Samovolné resetování PC po startu Win7 - log z Combofixu
Napsal: 27 črc 2011 06:34
Dobrý den, hodím sem teda jen log, za rady předem díky!
ComboFix 11-07-26.03 - Kox 27.07.2011 7:19.1.6 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6816 [GMT 2:00]
Spuštěný z: c:\users\Kox\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\windows\Steamclient.dll
c:\windows\SysWow64\msvcsv60.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 05:23 . 2011-07-27 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 06:06 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AB38253-00C8-4A06-A945-7BA04405D46C}\mpengine.dll
2011-07-23 14:30 . 2011-07-23 14:30 -------- d--h--w- c:\programdata\CanonIJScan
2011-07-23 14:30 . 2011-07-23 14:30 -------- d-----w- c:\users\Kox\AppData\Roaming\Canon
2011-07-23 14:29 . 2011-07-23 14:29 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2011-07-23 14:29 . 2011-07-23 14:29 -------- d--h--w- c:\programdata\CanonEPP
2011-07-23 14:28 . 2010-08-25 03:00 361472 ----a-w- c:\windows\system32\CNMXLMAA.DLL
2011-07-23 14:26 . 2011-07-23 14:26 -------- d-----w- c:\programdata\CanonIJMSetup
2011-07-23 14:11 . 2011-07-23 14:11 -------- d-----w- c:\program files (x86)\ZyXEL
2011-07-13 21:27 . 2011-07-13 21:27 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-07 13:32 . 2011-07-07 13:47 -------- d-----w- c:\users\Kox\AppData\Roaming\Guitar Pro 6
2011-07-07 13:29 . 2011-07-07 13:47 -------- d-----w- c:\program files (x86)\Guitar Pro 6
2011-07-06 08:55 . 2011-07-06 08:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-05 17:53 . 2011-07-05 17:53 -------- d-----w- c:\users\Kox\AppData\Local\SKIDROW
2011-07-05 08:19 . 2011-06-16 04:30 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-07-05 08:19 . 2011-06-16 04:30 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-07-05 08:19 . 2011-06-16 04:30 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-07-05 08:19 . 2011-06-16 04:30 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-07-05 08:19 . 2011-06-16 04:30 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-07-05 08:19 . 2011-06-16 04:30 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-05 08:19 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 08:19 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-04 10:55 . 2011-07-04 10:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-04 10:12 . 2011-07-06 00:16 -------- d-----w- c:\program files (x86)\Windows Live
2011-07-04 10:11 . 2011-07-04 10:16 -------- d-----w- c:\users\Kox\AppData\Local\Windows Live
2011-07-04 10:11 . 2011-07-04 10:11 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-07-03 14:33 . 2011-07-03 14:33 -------- d-----w- c:\programdata\Solidshield
2011-07-03 13:33 . 2011-07-03 13:33 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-03 13:33 . 2011-07-03 13:33 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-03 13:33 . 2011-07-03 13:33 -------- d-----w- c:\users\Kox\AppData\Roaming\PunkBuster
2011-06-28 05:54 . 2011-06-28 06:44 -------- d-----w- c:\program files (x86)\Duke Nukem Forever
2011-06-27 15:23 . 2011-06-27 15:23 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 10:12 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-13 17:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:30 . 2011-06-16 10:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-16 10:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2011-02-18 17:28 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 05:29 . 2011-06-16 10:15 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-16 10:15 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-16 10:15 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-16 10:15 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-16 10:15 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2011-03-08 401408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ZyXEL USB Share Center"="c:\program files (x86)\ZyXEL\NetUSB Share Center\Share Center.exe" [2010-07-22 5623808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe [2011-2-18 1638400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2011-05-22 28032]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [2009-12-17 212256]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZyxelUDSTcpBus;ZyxelUDSTcpBus;SysWOW64\Drivers\ZyxelUDSTcpBus.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 ZyxelUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\ZyxelUDSMBus.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-226877784-2310669885-1528280479-1000Core.job
- c:\users\Kox\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 18:10]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-226877784-2310669885-1528280479-1000UA.job
- c:\users\Kox\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 18:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kox\AppData\Roaming\Mozilla\Firefox\Profiles\gt3crr2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-27 07:27:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 05:27
.
Před spuštěním: Volných bajtů: 242 649 739 264
Po spuštění: Volných bajtů: 242 590 760 960
.
- - End Of File - - 1671FBADEDC90FB106E5EC35D68DFA87
ComboFix 11-07-26.03 - Kox 27.07.2011 7:19.1.6 - x64 NETWORK
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.8191.6816 [GMT 2:00]
Spuštěný z: c:\users\Kox\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Vytvořen nový Bod Obnovení
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\settings.bin
c:\windows\Steamclient.dll
c:\windows\SysWow64\msvcsv60.dll
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2011-06-27 do 2011-07-27 )))))))))))))))))))))))))))))))
.
.
2011-07-27 05:23 . 2011-07-27 05:23 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-26 06:06 . 2011-07-13 04:53 8578896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5AB38253-00C8-4A06-A945-7BA04405D46C}\mpengine.dll
2011-07-23 14:30 . 2011-07-23 14:30 -------- d--h--w- c:\programdata\CanonIJScan
2011-07-23 14:30 . 2011-07-23 14:30 -------- d-----w- c:\users\Kox\AppData\Roaming\Canon
2011-07-23 14:29 . 2011-07-23 14:29 -------- d--h--w- c:\programdata\CanonIJEPPEX2
2011-07-23 14:29 . 2011-07-23 14:29 -------- d--h--w- c:\programdata\CanonEPP
2011-07-23 14:28 . 2010-08-25 03:00 361472 ----a-w- c:\windows\system32\CNMXLMAA.DLL
2011-07-23 14:26 . 2011-07-23 14:26 -------- d-----w- c:\programdata\CanonIJMSetup
2011-07-23 14:11 . 2011-07-23 14:11 -------- d-----w- c:\program files (x86)\ZyXEL
2011-07-13 21:27 . 2011-07-13 21:27 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-07-07 13:32 . 2011-07-07 13:47 -------- d-----w- c:\users\Kox\AppData\Roaming\Guitar Pro 6
2011-07-07 13:29 . 2011-07-07 13:47 -------- d-----w- c:\program files (x86)\Guitar Pro 6
2011-07-06 08:55 . 2011-07-06 08:55 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-07-05 17:53 . 2011-07-05 17:53 -------- d-----w- c:\users\Kox\AppData\Local\SKIDROW
2011-07-05 08:19 . 2011-06-16 04:30 89048 ----a-w- c:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-07-05 08:19 . 2011-06-16 04:30 781272 ----a-w- c:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-07-05 08:19 . 2011-06-16 04:30 465880 ----a-w- c:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-07-05 08:19 . 2011-06-16 04:30 1850328 ----a-w- c:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-07-05 08:19 . 2011-06-16 04:30 15832 ----a-w- c:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-07-05 08:19 . 2011-06-16 04:30 142296 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-07-05 08:19 . 2010-01-01 08:00 2106216 ----a-w- c:\program files (x86)\Mozilla Firefox\D3DCompiler_43.dll
2011-07-05 08:19 . 2010-01-01 08:00 1998168 ----a-w- c:\program files (x86)\Mozilla Firefox\d3dx9_43.dll
2011-07-04 10:55 . 2011-07-04 10:55 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-04 10:12 . 2011-07-06 00:16 -------- d-----w- c:\program files (x86)\Windows Live
2011-07-04 10:11 . 2011-07-04 10:16 -------- d-----w- c:\users\Kox\AppData\Local\Windows Live
2011-07-04 10:11 . 2011-07-04 10:11 -------- d-----w- c:\program files (x86)\Common Files\Windows Live
2011-07-03 14:33 . 2011-07-03 14:33 -------- d-----w- c:\programdata\Solidshield
2011-07-03 13:33 . 2011-07-03 13:33 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-03 13:33 . 2011-07-03 13:33 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-07-03 13:33 . 2011-07-03 13:33 -------- d-----w- c:\users\Kox\AppData\Roaming\PunkBuster
2011-06-28 05:54 . 2011-06-28 06:44 -------- d-----w- c:\program files (x86)\Duke Nukem Forever
2011-06-27 15:23 . 2011-06-27 15:23 -------- dc-h--w- c:\programdata\{D69A48BF-7653-4AA8-94BC-5847522A4573}
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-04 10:12 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-06-03 05:57 . 2011-07-13 17:00 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 03:30 . 2011-06-16 10:15 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2011-05-28 02:53 . 2011-06-16 10:15 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-05-24 17:14 . 2011-02-18 17:28 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-03 05:29 . 2011-06-16 10:15 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-16 10:15 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-16 10:15 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-16 10:15 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-16 10:15 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Grid"="c:\program files (x86)\ATI Technologies\HydraVision\HydraGrd.exe" [2011-03-08 401408]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"ZyXEL USB Share Center"="c:\program files (x86)\ZyXEL\NetUSB Share Center\Share Center.exe" [2010-07-22 5623808]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-04-27 113288]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-08 336384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Wireless Utility.lnk - c:\program files (x86)\Edimax\Common\RaUI.exe [2011-2-18 1638400]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\program files\HWiNFO64\HWiNFO64A.SYS [2011-05-22 28032]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
R2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-03-08 365568]
R2 AMD Reservation Manager;AMD Reservation Manager;c:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 NIHardwareService;NIHardwareService;c:\program files\Common Files\Native Instruments\Hardware\NIHardwareService.exe [2009-07-17 4948992]
R2 RalinkRegistryWriter64;Ralink Registry Writer 64;c:\program files (x86)\Edimax\Common\RaRegistry64.exe [2009-12-17 212256]
R3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
R3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
R3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys [x]
R3 nmwcdnsucx64;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsucx64.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 ZyxelUDSTcpBus;ZyxelUDSTcpBus;SysWOW64\Drivers\ZyxelUDSTcpBus.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 ZyxelUDSMBus;UDS Master Bus of Kernel USB Software Bus by TCP;SysWOW64\Drivers\ZyxelUDSMBus.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-07-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-226877784-2310669885-1528280479-1000Core.job
- c:\users\Kox\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 18:10]
.
2011-07-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-226877784-2310669885-1528280479-1000UA.job
- c:\users\Kox\AppData\Local\Google\Update\GoogleUpdate.exe [2011-02-18 18:10]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Kox\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-07-06 11057768]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.seznam.cz/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Kox\AppData\Roaming\Mozilla\Firefox\Profiles\gt3crr2t.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.seznam.cz/
.
.
------- Asociace souborů -------
.
txtfile="c:\program files (x86)\PSPad editor\PSPad.exe" "%1"
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-07-27 07:27:32 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-07-27 05:27
.
Před spuštěním: Volných bajtů: 242 649 739 264
Po spuštění: Volných bajtů: 242 590 760 960
.
- - End Of File - - 1671FBADEDC90FB106E5EC35D68DFA87
