VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

a zase Win 7 security 2012

https://forum.viry.cz:443/viewtopic.php?t=118838

Stránka 2 z 3

Re: a zase Win 7 security 2012

Napsal: 18 led 2012 10:39
od vyosek
:arrow: Je tam nejak moc bezpecnostniho SW - Avast, MSE a zahlidl jsem i Norton. v PC musi byt jen jeden, takze co dame do pryc? Norton mate zakoupeny :???:

Re: a zase Win 7 security 2012

Napsal: 19 led 2012 07:39
od ladad
To není muj PC, avast byl bezplatná verze, microsoft take a norton bylo demo s novym PC. avast a microsoft jsem odinstaloval, takze zustava jen norton.

Re: a zase Win 7 security 2012

Napsal: 19 led 2012 11:27
od vyosek
:arrow: Pokud byl Norton demo - trial - a jiz licence skoncila, tak jej dale pouzivat nemuzete - rozpor s licencnimi podminkami

:arrow: v nouzovem rezimu (restart PC, mackat F8, zvolit Stav nouze s praci v siti) projedte PC temito utilitami, at se zbavime zbytku antiviru co tam mate :arrow: Doporucuji nainstalovat zpatky Avast - v dnesni dobe asi to nejlepsi z free reseni

:arrow: Pokud nemate, tak presunte Combofix primo na disk c:\ tak aby nebyl v zadne slozce
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Driver::
gupdate
gupdatem

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-

File::
c:\windows\Tasks\Norton Security Scan for František.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt tez primo na disk c:\
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: a zase Win 7 security 2012

Napsal: 19 led 2012 12:23
od ladad
ComboFix 12-01-16.05 - František 19.01.2012 12:06:09.5.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.2550 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Norton Security Scan for František.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((((((((((((((((( Ovladače/Služby )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-19 do 2012-01-19 )))))))))))))))))))))))))))))))
.
.
2012-01-19 11:12 . 2009-11-04 21:14 6231376 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C0E0FD11-94EE-4B08-9E0D-4F56822301C4}\mpengine.dll
2012-01-19 11:10 . 2012-01-19 11:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-19 11:03 . 2012-01-19 11:03 1788 ----a-w- C:\FixitRegBackup.reg
2012-01-19 10:58 . 2012-01-19 10:58 -------- d--h--w- c:\programdata\Common Files
2012-01-19 10:58 . 2012-01-19 10:58 -------- d-----w- c:\programdata\MFAData
2012-01-18 10:57 . 2012-01-18 10:57 -------- d-----w- c:\users\František\AppData\Local\Diagnostics
2012-01-16 12:01 . 2012-01-16 12:01 -------- d-----w- c:\program files (x86)\Loaris
2012-01-16 06:58 . 2012-01-19 10:57 -------- d-----w- C:\Nová složka
2012-01-16 06:56 . 2012-01-16 06:56 -------- d-----w- C:\_OTL
2012-01-16 06:18 . 2012-01-16 06:18 512 ----a-w- C:\PhysicalMBR.bin
2012-01-13 16:19 . 2012-01-13 16:19 548864 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp80.dll
2012-01-13 16:19 . 2012-01-13 16:19 479232 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcm80.dll
2012-01-13 16:19 . 2012-01-13 16:19 43992 ----a-w- c:\program files (x86)\Mozilla Firefox\mozutils.dll
2012-01-13 16:19 . 2012-01-13 16:19 626688 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr80.dll
2012-01-11 14:11 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:11 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:11 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:11 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-11-24 04:52 . 2011-12-14 13:11 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 06:35 . 2012-01-11 19:05 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-11 19:05 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-05 05:41 . 2011-12-14 13:13 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 13:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 13:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 13:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 13:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 13:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 13:13 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-18_06.08.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-08-22 05:15 . 2012-01-19 11:03 55224 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-19 11:03 47232 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-12 18:08 . 2012-01-19 11:03 17056 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3688296639-856451023-1152358436-1000_UserData.bin
+ 2010-01-12 09:03 . 2012-01-18 07:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 09:03 . 2012-01-17 07:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-18 07:46 . 2012-01-18 07:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 07:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-18 07:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-26 15:55 . 2012-01-19 11:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-26 15:55 . 2012-01-18 05:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-02-26 15:55 . 2012-01-19 11:04 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-26 15:55 . 2012-01-18 05:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-02-26 15:55 . 2012-01-19 11:04 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-02-26 15:55 . 2012-01-18 05:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 18:04 . 2012-01-18 06:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 18:04 . 2012-01-19 11:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-01-12 18:04 . 2012-01-19 11:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2010-01-12 18:04 . 2012-01-18 06:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-19 11:11 . 2012-01-19 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-18 05:56 . 2012-01-18 05:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-19 11:11 . 2012-01-19 11:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-18 05:56 . 2012-01-18 05:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-14 17:47 . 2012-01-18 12:42 277128 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-01-18 10:37 619146 c:\windows\system32\perfh009.dat
+ 2009-10-16 13:13 . 2012-01-18 10:37 634780 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-01-18 10:37 107466 c:\windows\system32\perfc009.dat
+ 2009-10-16 13:13 . 2012-01-18 10:37 123338 c:\windows\system32\perfc005.dat
- 2009-07-14 05:01 . 2012-01-17 12:48 355148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-19 11:11 355148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Global Registration"="c:\program files (x86)\Acer\Registration\GREG.exe" [2009-07-31 2844704]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-10-16 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
"combofix"="c:\combofix\CF23332.3XE" [2010-11-20 345088]
.
------- Doplňkový sken -------
.
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page =
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 10.107.4.100 10.107.4.129
TCP: Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5}: NameServer = 10.107.4.100,10.107.4.129
FF - ProfilePath - c:\users\František\AppData\Roaming\Mozilla\Firefox\Profiles\j4qh3upm.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2012-01-19 12:16:03 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-19 11:16
ComboFix2.txt 2012-01-18 10:24
ComboFix3.txt 2012-01-18 06:10
.
Před spuštěním: Volných bajtů: 416 681 910 272
Po spuštění: Volných bajtů: 416 367 374 336
.
- - End Of File - - B24C166B64BE5088FB0FF5AFBEE596C4

Re: a zase Win 7 security 2012

Napsal: 19 led 2012 15:44
od vyosek
Pouzil jste ty utility na uklid po antivirech :???:

Re: a zase Win 7 security 2012

Napsal: 19 led 2012 19:15
od ladad
Ano, pouzil a je to porad stejne.

Re: a zase Win 7 security 2012

Napsal: 19 led 2012 19:55
od vyosek
Dalsi skript pro ComboFix - postup stejny

Kód: Vybrat vše

KillAll::

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

Firefox::
FF - ProfilePath - c:\users\František\AppData\Roaming\Mozilla\Firefox\Profiles\j4qh3upm.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - 

DDS::
uStart Page =
uLocal Page = c:\windows\system32\blank.htm
mStart Page =
mLocal Page = 

SecCenter::
AV: avast! antivirus *Enabled/Outdated* {C37D8F93-0602-E43C-40AA-47DAD597F308}
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: avast! antivirus *Enabled/Outdated* {781C6E77-2038-EBB2-7A1A-7CA8AE10B9B5}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

Reboot::
:arrow: Nainstalujte Avast a at je jedinym bezpecnostnim SW v PC

Re: a zase Win 7 security 2012

Napsal: 20 led 2012 14:39
od ladad
Dobre udelam, ale az v pondeli se dostanu k tomu PC. Lada

Re: a zase Win 7 security 2012

Napsal: 20 led 2012 20:51
od vyosek
Oki :)

Re: a zase Win 7 security 2012

Napsal: 23 led 2012 11:41
od ladad
Combofix pise, ze je script spatne hlaskovany. Avast nainstaluji az potom, aby ted neblokoval combofix. Lada

Re: a zase Win 7 security 2012

Napsal: 23 led 2012 13:35
od vyosek
Musi se jmenovat CFScript.txt asi mate tedy nekde chybu :?:

Re: a zase Win 7 security 2012

Napsal: 23 led 2012 14:16
od ladad
OMLOUVAM SE

ComboFix 12-01-23.02 - František 23.01.2012 13:53:42.6.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.4091.3059 [GMT 1:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-12-23 do 2012-01-23 )))))))))))))))))))))))))))))))
.
.
2012-01-23 12:58 . 2012-01-23 12:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-23 10:13 . 2011-11-28 18:01 256960 ----a-w- c:\windows\system32\aswBoot.exe
2012-01-23 10:12 . 2012-01-23 10:24 -------- d-----w- c:\programdata\AVAST Software
2012-01-23 10:12 . 2012-01-23 10:12 -------- d-----w- c:\program files\AVAST Software
2012-01-22 09:17 . 2012-01-17 03:39 8602168 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C4F5C1A9-D509-4E26-B57C-2A532547D6A6}\mpengine.dll
2012-01-19 11:21 . 2012-01-19 11:21 0 ---ha-w- c:\users\František\AppData\Local\BITC3EA.tmp
2012-01-19 11:03 . 2012-01-19 11:03 1788 ----a-w- C:\FixitRegBackup.reg
2012-01-19 10:58 . 2012-01-19 10:58 -------- d--h--w- c:\programdata\Common Files
2012-01-19 10:58 . 2012-01-23 10:11 -------- d-----w- c:\programdata\MFAData
2012-01-18 10:57 . 2012-01-19 12:19 -------- d-----w- c:\users\František\AppData\Local\Diagnostics
2012-01-16 12:01 . 2012-01-16 12:01 -------- d-----w- c:\program files (x86)\Loaris
2012-01-16 06:58 . 2012-01-23 12:51 -------- d-----w- C:\Nová složka
2012-01-16 06:56 . 2012-01-16 06:56 -------- d-----w- C:\_OTL
2012-01-16 06:18 . 2012-01-16 06:18 512 ----a-w- C:\PhysicalMBR.bin
2012-01-11 14:11 . 2011-10-26 05:25 1572864 ----a-w- c:\windows\system32\quartz.dll
2012-01-11 14:11 . 2011-10-26 04:32 1328128 ----a-w- c:\windows\SysWow64\quartz.dll
2012-01-11 14:11 . 2011-10-26 05:25 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-01-11 14:11 . 2011-10-26 04:32 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-01-11 14:11 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-01-11 14:11 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-01-11 14:11 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-01-11 14:11 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-19 11:21 . 2012-01-19 11:21 0 ---ha-w- c:\users\František\AppData\Local\BITC3EA.tmp
2012-01-19 11:21 . 2012-01-19 11:21 0 ---ha-w- c:\users\František\AppData\Local\BITC3EA.tmp
2011-11-24 04:52 . 2011-12-14 13:11 3145216 ----a-w- c:\windows\system32\win32k.sys
2011-11-17 06:35 . 2012-01-11 19:05 340992 ----a-w- c:\windows\system32\schannel.dll
2011-11-17 05:34 . 2012-01-11 19:05 224768 ----a-w- c:\windows\SysWow64\schannel.dll
2011-11-15 13:29 . 2010-01-13 16:43 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-11-05 05:41 . 2011-12-14 13:13 1188864 ----a-w- c:\windows\system32\wininet.dll
2011-11-05 05:32 . 2011-12-14 13:11 2048 ----a-w- c:\windows\system32\tzres.dll
2011-11-05 04:35 . 2011-12-14 13:13 981504 ----a-w- c:\windows\SysWow64\wininet.dll
2011-11-05 04:26 . 2011-12-14 13:11 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2011-11-05 03:32 . 2011-12-14 13:13 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-11-05 02:48 . 2011-12-14 13:13 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-10-26 05:21 . 2011-12-14 13:13 43520 ----a-w- c:\windows\system32\csrsrv.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-18_06.08.10 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 04:54 . 2012-01-23 10:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-14 08:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-14 08:46 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-23 10:16 98304 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-14 08:46 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-23 10:16 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-08-22 05:15 . 2012-01-23 12:51 56260 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-23 12:51 47760 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-01-12 18:08 . 2012-01-23 12:51 17190 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3688296639-856451023-1152358436-1000_UserData.bin
+ 2010-01-12 09:03 . 2012-01-18 07:46 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 09:03 . 2012-01-17 07:13 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-01-18 07:46 . 2012-01-18 07:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-17 07:13 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-18 07:46 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-26 15:55 . 2012-01-23 12:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-02-26 15:55 . 2012-01-18 05:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:46 . 2012-01-13 13:03 93904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2009-07-14 04:46 . 2012-01-23 12:58 93904 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2010-02-26 15:55 . 2012-01-23 12:52 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-26 15:55 . 2012-01-18 05:59 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-02-26 15:55 . 2012-01-18 05:59 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-26 15:55 . 2012-01-23 12:52 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 18:04 . 2012-01-23 12:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 18:04 . 2012-01-18 06:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-01-12 18:04 . 2012-01-18 06:04 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-01-12 18:04 . 2012-01-23 12:58 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-02-17 18:10 . 2012-01-19 11:20 1604 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-01-19 11:18 . 2012-01-19 11:18 9560 c:\windows\system32\NetworkList\Icons\{E5EE6924-BE4E-4EC7-BC43-223EF71C6A07}_48.bin
+ 2012-01-19 11:18 . 2012-01-19 11:18 4280 c:\windows\system32\NetworkList\Icons\{E5EE6924-BE4E-4EC7-BC43-223EF71C6A07}_32.bin
+ 2012-01-19 11:18 . 2012-01-19 11:18 2456 c:\windows\system32\NetworkList\Icons\{E5EE6924-BE4E-4EC7-BC43-223EF71C6A07}_24.bin
+ 2012-01-23 12:59 . 2012-01-23 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-18 05:56 . 2012-01-18 05:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-23 12:59 . 2012-01-23 12:59 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-18 05:56 . 2012-01-18 05:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-01-14 17:47 . 2012-01-23 06:18 283284 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 02:36 . 2012-01-23 12:57 619146 c:\windows\system32\perfh009.dat
+ 2009-10-16 13:13 . 2012-01-23 12:57 634780 c:\windows\system32\perfh005.dat
+ 2009-07-14 02:36 . 2012-01-23 12:57 107466 c:\windows\system32\perfc009.dat
+ 2009-10-16 13:13 . 2012-01-23 12:57 123338 c:\windows\system32\perfc005.dat
+ 2009-07-14 05:01 . 2012-01-23 12:58 355148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-17 12:48 355148 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-01-19 12:28 . 2012-01-22 15:35 355916 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3688296639-856451023-1152358436-1000-8192.dat
+ 2009-07-12 11:16 . 2009-07-12 11:16 223232 c:\windows\Installer\77497.msi
- 2009-07-14 04:45 . 2012-01-12 16:44 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
+ 2009-07-14 04:45 . 2012-01-23 10:33 7162691 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\tokens.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:18 120104 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Global Registration"="c:\program files (x86)\Acer\Registration\GREG.exe" [2009-07-31 2844704]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-08-22 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2009-08-21 261888]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe" [2009-08-04 199464]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2009-08-27 1194504]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-08-01 128296]
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe" [2009-08-05 181480]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-7-18 1079584]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer6"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 NTIBackupSvc;NTI Backup Now 5 Backup Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe [2009-06-18 50432]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RtsUIR;Realtek IR Driver;c:\windows\system32\DRIVERS\Rts516xIR.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2009-08-06 844320]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-06-04 1150496]
S2 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-08-07 311592]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2009-08-21 62720]
S2 NTISchedulerSvc;NTI Backup Now 5 Scheduler Service;c:\program files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe [2009-06-18 144640]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-08-07 09:19 137512 ----a-w- c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-08-07 349480]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 16334880]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-08-06 8060960]
"PLFSetI"="c:\windows\PLFSetI.exe" [2009-10-16 200704]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2009-08-06 828960]
.
------- Doplňkový sken -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~2\Office12\EXCEL.EXE/3000
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.2.10
TCP: Interfaces\{A735C4CC-BDB8-4FFE-87F9-ED108BBC3F9D}: NameServer = 194.228.41.65,194.228.41.113
TCP: Interfaces\{DEEE12E0-3A39-4EA7-854A-DF3C9FB965E5}: NameServer = 10.107.4.100,10.107.4.129
FF - ProfilePath - c:\users\František\AppData\Roaming\Mozilla\Firefox\Profiles\fisma2eu.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Celkový čas: 2012-01-23 14:03:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-01-23 13:03
ComboFix2.txt 2012-01-23 10:35
ComboFix3.txt 2012-01-23 10:03
ComboFix4.txt 2012-01-18 10:24
ComboFix5.txt 2012-01-23 10:37
.
Před spuštěním: Volných bajtů: 416 068 898 816
Po spuštění: Volných bajtů: 415 616 327 680
.
- - End Of File - - 1E2DA3B9ECEAFB097E4B22697EF44344

Re: a zase Win 7 security 2012

Napsal: 23 led 2012 21:11
od vyosek
Jak se chova nas pacient :???:

Re: a zase Win 7 security 2012

Napsal: 24 led 2012 06:09
od ladad
PC nejevi zadne znamky infekce (neseka se, neodkazuje na zadne stranky), tak se zda OK. Potom nainstaluji ten Avast. Lada

Re: a zase Win 7 security 2012

Napsal: 24 led 2012 09:59
od vyosek
:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner (viz muj podpis)
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Nainstalujte Avast Free http://www.avast.com/cs-cz/free-antivirus-download

:arrow: Dejte novy log z RSIT
Všechny časy jsou v UTC+01:00
Stránka 2 z 3

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz