VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

securitytool - combofix nejde

https://forum.viry.cz:443/viewtopic.php?t=107180

Stránka 1 z 1

securitytool - combofix nejde

Napsal: 03 pro 2010 11:06
od yakub
Dostal se mi do rukou notebook s windows7 a timto spyware.
V nouzaku jsem odmazal ten exac, aby se mi nespoustel, ale ted nevim jak vycistit, protoze veskere programky zde doporucene mi pod win7 neslapou. Prosim o radu

Re: securitytool - combofix nejde

Napsal: 03 pro 2010 17:20
od Rudy
V nouz. režimu zkuste spustit Rkill: http://www.bleepingcomputer.com/forums/topic308364.html . PC nerestartujte a použijte ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dejte log.

Re: securitytool - combofix nejde

Napsal: 08 pro 2010 15:07
od yakub
omlouvam se za zdrzeni, uzivatel se nechtel vzdat notebooku :-))


ComboFix 10-12-07.04 - spravce 08.12.2010 14:56:37.1.4 - x86
Microsoft Windows 7 Professional 6.1.7600.0.1250.420.1029.18.2998.2025 [GMT 1:00]
Spuštěný z: F:\ComboFix.exe
* Vytvořen nový Bod Obnovení
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\programdata\Microsoft\Network\Downloader\qmgr0.dat
c:\programdata\Microsoft\Network\Downloader\qmgr1.dat
c:\windows\system32\sqlite3.dll

----- BITS: Možné infikované stránky -----

hxxp://exch1.praha2.p2.mepnet.cz
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-11-08 do 2010-12-08 )))))))))))))))))))))))))))))))
.

2010-12-08 13:59 . 2010-12-08 13:59 -------- d-----w- c:\users\spravce\AppData\Local\temp
2010-12-08 13:59 . 2010-12-08 13:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-02 11:23 . 2010-12-02 11:23 -------- d-----w- c:\programdata\boost_interprocess
2010-11-24 16:46 . 2010-10-19 08:10 7680 ----a-w- c:\program files\Internet Explorer\iecompat.dll
2010-11-19 07:48 . 2010-11-19 07:48 -------- d-----w- c:\programdata\Hewlett-Packard
2010-11-12 13:10 . 2010-02-11 07:10 293376 ----a-w- c:\windows\system32\browserchoice.exe
2010-11-12 11:43 . 2009-07-14 01:15 90624 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\HPZPPWN7.DLL
2010-11-12 11:41 . 2010-11-12 11:41 -------- d-----w- c:\windows\system32\Wave Systems Corp
2010-11-12 02:01 . 2009-11-25 11:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-11-12 02:01 . 2009-11-25 11:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-11-12 02:01 . 2009-11-25 11:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-11-12 02:01 . 2009-11-25 11:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-11-12 02:01 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-11-12 02:00 . 2010-11-12 02:00 -------- d-----w- c:\windows\system32\Wat
2010-11-11 10:45 . 2010-08-21 05:36 738816 ----a-w- c:\windows\system32\wmpmde.dll
2010-11-11 09:50 . 2010-11-11 09:50 -------- d-----w- c:\program files\MSXML 4.0
2010-11-11 08:31 . 2010-11-11 09:56 -------- d-----w- c:\program files\BackSave
2010-11-11 08:31 . 2010-11-11 09:56 -------- d-----w- c:\program files\Info
2010-11-11 08:31 . 2010-11-11 08:31 73216 ----a-w- c:\windows\ST6UNST.EXE
2010-11-09 15:18 . 2010-11-11 09:56 -------- d-----w- c:\program files\Common Files\Adobe
2010-11-09 13:56 . 2010-11-09 13:56 -------- d-----w- c:\program files\Oracle
2010-11-09 13:32 . 2010-11-09 13:32 -------- d-----w- c:\windows\PCHEALTH
2010-11-09 13:32 . 2010-11-09 13:32 -------- d-----w- c:\program files\Microsoft.NET
2010-11-09 13:30 . 2010-11-09 13:30 -------- d-----w- c:\program files\Microsoft Analysis Services
2010-11-09 13:30 . 2010-11-12 13:10 -------- d-----w- c:\programdata\Microsoft Help
2010-11-09 13:30 . 2010-11-11 09:54 -------- d-----r- C:\MSOCache
2010-11-09 13:23 . 2010-11-11 10:04 -------- d-----w- c:\users\spravce.PRAHA2
2010-11-09 13:21 . 2010-11-11 09:58 -------- d-----w- c:\users\jechovak

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-08 08:09 . 2010-10-23 19:52 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-11-12 11:47 . 2010-11-03 09:53 167936 ----a-w- c:\windows\system32\drivers\wpshelper.sys
2010-11-09 13:09 . 2010-11-03 09:24 0 ----a-w- c:\users\spravce\AppData\Local\WavXMapDrive.bat
2010-11-03 09:52 . 2010-11-03 09:52 125488 ----a-w- c:\windows\system32\drivers\SYMEVENT.SYS
2010-10-23 22:39 . 2010-10-23 22:39 190976 ----a-w- c:\windows\system32\drivers\ks.sys
2010-10-23 22:39 . 2010-10-23 22:39 146304 ----a-w- c:\windows\system32\drivers\usbvideo.sys
2010-10-23 22:39 . 2010-10-23 22:39 95744 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2010-10-23 22:39 . 2010-10-23 22:39 41984 ----a-w- c:\windows\system32\drivers\usbehci.sys
2010-10-23 22:39 . 2010-10-23 22:39 35840 ----a-w- c:\windows\system32\drivers\winusb.sys
2010-10-23 22:39 . 2010-10-23 22:39 258560 ----a-w- c:\windows\system32\drivers\usbhub.sys
2010-10-23 22:39 . 2010-10-23 22:39 221696 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2010-10-23 22:39 . 2010-10-23 22:39 123392 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2010-10-23 22:39 . 2010-10-23 22:39 91648 ----a-w- c:\windows\system32\avifil32.dll
2010-10-23 22:39 . 2010-10-23 22:39 84480 ----a-w- c:\windows\system32\mciavi32.dll
2010-10-23 22:39 . 2010-10-23 22:39 82944 ----a-w- c:\windows\system32\iccvid.dll
2010-10-23 22:39 . 2010-10-23 22:39 70656 ----a-w- c:\windows\system32\fontsub.dll
2010-10-23 22:39 . 2010-10-23 22:39 50176 ----a-w- c:\windows\system32\iyuv_32.dll
2010-10-23 22:39 . 2010-10-23 22:39 3955080 ----a-w- c:\windows\system32\ntkrnlpa.exe
2010-10-23 22:39 . 2010-10-23 22:39 3899784 ----a-w- c:\windows\system32\ntoskrnl.exe
2010-10-23 22:39 . 2010-10-23 22:39 34816 ----a-w- c:\windows\system32\msasn1.dll
2010-10-23 22:39 . 2010-10-23 22:39 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-10-23 22:39 . 2010-10-23 22:39 31744 ----a-w- c:\windows\system32\msvidc32.dll
2010-10-23 22:39 . 2010-10-23 22:39 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-10-23 22:39 . 2010-10-23 22:39 285696 ----a-w- c:\windows\system32\winlogon.exe
2010-10-23 22:39 . 2010-10-23 22:39 2614272 ----a-w- c:\windows\explorer.exe
2010-10-23 22:39 . 2010-10-23 22:39 257024 ----a-w- c:\windows\system32\msv1_0.dll
2010-10-23 22:39 . 2010-10-23 22:39 22016 ----a-w- c:\windows\system32\msyuv.dll
2010-10-23 22:39 . 2010-10-23 22:39 197632 ----a-w- c:\windows\system32\ir32_32.dll
2010-10-23 22:39 . 2010-10-23 22:39 13312 ----a-w- c:\windows\system32\msrle32.dll
2010-10-23 22:39 . 2010-10-23 22:39 1328640 ----a-w- c:\windows\system32\quartz.dll
2010-10-23 22:39 . 2010-10-23 22:39 1286016 ----a-w- c:\windows\system32\drivers\tcpip.sys
2010-10-23 22:39 . 2010-10-23 22:39 12288 ----a-w- c:\windows\system32\tsbyuv.dll
2010-10-23 22:39 . 2010-10-23 22:39 133720 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2010-10-23 22:39 . 2010-10-23 22:39 1037312 ----a-w- c:\windows\system32\lsasrv.dll
2010-10-23 22:39 . 2010-10-23 22:39 427520 ----a-w- c:\windows\system32\vbscript.dll
2010-10-23 22:39 . 2010-10-23 22:39 163840 ----a-w- c:\windows\system32\drivers\1394ohci.sys
2010-10-23 22:39 . 2010-10-23 22:39 465408 ----a-w- c:\windows\system32\psisdecd.dll
2010-10-23 22:39 . 2010-10-23 22:39 292864 ----a-w- c:\windows\system32\apphelp.dll
2010-10-23 22:39 . 2010-10-23 22:39 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-10-23 22:39 . 2010-10-23 22:39 85504 ----a-w- c:\windows\system32\secproc_ssp_isv.dll
2010-10-23 22:39 . 2010-10-23 22:39 85504 ----a-w- c:\windows\system32\secproc_ssp.dll
2010-10-23 22:39 . 2010-10-23 22:39 740864 ----a-w- c:\windows\system32\inetcomm.dll
2010-10-23 22:39 . 2010-10-23 22:39 369152 ----a-w- c:\windows\system32\secproc.dll
2010-10-23 22:39 . 2010-10-23 22:39 365568 ----a-w- c:\windows\system32\secproc_isv.dll
2010-10-23 22:39 . 2010-10-23 22:39 324608 ----a-w- c:\windows\system32\RMActivate_isv.exe
2010-10-23 22:39 . 2010-10-23 22:39 320512 ----a-w- c:\windows\system32\RMActivate.exe
2010-10-23 22:39 . 2010-10-23 22:39 280064 ----a-w- c:\windows\system32\RMActivate_ssp.exe
2010-10-23 22:39 . 2010-10-23 22:39 277504 ----a-w- c:\windows\system32\RMActivate_ssp_isv.exe
2010-10-23 22:39 . 2010-10-23 22:39 728648 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2010-10-23 22:39 . 2010-10-23 22:39 507568 ----a-w- c:\windows\system32\winload.exe
2010-10-23 22:39 . 2010-10-23 22:39 442920 ----a-w- c:\windows\system32\winresume.exe
2010-10-23 22:39 . 2010-10-23 22:39 37376 ----a-w- c:\windows\system32\rtutils.dll
2010-10-23 22:39 . 2010-10-23 22:39 1320960 ----a-w- c:\windows\system32\CertEnroll.dll
2010-10-23 22:39 . 2010-10-23 22:39 12800 ----a-w- c:\windows\system32\drivers\sffp_sd.sys
2010-10-23 22:39 . 2010-10-23 22:39 67584 ----a-w- c:\windows\system32\asycfilt.dll
2010-10-23 22:39 . 2010-10-23 22:39 172032 ----a-w- c:\windows\system32\wintrust.dll
2010-10-23 22:39 . 2010-10-23 22:39 132608 ----a-w- c:\windows\system32\cabview.dll
2010-10-23 22:39 . 2010-10-23 22:39 1233920 ----a-w- c:\windows\system32\msxml3.dll
2010-10-23 22:39 . 2010-10-23 22:39 93696 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2010-10-23 22:39 . 2010-10-23 22:39 86528 ----a-w- c:\windows\system32\isoburn.exe
2010-10-23 22:39 . 2010-10-23 22:39 67584 ----a-w- c:\windows\system32\WUDFSvc.dll
2010-10-23 22:39 . 2010-10-23 22:39 573440 ----a-w- c:\windows\system32\WUDFx.dll
2010-10-23 22:39 . 2010-10-23 22:39 514560 ----a-w- c:\windows\system32\qdvd.dll
2010-10-23 22:39 . 2010-10-23 22:39 488448 ----a-w- c:\windows\system32\evr.dll
2010-10-23 22:39 . 2010-10-23 22:39 39936 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2010-10-23 22:39 . 2010-10-23 22:39 3177472 ----a-w- c:\windows\system32\mf.dll
2010-10-23 22:39 . 2010-10-23 22:39 292864 ----a-w- c:\windows\system32\mfds.dll
2010-10-23 22:39 . 2010-10-23 22:39 27736 ----a-w- c:\windows\system32\drivers\msahci.sys
2010-10-23 22:39 . 2010-10-23 22:39 246784 ----a-w- c:\windows\system32\drivers\udfs.sys
2010-10-23 22:39 . 2010-10-23 22:39 197632 ----a-w- c:\windows\system32\WUDFHost.exe
2010-10-23 22:39 . 2010-10-23 22:39 163328 ----a-w- c:\windows\system32\WUDFPlatform.dll
2010-10-23 22:39 . 2010-10-23 22:39 132352 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\EnabledUnlockedFDEIconOverlay]
@="{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}"
[HKEY_CLASSES_ROOT\CLSID\{30D3C2AF-9709-4D05-9CF4-13335F3C1E4A}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UninitializedFdeIconOverlay]
@="{CF08DA3E-C97D-4891-A66B-E39B28DD270F}"
[HKEY_CLASSES_ROOT\CLSID\{CF08DA3E-C97D-4891-A66B-E39B28DD270F}]
2010-03-29 17:45 62832 ----a-w- c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-05-13 288112]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2010-05-26 495708]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-04-26 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-04-26 175640]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-04-26 169496]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-03-04 284696]
"FreeFallProtection"="c:\program files\STMicroelectronics\AccelerometerP11\FF_Protection.exe" [2010-07-28 727664]
"PNMService"="c:\program files\Intel\IntelPNM\PNMService.exe" [2010-01-21 400896]
"WavXMgr"="c:\program files\Wave Systems Corp\Services Manager\Docmgr\bin\WavXDocMgr.exe" [2010-07-21 147840]
"USCService"="c:\program files\Dell\Dell ControlPoint\Security Manager\BcmDeviceAndTaskStatusService.exe" [2010-06-22 34232]
"Dell Webcam Central"="c:\program files\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" [2010-03-12 462993]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2010-09-06 115560]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 828704]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1458032]
Switchboard.lnk - d:\program files\Switchboard\switchboard.exe [2008-5-31 1054208]
TdmNotify.lnk - c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmNotify.exe [2010-3-29 132456]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccEvtMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ccSetMgr]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Symantec Antivirus]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

R2 DvmMDES;DeviceVM Meta Data Export Service;d:\program files\Dell\Reader 2.1\DVMExportService.exe [x]
R2 IAStorDataMgrSvc;Úložná technologie Intel(R) Rapid;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-03-04 13336]
R3 CtAudDrv;Provides advanced audio effects for audio devices.;c:\windows\system32\Drivers\CtAudDrv.sys [2009-05-28 134144]
R3 d554gps;Dell Wireless HSPA Mini-Card GPS Port;c:\windows\system32\DRIVERS\d554gps.sys [2010-01-26 82984]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
R3 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe86.sys [2010-03-21 48640]
R3 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe86.sys [2010-03-21 38912]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2010-11-12 1343400]
R3 WSDPrintDevice;Podpora tisku WSD prostřednictvím funkce UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 17920]
S0 stdcfltn;Disk Class Filter Driver for Accelerometer;c:\windows\system32\DRIVERS\stdcfltn.sys [2010-07-09 17648]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\aestsrv.exe [2010-05-26 81920]
S2 Credential Vault Host Control Service;Credential Vault Host Control Service;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe [2010-03-24 812448]
S2 Credential Vault Host Storage;Credential Vault Host Storage;c:\program files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostStorageService.exe [2010-03-24 27040]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 388464]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe86.sys [2010-03-21 59904]
S2 WMCoreService;Mobile Broadband Service;c:\program files\Dell\Dell WWAN\WMCore\mini_WMCore.exe servicemode [x]
S3 Acceler;Accelerometer Service;c:\windows\system32\DRIVERS\Accelern.sys [2010-07-09 43888]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-01-11 274472]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-11 33320]
S3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [2009-09-16 144576]
S3 cvusbdrv;Dell ControlVault;c:\windows\system32\Drivers\cvusbdrv.sys [2009-10-30 33832]
S3 d554scard;Dell Wireless 5540 HSPA Mini-Card USIM Port;c:\windows\system32\DRIVERS\d554scard.sys [2010-01-26 47744]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k6232.sys [2010-04-06 224424]
S3 ecnssndis;Selective Suspend Enabler For NDIS device;c:\windows\system32\Drivers\wwanuss.sys [2010-03-03 23592]
S3 ecnssndisfltr;SSNDIS filter service;c:\windows\system32\Drivers\wwanussf.sys [2010-03-03 26152]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2010-11-26 102448]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 132480]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 232960]
S3 Mbm3CBus;Dell Wireless HSPA Mini-Card Device (WDM);c:\windows\system32\DRIVERS\Mbm3CBus.sys [2010-04-27 329160]
S3 Mbm3DevMt;Dell Wireless HSPA Mini-Card Device Management Driver (WDM);c:\windows\system32\DRIVERS\Mbm3DevMt.sys [2010-04-27 388552]
S3 Mbm3mdfl;Dell Wireless HSPA Mini-Card Modem Filter;c:\windows\system32\DRIVERS\Mbm3mdfl.sys [2010-04-27 14920]
S3 Mbm3Mdm;Dell Wireless HSPA Mini-Card Modem Driver;c:\windows\system32\DRIVERS\Mbm3Mdm.sys [2010-04-27 405320]
S3 NETwNs32;___ Ovladač adaptéru řady Intel(R) Wireless WiFi Link 5000 pro systém Windows 7 32 Bit;c:\windows\system32\DRIVERS\NETwNs32.sys [2010-07-14 6814720]
S3 WwanUsbServ;Ericsson WWAN Wireless Module Device Driver;c:\windows\system32\DRIVERS\WwanUsbMp.sys [2010-05-26 229928]


[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
.
------- Doplňkový sken -------
.
uStart Page = www.seznam.cz
uInternet Settings,ProxyServer = 10.33.10.33:3128
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~1\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~1\MICROS~1\Office14\ONBttnIE.dll/105
IE: Odeslat obrázek do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odeslat stránku do zařízení &Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

Toolbar-Locked - (no file)
SafeBoot-Symantec Antvirus


.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'Explorer.exe'(712)
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmIconOverlay.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Symantec\Symantec Endpoint Protection\Smc.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Symantec Shared\ccSvcHst.exe
c:\program files\Wave Systems Corp\Trusted Drive Manager\TdmService.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files\Common Files\Intel\WirelessCommon\RegSrvc.exe
c:\program files\Symantec\Symantec Endpoint Protection\Rtvscan.exe
c:\program files\Dell\Dell WWAN\WMCore\mini_WMCore.exe
c:\program files\Intel\WiFi\bin\EvtEng.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\WUDFHost.exe
c:\windows\system32\taskhost.exe
c:\program files\Symantec\Symantec Endpoint Protection\SmcGui.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\NOTEPAD.EXE
.
**************************************************************************
.
Celkový čas: 2010-12-08 15:03:33 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-12-08 14:03

Před spuštěním: Volných bajtů: 82 465 996 800
Po spuštění: Volných bajtů: 82 100 727 808

- - End Of File - - 7BF5179FA8F145189C8A4F037D667C0F

Re: securitytool - combofix nejde

Napsal: 08 pro 2010 18:27
od Rudy
3 položky smazány, zbytek logu vypadá čistý.
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz