Vir

Sekce věnovaná virům a jiným škodlivým kódům, rovněž ale nástrojům, kterým se lze proti nim bránit…

Moderátoři: Mods_senior, Security team

Odpovědět
werus
nováček
Příspěvky: 15
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

Vir

Příspěvekod werus » 22 črc 2011 15:44

Dobrý den , mam takovy problem.Vcera jsem byla na Facebooku a najednou mi vyskocila zprava od kamarada ale byla v anglictine.Tak jsem na to odepisovala i kdyz mi bylo divne pro pise anglicky.Pote mi prisel nejaky odkaz od neho.Mysela jsem ze mi posila nejake video tak jsem na to klikla a najednou mi vyskocil Avast a hlasilo to Trojsky kun.Pocitac se vypl.Zkusila jsem ho znovu zapnout ale zapnul se v nouzovem rezimu.Tak jsem to zkousela a pocitac zapla normalne.Ale je celý zasekany a nejde mi Facebook a nektere stranky.Poté jsem se dozvedela ze po Facebooku koluji takovehle viry.Mohly by jste mi poradit co delat a jak ho odstranit?Diky za odpoved ;)
Nahoru
Reklama
Top
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Vir

Příspěvekod memphisto » 22 črc 2011 16:21

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po probìhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(zatím nic nemaž!).
Vlož sem pak obsah toho logu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
werus
nováček
Příspěvky: 15
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Vir

Příspěvekod werus » 22 črc 2011 16:28

Dobre udelala jsem to tak tady posilam ten log

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7230

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.1.2011 16:23:05
mbam-log-2011-01-22 (16-22-55).txt

Typ: Rychlá kontrola
Kontrolované objekty: 177756
Uplynulý čas: 8 minut, 42 sekund

Infikované procesy v paměti: 7
Infikované moduly v paměti: 0
Infikované klíče v registru: 7
Infikované hodnoty v registru: 5
Infikované datové položky v registru: 4
Infikované složky: 1
Infikované soubory: 34

Infikované procesy v paměti:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 2540 -> No action taken.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 3124 -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 3100 -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 4972 -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 2672 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2468 -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2560 -> No action taken.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC1E4629-CB2E-4AC9-A533-D3795B8DB715}_is1 (Rogue.LarkAntiSpyware) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> No action taken.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> No action taken.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> No action taken.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> No action taken.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> No action taken.

Infikované soubory:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> No action taken.
c:\Windows\services32.exe (Trojan.Dropper) -> No action taken.
c:\Windows\Temp\1520811.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\1607205.exe (Backdoor.Delf) -> No action taken.
c:\Windows\Temp\297603.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4297428.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\4748559.exe (Trojan.Downloader.H) -> No action taken.
c:\Windows\Temp\59052170-loader2.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\6658308.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\9973173.exe (Trojan.Agent) -> No action taken.
c:\Users\Biiagi\local settings\temporary internet files\Content.IE5\819QKW7J\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\Users\Biiagi\local settings\temporary internet files\Content.IE5\F65GNIYK\flash-player.exe (Trojan.Dropper) -> No action taken.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> No action taken.
c:\Windows\systemup.exe (Trojan.Agent) -> No action taken.
c:\Windows\Temp\225557639.exe (Trojan.FakeAlert.Gen) -> No action taken.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> No action taken.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> No action taken.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> No action taken.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> No action taken.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> No action taken.
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Vir

Příspěvekod memphisto » 22 črc 2011 16:35

- Takže spusť znovu MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštìní se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynù, bìhem aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by mìl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
werus
nováček
Příspěvky: 15
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Vir

Příspěvekod werus » 22 črc 2011 16:53

Dobre a jak vypnu ten rezidentní štít antiviru a antispywaru?
Nahoru
Uživatelský avatar
memphisto
Guru Level 13
Guru Level 13
Příspěvky: 21113
Registrován: září 06
Bydliště: Zlín - České Budějovice
Pohlaví: Muž
Stav:
Offline

Re: Vir

Příspěvekod memphisto » 22 črc 2011 16:56

Kliknutím pravým myšítkem na ikonu v tray liště a zvolit možnost Deaktivovat štíty či rezidentní ochranu.
PRAVIDLA PC-HELP.CZ, PRAVIDLA sekce HijackThis, HijackThis návod, Memtest, CCleaner
Logy z programu HijackThis neposílejte prosím přes SZ, ale vkládejte je do patřičné sekce. Děkuji
Nahoru
werus
nováček
Příspěvky: 15
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Vir

Příspěvekod werus » 22 črc 2011 17:27

Prvni log :

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Verze databáze: 7230

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

22.1.2011 16:44:17
mbam-log-2011-01-22 (16-44-17).txt

Typ: Rychlá kontrola
Kontrolované objekty: 177842
Uplynulý čas: 5 minut, 8 sekund

Infikované procesy v paměti: 7
Infikované moduly v paměti: 0
Infikované klíče v registru: 7
Infikované hodnoty v registru: 5
Infikované datové položky v registru: 4
Infikované složky: 1
Infikované soubory: 34

Infikované procesy v paměti:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 2540 -> Unloaded process successfully.
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> 3124 -> Unloaded process successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> 3100 -> Unloaded process successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> 4972 -> Unloaded process successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> 2672 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2468 -> Unloaded process successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> 2560 -> Unloaded process successfully.

Infikované moduly v paměti:
(Žádné škodlivé položky nebyly zjištěny)

Infikované klíče v registru:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srviecheck (Trojan.Downloader.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpdrivers (Trojan.Dropper) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvsysdriver32 (Trojan.Delf) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\srvbtcclient (Trojan.Downloader) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{DC1E4629-CB2E-4AC9-A533-D3795B8DB715}_is1 (Rogue.LarkAntiSpyware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\wxpdrivers (Trojan.Agent) -> Quarantined and deleted successfully.

Infikované hodnoty v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\tray_ico0 (Trojan.Dropper) -> Value: tray_ico0 -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\wxpdrv (Trojan.Dropper) -> Value: wxpdrv -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32.exe (Trojan.Delf) -> Value: sysdriver32.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sysdriver32_.exe (Trojan.Delf) -> Value: sysdriver32_.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wxpDrivers\ImagePath (Trojan.Agent) -> Value: ImagePath -> Quarantined and deleted successfully.

Infikované datové položky v registru:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\regfile\shell\open\command\(default) (Broken.OpenCommand) -> Bad: ("regedit.exe" "%1") Good: (regedit.exe "%1") -> Quarantined and deleted successfully.

Infikované složky:
c:\Windows\rpcminer (Trojan.BCMiner) -> Quarantined and deleted successfully.

Infikované soubory:
c:\Windows\update.2\svchost.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\update.1\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\update.tray-7-0\svchost.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\services32.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\Temp\1520811.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\1607205.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Windows\Temp\297603.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4297428.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\4748559.exe (Trojan.Downloader.H) -> Quarantined and deleted successfully.
c:\Windows\Temp\59052170-loader2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\6658308.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\9973173.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Users\Biiagi\local settings\temporary internet files\Content.IE5\819QKW7J\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Users\Biiagi\local settings\temporary internet files\Content.IE5\F65GNIYK\flash-player.exe (Trojan.Dropper) -> Quarantined and deleted successfully.
c:\Windows\l1rezerv.exe (Backdoor.Delf) -> Quarantined and deleted successfully.
c:\Windows\systemup.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\Windows\Temp\225557639.exe (Trojan.FakeAlert.Gen) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\sysdriver32_.exe (Trojan.Delf) -> Quarantined and deleted successfully.
c:\Windows\update.5.0\svchost.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinmineropencl.cl (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_10.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_11.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\bitcoinminercuda_20.cubin (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\cudart32_32_16.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\curllib.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libeay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\libsasl.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\openldap.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-4way.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cpu.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-cuda.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\rpcminer-opencl.exe (Trojan.BCMiner) -> Quarantined and deleted successfully.
c:\Windows\rpcminer\ssleay32.dll (Trojan.BCMiner) -> Quarantined and deleted successfully.



A ten druhy ComboFix 11-07-22.02 - Biiagi 22.01.2011 16:56:59.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3959.2562 [GMT 1:00]
Spuštěný z: c:\users\Biiagi\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Biiagi\AppData\Roaming\Mikrotik
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\advtool.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\advtool.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\dhcp.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\dhcp.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\hotspot.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\hotspot.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\mpls.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\mpls.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\ppp.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\ppp.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\roteros.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\roteros.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\roting4.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\roting4.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\secure.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\secure.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\system.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\system.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\wlan4.crc
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\4.2-899762230\wlan4.dll
c:\users\Biiagi\AppData\Roaming\Mikrotik\Winbox\winbox.cfg
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\My.ini
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\Temp\5678743.exe
c:\windows\Temp\6415834-loader2.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.2
c:\windows\update.5.0
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
.
2011-07-19 16:25 . 2011-07-19 16:25 -------- d-----w- c:\programdata\HP
2011-07-19 16:24 . 2011-07-19 16:24 -------- d-----w- c:\program files (x86)\HP
2011-07-19 16:24 . 2011-07-19 16:24 -------- d-----w- c:\program files\HP
2011-07-19 16:23 . 2011-07-19 16:23 -------- d-----w- c:\users\Biiagi\AppData\Local\HP
2011-07-19 09:11 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{549CD6A5-9730-4335-9738-ED894821E268}\mpengine.dll
2011-07-03 13:06 . 2011-07-03 13:06 -------- d-----w- c:\users\Biiagi\AppData\Local\FOMM
2011-07-02 17:04 . 2011-07-02 17:04 -------- d-----w- c:\users\Biiagi\AppData\Local\FalloutNV
2011-06-30 17:01 . 2011-06-30 17:01 -------- d-----w- c:\users\Biiagi\AppData\Local\Fallout3
2011-06-24 13:40 . 2011-03-25 16:03 17128 ----a-w- c:\windows\system32\roboot64.exe
2011-06-24 13:40 . 2011-03-25 02:55 350208 ----a-w- c:\windows\SysWow64\d3drm.dll
2011-06-24 13:18 . 2011-06-24 13:18 -------- d-----w- c:\program files (x86)\Microsoft
2011-06-17 10:55 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-06-17 10:55 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-06-17 10:54 . 2011-06-17 10:55 -------- d-----w- c:\program files (x86)\BRS
2011-06-17 10:54 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp8640.tmp
2011-06-15 11:55 . 2011-06-15 11:55 -------- d-sh--w- c:\programdata\DSS
2011-06-15 10:29 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 10:29 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 10:29 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 10:29 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 10:29 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 10:28 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-15 10:28 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-15 10:28 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 10:28 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 10:28 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 10:28 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 10:28 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 10:28 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 10:28 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-26 14:03 . 2011-05-26 14:09 -------- d-----w- c:\users\Biiagi\AppData\Roaming\GHISLER
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-05-24 18:00 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 10:42 . 2011-05-21 10:42 -------- d-----w- c:\program files (x86)\Atari
2011-05-19 13:14 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 13:14 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-17 18:07 . 2011-07-16 14:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 17:05 . 2011-05-17 17:05 -------- d-----w- c:\program files (x86)\MSECache
2011-05-15 18:27 . 2011-05-15 18:27 0 ----a-w- c:\windows\SysWow64\sho3A04.tmp
2011-05-13 19:11 . 2011-05-13 19:11 641536 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll
2011-05-11 14:18 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 14:18 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 14:18 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 14:18 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 14:18 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 14:18 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 14:18 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 14:18 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 14:18 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 14:18 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-07 17:54 . 1998-08-10 20:21 132096 ----a-w- c:\windows\SysWow64\eaexec.exe
2011-05-07 17:54 . 1998-08-10 20:20 24576 ----a-w- c:\windows\SysWow64\ealtest.exe
2011-05-03 18:44 . 2011-05-03 18:44 -------- d-----w- C:\UnInstall
2011-05-03 17:57 . 2011-05-03 17:57 -------- d-----w- c:\users\Biiagi\AppData\Local\Xara
2011-05-03 17:56 . 2011-05-03 17:56 -------- d-----w- c:\program files (x86)\Common Files\xara
2011-05-03 17:51 . 2011-05-03 17:58 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-05-03 16:05 . 2008-07-02 13:32 917504 ----a-w- c:\windows\SysWow64\MXRestore.exe
2011-05-03 16:05 . 2011-05-07 15:14 -------- d-----w- c:\programdata\MAGIX
2011-05-03 16:03 . 2007-04-27 08:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2011-05-03 15:01 . 2011-05-03 15:01 -------- d-----w- c:\programdata\Pinnacle
2011-05-03 15:00 . 2011-05-03 15:00 -------- d-----w- c:\users\Biiagi\AppData\Local\Downloaded Installations
2011-04-29 16:10 . 2011-04-29 16:10 -------- d-----w- c:\users\Biiagi\AppData\Local\CrashRpt
2011-04-25 16:19 . 2011-04-25 16:19 -------- d-----w- c:\users\Biiagi\AppData\Roaming\ATI
2011-04-25 16:19 . 2011-04-25 16:19 -------- d-----w- c:\users\Biiagi\AppData\Local\ATI
2011-04-25 16:19 . 2011-04-25 16:19 -------- d-----w- c:\programdata\ATI
2011-04-24 17:41 . 2011-07-08 11:19 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-19 02:47 . 2011-04-19 02:47 670032 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp952.tmp
2011-04-15 23:40 . 2011-04-15 23:40 809496 ----a-r- c:\windows\SysWow64\tmp863F.tmp
2011-04-15 12:55 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 12:55 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-15 12:55 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 12:55 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 12:55 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-15 12:55 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-15 12:55 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 12:55 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 12:55 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-15 12:55 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-06 16:48 . 2011-04-06 16:48 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-04-06 14:50 . 2011-04-06 14:50 -------- d-----w- c:\windows\system32\SPReview
2011-04-06 14:49 . 2011-04-06 14:50 -------- d-----w- c:\windows\system32\EventProviders
2011-04-05 19:36 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-05 19:36 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-04-05 19:36 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-04-05 19:34 . 2010-11-20 13:27 695808 ----a-w- c:\windows\system32\wuapi.dll
2011-04-05 19:33 . 2010-11-20 13:33 14720 ----a-w- c:\windows\system32\drivers\hwpolicy.sys
2011-04-05 19:32 . 2010-11-20 13:02 7168 ----a-w- c:\windows\system32\KBDTURME.DLL
2011-04-05 19:29 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-05 19:29 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-05 19:29 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-05 19:28 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-05 19:28 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-05 19:28 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-05 19:28 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-05 18:59 . 2011-04-05 19:11 -------- d-----w- C:\MaNGOS-Fun-Server-Repack-1.26
2011-04-02 21:06 . 2011-04-02 21:06 2560 ---h--r- c:\windows\_MSRSTRT.EXE
2011-03-31 19:37 . 2011-05-07 15:14 -------- d-----w- c:\users\Biiagi\AppData\Roaming\MAGIX
2011-03-31 19:09 . 2011-03-31 19:09 53248 ----a-w- c:\windows\SysWow64\acedrv05.dll
2011-03-31 19:09 . 2011-03-31 19:09 136192 ----a-w- c:\windows\system32\drivers\acedrv05.sys
2011-03-31 19:08 . 2003-04-18 14:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-03-31 19:04 . 2011-05-03 17:57 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2011-03-31 19:02 . 2011-05-03 19:07 -------- d-----w- c:\windows\SysWow64\MAGIX
2011-03-31 19:02 . 2002-09-20 22:33 1089536 ----a-w- c:\windows\SysWow64\ROBOEX32.DLL
2011-03-31 19:02 . 1999-01-28 12:44 49152 ----a-w- c:\windows\SysWow64\INETWH32.dll
2011-03-31 19:02 . 1998-10-15 15:28 85504 ----a-w- c:\windows\SysWow64\HtmlWH.dll
2011-03-31 19:00 . 2009-05-29 14:00 872448 ----a-w- c:\windows\SysWow64\mgxoschk.dll
2011-03-23 15:13 . 2011-03-23 15:13 47104 ------w- c:\windows\AKDeInstall.exe
2011-03-20 10:54 . 2011-03-20 11:40 -------- d-----w- c:\users\Biiagi\AppData\Local\Rockstar Games
2011-03-20 10:52 . 2011-03-20 10:52 -------- d-----w- c:\users\Biiagi\AppData\Roaming\SecuROM
2011-03-20 10:50 . 2011-03-20 10:50 -------- d-----w- c:\windows\SysWow64\xlive
2011-03-20 10:50 . 2011-06-15 11:49 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-03-18 13:40 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-27 16:43 . 2011-02-27 16:43 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Šablony
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Soubory cookie
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Poslední
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Okolní tiskárny
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Okolní síť
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 11:19 . 2010-12-22 19:06 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-08 10:58 . 2010-12-22 19:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-17 10:54 . 2010-12-16 17:50 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-17 10:54 . 2010-12-10 19:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-03 05:57 . 2011-07-13 07:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-07 16:16 . 2011-05-07 16:16 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-05-07 16:16 . 2011-05-07 16:16 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-04-30 16:12 . 2010-12-22 19:06 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-04-06 15:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-06 15:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-10 14:11 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 14:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 14:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-12-16 17:50 . 2010-12-16 17:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-16 17:50 . 2010-12-10 19:26 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-20 13:27 . 2011-04-05 19:34 340992 ----a-w- c:\windows\system32\srchadmin.dll
2010-11-20 13:27 . 2011-04-05 19:34 187904 ----a-w- c:\windows\system32\rpchttp.dll
2010-11-20 13:24 . 2011-04-05 19:34 777728 ----a-w- c:\windows\system32\autochk.exe
2010-11-20 12:21 . 2011-04-05 19:34 139264 ----a-w- c:\windows\SysWow64\rpchttp.dll
2010-11-20 12:18 . 2011-04-05 19:34 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-20 12:18 . 2011-04-05 19:34 2175488 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-20 12:16 . 2011-04-05 19:34 668160 ----a-w- c:\windows\SysWow64\autochk.exe
2010-11-16 23:55 . 2010-11-16 23:55 349032 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2010-11-16 23:55 . 2010-11-16 23:55 274792 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2010-11-16 23:55 . 2010-11-16 23:55 2591080 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2010-11-10 00:54 . 2010-11-10 00:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 00:28 . 2010-11-10 00:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
.
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-07-13 11:56 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"DAEMON Tools Lite"="c:\programi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"WinampAgent"="c:\programi\Winamp\winampa.exe" [2010-12-07 74752]
"trustGTX14"="c:\programi\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\programi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Biiagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\programi\Hamachi\hamachi.exe [2011-4-6 625952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 135664]
R2 MySQL5;MySQL5;c:\mangos\MySQL Server 5.1\bin\mysqld --defaults-file=c:\mangos\MySQL Server 5.1\my.ini MySQL5 [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 135664]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-07-13 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\programi\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
S2 MBAMService;MBAMService;c:\programi\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Obsah adresáře 'Naplánované úlohy'
.
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 20:42]
.
2011-01-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 20:42]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-07-13 11:56 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2007-04-30 12:03 76368 ----a-w- c:\programi\Alwil Software\Avast4\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47022683
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: NameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-RGSC - c:\games\GTA IV\Rockstar Games Social Club\RGSCLauncher.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Toolbar-Locked - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-avast - c:\program files\Alwil Software\Avast5\aswRunDll.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/MaNGOS/Zaknology 3.3.5a Repack/Server 3.3.3a/Server/mysql/bin/mysqld.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/MaNGOS/Zaknology 3.3.5a Repack/Server 3.3.3a/Server/mysql/bin/mysqld.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5]
"ImagePath"="\"c:\mangos\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\mangos\MySQL Server 5.1\my.ini\" MySQL5"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2977914622-1951458849-799739759-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2977914622-1951458849-799739759-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2977914622-1951458849-799739759-1000\Software\SecuROM\License information*]
"datasecu"=hex:83,b1,de,fc,f2,6a,6b,61,90,7e,2d,b6,21,42,05,c9,35,04,1a,5e,59,
1c,75,3e,f3,2f,c8,b5,31,22,54,18,e9,62,6d,0d,66,0b,ab,a8,3b,53,15,ea,38,54,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10u_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10u.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Celkový čas: 2011-01-22 17:24:54
ComboFix-quarantined-files.txt 2011-01-22 16:24
.
Před spuštěním: Volných bajtů: 155 275 509 760
Po spuštění: Volných bajtů: 159 040 929 792
.
- - End Of File - - E9D3FBC0094834D4E5321D9F6F4A84DC
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Vir

Příspěvekod Žbeky » 22 črc 2011 20:00

Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE

Kód: Vybrat vše

KillAll::

File::
c:\windows\SysWow64\tmp8640.tmp
c:\windows\SysWow64\sho3A04.tmp
c:\windows\SysWow64\tmp952.tmp
c:\windows\SysWow64\tmp863F.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000000
"DisableThumbnailCache"=dword:00000000
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-

DDS::
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACA ... 5v47022683
mLocal Page = c:\windows\SysWOW64\blank.htm

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

RegNull::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]

Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu


Toto otestuj na Virustotal
c:\windows\system32\roboot64.exe
c:\windows\_MSRSTRT.EXE

Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/40 , nebo 1/40. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
werus
nováček
Příspěvky: 15
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Vir

Příspěvekod werus » 22 črc 2011 21:16

Tak tady je vysledek z combofix

ComboFix 11-07-22.02 - Biiagi 22.01.2011 20:48:28.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.420.1029.18.3959.2364 [GMT 1:00]
Spuštěný z: c:\users\Biiagi\Downloads\ComboFix.exe
Použité ovládací přepínače :: c:\users\Biiagi\Desktop\CFScript.txt
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\SysWow64\sho3A04.tmp"
"c:\windows\SysWow64\tmp863F.tmp"
"c:\windows\SysWow64\tmp8640.tmp"
"c:\windows\SysWow64\tmp952.tmp"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\sho3A04.tmp
c:\windows\SysWow64\tmp863F.tmp
c:\windows\SysWow64\tmp8640.tmp
c:\windows\SysWow64\tmp952.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2010-12-22 do 2011-01-22 )))))))))))))))))))))))))))))))
.
.
2011-07-19 16:25 . 2011-07-19 16:25 -------- d-----w- c:\programdata\HP
2011-07-19 16:24 . 2011-07-19 16:24 -------- d-----w- c:\program files (x86)\HP
2011-07-19 16:24 . 2011-07-19 16:24 -------- d-----w- c:\program files\HP
2011-07-19 16:23 . 2011-07-19 16:23 -------- d-----w- c:\users\Biiagi\AppData\Local\HP
2011-07-03 13:06 . 2011-07-03 13:06 -------- d-----w- c:\users\Biiagi\AppData\Local\FOMM
2011-07-02 17:04 . 2011-07-02 17:04 -------- d-----w- c:\users\Biiagi\AppData\Local\FalloutNV
2011-06-30 17:01 . 2011-06-30 17:01 -------- d-----w- c:\users\Biiagi\AppData\Local\Fallout3
2011-06-24 13:40 . 2011-03-25 16:03 17128 ----a-w- c:\windows\system32\roboot64.exe
2011-06-24 13:40 . 2011-03-25 02:55 350208 ----a-w- c:\windows\SysWow64\d3drm.dll
2011-06-24 13:18 . 2011-06-24 13:18 -------- d-----w- c:\program files (x86)\Microsoft
2011-06-17 10:55 . 2011-03-19 13:16 1417216 ----a-w- c:\windows\SysWow64\rapture3d_oal.dll
2011-06-17 10:55 . 2010-09-22 11:12 19087360 ----a-w- c:\windows\SysWow64\mkl_blueripple.dll
2011-06-17 10:54 . 2011-06-17 10:55 -------- d-----w- c:\program files (x86)\BRS
2011-06-15 11:55 . 2011-06-15 11:55 -------- d-sh--w- c:\programdata\DSS
2011-06-15 10:29 . 2011-04-25 05:33 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-06-15 10:29 . 2011-04-25 02:34 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-06-15 10:29 . 2011-04-27 02:40 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-06-15 10:29 . 2011-04-27 02:39 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-06-15 10:29 . 2011-04-27 02:39 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-06-15 10:28 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2011-06-15 10:28 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2011-06-15 10:28 . 2011-04-29 03:06 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-06-15 10:28 . 2011-04-29 03:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-06-15 10:28 . 2011-04-29 03:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-06-15 10:28 . 2011-02-25 06:22 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-06-15 10:28 . 2011-02-25 05:34 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-06-15 10:28 . 2011-05-03 05:29 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-06-15 10:28 . 2011-05-03 04:30 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-05-26 14:03 . 2011-05-26 14:09 -------- d-----w- c:\users\Biiagi\AppData\Roaming\GHISLER
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\UC.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\RAR.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKZIP.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\PKUNZIP.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\NOCLOSE.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\LHA.PIF
2011-05-26 14:03 . 2010-12-17 05:56 545 ----a-w- c:\windows\ARJ.PIF
2011-05-24 18:00 . 2011-04-22 22:15 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2011-05-21 10:42 . 2011-05-21 10:42 -------- d-----w- c:\program files (x86)\Atari
2011-05-19 13:14 . 2011-04-09 06:58 142336 ----a-w- c:\windows\system32\poqexec.exe
2011-05-19 13:14 . 2011-04-09 05:56 123904 ----a-w- c:\windows\SysWow64\poqexec.exe
2011-05-17 18:07 . 2011-07-16 14:12 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-17 17:05 . 2011-05-17 17:05 -------- d-----w- c:\program files (x86)\MSECache
2011-05-13 19:11 . 2011-05-13 19:11 641536 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VC\msdia80.dll
2011-05-11 14:18 . 2011-04-09 07:02 5562240 ----a-w- c:\windows\system32\ntoskrnl.exe
2011-05-11 14:18 . 2011-04-09 06:02 3967872 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2011-05-11 14:18 . 2011-04-09 06:02 3912576 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2011-05-11 14:18 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-05-11 14:18 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-05-11 14:18 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-05-11 14:18 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-05-11 14:18 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-05-11 14:18 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-05-11 14:18 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-05-07 17:54 . 1998-08-10 20:21 132096 ----a-w- c:\windows\SysWow64\eaexec.exe
2011-05-07 17:54 . 1998-08-10 20:20 24576 ----a-w- c:\windows\SysWow64\ealtest.exe
2011-05-03 18:44 . 2011-05-03 18:44 -------- d-----w- C:\UnInstall
2011-05-03 17:57 . 2011-05-03 17:57 -------- d-----w- c:\users\Biiagi\AppData\Local\Xara
2011-05-03 17:56 . 2011-05-03 17:56 -------- d-----w- c:\program files (x86)\Common Files\xara
2011-05-03 17:51 . 2011-05-03 17:58 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2011-05-03 16:05 . 2008-07-02 13:32 917504 ----a-w- c:\windows\SysWow64\MXRestore.exe
2011-05-03 16:05 . 2011-05-07 15:14 -------- d-----w- c:\programdata\MAGIX
2011-05-03 16:03 . 2007-04-27 08:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2011-05-03 15:01 . 2011-05-03 15:01 -------- d-----w- c:\programdata\Pinnacle
2011-05-03 15:00 . 2011-05-03 15:00 -------- d-----w- c:\users\Biiagi\AppData\Local\Downloaded Installations
2011-04-29 16:10 . 2011-04-29 16:10 -------- d-----w- c:\users\Biiagi\AppData\Local\CrashRpt
2011-04-25 16:19 . 2011-04-25 16:19 -------- d-----w- c:\users\Biiagi\AppData\Roaming\ATI
2011-04-25 16:19 . 2011-04-25 16:19 -------- d-----w- c:\users\Biiagi\AppData\Local\ATI
2011-04-25 16:19 . 2011-04-25 16:19 -------- d-----w- c:\programdata\ATI
2011-04-24 17:41 . 2011-07-08 11:19 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-04-19 02:47 . 2011-04-19 02:47 670032 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VC\msdia90.dll
2011-04-15 12:55 . 2011-02-24 06:15 476160 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2011-04-15 12:55 . 2011-02-24 05:38 288256 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2011-04-15 12:55 . 2011-03-11 06:34 1359872 ----a-w- c:\windows\system32\mfc42u.dll
2011-04-15 12:55 . 2011-03-11 06:34 1395712 ----a-w- c:\windows\system32\mfc42.dll
2011-04-15 12:55 . 2011-03-11 05:33 1164288 ----a-w- c:\windows\SysWow64\mfc42u.dll
2011-04-15 12:55 . 2011-03-11 05:33 1137664 ----a-w- c:\windows\SysWow64\mfc42.dll
2011-04-15 12:55 . 2011-02-19 12:03 46080 ----a-w- c:\windows\system32\atmlib.dll
2011-04-15 12:55 . 2011-02-19 09:00 367616 ----a-w- c:\windows\system32\atmfd.dll
2011-04-15 12:55 . 2011-02-19 06:30 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2011-04-15 12:55 . 2011-02-19 04:34 294912 ----a-w- c:\windows\SysWow64\atmfd.dll
2011-04-06 16:48 . 2011-04-06 16:48 33344 ----a-w- c:\windows\system32\drivers\hamachi.sys
2011-04-06 14:50 . 2011-04-06 14:50 -------- d-----w- c:\windows\system32\SPReview
2011-04-06 14:49 . 2011-04-06 14:50 -------- d-----w- c:\windows\system32\EventProviders
2011-04-05 19:36 . 2010-11-05 01:57 48976 ----a-w- c:\windows\system32\netfxperf.dll
2011-04-05 19:36 . 2010-11-05 01:57 1942856 ----a-w- c:\windows\system32\dfshim.dll
2011-04-05 19:36 . 2010-11-05 01:58 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2011-04-05 19:34 . 2010-11-20 13:27 695808 ----a-w- c:\windows\system32\wuapi.dll
2011-04-05 19:33 . 2010-11-20 13:33 14720 ----a-w- c:\windows\system32\drivers\hwpolicy.sys
2011-04-05 19:32 . 2010-11-20 13:02 7168 ----a-w- c:\windows\system32\KBDTURME.DLL
2011-04-05 19:29 . 2010-11-20 13:27 524288 ----a-w- c:\windows\system32\wmicmiplugin.dll
2011-04-05 19:29 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-04-05 19:29 . 2010-11-20 13:27 1225216 ----a-w- c:\windows\system32\wbem\wbemcore.dll
2011-04-05 19:28 . 2010-11-20 13:27 933376 ----a-w- c:\windows\system32\SmiEngine.dll
2011-04-05 19:28 . 2010-11-20 13:25 199168 ----a-w- c:\windows\system32\PkgMgr.exe
2011-04-05 19:28 . 2010-11-20 13:26 422912 ----a-w- c:\windows\system32\drvstore.dll
2011-04-05 19:28 . 2010-11-20 13:26 399872 ----a-w- c:\windows\system32\dpx.dll
2011-04-05 18:59 . 2011-04-05 19:11 -------- d-----w- C:\MaNGOS-Fun-Server-Repack-1.26
2011-04-02 21:06 . 2011-04-02 21:06 2560 ---h--r- c:\windows\_MSRSTRT.EXE
2011-03-31 19:37 . 2011-05-07 15:14 -------- d-----w- c:\users\Biiagi\AppData\Roaming\MAGIX
2011-03-31 19:09 . 2011-03-31 19:09 53248 ----a-w- c:\windows\SysWow64\acedrv05.dll
2011-03-31 19:09 . 2011-03-31 19:09 136192 ----a-w- c:\windows\system32\drivers\acedrv05.sys
2011-03-31 19:08 . 2003-04-18 14:29 44544 ----a-w- c:\windows\SysWow64\msxml4a.dll
2011-03-31 19:04 . 2011-05-03 17:57 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2011-03-31 19:02 . 2011-05-03 19:07 -------- d-----w- c:\windows\SysWow64\MAGIX
2011-03-31 19:02 . 2002-09-20 22:33 1089536 ----a-w- c:\windows\SysWow64\ROBOEX32.DLL
2011-03-31 19:02 . 1999-01-28 12:44 49152 ----a-w- c:\windows\SysWow64\INETWH32.dll
2011-03-31 19:02 . 1998-10-15 15:28 85504 ----a-w- c:\windows\SysWow64\HtmlWH.dll
2011-03-31 19:00 . 2009-05-29 14:00 872448 ----a-w- c:\windows\SysWow64\mgxoschk.dll
2011-03-23 15:13 . 2011-03-23 15:13 47104 ------w- c:\windows\AKDeInstall.exe
2011-03-20 10:54 . 2011-03-20 11:40 -------- d-----w- c:\users\Biiagi\AppData\Local\Rockstar Games
2011-03-20 10:52 . 2011-03-20 10:52 -------- d-----w- c:\users\Biiagi\AppData\Roaming\SecuROM
2011-03-20 10:50 . 2011-03-20 10:50 -------- d-----w- c:\windows\SysWow64\xlive
2011-03-20 10:50 . 2011-06-15 11:49 -------- d-----w- c:\program files (x86)\Microsoft Games for Windows - LIVE
2011-03-18 13:40 . 2011-07-04 11:36 600920 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-02-27 16:43 . 2011-02-27 16:43 -------- d-----w- c:\program files (x86)\MSXML 4.0
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Šablony
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Soubory cookie
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Poslední
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Okolní tiskárny
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Okolní síť
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Nabídka Start
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Dokumenty
2011-02-26 20:43 . 2011-02-26 20:43 -------- d-sh--we c:\windows\SysWow64\config\systemprofile\Data aplikací
2011-02-20 14:15 . 2011-02-20 14:20 -------- d-----w- c:\users\Biiagi\AppData\Local\TSVNCache
2011-02-20 14:13 . 2011-02-20 14:13 -------- d-----w- c:\users\Biiagi\AppData\Roaming\Subversion
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-08 11:19 . 2010-12-22 19:06 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-07-08 10:58 . 2010-12-22 19:06 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2011-06-17 10:54 . 2010-12-16 17:50 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-06-17 10:54 . 2010-12-10 19:26 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-06-15 12:38 . 2011-02-19 12:19 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2011-06-07 17:10 . 2011-07-19 09:11 8873296 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{549CD6A5-9730-4335-9738-ED894821E268}\mpengine.dll
2011-06-03 05:57 . 2011-07-13 07:40 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-07 16:16 . 2011-05-07 16:16 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-05-07 16:16 . 2011-05-07 16:16 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-04-30 16:12 . 2010-12-22 19:06 270240 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-04-06 15:00 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-04-06 15:00 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-03-10 14:11 . 2010-06-24 10:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2011-03-04 06:19 . 2011-04-28 14:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2011-03-04 06:19 . 2011-04-28 14:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2010-12-16 17:50 . 2010-12-16 17:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2010-12-16 17:50 . 2010-12-10 19:26 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2010-11-20 13:27 . 2011-04-05 19:34 340992 ----a-w- c:\windows\system32\srchadmin.dll
2010-11-20 13:27 . 2011-04-05 19:34 187904 ----a-w- c:\windows\system32\rpchttp.dll
2010-11-20 13:24 . 2011-04-05 19:34 777728 ----a-w- c:\windows\system32\autochk.exe
2010-11-20 12:21 . 2011-04-05 19:34 139264 ----a-w- c:\windows\SysWow64\rpchttp.dll
2010-11-20 12:18 . 2011-04-05 19:34 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2010-11-20 12:18 . 2011-04-05 19:34 2175488 ----a-w- c:\windows\apppatch\AcGenral.dll
2010-11-20 12:16 . 2011-04-05 19:34 668160 ----a-w- c:\windows\SysWow64\autochk.exe
2010-11-16 23:55 . 2010-11-16 23:55 349032 ----a-w- c:\windows\system32\hpinksts8911LM.dll
2010-11-16 23:55 . 2010-11-16 23:55 274792 ----a-w- c:\windows\system32\hpinkcoi8911.dll
2010-11-16 23:55 . 2010-11-16 23:55 2591080 ----a-w- c:\windows\system32\HPScanMiniDrv_DJ1050_J410.dll
2010-11-10 00:54 . 2010-11-10 00:54 49016 ----a-w- c:\windows\SysWow64\sirenacm.dll
2010-11-10 00:28 . 2010-11-10 00:28 301936 ----a-w- c:\windows\WLXPGSS.SCR
.
.
((((((((((((((((((((((((((((( SnapShot@2011-01-22_16.21.51 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-01-22 19:56 . 2011-01-22 19:56 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2011-01-22 15:46 . 2011-01-22 15:46 13330 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2010-09-11 11:52 . 2011-01-22 16:21 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-09-11 11:52 . 2011-01-22 19:53 32768 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-09-11 11:52 . 2011-01-22 16:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2010-09-11 11:52 . 2011-01-22 19:53 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-01-22 16:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-01-22 19:53 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-22 19:57 . 2011-01-22 19:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-22 15:46 . 2011-01-22 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-01-22 15:46 . 2011-01-22 15:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-01-22 19:57 . 2011-01-22 19:57 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 05:12 . 2011-01-22 15:56 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2011-01-22 19:53 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:01 . 2011-01-22 19:56 388856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-01-22 15:46 388856 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-21 15:35 . 2011-01-22 19:56 5175788 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2977914622-1951458849-799739759-1000-12288.dat
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-07-13 11:56 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408]
"DAEMON Tools Lite"="c:\programi\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264]
"EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584]
"EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920]
"Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-28 35696]
"BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272]
"WinampAgent"="c:\programi\Winamp\winampa.exe" [2010-12-07 74752]
"trustGTX14"="c:\programi\Trust\GXT14 Mouse\POINTERGHOST.exe" [2009-06-05 4833792]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Malwarebytes' Anti-Malware"="c:\programi\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\users\Biiagi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
hamachi.lnk - c:\programi\Hamachi\hamachi.exe [2011-4-6 625952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2010-02-28 821664]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 135664]
R2 MySQL5;MySQL5;c:\mangos\MySQL Server 5.1\bin\mysqld --defaults-file=c:\mangos\MySQL Server 5.1\my.ini MySQL5 [x]
R2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2009-12-02 483688]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BthAvrcp;Bluetooth AVRCP Profile;c:\windows\system32\DRIVERS\BthAvrcp.sys [x]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-07 135664]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\nmwcdx64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2010-07-13 332272]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [x]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [x]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104]
S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 KmGameMouseServiceV1;Game Mouse Communication And Update Service V1;c:\programi\Trust\GXT14 Mouse\GameMouseServiceApp.exe [2009-05-18 354816]
S2 MBAMService;MBAMService;c:\programi\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [x]
S3 KMWDFILTERV1;HIDUASServiceDesc;c:\windows\system32\DRIVERS\RPGMOUSEV1.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2009-12-02 209768]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2010-07-13 11:56 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2007-04-30 12:03 76368 ----a-w- c:\programi\Alwil Software\Avast4\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552]
"ETDWare"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Doplňkový sken -------
.
uStart Page = hxxp://www.centrum.cz/
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: WikiKomentáře Google... - c:\program files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_6CE5017F567343CA.dll/cmsidewiki.html
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: NameServer = 10.0.0.138
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/MaNGOS/Zaknology 3.3.5a Repack/Server 3.3.3a/Server/mysql/bin/mysqld.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySql]
"ImagePath"="C:/MaNGOS/Zaknology 3.3.5a Repack/Server 3.3.3a/Server/mysql/bin/mysqld.exe"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\MySQL5]
"ImagePath"="\"c:\mangos\MySQL Server 5.1\bin\mysqld\" --defaults-file=\"c:\mangos\MySQL Server 5.1\my.ini\" MySQL5"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_USERS\S-1-5-21-2977914622-1951458849-799739759-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2977914622-1951458849-799739759-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2977914622-1951458849-799739759-1000\Software\SecuROM\License information*]
"datasecu"=hex:83,b1,de,fc,f2,6a,6b,61,90,7e,2d,b6,21,42,05,c9,35,04,1a,5e,59,
1c,75,3e,f3,2f,c8,b5,31,22,54,18,e9,62,6d,0d,66,0b,ab,a8,3b,53,15,ea,38,54,\
"rkeysecu"=hex:29,23,be,84,e1,6c,d6,ae,52,90,49,f1,f1,bb,e9,eb
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
.
**************************************************************************
.
Celkový čas: 2011-01-22 21:04:06 - počítač byl restartován
ComboFix-quarantined-files.txt 2011-01-22 20:04
ComboFix2.txt 2011-01-22 16:24
.
Před spuštěním: Volných bajtů: 158 558 408 704
Po spuštění: Volných bajtů: 158 523 756 544
.
- - End Of File - - 92A23C0E4733A451B2D4A491C32F5087


A tady je odkaz

http://www.virustotal.com/file-scan/rep ... 1311361624

je to jen ten druhy soubor ten prvni jsem v system32 nenasla
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Vir

Příspěvekod Žbeky » 22 črc 2011 21:42

Odkryla sis skryté soubory?
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
werus
nováček
Příspěvky: 15
Registrován: červenec 11
Pohlaví: Nespecifikováno
Stav:
Offline

Re: Vir

Příspěvekod werus » 22 črc 2011 21:55

jo dala jsem ty moznosti slozek a soubour a zobrazovat skryte soubory,slozky a jednotky tak snad je to ono ale stejnak ten soubor nemuzu najit
Uz to asik mam :-D
Nahoru
Uživatelský avatar
Žbeky
Moderátor
Guru Level 13
Guru Level 13
Příspěvky: 22288
Registrován: květen 08
Bydliště: Vsetín - Pardubice
Pohlaví: Muž
Stav:
Offline

Re: Vir

Příspěvekod Žbeky » 22 črc 2011 21:57

Tak na VT klikni na to vložení souboru a cestu nevyklikávej, ale jen zkopíruj
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.

HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Nahoru
Odpovědět

Zpět na “Viry, antiviry, firewally…”

Kdo je online

Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 2 hosti