Krásný dobrý večer přeji,
svůj starý notebook budu předávat kámošce a chtěl bych, aby ode mě odešel bez havěti - mohli byste mi prosím zkontrolovat log? Notebook by měl být ok, akorát Centrum akcí (bíla vlaječka v tray) mi hlásí problém s Centrem zabezpečení - je vypnuté. Když se ho ale pokusím zapnout, vyskočí varovná hláška "Službu Centrum zabezpečení systému Windows nelze spustit". Antivir (Avira) i firewall (Windows Defender) pracují bez problémů.
Předem velké díky za ochotu a čas!!!
Logfile of random's system information tool 1.08 (written by random/random)
Run by pitris at 2011-01-17 17:52:26
Microsoft Windows 7 Professional
System drive C: has 27 GB (37%) free of 75 GB
Total RAM: 1015 MB (37% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:53:00, on 17.1.2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal
Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\VirtualCloneDrive\VCDDaemon.exe
C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ImgBurn.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\_instalace\lecba\RSIT.exe
C:\Program Files\trend micro\pitris.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [VirtualCloneDrive] "C:\Program Files\VirtualCloneDrive\VCDDaemon.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [CheckPoint Cleanup] C:\Users\pitris\AppData\Local\Temp\cpes_clean_launcher.exe C:\Users\pitris\AppData\Local\Temp\cpes_clean.exe
O4 - Startup: ImgBurn.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O17 - HKLM\System\CCS\Services\Tcpip\..\{D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E}: NameServer = 213.211.45.3,213.211.45.2
O23 - Service: Avira AntiVir Scheduler (AntiVirSchedulerService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira AntiVir Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET Smart Security\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET Smart Security\ekrn.exe (file missing)
--
End of file - 2683 bytes
======Registry dump======
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-09-23 173592]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"VirtualCloneDrive"=C:\Program Files\VirtualCloneDrive\VCDDaemon.exe [2009-06-17 85160]
"avgnt"=C:\Program Files\Avira\AntiVir Desktop\avgnt.exe [2010-12-13 281768]
"CheckPoint Cleanup"=C:\Users\pitris\AppData\Local\Temp\cpes_clean_launcher.exe [2010-11-16 52736]
C:\Users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
ImgBurn.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 months======
2011-01-17 17:52:30 ----D---- C:\Program Files\trend micro
2011-01-17 17:52:26 ----D---- C:\rsit
2011-01-17 15:36:18 ----D---- C:\ProgramData\ZA_PreservedFiles
2010-12-25 19:48:56 ----D---- C:\ProgramData\Kaspersky Lab
2010-12-25 16:57:13 ----RASH---- C:\Windows\system32\modemuim.dll
2010-12-25 00:39:59 ----A---- C:\Windows\system32\drivers\netio.sys
2010-12-25 00:38:37 ----D---- C:\Windows\system32\ZoneLabs
2010-12-25 00:37:59 ----D---- C:\ProgramData\CheckPoint
2010-12-25 00:37:54 ----D---- C:\Windows\Internet Logs
2010-12-25 00:30:48 ----D---- C:\Users\pitris\AppData\Roaming\Avira
2010-12-25 00:25:41 ----A---- C:\Windows\system32\drivers\ssmdrv.sys
2010-12-25 00:25:36 ----A---- C:\Windows\system32\drivers\avipbb.sys
2010-12-25 00:25:36 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2010-12-25 00:25:28 ----D---- C:\ProgramData\Avira
2010-12-25 00:25:28 ----D---- C:\Program Files\Avira
======List of files/folders modified in the last 1 months======
2011-01-17 17:52:30 ----RD---- C:\Program Files
2011-01-17 17:51:55 ----A---- C:\Windows\wincmd.ini
2011-01-17 17:30:10 ----SHD---- C:\System Volume Information
2011-01-17 16:42:48 ----A---- C:\Windows\winamp.ini
2011-01-17 16:33:04 ----A---- C:\Windows\wcx_ftp.ini
2011-01-17 16:28:19 ----D---- C:\Program Files\Winamp
2011-01-17 16:21:45 ----D---- C:\Windows\System32
2011-01-17 16:21:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-01-17 16:21:44 ----D---- C:\Windows\inf
2011-01-17 15:58:38 ----D---- C:\Users\pitris\AppData\Roaming\vlc
2011-01-17 15:45:51 ----D---- C:\Program Files\_instalace
2011-01-17 15:39:25 ----D---- C:\Windows\temp
2011-01-17 15:39:25 ----D---- C:\Windows
2011-01-17 15:38:33 ----D---- C:\Windows\system32\config
2011-01-17 15:38:23 ----D---- C:\Windows\winsxs
2011-01-17 15:36:25 ----D---- C:\Windows\system32\DriverStore
2011-01-17 15:36:25 ----D---- C:\Windows\system32\drivers
2011-01-17 15:36:25 ----D---- C:\Windows\system32\catroot
2011-01-17 15:36:18 ----HD---- C:\ProgramData
2011-01-17 15:31:39 ----SHD---- C:\Windows\Installer
2011-01-17 15:31:38 ----HD---- C:\Config.Msi
2011-01-17 15:31:24 ----D---- C:\Program Files\Common Files\Autodesk Shared
2011-01-17 15:28:10 ----RSD---- C:\Windows\assembly
2011-01-17 15:27:10 ----HD---- C:\ProgramData\Autodesk
2011-01-17 15:24:27 ----RSD---- C:\Windows\Fonts
2011-01-17 15:21:51 ----D---- C:\Windows\Prefetch
2011-01-17 15:21:06 ----AD---- C:\Program Files\Common Files
2011-01-17 15:16:23 ----D---- C:\Windows\Help
2011-01-17 15:03:04 ----D---- C:\Windows\system32\catroot2
2010-12-26 23:04:04 ----D---- C:\Windows\system32\Tasks
2010-12-26 23:04:03 ----D---- C:\Windows\Tasks
2010-12-25 17:41:13 ----D---- C:\Windows\debug
2010-12-25 01:09:09 ----D---- C:\Users\pitris\AppData\Roaming\uTorrent
2010-12-25 00:39:25 ----D---- C:\Windows\SoftwareDistribution
2010-12-24 23:51:17 ----D---- C:\Windows\system32\NDF
2010-12-24 22:07:36 ----D---- C:\Windows\Registration
2010-12-19 13:59:39 ----D---- C:\Program Files\uTorrent
2010-12-18 11:06:32 ----D---- C:\Windows\rescache
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2010-12-13 135096]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2009-12-17 26024]
R1 ssmdrv;ssmdrv; C:\Windows\system32\DRIVERS\ssmdrv.sys [2010-06-17 28520]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2010-12-13 61960]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\Windows\system32\DRIVERS\AGRSM.sys [2009-07-13 1035776]
R3 e1express;Intel(R) PRO/1000 – ovladač PCI Express síťového připojení; C:\Windows\system32\DRIVERS\e1e6032.sys [2009-07-13 211456]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista; C:\Windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
R3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2009-10-10 84992]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2009-08-09 29696]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys []
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys []
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys []
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira AntiVir Guard; C:\Program Files\Avira\AntiVir Desktop\avguard.exe [2010-12-13 267944]
R2 AntiVirSchedulerService;Avira AntiVir Scheduler; C:\Program Files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 ekrn;ESET Service; C:\Program Files\ESET Smart Security\ekrn.exe []
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET Smart Security\EHttpSrv.exe []
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
S4 msvsmon80;Visual Studio 2005 Remote Debugger; C:\Program Files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
centrum zabezpečení windows
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: centrum zabezpečení windows
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: centrum zabezpečení windows
zdravím, po dokončení činnosti combofixu jsem nemohl spustit žádnou aplikaci - psalo mi to varovnou hlášku "pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění". po restartu už vše funguje, jak má. tady je log z CF:
ComboFix 11-01-17.05 - pitris 18.01.2011 19:30:32.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1015.332 [GMT 1:00]
Spuštěný z: c:\users\pitris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-18 do 2011-01-18 )))))))))))))))))))))))))))))))
.
2011-01-18 18:50 . 2011-01-18 18:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-18 18:50 . 2011-01-18 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- c:\program files\trend micro
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- C:\rsit
2011-01-17 14:36 . 2011-01-17 14:36 -------- d-----w- c:\programdata\ZA_PreservedFiles
2011-01-17 14:04 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-17 14:04 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-17 14:04 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-17 14:04 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-17 14:04 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2010-12-25 18:48 . 2010-12-25 18:49 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 15:57 . 2010-12-25 15:57 108032 --sha-r- c:\windows\system32\modemuim.dll
2010-12-24 23:39 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-12-24 23:38 . 2011-01-17 14:36 -------- d-----w- c:\windows\system32\ZoneLabs
2010-12-24 23:37 . 2010-12-24 23:37 -------- d-----w- c:\programdata\CheckPoint
2010-12-24 23:37 . 2011-01-17 14:36 -------- d-----w- c:\windows\Internet Logs
2010-12-24 23:30 . 2010-12-24 23:30 -------- d-----w- c:\users\pitris\AppData\Roaming\Avira
2010-12-24 23:25 . 2010-12-13 07:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-24 23:25 . 2010-12-13 07:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\programdata\Avira
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Avira
2010-12-24 11:45 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{781D4621-A70C-454F-B7DF-5993944FF577}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 12:25 . 2010-11-13 12:22 177794 ----a-w- c:\windows\system32\~.tmp
2010-11-04 05:52 . 2010-12-15 21:56 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 21:56 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 21:56 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 21:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 21:55 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 21:55 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 21:55 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 21:55 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 21:55 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 21:55 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 21:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-06 17:52 . 2010-04-14 19:35 31971272 ----a-w- c:\program files\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
c:\users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImgBurn.exe [2009-4-10 1700352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET Smart Security\ekrn.exe [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E} = 213.211.45.3,213.211.45.2
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-18 19:54:41
ComboFix-quarantined-files.txt 2011-01-18 18:54
Před spuštěním: Volných bajtů: 28 661 809 152
Po spuštění: Volných bajtů: 28 595 818 496
- - End Of File - - 076647EC5B6C390897761489623F618F
ComboFix 11-01-17.05 - pitris 18.01.2011 19:30:32.3.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1015.332 [GMT 1:00]
Spuštěný z: c:\users\pitris\Desktop\ComboFix.exe
AV: AntiVir Desktop *Enabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: AntiVir Desktop *Enabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-18 do 2011-01-18 )))))))))))))))))))))))))))))))
.
2011-01-18 18:50 . 2011-01-18 18:50 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-18 18:50 . 2011-01-18 18:50 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- c:\program files\trend micro
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- C:\rsit
2011-01-17 14:36 . 2011-01-17 14:36 -------- d-----w- c:\programdata\ZA_PreservedFiles
2011-01-17 14:04 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-17 14:04 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-17 14:04 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-17 14:04 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-17 14:04 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2010-12-25 18:48 . 2010-12-25 18:49 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 15:57 . 2010-12-25 15:57 108032 --sha-r- c:\windows\system32\modemuim.dll
2010-12-24 23:39 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-12-24 23:38 . 2011-01-17 14:36 -------- d-----w- c:\windows\system32\ZoneLabs
2010-12-24 23:37 . 2010-12-24 23:37 -------- d-----w- c:\programdata\CheckPoint
2010-12-24 23:37 . 2011-01-17 14:36 -------- d-----w- c:\windows\Internet Logs
2010-12-24 23:30 . 2010-12-24 23:30 -------- d-----w- c:\users\pitris\AppData\Roaming\Avira
2010-12-24 23:25 . 2010-12-13 07:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-24 23:25 . 2010-12-13 07:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\programdata\Avira
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Avira
2010-12-24 11:45 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{781D4621-A70C-454F-B7DF-5993944FF577}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-13 12:25 . 2010-11-13 12:22 177794 ----a-w- c:\windows\system32\~.tmp
2010-11-04 05:52 . 2010-12-15 21:56 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 21:56 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 21:56 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 21:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 21:55 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 21:55 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 21:55 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 21:55 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 21:55 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 21:55 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 21:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-06 17:52 . 2010-04-14 19:35 31971272 ----a-w- c:\program files\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
c:\users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImgBurn.exe [2009-4-10 1700352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET Smart Security\ekrn.exe [x]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E} = 213.211.45.3,213.211.45.2
.
.
------- Asociace souborů -------
.
.scr=AutoCADScriptFile
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-18 19:54:41
ComboFix-quarantined-files.txt 2011-01-18 18:54
Před spuštěním: Volných bajtů: 28 661 809 152
Po spuštění: Volných bajtů: 28 595 818 496
- - End Of File - - 076647EC5B6C390897761489623F618F
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: centrum zabezpečení windows
Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.Collect::
c:\windows\system32\~.tmp
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: centrum zabezpečení windows
Provedeno. Při vytváření logu chtěl CF odeslat nějaký soubor na internet na analýzu, ale nepovedlo se mu to, tak mě vyzval k manuálnímu uploadu. Po skončení činnosti opět nešly spustit aplikace, po restartu opět vše vpořádku. Poté jsem tedy manuálně nahrál soubor na web Bleeping Computer. Dle instrukcí dávám vědět, že jsem tak učinil 
viz http://www.bleepingcomputer.com/pf.php
Centrum akcí už nic nehlásí, tady je nový log z CF:
ComboFix 11-01-17.05 - pitris 18.01.2011 20:22:07.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1015.463 [GMT 1:00]
Spuštěný z: c:\users\pitris\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pitris\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
file zipped: c:\windows\system32\~.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\~.tmp
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-18 do 2011-01-18 )))))))))))))))))))))))))))))))
.
2011-01-18 19:34 . 2011-01-18 19:36 -------- d-----w- c:\users\pitris\AppData\Local\temp
2011-01-18 19:34 . 2011-01-18 19:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-18 19:34 . 2011-01-18 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- c:\program files\trend micro
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- C:\rsit
2011-01-17 14:36 . 2011-01-17 14:36 -------- d-----w- c:\programdata\ZA_PreservedFiles
2011-01-17 14:04 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-17 14:04 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-17 14:04 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-17 14:04 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-17 14:04 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2010-12-25 18:48 . 2010-12-25 18:49 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 15:57 . 2010-12-25 15:57 108032 --sha-r- c:\windows\system32\modemuim.dll
2010-12-24 23:39 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-12-24 23:37 . 2010-12-24 23:37 -------- d-----w- c:\programdata\CheckPoint
2010-12-24 23:37 . 2011-01-18 18:59 -------- d-----w- c:\windows\Internet Logs
2010-12-24 23:30 . 2010-12-24 23:30 -------- d-----w- c:\users\pitris\AppData\Roaming\Avira
2010-12-24 23:25 . 2010-12-13 07:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-24 23:25 . 2010-12-13 07:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\programdata\Avira
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Avira
2010-12-24 11:45 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{781D4621-A70C-454F-B7DF-5993944FF577}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 05:52 . 2010-12-15 21:56 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 21:56 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 21:56 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 21:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 21:55 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 21:55 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 21:55 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 21:55 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 21:55 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 21:55 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 21:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-06 17:52 . 2010-04-14 19:35 31971272 ----a-w- c:\program files\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
c:\users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImgBurn.exe [2009-4-10 1700352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET Smart Security\ekrn.exe [x]
R3 CFcatchme;CFcatchme;c:\users\pitris\AppData\Local\Temp\CFcatchme.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E} = 213.211.45.3,213.211.45.2
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-01-18 20:41:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-18 19:41
ComboFix2.txt 2011-01-18 18:54
Před spuštěním: Volných bajtů: 28 791 398 400
Po spuštění: Volných bajtů: 28 727 955 456
- - End Of File - - 80BF955B4C60F1EA498B6D439C1CAFA1
viz http://www.bleepingcomputer.com/pf.phpCentrum akcí už nic nehlásí, tady je nový log z CF:
ComboFix 11-01-17.05 - pitris 18.01.2011 20:22:07.4.2 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.1015.463 [GMT 1:00]
Spuštěný z: c:\users\pitris\Desktop\ComboFix.exe
Použité ovládací přepínače :: c:\users\pitris\Desktop\CFScript.txt
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
file zipped: c:\windows\system32\~.tmp
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\windows\system32\~.tmp
Nakažená kopie c:\windows\system32\Drivers\atapi.sys byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\ERDNT\cache\atapi.sys
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-18 do 2011-01-18 )))))))))))))))))))))))))))))))
.
2011-01-18 19:34 . 2011-01-18 19:36 -------- d-----w- c:\users\pitris\AppData\Local\temp
2011-01-18 19:34 . 2011-01-18 19:34 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-01-18 19:34 . 2011-01-18 19:34 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- c:\program files\trend micro
2011-01-17 16:52 . 2011-01-17 16:53 -------- d-----w- C:\rsit
2011-01-17 14:36 . 2011-01-17 14:36 -------- d-----w- c:\programdata\ZA_PreservedFiles
2011-01-17 14:04 . 2010-10-16 04:34 573440 ----a-w- c:\windows\system32\odbc32.dll
2011-01-17 14:04 . 2010-10-16 04:33 372736 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
2011-01-17 14:04 . 2010-10-16 04:33 987136 ----a-w- c:\program files\Common Files\System\ado\msado15.dll
2011-01-17 14:04 . 2010-10-16 04:33 352256 ----a-w- c:\program files\Common Files\System\ado\msadomd.dll
2011-01-17 14:04 . 2010-10-16 04:33 208896 ----a-w- c:\program files\Common Files\System\msadc\msadco.dll
2010-12-25 18:48 . 2010-12-25 18:49 -------- d-----w- c:\programdata\Kaspersky Lab
2010-12-25 15:57 . 2010-12-25 15:57 108032 --sha-r- c:\windows\system32\modemuim.dll
2010-12-24 23:39 . 2010-04-09 07:24 240008 ----a-w- c:\windows\system32\drivers\netio.sys
2010-12-24 23:37 . 2010-12-24 23:37 -------- d-----w- c:\programdata\CheckPoint
2010-12-24 23:37 . 2011-01-18 18:59 -------- d-----w- c:\windows\Internet Logs
2010-12-24 23:30 . 2010-12-24 23:30 -------- d-----w- c:\users\pitris\AppData\Roaming\Avira
2010-12-24 23:25 . 2010-12-13 07:40 61960 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2010-12-24 23:25 . 2010-12-13 07:40 135096 ----a-w- c:\windows\system32\drivers\avipbb.sys
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\programdata\Avira
2010-12-24 23:25 . 2010-12-24 23:25 -------- d-----w- c:\program files\Avira
2010-12-24 11:45 . 2010-11-10 04:33 6273872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{781D4621-A70C-454F-B7DF-5993944FF577}\mpengine.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-04 05:52 . 2010-12-15 21:56 978944 ----a-w- c:\windows\system32\wininet.dll
2010-11-04 05:48 . 2010-12-15 21:56 44544 ----a-w- c:\windows\system32\licmgr10.dll
2010-11-04 04:41 . 2010-12-15 21:56 386048 ----a-w- c:\windows\system32\html.iec
2010-11-04 04:08 . 2010-12-15 21:56 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2010-11-02 04:41 . 2010-12-15 21:55 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2010-11-02 04:40 . 2010-12-15 21:55 496128 ----a-w- c:\windows\system32\taskschd.dll
2010-11-02 04:40 . 2010-12-15 21:55 305152 ----a-w- c:\windows\system32\taskcomp.dll
2010-11-02 04:39 . 2010-12-15 21:55 749056 ----a-w- c:\windows\system32\schedsvc.dll
2010-11-02 04:34 . 2010-12-15 21:55 192000 ----a-w- c:\windows\system32\taskeng.exe
2010-11-02 04:34 . 2010-12-15 21:55 179712 ----a-w- c:\windows\system32\schtasks.exe
2010-10-27 04:32 . 2010-12-15 21:56 2048 ----a-w- c:\windows\system32\tzres.dll
2010-04-06 17:52 . 2010-04-14 19:35 31971272 ----a-w- c:\program files\MRT.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"VirtualCloneDrive"="c:\program files\VirtualCloneDrive\VCDDaemon.exe" [2009-06-17 85160]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2010-12-13 281768]
c:\users\pitris\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
ImgBurn.exe [2009-4-10 1700352]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 ekrn;ESET Service;c:\program files\ESET Smart Security\ekrn.exe [x]
R3 CFcatchme;CFcatchme;c:\users\pitris\AppData\Local\Temp\CFcatchme.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-24 1343400]
R4 msvsmon80;Visual Studio 2005 Remote Debugger;c:\program files\Microsoft Visual Studio 8\Common7\IDE\Remote Debugger\x86\msvsmon.exe [2005-09-23 2799808]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2010-12-13 135336]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series – ovladač adaptéru pro 32bitový systém Windows Vista;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
.
.
------- Doplňkový sken -------
.
IE: E&xportovat do aplikace Microsoft Office Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: {D7461FB2-DAB2-4DD6-8A86-C4AB33728D0E} = 213.211.45.3,213.211.45.2
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.arw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dng"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mrw"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.nef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.orf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pef"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.srf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
[HKEY_USERS\S-1-5-21-2914488248-2412449452-3933908779-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (S-1-5-21-2914488248-2412449452-3933908779-1000)
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\igfxsrvc.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Celkový čas: 2011-01-18 20:41:16 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-18 19:41
ComboFix2.txt 2011-01-18 18:54
Před spuštěním: Volných bajtů: 28 791 398 400
Po spuštění: Volných bajtů: 28 727 955 456
- - End Of File - - 80BF955B4C60F1EA498B6D439C1CAFA1
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: centrum zabezpečení windows
Log již vypadá čistý. Žádný jiný problém nemáte?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: centrum zabezpečení windows
vypadá to, že je vše ok. jak jsem již psal, centrum akcí nyní žádné potíže nehlásí, avira i win defender šlapou.
veliké díky za ochotu a rychlou pomoc!!! snad si kámoška udrží čistý komp co nejdýl!
veliké díky za ochotu a rychlou pomoc!!!
snad si kámoška udrží čistý komp co nejdýl!-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: centrum zabezpečení windows
Doufejme....snad si kámoška udrží čistý komp co nejdýl!
Nemáte zač!Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: centrum zabezpečení windows
ještě poslední otázka - složky c:/qoobox a c:/rsit + soubory c:/combofix.txt a combofix.exe (na ploše) můžu beztrestně smazat?
-
Rudy
- Site Admin
- Příspěvky: 119426
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: centrum zabezpečení windows
Složku Quoobox a soubor combofix.txt smažte, RSIT odinstalujte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?