi
2010-11-12 19:30:32 ----SHD---- C:\System Volume Information
2010-11-12 19:28:28 ----D---- C:\Program Files\Winamp
2010-11-12 19:20:48 ----A---- C:\Windows\winamp.ini
2010-11-12 19:16:48 ----D---- C:\Windows\winsxs
2010-11-12 19:12:55 ----D---- C:\Windows\system32\drivers
2010-11-12 19:06:25 ----RSD---- C:\Windows\assembly
2010-11-12 19:05:58 ----AD---- C:\Program Files\Common Files
2010-11-12 15:15:02 ----D---- C:\Windows\system32\catroot2
2010-11-11 22:53:39 ----D---- C:\ProgramData
2010-11-11 22:51:19 ----D---- C:\Windows\debug
2010-11-11 22:18:23 ----A---- C:\Windows\system.ini
2010-11-11 22:17:52 ----D---- C:\Windows\system32\drivers\etc
2010-11-11 22:05:44 ----D---- C:\Windows\System32
2010-11-11 22:05:43 ----D---- C:\Windows\AppPatch
2010-11-11 19:30:45 ----D---- C:\Windows\Downloaded Program Files
2010-11-11 19:04:07 ----D---- C:\Program Files\ESET Smart Security
2010-11-11 18:51:01 ----D---- C:\Program Files\_instalace
2010-11-11 18:11:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2010-11-11 18:11:06 ----D---- C:\Windows\inf
2010-11-11 13:18:58 ----D---- C:\Windows\system32\Tasks
2010-11-11 13:18:51 ----D---- C:\Windows\Tasks
2010-11-11 13:14:01 ----A---- C:\Windows\system32\MRT.exe
2010-11-09 23:16:22 ----D---- C:\Program Files\DOSBox-0.74
2010-11-04 07:47:18 ----D---- C:\Users\pitris\AppData\Roaming\uTorrent
2010-11-04 02:07:14 ----D---- C:\Windows\rescache
2010-11-01 20:01:04 ----D---- C:\Program Files\LG PC Suite II
2010-10-28 08:41:47 ----D---- C:\Windows\Microsoft.NET
2010-10-28 08:32:23 ----D---- C:\Windows\ehome
2010-10-27 17:13:34 ----D---- C:\Windows\system32\catroot
2010-10-19 10:41:44 ----N---- C:\Windows\system32\MpSigStub.exe
2010-10-15 22:18:56 ----D---- C:\Program Files\Internet Explorer
2010-10-15 22:18:55 ----D---- C:\Windows\system32\migration
2010-10-15 22:18:50 ----D---- C:\Program Files\Windows Media Player
2010-10-14 18:38:47 ----A---- C:\Windows\wcx_ftp.ini

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-02-06 106208]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2009-02-06 130952]
R2 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2009-02-06 38240]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-02-06 113448]
R3 Epfwndis;Eset Personal Firewall; C:\Windows\system32\DRIVERS\Epfwndis.sys [2009-02-06 33096]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2010-01-21 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2010-01-21 20864]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2010-01-21 24960]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET Smart Security\ekrn.exe [2009-02-06 727720]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET Smart Security\EHttpSrv.exe [2009-02-06 20680]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-02 651720]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]

-----------------EOF-----------------
Nahoru
Odpovědět

Zpět na „Preventivní kontroly logů“