VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

RSIT - preventívne

https://forum.viry.cz:443/viewtopic.php?t=127248

Stránka 1 z 1

RSIT - preventívne

Napsal: 13 led 2013 17:42
od marosSK
Zdravim. Mám tu ďalší príprad. PC má síce na RAMku vyťažujúci windows, no o to mi nejde, to doriešim neskôr, akurát je problém v tom, že niekedy bezdôvodne vyskočí využitie procesora na maximum a PC začne pípať, asi nejaký výstražný signál na procesore alebo čo. Vopred ďakujem. :)

Obrázek

P.S. toto mi vyskočilo pri RSIT skene.

Re: RSIT - preventívne

Napsal: 14 led 2013 10:57
od vyosek
Zdravim :)

To mate nejaky servis nebo jak to ze ("Mám tu ďalší príprad") :???: :???:

Re: RSIT - preventívne

Napsal: 14 led 2013 14:15
od marosSK
Nie, len pomáham kamarátom a kamarátkam, ktorí sa tomu nerozumejú a mám podozrenie, že tam niečo je, ako napríklad aj tu. Som študent, o servise môžem len snívať. :)

Re: RSIT - preventívne

Napsal: 14 led 2013 14:44
od vyosek
:arrow: Udelejte sken DDS http://forum.viry.cz/viewtopic.php?f=30&t=125172

Re: RSIT - preventívne

Napsal: 22 led 2013 18:00
od marosSK
Nevedel som či len jedno, alebo obe, tak som sem dal radšej obe. Ospravedlňujem sa za opozdenie, ale škola a iné povinnosti mi nedovoľujú sa k tomu moc vraciať.

DDS

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by admin at 17:56:39 on 2013-01-22
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.478 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Users\admin\Desktop\firemin\firemin\Firemin.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\cnxdsltb.exe" "microcom\ADSL DeskPorte USB"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\firemi~1.lnk - c:\users\admin\desktop\firemin\firemin\Firemin.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297434687016
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{D5B9CBE9-AEE7-4FCE-854E-DBC9581EDD75} : DHCPNameServer = 195.146.132.58 195.146.128.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\components\dtTransparency.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\videodownloadconverter_4zei\installr\1.bin\NP4zEISb.dll
FF - plugin: c:\users\admin\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-10-28 600096]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-11 47640]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-24 2754984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-18 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-3-26 542040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2011-2-11 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2011-2-11 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [2011-2-11 60416]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-15 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-11 1343400]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-01-22 16:00:41 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ce981dd-42f2-4b44-8c4c-b184775b8000}\mpengine.dll
2013-01-19 19:56:20 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-14 13:51:56 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfc2e7da-7eef-4321-8c59-2a39304cedb0}\gapaengine.dll
2013-01-13 18:49:56 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47:23 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47:08 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47:07 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47:07 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47:07 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47:07 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47:07 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47:06 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47:06 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47:06 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47:05 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46:07 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41:24 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41:24 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37:10 -------- d-----w- c:\program files\trend micro
2013-01-13 15:10:00 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13:39 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55:30 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51:59 91136 ----a-w- c:\windows\system32\dot3api.dll
2013-01-10 17:50:59 856576 ----a-w- c:\windows\system32\FirewallControlPanel.dll
2013-01-10 17:49:59 44544 ----a-w- c:\windows\system32\vmbusres.dll
2013-01-10 17:48:50 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48:50 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48:50 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2013-01-10 17:48:49 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48:33 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48:33 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48:23 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:48:23 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:47:30 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47:30 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42:59 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52:03 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23:10 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:23:10 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:20:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20:02 -------- d-----w- c:\users\admin\appdata\roaming\TuneUp Software
2013-01-10 16:19:41 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18:50 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18:37 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03:30 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53:33 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53:33 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52:41 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-26 18:39:27 -------- d-----w- c:\users\admin\appdata\roaming\AVI ReComp
2012-12-26 18:35:28 -------- d-----w- c:\program files\AVI ReComp
.
==================== Find3M ====================
.
2013-01-13 15:23:24 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 16:06:55 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-03 16:06:54 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-03 16:06:53 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-03 16:06:53 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 17:58:12,82 ===============

Attach

DDS (Ver_2012-11-20.01) - NTFS_x86
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.10.2
Run by admin at 17:56:39 on 2013-01-22
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.478 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\nvvsvc.exe
C:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
C:\Program Files\Hotspot Shield\bin\hsswd.exe
C:\ProgramData\IBUpdaterService\ibsvc.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\LogMeIn\x86\LMIGuardianSvc.exe
C:\Program Files\LogMeIn\x86\RaMaint.exe
C:\Program Files\Microsoft IntelliPoint\ipoint.exe
C:\Program Files\LogMeIn\x86\LogMeIn.exe
C:\Program Files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
C:\Users\admin\Desktop\firemin\firemin\Firemin.exe
C:\Program Files\LogMeIn\x86\LogMeInSystray.exe
C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\System32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\uTorrent\uTorrent.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Mozilla Firefox\plugin-container.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\Macromed\Flash\FlashPlayerPlugin_11_4_402_265.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\conhost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll
BHO: Hotspot Shield Class: {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files\hotspot shield\hssie\HssIE.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
uRun: [uTorrent] "c:\program files\utorrent\uTorrent.exe" /MINIMIZED
mRun: [IntelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe"
mRun: [CnxDslTaskBar] "c:\program files\microcom\adsl deskporte usb\cnxdsltb.exe" "microcom\ADSL DeskPorte USB"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\admin\appdata\roaming\micros~1\windows\startm~1\programs\startup\firemi~1.lnk - c:\users\admin\desktop\firemin\firemin\Firemin.exe
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\micros~1\office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\appdata\roaming\dvdvideosoftiehelpers\freeyoutubedownload.htm
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - <orphaned>
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {5AE58FCF-6F6A-49B2-B064-02492C66E3F4} - hxxp://catalog.update.microsoft.com/v7/site/ClientControl/en/x86/MuCatalogWebControl.cab?1297434687016
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 195.146.132.58 195.146.128.62
TCP: Interfaces\{D5B9CBE9-AEE7-4FCE-854E-DBC9581EDD75} : DHCPNameServer = 195.146.132.58 195.146.128.62
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - <orphaned>
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.52\installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - component: c:\program files\common files\spigot\wtxpcom\components\WidgiToolbarFF.dll
FF - component: c:\program files\mozilla firefox\extensions\{82af8dca-6de9-405d-bd5e-43525bdad38a}\components\SkypeFfComponent.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{51a86bb3-6602-4c85-92a5-130ee4864f13}\components\RadioWMPCoreGecko19.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{cd8812d4-e5b8-41c6-94d4-59872a484bf1}\components\dtTransparency.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\dttoolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - component: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\engine@conduit.com\components\RadioWMPCoreGecko19.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\program files\microsoft silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: c:\program files\videodownloadconverter_4zei\installr\1.bin\NP4zEISb.dll
FF - plugin: c:\users\admin\appdata\local\facebook\video\skype\npFacebookVideoCalling.dll
FF - plugin: c:\users\admin\appdata\roaming\mozilla\firefox\profiles\l3uf9ywg.default\extensions\{687578b9-7132-4a7a-80e4-30ee31099e03}\plugins\np-mswmp.dll
FF - plugin: c:\windows\system32\macromed\flash\NPSWF32_11_4_402_265.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - plugin: c:\windows\system32\npmproxy.dll
.
---- FIREFOX POLICIES ----
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
============= SERVICES / DRIVERS ===============
.
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R2 HssWd;Hotspot Shield Monitoring Service;c:\program files\hotspot shield\bin\hsswd.exe -product hss --> c:\program files\hotspot shield\bin\hsswd.exe -product HSS [?]
R2 IBUpdaterService;Updater Service;c:\programdata\ibupdaterservice\ibsvc.exe [2012-10-28 600096]
R2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\logmein\x86\LMIGuardianSvc.exe [2010-12-8 374704]
R2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\logmein\x86\rainfo.sys [2010-9-17 12856]
R2 LMIRfsDriver;LogMeIn Remote File System Driver;c:\windows\system32\drivers\LMIRfsDriver.sys [2011-2-11 47640]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2010-10-24 99272]
R2 TeamViewer7;TeamViewer 7;c:\program files\teamviewer\version7\TeamViewer_Service.exe [2011-12-24 2754984]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\tuneup utilities 2011\TuneUpUtilitiesService32.exe [2011-12-8 1527104]
R3 NisSrv;Microsoft Network Inspection;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\tuneup utilities 2011\TuneUpUtilitiesDriver32.sys [2011-5-18 10064]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 hshld;Hotspot Shield Service;c:\program files\hotspot shield\bin\openvpnas.exe [2012-3-26 542040]
S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2012-7-13 160944]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888]
S3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\drivers\CnxEtP.sys [2011-2-11 131072]
S3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\drivers\CnxEtU.sys [2011-2-11 614272]
S3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\drivers\CnxTgNP.sys [2011-2-11 60416]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [2012-1-9 137600]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-3-15 15872]
S3 StorSvc;Storage Service;c:\windows\system32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 20992]
S3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\wat\WatAdminSvc.exe [2011-2-11 1343400]
SUnknown TsUsbFlt;TsUsbFlt; [x]
SUnknown tsusbhub;tsusbhub; [x]
.
=============== Created Last 30 ================
.
2013-01-22 16:00:41 6991832 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{1ce981dd-42f2-4b44-8c4c-b184775b8000}\mpengine.dll
2013-01-19 19:56:20 6991832 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2013-01-14 13:51:56 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{dfc2e7da-7eef-4321-8c59-2a39304cedb0}\gapaengine.dll
2013-01-13 18:49:56 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49:08 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49:07 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47:23 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47:08 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47:07 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47:07 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47:07 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47:07 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47:07 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47:06 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47:06 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47:06 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47:05 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46:07 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41:24 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41:24 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37:10 -------- d-----w- c:\program files\trend micro
2013-01-13 15:10:00 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13:39 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55:30 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51:59 91136 ----a-w- c:\windows\system32\dot3api.dll
2013-01-10 17:50:59 856576 ----a-w- c:\windows\system32\FirewallControlPanel.dll
2013-01-10 17:49:59 44544 ----a-w- c:\windows\system32\vmbusres.dll
2013-01-10 17:48:50 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48:50 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48:50 189952 ----a-w- c:\program files\windows portable devices\sqmapi.dll
2013-01-10 17:48:49 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48:49 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48:33 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48:33 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48:23 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:48:23 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:47:30 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47:30 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42:59 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52:03 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23:10 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:23:10 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:20:30 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20:02 -------- d-----w- c:\users\admin\appdata\roaming\TuneUp Software
2013-01-10 16:19:41 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18:50 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18:37 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03:30 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53:33 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53:33 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52:41 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2012-12-26 18:39:27 -------- d-----w- c:\users\admin\appdata\roaming\AVI ReComp
2012-12-26 18:35:28 -------- d-----w- c:\program files\AVI ReComp
.
==================== Find3M ====================
.
2013-01-13 15:23:24 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-11-30 04:53:34 169984 ----a-w- c:\windows\system32\winsrv.dll
2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-23 02:56:23 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-11-20 04:51:09 220160 ----a-w- c:\windows\system32\ncrypt.dll
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:43:04 492032 ----a-w- c:\windows\system32\win32spl.dll
2012-11-09 04:42:49 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 16:06:55 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-03 16:06:54 52648 ----a-w- c:\windows\system32\spool\prtprocs\w32x86\LMIproc.dll
2012-11-03 16:06:53 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-03 16:06:53 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-02 05:11:31 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-11-01 04:47:54 1389568 ----a-w- c:\windows\system32\msxml6.dll
.
============= FINISH: 17:58:12,82 ===============

Re: RSIT - preventívne

Napsal: 22 led 2013 20:10
od vyosek
:arrow: Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
:arrow: Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
  • Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
  • Pokud mate Win XP spustte pod uctem Spravce\Administratora
  • Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
  • Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
  • Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
  • Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
  • Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
  • Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
  • Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

Re: RSIT - preventívne

Napsal: 26 led 2013 18:34
od marosSK
Nech sa páči. :)


ComboFix 13-01-26.02 - admin . 01. 2013 18:20:44.1.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.469 [GMT 1:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-12-26 to 2013-01-26 )))))))))))))))))))))))))))))))
.
.
2013-01-26 17:28 . 2013-01-26 17:28 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-01-26 17:28 . 2013-01-26 17:28 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-26 11:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{AC999CEF-F4B6-45A8-986D-7CE3C96F9CF1}\mpengine.dll
2013-01-24 18:41 . 2013-01-24 18:41 -------- d-----w- c:\programdata\Nikon
2013-01-24 18:22 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Roaming\Nikon
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Local\Nikon
2013-01-23 14:21 . 2013-01-23 14:21 -------- d-----w- c:\users\admin\AppData\Roaming\ArcSoft
2013-01-23 14:15 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Carbon
2013-01-23 14:15 . 2013-01-23 14:16 -------- d-----w- c:\program files\Common Files\Nikon
2013-01-23 14:15 . 2013-01-23 14:17 -------- d-----w- c:\program files\Nikon
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Clips
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Bubble Noise
2013-01-23 14:14 . 2013-01-23 14:17 -------- d-----w- c:\users\admin\AppData\Local\Downloaded Installations
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Ultima_T15
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\EnterNHelp
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Guides
2013-01-14 13:51 . 2013-01-14 13:49 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFC2E7DA-7EEF-4321-8C59-2A39304CEDB0}\gapaengine.dll
2013-01-13 18:49 . 2013-01-13 18:49 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37 . 2013-01-13 16:38 -------- d-----w- c:\program files\trend micro
2013-01-13 16:37 . 2013-01-13 16:37 -------- d-----w- C:\rsit
2013-01-13 15:10 . 2013-01-13 15:10 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13 . 2013-01-10 18:13 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2013-01-10 17:50 . 2010-11-20 12:30 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys
2013-01-10 17:49 . 2010-11-20 12:20 40960 ----a-w- c:\windows\system32\odbcconf.dll
2013-01-10 17:48 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:48 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:47 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42 . 2012-12-07 10:46 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52 . 2013-01-10 16:52 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23 . 2011-12-08 16:31 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:23 . 2011-12-08 16:31 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:20 . 2011-12-08 16:38 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20 . 2013-01-10 16:20 -------- d-----w- c:\users\admin\AppData\Roaming\TuneUp Software
2013-01-10 16:19 . 2013-01-10 16:22 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18 . 2013-01-10 16:20 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18 . 2013-01-10 16:18 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03 . 2013-01-10 16:03 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53 . 2013-01-05 18:53 -------- d-----w- c:\program files\Common Files\Java
2013-01-05 18:53 . 2013-01-05 18:52 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53 . 2013-01-05 18:52 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52 . 2013-01-05 18:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-05 18:51 . 2013-01-05 18:51 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-23 14:14 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2013-01-13 15:23 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13 . 2012-12-22 09:59 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-12 19:55 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 19:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 19:55 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 19:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 19:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 19:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 18:17 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-03 16:06 . 2011-02-11 17:45 83912 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-11-03 16:06 . 2011-02-11 17:45 52648 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\LMIproc.dll
2012-11-03 16:06 . 2011-02-11 17:45 31144 ----a-w- c:\windows\system32\LMIport.dll
2012-11-03 16:06 . 2011-02-11 17:45 92072 ----a-w- c:\windows\system32\LMIinit.dll
2012-11-02 05:11 . 2012-12-12 18:18 376832 ----a-w- c:\windows\system32\dpnet.dll
2013-01-18 21:48 . 2013-01-18 21:46 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-01-17 14:54 175912 ----a-w- c:\program files\ConduitEngine\prxConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files\ConduitEngine\prxConduitEngine.dll" [2011-01-17 175912]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"="c:\program files\uTorrent\uTorrent.exe" [2013-01-10 969104]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Firemin - odkaz.lnk - c:\users\admin\Desktop\firemin\firemin\Firemin.exe [2013-1-13 590599]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk
backup=c:\windows\pss\McAfee Security Scan Plus.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-07-13 13:49 138096 ----atw- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
2010-09-17 14:40 63048 ----a-w- c:\program files\LogMeIn\x86\LogMeInSystray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2012-06-26 11:10 1516632 ----a-w- c:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
2013-01-10 15:59 969104 ----a-w- c:\program files\uTorrent\uTorrent.exe
.
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [x]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [x]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-26 11:31 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.56\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-01-26 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
2013-01-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3072253
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
URLSearchHooks-{cd8812d4-e5b8-41c6-94d4-59872a484bf1} - (no file)
URLSearchHooks-{687578b9-7132-4a7a-80e4-30ee31099e03} - (no file)
WebBrowser-{51A86BB3-6602-4C85-92A5-130EE4864F13} - (no file)
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
MSConfigStartUp-ApnUpdater - c:\program files\Ask.com\Updater\Updater.exe
MSConfigStartUp-SearchSettings - c:\program files\Common Files\Spigot\Search Settings\SearchSettings.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-26 18:30:41
ComboFix-quarantined-files.txt 2013-01-26 17:30
.
Pre-Run: 28 108 357 632 bytes free
Post-Run: 28 020 252 672 bytes free
.
- - End Of File - - DC3BD8B9EB9E5611CB86ED8A80519248

Re: RSIT - preventívne

Napsal: 26 led 2013 23:17
od vyosek
:arrow: Pokud nemate, tak presunte Combofix na plochu
  • Spustte poznamkovy blok (Start-spustit-notepad)
  • Zkopirujte skript nize

  • Kód: Vybrat vše

    KillAll::

Firefox::
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3uf9ywg.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms}
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

DDS::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3072253
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT3072253
uURLSearchHooks: {51a86bb3-6602-4c85-92a5-130ee4864f13} - <orphaned>
uURLSearchHooks: {cd8812d4-e5b8-41c6-94d4-59872a484bf1} - <orphaned>
uURLSearchHooks: {687578b9-7132-4a7a-80e4-30ee31099e03} - <orphaned>
BHO: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll
TB: Conduit Engine: {30F9B915-B755-4826-820B-08FBA6BD249D} - c:\program files\conduitengine\prxConduitEngine.dll

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[-HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^McAfee Security Scan Plus.lnk]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn GUI]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\uTorrent]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ClearJavaCache::

Reboot::
  • Ulozte vytvoreny TXT jako CFScript.txt
  • Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
    Obrázek
  • Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
:arrow: Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

:arrow: Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

Re: RSIT - preventívne

Napsal: 02 úno 2013 19:52
od marosSK
Nech sa páči.


ComboFix 13-02-02.05 - admin . 02. 2013 19:36:00.2.2 - x86
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.1024.330 [GMT 1:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
Command switches used :: c:\users\admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((( Files Created from 2013-01-02 to 2013-02-02 )))))))))))))))))))))))))))))))
.
.
2013-02-02 18:44 . 2013-02-02 18:44 -------- d-----w- c:\users\LogMeInRemoteUser\AppData\Local\temp
2013-02-02 18:44 . 2013-02-02 18:44 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-02 18:44 . 2013-02-02 18:44 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-02 18:32 . 2013-02-02 18:32 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1788D8-9DB5-48A3-A6F8-4250A5A607B5}\MpKsl8449b62d.sys
2013-01-31 13:04 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1788D8-9DB5-48A3-A6F8-4250A5A607B5}\mpengine.dll
2013-01-29 16:16 . 2013-01-08 04:57 6991832 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-24 18:41 . 2013-01-24 18:41 -------- d-----w- c:\programdata\Nikon
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Roaming\Nikon
2013-01-23 14:22 . 2013-01-23 14:22 -------- d-----w- c:\users\admin\AppData\Local\Nikon
2013-01-23 14:21 . 2013-01-23 14:21 -------- d-----w- c:\users\admin\AppData\Roaming\ArcSoft
2013-01-23 14:15 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Carbon
2013-01-23 14:15 . 2013-01-23 14:16 -------- d-----w- c:\program files\Common Files\Nikon
2013-01-23 14:15 . 2013-01-23 14:17 -------- d-----w- c:\program files\Nikon
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Clips
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Bubble Noise
2013-01-23 14:14 . 2013-01-23 14:17 -------- d-----w- c:\users\admin\AppData\Local\Downloaded Installations
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\Ultima_T15
2013-01-23 14:14 . 2013-01-23 14:15 -------- d-----w- c:\programdata\EnterNHelp
2013-01-23 14:14 . 2013-01-23 14:14 -------- d-----w- c:\programdata\Guides
2013-01-14 13:51 . 2013-01-14 13:49 740840 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DFC2E7DA-7EEF-4321-8C59-2A39304CEDB0}\gapaengine.dll
2013-01-13 18:49 . 2013-01-13 18:49 -------- d-----w- c:\program files\GeoGebra
2013-01-13 16:49 . 2012-08-22 17:16 712048 ----a-w- c:\windows\system32\drivers\ndis.sys
2013-01-13 16:49 . 2012-07-04 19:45 33280 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2013-01-13 16:47 . 2012-08-21 20:12 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2013-01-13 16:47 . 2012-10-03 16:42 156672 ----a-w- c:\windows\system32\ncsi.dll
2013-01-13 16:47 . 2012-10-03 16:58 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-13 16:47 . 2012-10-03 16:42 175104 ----a-w- c:\windows\system32\netcorehc.dll
2013-01-13 16:47 . 2012-10-03 16:40 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2013-01-13 16:47 . 2012-08-22 17:16 240496 ----a-w- c:\windows\system32\drivers\netio.sys
2013-01-13 16:47 . 2012-08-22 17:16 187760 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-01-13 16:47 . 2012-10-03 16:42 52224 ----a-w- c:\windows\system32\nlaapi.dll
2013-01-13 16:47 . 2012-10-03 16:42 242176 ----a-w- c:\windows\system32\nlasvc.dll
2013-01-13 16:47 . 2012-10-03 15:21 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-01-13 16:47 . 2012-10-03 16:42 18944 ----a-w- c:\windows\system32\netevent.dll
2013-01-13 16:46 . 2012-11-23 02:48 49152 ----a-w- c:\windows\system32\taskhost.exe
2013-01-13 16:41 . 2012-10-09 17:40 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2013-01-13 16:41 . 2012-10-09 17:40 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2013-01-13 16:37 . 2013-01-13 16:38 -------- d-----w- c:\program files\trend micro
2013-01-13 16:37 . 2013-01-13 16:37 -------- d-----w- C:\rsit
2013-01-13 15:10 . 2013-01-13 15:10 -------- d-----w- c:\windows\system32\SPReview
2013-01-10 18:13 . 2013-01-10 18:13 -------- d-----w- c:\windows\system32\EventProviders
2013-01-10 17:55 . 2012-11-22 04:45 626688 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 17:51 . 2010-11-20 12:21 517120 ----a-w- c:\windows\system32\wbem\WmiPrvSD.dll
2013-01-10 17:50 . 2010-11-20 12:30 28032 ----a-w- c:\windows\system32\drivers\storvsc.sys
2013-01-10 17:49 . 2010-11-20 12:20 40960 ----a-w- c:\windows\system32\odbcconf.dll
2013-01-10 17:48 . 2010-11-20 12:21 780288 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2013-01-10 17:48 . 2010-11-20 12:21 363008 ----a-w- c:\windows\system32\wbemcomn.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\program files\Windows Portable Devices\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 351232 ----a-w- c:\windows\system32\wmicmiplugin.dll
2013-01-10 17:48 . 2010-11-20 12:19 606208 ----a-w- c:\windows\system32\wbem\fastprox.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\sqmapi.dll
2013-01-10 17:48 . 2010-11-20 12:21 697344 ----a-w- c:\windows\system32\SmiEngine.dll
2013-01-10 17:48 . 2010-11-20 12:21 189952 ----a-w- c:\windows\system32\wdscore.dll
2013-01-10 17:48 . 2010-11-20 12:17 209920 ----a-w- c:\windows\system32\PkgMgr.exe
2013-01-10 17:47 . 2010-11-20 12:18 323072 ----a-w- c:\windows\system32\drvstore.dll
2013-01-10 17:47 . 2010-11-20 12:18 257024 ----a-w- c:\windows\system32\dpx.dll
2013-01-10 17:42 . 2012-12-07 10:46 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2013-01-10 16:52 . 2013-01-10 16:52 -------- d-----w- c:\program files\CCleaner
2013-01-10 16:23 . 2011-12-08 16:31 21312 ----a-w- c:\windows\system32\authuitu.dll
2013-01-10 16:23 . 2011-12-08 16:31 29504 ----a-w- c:\windows\system32\uxtuneup.dll
2013-01-10 16:20 . 2011-12-08 16:38 31552 ----a-w- c:\windows\system32\TURegOpt.exe
2013-01-10 16:20 . 2013-01-10 16:20 -------- d-----w- c:\users\admin\AppData\Roaming\TuneUp Software
2013-01-10 16:19 . 2013-01-10 16:22 -------- d-----w- c:\program files\TuneUp Utilities 2011
2013-01-10 16:18 . 2013-01-10 16:20 -------- d-----w- c:\programdata\TuneUp Software
2013-01-10 16:18 . 2013-01-10 16:18 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2013-01-10 16:03 . 2013-01-10 16:03 -------- d-----w- c:\program files\Lavalys
2013-01-05 18:53 . 2013-01-05 18:53 -------- d-----w- c:\program files\Common Files\Java
2013-01-05 18:53 . 2013-01-05 18:52 859072 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-05 18:53 . 2013-01-05 18:52 779704 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-05 18:52 . 2013-01-05 18:52 93640 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-05 18:51 . 2013-01-05 18:51 -------- d-----w- c:\program files\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 10:53 . 2011-02-11 14:26 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-23 14:14 . 2003-03-18 18:05 106496 ----a-w- c:\windows\system32\ATL71.DLL
2013-01-13 15:23 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-12-16 14:13 . 2012-12-22 09:59 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-22 09:59 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-11-14 02:09 . 2012-12-12 19:55 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58 . 2012-12-12 19:54 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 19:55 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49 . 2012-12-12 19:55 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 19:55 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44 . 2012-12-12 19:55 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-09 04:42 . 2012-12-12 18:17 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-18 21:48 . 2013-01-18 21:46 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CnxDslTaskBar"="c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe Microcom\ADSL DeskPorte USB" [X]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2010-07-21 1797008]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"Nikon Message Center 2"="c:\program files\Nikon\Nikon Message Center 2\NkMC2.exe" [2011-10-30 571392]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Firemin - odkaz.lnk - c:\users\admin\Desktop\firemin\firemin\Firemin.exe [2013-1-13 590599]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 CnxEtP;Conexant AccessRunner USB ADSL Adapter Filter Driver;c:\windows\system32\DRIVERS\CnxEtP.sys [x]
R3 CnxEtU;Conexant AccessRunner USB ADSL Interface Device Driver;c:\windows\system32\DRIVERS\CnxEtU.sys [x]
R3 CnxTgNP;Conexant AccessRunner ADSL WAN PPPoE Adapter Driver;c:\windows\system32\DRIVERS\CnxTgNP.sys [x]
R3 dc3d;MS Hardware Device Detection Driver;c:\windows\system32\DRIVERS\dc3d.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S1 MpKsl8449b62d;MpKsl8449b62d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{FB1788D8-9DB5-48A3-A6F8-4250A5A607B5}\MpKsl8449b62d.sys [x]
S2 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
S2 IBUpdaterService;Updater Service;c:\programdata\IBUpdaterService\ibsvc.exe [x]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files\LogMeIn\x86\LMIGuardianSvc.exe [x]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files\LogMeIn\x86\RaInfo.sys [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-31 18:31 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-02-01 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-915095502-1073580079-4160039818-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 13:49]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
2013-02-02 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-07-30 15:45]
.
.
------- Supplementary Scan -------
.
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube Download - c:\users\admin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
TCP: DhcpNameServer = 195.146.132.58 195.146.128.62
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\l3uf9ywg.default\
FF - prefs.js: browser.startup.homepage - www.google.sk
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(372)
c:\program files\Nokia\Nokia PC Suite 7\PhoneBrowser.dll
c:\program files\Nokia\Nokia PC Suite 7\NGSCM.DLL
c:\program files\Nokia\Nokia PC Suite 7\Lang\PhoneBrowser_slk.nlr
c:\program files\Nokia\Nokia PC Suite 7\Resource\PhoneBrowser_Nokia.ngr
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Hotspot Shield\HssWPR\hsssrv.exe
c:\program files\LogMeIn\x86\RaMaint.exe
c:\program files\LogMeIn\x86\LogMeIn.exe
c:\windows\system32\taskhost.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
c:\program files\LogMeIn\x86\LogMeInSystray.exe
c:\program files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\windows\System32\WUDFHost.exe
c:\program files\Microcom\ADSL DeskPorte USB\CnxDslTb.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2013-02-02 19:51:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-02 18:51
ComboFix2.txt 2013-01-26 17:30
.
Pre-Run: 28 402 339 840 bytes free
Post-Run: 28 247 470 080 bytes free
.
- - End Of File - - BD825BB6A51C42BA786943268760B73F

Re: RSIT - preventívne

Napsal: 02 úno 2013 20:12
od vyosek
OK, jak se chova PC :???:

Re: RSIT - preventívne

Napsal: 04 úno 2013 12:24
od marosSK
Ďakujem pekne. :) PC je na tom lepšie, no sem-tam sa stane, že padne Firefox, ale to fakt len občas.

Re: RSIT - preventívne

Napsal: 04 úno 2013 15:57
od vyosek
Tak jeste uklidime :James008:

:arrow: Odinstalujte Combofix
  • Prejmenujte ComboFix na Uninstall
  • Spustte jej
  • Tohle smaze Combofix a jeho slozky
:arrow: T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
  • Stahnete a spustte
  • Pro potvrzeni volby mackejte A, Enter
  • Po pouziti utilitu smazte
  • Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
:arrow: OTC http://oldtimer.geekstogo.com/OTC.exe
  • Stahnete a spustte
  • Kliknete na CleanUp a potvrdte YES
  • Program uklidi a restartuje PC

:arrow: TFC http://oldtimer.geekstogo.com/TFC.exe
  • Stahnete a spustte
  • Kliknete na Start a potvrdte OK
  • Program uklidi a restartuje pc
  • Po pouziti utilitu smazte
:arrow: Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
  • Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
Panel registry
  • dejte Hledej problémy
  • nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
  • postup opakujte dokud nebude bez problemu - vetsinou cca 3x
Panel nástroje
  • Zde muzete odinstalovat nepotrebne programy
CCleaner doporucuji pouzivat cca jednou za tyden

:arrow: Zkuste FF preinstalovat

:arrow: A pokud nejsou problemy ci dotazy, je to z me strany vse :|
Všechny časy jsou v UTC+01:00
Stránka 1 z 1

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz