Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 16:31
Restart -> F8 -> Poslední známá funkční konfigurace 
Stránka 2 z 3
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 16:33
jeste nez to zkusim, po stisku vypinaciho tlacitka se zobrazi v normalnim rezimu plocha s ikonamu, v nouzovem se ntb vypne, zkusim rkiil+combofix, muzu?
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 16:43
tak posledni fcni zobrazi plochu a ikony, po chvili zmizi, po stisku vypinaciho tlac. se zobrazi plocha i ikony, zrusim restart mem plochu i ikony, blokovaci obrazovka se zatim nezobrazila...
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 16:47
Tak v jakém stavu je ten tvůj plecháček v této době? - jsi v Normálním + Plocha + Ikony
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 16:52
ano, plocha+ikony+normalni
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 16:54
Zkusíš znovu ComboFix nebo mám uklízet?
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 16:57
zkusim, jen nerozumim tomu uklizet....
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 17:11
uklízet = zametat po sobě stopy 
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 17:23
combofix uz bezi cca pul hodiny' zmizeli ikony, obcas zavrni disk mam to nechat bezet.... dalsi postup je asi cista instalace, ze?
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 17:29
vidíš modré okno CF kde probíhají jednotivé Stage (do 50)
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 17:31
ne, jen plochu bez ikon....
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 17:36
uz se objevilo modre okno cf a maze skodlive soubory...
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 18:06
cf ukoncil cinnost, mam log, ale nefunguji zadne programy, klic registru je oznacen ke zruseni...
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 18:09
cernohous13 píše:Pokud vyskočí hláška "Pokus použít neplatnou operaci na klíč registru, který je označen pro odstranění", tak jen restartuj PC - registr se dá do kupy
Re: Zablokování PC - Policie ČR
Napsal: 23 pro 2012 18:37
díky moc za čas v tomto předvánočním shonu
zde je log z CF
ComboFix 12-12-22.02 - Karel 23.12.2012 16:52:51.9.4 - x86
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Karel\wgsdgsdgdsgsd.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-23 do 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 16:38 . 2012-12-23 16:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-23 16:38 . 2012-12-23 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 16:37 . 2012-12-23 16:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-23 16:37 . 2012-12-23 16:37 -------- d-----w- c:\users\administrator.FUL\AppData\Local\temp
2012-12-23 15:53 . 2012-12-23 15:53 2936 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-23 06:48 . 2012-12-23 06:48 -------- d-----w- c:\program files\trend micro
2012-12-23 06:46 . 2012-12-23 06:48 -------- d-----w- C:\rsit
2012-12-22 18:55 . 2012-12-22 21:09 -------- d-----w- c:\users\Karel\AppData\Roaming\vlc
2012-12-22 18:53 . 2012-12-22 18:53 -------- d-----w- c:\program files\VideoLAN
2012-11-28 17:16 . 2012-11-28 17:16 -------- d-----w- c:\program files\Common Files\Skype
2012-11-28 17:16 . 2012-11-28 17:16 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 09:11 . 2012-08-21 18:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 09:11 . 2012-08-21 18:39 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 09:53 . 2012-11-13 09:53 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-11-13 09:53 . 2012-11-13 09:53 380848 ----a-w- c:\windows\system32\sysfer.dll
2012-11-13 09:53 . 2012-11-13 09:53 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2012-11-13 09:53 . 2012-07-25 11:43 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2012-11-13 09:53 . 2012-07-25 11:43 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-11-13 09:53 . 2012-07-25 11:43 241584 ----a-w- c:\windows\system32\SymVPN.dll
2012-11-13 09:51 . 2012-07-25 11:43 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-16 08:11 . 2012-10-16 08:11 759416 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\SymEFA.sys
2012-10-16 08:11 . 2012-10-16 08:11 522872 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\srtsp.sys
2012-10-16 08:11 . 2012-10-16 08:11 340088 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\SymDS.sys
2012-10-16 08:11 . 2012-10-16 08:11 31864 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\srtspx.sys
2012-10-16 08:11 . 2012-10-16 08:11 299640 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\symnets.sys
2012-10-16 08:11 . 2012-10-16 08:11 137336 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\Ironx86.sys
2012-10-07 06:45 . 2012-10-07 06:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 06:45 . 2012-07-26 10:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 21:16 . 2012-10-18 14:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-05 17:29 . 2012-12-05 17:29 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-19 16:17 220608 ----a-w- c:\users\Karel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-19 16:17 220608 ----a-w- c:\users\Karel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AreaGuard]
@="{3160ced0-4995-11d3-bb8d-0000b4363fe6}"
[HKEY_CLASSES_ROOT\CLSID\{3160ced0-4995-11d3-bb8d-0000b4363fe6}]
2011-03-21 16:29 1536000 ----a-w- c:\windows\System32\AGEXT.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-06-07 09:24 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CapsHook"="AsusSender.exe" [2010-03-02 29184]
"HotkeyMon"="AsusSender.exe" [2010-03-02 29184]
"HotkeyService"="AsusSender.exe" [2010-03-02 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-02 29184]
"iSeriesCharge"="c:\program files\ASUS\USBChargeSetting\iSeriesCharge.exe" [2010-06-10 49072]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SAGCTRL"="SAGCTRL.EXE" [2010-11-08 98304]
"AGWorkConfig"="AGWCFG.EXE" [2011-03-21 393216]
.
c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\program files\BoxCryptor\BoxCryptor.exe [2012-6-22 1288264]
runctf.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-16 828704]
JonDo.lnk - c:\program files\JonDo\JonDo.exe [2010-8-30 54784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AGServ]
2011-03-21 17:02 319488 ----a-w- c:\windows\System32\AGSERV.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 IDSVix86;IDSVix86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20121109.001\IDSVix86.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BIFLAK;BIFLAK;c:\pcinfo\biflak.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\SyDvCtrl32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 SAG;AreaGuard File System;c:\windows\System32\DRIVERS\sag.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20121029.013\BHDrvx86.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\Ironx86.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AreaGuard Service;AreaGuard Service;c:\windows\system32\sagsrv.exe [x]
S2 AreaGuard Token;AreaGuard Token Service;c:\windows\system32\sagsrv.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 09:11]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 10:39]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 10:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://nt2/intranet%5F/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: vsp.cz\isis
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\umkj46wj.default\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-11-11 19:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\umkj46wj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(8916)
c:\windows\system32\AGEXT.DLL
c:\windows\system32\AGSERV.dll
c:\windows\system32\AGCF.dll
c:\windows\system32\Sagdll.dll
c:\windows\system32\AGENCR32.dll
c:\windows\system32\UniToken.dll
c:\windows\system32\shfncdll.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sagctrl.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
.
**************************************************************************
.
Celkový čas: 2012-12-23 17:57:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-23 16:57
.
Před spuštěním: Volných bajtů: 47 703 961 600
Po spuštění: Volných bajtů: 50 820 751 360
.
- - End Of File - - 088C717F43080CA02EC6E7BC22113A3D
zde je log z CF
ComboFix 12-12-22.02 - Karel 23.12.2012 16:52:51.9.4 - x86
Spuštěný z: c:\users\Karel\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\dsgsdgdsgdsgw.pad
c:\users\Karel\wgsdgsdgdsgsd.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-11-23 do 2012-12-23 )))))))))))))))))))))))))))))))
.
.
2012-12-23 16:38 . 2012-12-23 16:38 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-23 16:38 . 2012-12-23 16:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-23 16:37 . 2012-12-23 16:37 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-12-23 16:37 . 2012-12-23 16:37 -------- d-----w- c:\users\administrator.FUL\AppData\Local\temp
2012-12-23 15:53 . 2012-12-23 15:53 2936 ----a-w- c:\programdata\dsgsdgdsgdsgw.js
2012-12-23 06:48 . 2012-12-23 06:48 -------- d-----w- c:\program files\trend micro
2012-12-23 06:46 . 2012-12-23 06:48 -------- d-----w- C:\rsit
2012-12-22 18:55 . 2012-12-22 21:09 -------- d-----w- c:\users\Karel\AppData\Roaming\vlc
2012-12-22 18:53 . 2012-12-22 18:53 -------- d-----w- c:\program files\VideoLAN
2012-11-28 17:16 . 2012-11-28 17:16 -------- d-----w- c:\program files\Common Files\Skype
2012-11-28 17:16 . 2012-11-28 17:16 -------- d-----r- c:\program files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 09:11 . 2012-08-21 18:39 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 09:11 . 2012-08-21 18:39 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-11-13 09:53 . 2012-11-13 09:53 92080 ----a-w- c:\windows\system32\drivers\SysPlant.sys
2012-11-13 09:53 . 2012-11-13 09:53 380848 ----a-w- c:\windows\system32\sysfer.dll
2012-11-13 09:53 . 2012-11-13 09:53 10672 ----a-w- c:\windows\system32\sysferThunk.dll
2012-11-13 09:53 . 2012-07-25 11:43 76208 ----a-w- c:\windows\system32\FwsVpn.dll
2012-11-13 09:53 . 2012-07-25 11:43 32208 ----a-w- c:\windows\system32\drivers\WGX.SYS
2012-11-13 09:53 . 2012-07-25 11:43 241584 ----a-w- c:\windows\system32\SymVPN.dll
2012-11-13 09:51 . 2012-07-25 11:43 141944 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2012-10-16 08:11 . 2012-10-16 08:11 759416 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\SymEFA.sys
2012-10-16 08:11 . 2012-10-16 08:11 522872 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\srtsp.sys
2012-10-16 08:11 . 2012-10-16 08:11 340088 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\SymDS.sys
2012-10-16 08:11 . 2012-10-16 08:11 31864 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\srtspx.sys
2012-10-16 08:11 . 2012-10-16 08:11 299640 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\symnets.sys
2012-10-16 08:11 . 2012-10-16 08:11 137336 ----a-w- c:\windows\system32\drivers\SEP\0C01044D\0191.105\x86\Ironx86.sys
2012-10-07 06:45 . 2012-10-07 06:46 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-07 06:45 . 2012-07-26 10:12 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-24 21:16 . 2012-10-18 14:25 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-05 17:29 . 2012-12-05 17:29 262112 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2012-11-19 16:17 220608 ----a-w- c:\users\Karel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2012-11-19 16:17 220608 ----a-w- c:\users\Karel\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AreaGuard]
@="{3160ced0-4995-11d3-bb8d-0000b4363fe6}"
[HKEY_CLASSES_ROOT\CLSID\{3160ced0-4995-11d3-bb8d-0000b4363fe6}]
2011-03-21 16:29 1536000 ----a-w- c:\windows\System32\AGEXT.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EldosIconOverlay]
@="{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}"
[HKEY_CLASSES_ROOT\CLSID\{5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC}]
2012-06-07 09:24 158224 ----a-w- c:\windows\System32\CbFsMntNtf3.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-07-20 13:17 556376 ------w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2012-11-08 16070136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-27 9177632]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"NUSB3MON"="c:\program files\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-01-22 106496]
"UCam_Menu"="c:\program files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"CapsHook"="AsusSender.exe" [2010-03-02 29184]
"HotkeyMon"="AsusSender.exe" [2010-03-02 29184]
"HotkeyService"="AsusSender.exe" [2010-03-02 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-02 29184]
"iSeriesCharge"="c:\program files\ASUS\USBChargeSetting\iSeriesCharge.exe" [2010-06-10 49072]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-10-25 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-10-25 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-10-25 150552]
"Print2PDF Print Monitor"="c:\program files\Software602\Print2PDF\Print2PDF.exe" [2010-12-03 141368]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SAGCTRL"="SAGCTRL.EXE" [2010-11-08 98304]
"AGWorkConfig"="AGWCFG.EXE" [2011-03-21 393216]
.
c:\users\Karel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
BoxCryptor.lnk - c:\program files\BoxCryptor\BoxCryptor.exe [2012-6-22 1288264]
runctf.lnk - c:\windows\System32\rundll32.exe [2009-7-14 44544]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-4-16 828704]
JonDo.lnk - c:\program files\JonDo\JonDo.exe [2010-8-30 54784]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"DisableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\AGServ]
2011-03-21 17:02 319488 ----a-w- c:\windows\System32\AGSERV.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 IDSVix86;IDSVix86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\IPSDefs\20121109.001\IDSVix86.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 BIFLAK;BIFLAK;c:\pcinfo\biflak.sys [x]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 SyDvCtrl;SyDvCtrl;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\SyDvCtrl32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 SAG;AreaGuard File System;c:\windows\System32\DRIVERS\sag.sys [x]
S0 SymDS;Symantec Data Store;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMDS.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMEFA.SYS [x]
S1 BHDrvx86;BHDrvx86;c:\programdata\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Data\Definitions\BASHDefs\20121029.013\BHDrvx86.sys [x]
S1 cbfs3;cbfs3;c:\windows\system32\drivers\cbfs3.sys [x]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\Ironx86.SYS [x]
S1 SYMNETS;Symantec Network Security WFP Driver;c:\windows\system32\Drivers\SEP\0C01044D\0191.105\x86\SYMNETS.SYS [x]
S2 602XML Updater;602Updater;c:\program files\Common Files\soft602\602updsvc\602updsvc.exe [x]
S2 AreaGuard Service;AreaGuard Service;c:\windows\system32\sagsrv.exe [x]
S2 AreaGuard Token;AreaGuard Token Service;c:\windows\system32\sagsrv.exe [x]
S2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [x]
S2 SepMasterService;Symantec Endpoint Protection;c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe [x]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2012-12-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-21 09:11]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 10:39]
.
2012-12-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-01-07 10:39]
.
.
------- Doplňkový sken -------
.
uStart Page = hxxp://nt2/intranet%5F/
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
Trusted Zone: vsp.cz\isis
FF - ProfilePath - c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\umkj46wj.default\
FF - prefs.js: network.proxy.type - 4
FF - ExtSQL: 2012-11-11 19:30; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Karel\AppData\Roaming\Mozilla\Firefox\Profiles\umkj46wj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
Notify-SEP - c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\WinLogoutNotifier.dll
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SepMasterService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\ccSvcHst.exe\" /s \"Symantec Endpoint Protection\" /m \"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\sms.dll\" /prefetch:1"
--
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\SmcService]
"ImagePath"="\"c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe\" /prefetch:1"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\CurrentVersion]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------
.
- - - - - - - > 'winlogon.exe'(648)
c:\windows\system32\CbFsNetRdr3.dll
.
- - - - - - - > 'Explorer.exe'(8916)
c:\windows\system32\AGEXT.DLL
c:\windows\system32\AGSERV.dll
c:\windows\system32\AGCF.dll
c:\windows\system32\Sagdll.dll
c:\windows\system32\AGENCR32.dll
c:\windows\system32\UniToken.dll
c:\windows\system32\shfncdll.dll
c:\windows\system32\CbFsMntNtf3.dll
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\Symantec\Symantec Endpoint Protection\12.1.1101.401.105\Bin\Smc.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\sagctrl.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\EeePC\HotkeyService\HotKeyMon.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\windows\system32\igfxsrvc.exe
c:\program files\EeePC\HotkeyService\HotkeyService.exe
.
**************************************************************************
.
Celkový čas: 2012-12-23 17:57:40 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-12-23 16:57
.
Před spuštěním: Volných bajtů: 47 703 961 600
Po spuštění: Volných bajtů: 50 820 751 360
.
- - End Of File - - 088C717F43080CA02EC6E7BC22113A3D