| | |
Autor | Správa |
---|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra |
Ani neviem ako, ale dnes mi vyskocila obrazovka o zablokovani PC. Netusim kde som to chytil. Ako to co najednoduchsie odstranime? Poradte nejaky program. Uz som myslel ze to mam hotove ale Spyhunter je plateny. Ten to nasiel.
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 | |
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 18:21 | |
|
Dal som obnovit system z bodu 5 hodin dozadu, mohlo by to pomoct?
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
rob radšej čo hovorim to je istejšie
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 18:34 | |
|
ok idem na to
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 18:46 | |
|
Kód: Logfile of random's system information tool 1.09 (written by random/random) Run by AK at 2012-12-15 18:36:51 Microsoft Windows 7 Ultimate Service Pack 1 System drive C: has 68 GB (69%) free of 99 GB Total RAM: 2702 MB (56% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default
prefs.js - "browser.startup.homepage" - "http://www.google.sk"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer] "Description"=Adobe® Flash® Player 11.5.502.135 Plugin "Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2] "Description"=Java™ Deployment Toolkit "Path"=C:\Windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2] "Description"=Oracle® Next Generation Java™ Plug-In "Path"=G:\java\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69] "Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In "Path"=G:\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69] "Description"=6.0.12.69 "Path"=G:\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=] "Description"= "Path"=
G:\Mozilla Firefox\extensions\ {972ce4c6-7e08-4474-a285-3208198ce6fd}
G:\Mozilla Firefox\components\ binary.manifest browsercomps.dll
G:\Mozilla Firefox\searchplugins\ atlas-sk.xml azet-sk.xml dunaj-sk.xml eBay.xml google.xml slovnik-sk.xml wikipedia-sk.xml zoznam-sk.xml
C:\Users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default\extensions\ {b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}] Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}] Java(tm) Plug-In SSV Helper - G:\java\bin\ssv.dll [2012-11-18 449512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}] Java(tm) Plug-In 2 SSV Helper - G:\java\bin\jp2ssv.dll [2012-11-18 155384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run] "RemoteControl9"=G:\PowerDVD9\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336] "PDVD9LanguageShortcut"=G:\PowerDVD9\PowerDVD9\Language\Language.exe [2009-04-27 50472] "BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-09-01 75048] "UVS11 Preload"=G:\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488] "Adobe Reader Speed Launcher"=G:\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760] "Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672] "WinampAgent"=G:\Winamp\winampa.exe [2012-06-28 74752] "NSNetMon_ajbjbbcbbdeibjed"=G:\NSNetMon\NetMon.exe [2012-08-29 32768] "USB3MON"=C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-03-27 291608] "IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-26 144664] "HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-26 180504] "Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-26 187672] "StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-29 636032] "AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml [] "SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2012-05-07 1433692] "egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 3117344] "WheelMouse"=C:\ADVANC~1\wh_exec.exe [2010-05-26 147456] "SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-03-08 2333968] "IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-02-29 56088] "SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848] "QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-17 288312]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"=G:\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872] "Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928] "Google Update"=C:\Users\AK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 116648] "Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui] C:\Windows\system32\igfxdev.dll [2012-03-26 325120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad] WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders] "SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System] "ConsentPromptBehaviorAdmin"=5 "ConsentPromptBehaviorUser"=3 "EnableUIADesktopToggle"=0 "dontdisplaylastusername"=0 "legalnoticecaption"= "legalnoticetext"= "shutdownwithoutlogon"=1 "undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32] "vidc.mrle"=msrle32.dll "vidc.msvc"=msvidc32.dll "msacm.imaadpcm"=imaadp32.acm "msacm.msg711"=msg711.acm "msacm.msgsm610"=msgsm32.acm "msacm.msadpcm"=msadp32.acm "midimapper"=midimap.dll "wavemapper"=msacm32.drv "VIDC.UYVY"=msyuv.dll "VIDC.YUY2"=msyuv.dll "VIDC.YVYU"=msyuv.dll "VIDC.IYUV"=iyuv_32.dll "vidc.i420"=iyuv_32.dll "VIDC.YVU9"=tsbyuv.dll "msacm.l3acm"=C:\Windows\System32\l3codeca.acm "vidc.cvid"=iccvid.dll "MSVideo8"=VfWWDM32.dll "VIDC.ACDV"=ACDV.dll "VIDC.FFDS"=ff_vfw.dll "msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm "msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm "msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm "wave1"=wdmaud.drv "midi1"=wdmaud.drv "mixer1"=wdmaud.drv "aux1"=wdmaud.drv "wave"=wdmaud.drv "midi"=wdmaud.drv "mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1 .js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-12-15 18:36:53 ----D---- C:\Program Files\trend micro 2012-12-15 18:36:51 ----D---- C:\rsit 2012-12-15 18:26:42 ----A---- C:\Windows\system32\drivers\TrueSight.sys 2012-12-15 14:52:24 ----D---- C:\Program Files\Rockstar Games 2012-12-14 11:49:23 ----D---- C:\Windows\Acronis 2012-11-23 20:32:08 ----D---- C:\ProgramData\Rockstar Games 2012-11-23 17:47:53 ----A---- C:\Windows\system32\xactengine3_7.dll 2012-11-23 17:47:52 ----A---- C:\Windows\system32\d3dx11_43.dll 2012-11-23 17:47:52 ----A---- C:\Windows\system32\d3dcsx_43.dll 2012-11-23 17:47:51 ----A---- C:\Windows\system32\d3dx10_43.dll 2012-11-23 17:47:50 ----A---- C:\Windows\system32\XAudio2_6.dll 2012-11-23 17:47:50 ----A---- C:\Windows\system32\XAPOFX1_4.dll 2012-11-23 17:47:50 ----A---- C:\Windows\system32\xactengine3_6.dll 2012-11-23 17:47:49 ----A---- C:\Windows\system32\XAudio2_5.dll 2012-11-23 17:47:49 ----A---- C:\Windows\system32\xactengine3_5.dll 2012-11-23 17:47:48 ----A---- C:\Windows\system32\D3DCompiler_42.dll 2012-11-23 17:47:45 ----A---- C:\Windows\system32\d3dx11_42.dll 2012-11-23 17:47:45 ----A---- C:\Windows\system32\d3dcsx_42.dll 2012-11-23 17:47:44 ----A---- C:\Windows\system32\D3DX9_42.dll 2012-11-23 17:47:40 ----A---- C:\Windows\system32\XAPOFX1_3.dll 2012-11-23 17:47:36 ----A---- C:\Windows\system32\XAudio2_3.dll 2012-11-23 17:47:36 ----A---- C:\Windows\system32\XAPOFX1_2.dll 2012-11-23 17:47:35 ----A---- C:\Windows\system32\xactengine3_3.dll 2012-11-23 17:47:35 ----A---- C:\Windows\system32\X3DAudio1_5.dll 2012-11-18 21:08:13 ----A---- C:\Windows\system32\drivers\HpqKbFiltr.sys 2012-11-18 21:08:12 ----A---- C:\Windows\system32\drivers\wdfcoinstaller01005.dll 2012-11-18 21:08:05 ----A---- C:\Windows\system32\BttnCmn.dll 2012-11-18 21:08:04 ----A---- C:\Windows\system32\BttnCmns.dll 2012-11-18 11:01:42 ----D---- C:\ProgramData\Sun 2012-11-18 11:01:42 ----D---- C:\Program Files\Common Files\Java 2012-11-18 11:01:36 ----A---- C:\Windows\system32\deployJava1.dll 2012-11-18 11:01:35 ----A---- C:\Windows\system32\npDeployJava1.dll 2012-11-18 11:01:35 ----A---- C:\Windows\system32\javaws.exe 2012-11-18 11:01:27 ----A---- C:\Windows\system32\WindowsAccessBridge.dll 2012-11-18 11:01:27 ----A---- C:\Windows\system32\javaw.exe 2012-11-18 11:01:27 ----A---- C:\Windows\system32\java.exe
======List of files/folders modified in the last 1 month======
2012-12-15 18:36:53 ----RD---- C:\Program Files 2012-12-15 18:36:50 ----D---- C:\Windows\Temp 2012-12-15 18:33:35 ----D---- C:\Windows\System32 2012-12-15 18:33:35 ----A---- C:\Windows\system32\PerfStringBackup.INI 2012-12-15 18:33:34 ----D---- C:\Windows\inf 2012-12-15 18:28:21 ----D---- C:\Windows\system32\Tasks 2012-12-15 18:26:42 ----D---- C:\Windows\system32\drivers 2012-12-15 18:23:13 ----D---- C:\Windows\system32\config 2012-12-15 18:15:08 ----D---- C:\Users\AK\AppData\Roaming\Skype 2012-12-15 18:14:04 ----HD---- C:\Program Files\InstallShield Installation Information 2012-12-15 18:13:54 ----SHD---- C:\System Volume Information 2012-12-15 18:13:36 ----D---- C:\ProgramData\Ubisoft 2012-12-15 18:11:01 ----D---- C:\Windows\system32\wfp 2012-12-15 18:10:59 ----D---- C:\Windows\system32\wbem 2012-12-15 18:10:59 ----D---- C:\Windows 2012-12-15 18:10:19 ----D---- C:\Windows\Tasks 2012-12-15 18:10:19 ----D---- C:\Windows\system32\drivers\etc 2012-12-15 18:10:18 ----D---- C:\Windows\system32\catroot2 2012-12-15 18:10:16 ----D---- C:\Users\AK\AppData\Roaming\uTorrent 2012-12-15 18:10:13 ----D---- C:\ProgramData\Spybot - Search & Destroy 2012-12-15 18:10:12 ----D---- C:\ProgramData\DAEMON Tools Lite 2012-12-15 18:10:06 ----D---- C:\Windows\registration 2012-12-15 18:10:03 ----RSD---- C:\Windows\assembly 2012-12-15 18:09:59 ----HD---- C:\ProgramData 2012-12-15 16:35:42 ----D---- C:\Windows\Prefetch 2012-12-13 11:01:04 ----D---- C:\Users\AK\AppData\Roaming\Adobe 2012-12-12 09:43:43 ----A---- C:\Windows\system32\FlashPlayerApp.exe 2012-12-08 16:51:31 ----D---- C:\Users\AK\AppData\Roaming\Audacity 2012-12-05 15:24:25 ----D---- C:\Users\AK\AppData\Roaming\Sports Interactive 2012-11-29 12:18:28 ----D---- C:\Windows\system32\NDF 2012-11-27 15:25:19 ----D---- C:\Windows\winsxs 2012-11-27 15:15:17 ----SHD---- C:\Windows\Installer 2012-11-18 21:08:49 ----D---- C:\Program Files\Hewlett-Packard 2012-11-18 21:08:20 ----D---- C:\Windows\system32\catroot 2012-11-18 21:08:19 ----D---- C:\Windows\system32\DriverStore 2012-11-18 21:07:38 ----D---- C:\Users\AK\AppData\Roaming\hpqLog 2012-11-18 19:15:30 ----D---- C:\Windows\system32\drivers\UMDF 2012-11-18 11:01:42 ----D---- C:\Program Files\Common Files 2012-11-16 14:17:47 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 22144] R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2012-08-29 76768] R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2012-02-01 470808] R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 15640] R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440] R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-08-29 170752] R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360] R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-19 388096] R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-29 242240] R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080] R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152] R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128] R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 103112] R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-29 9183744] R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-29 265216] R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2012-03-09 2877952] R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816] R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696] R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416] R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872] R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-02-28 92032] R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 280576] R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd32.sys [2012-03-26 13212672] R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 349976] R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 792856] R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2012-08-24 147768] R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536] R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-11-23 491112] R3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv.sys [2012-03-26 2862712] R3 STHDA;@%SystemRoot%\system32\stlang.dll,-10329; C:\Windows\system32\DRIVERS\stwrt.sys [2012-05-07 445952] R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-03-08 320272] R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 7424] S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704] S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720] S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888] S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216] S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368] S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872] S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632] S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-19 84992] S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304] S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032] S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [] S3 TrueSight;TrueSight; \??\C:\Windows\system32\drivers\TrueSight.sys [2012-12-15 14336] S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224] S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [] S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys [] S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328] S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736] S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920] S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336] S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-29 163328] R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376] R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168] R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992] R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-29 13592] R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816] R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-09-03 66872] R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2012-09-03 107832] R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis; G:\DiskDirector\OSS\reinstall_svc.exe [2011-12-12 2156952] R2 STacSV;@%SystemRoot%\system32\stlang.dll,-10129; C:\Program Files\IDT\WDM\STacSV.exe [2012-05-07 299090] R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408] R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-21 228656] S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944] S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808] S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992] S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\system32\IntelCpHeciSvc.exe [2012-03-26 276248] S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-08-29 654848] S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136] S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184] S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992] S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 18:57 | |
|
Kód: ComboFix 12-12-14.01 - AK . 12. 2012 18:50:43.1.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.2702.1378 [GMT 1:00] Running from: c:\users\AK\Desktop\ComboFix.exe AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\0tbpw.pad . . ((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 ))))))))))))))))))))))))))))))) . . 2012-12-15 17:55 . 2012-12-15 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- c:\program files\trend micro 2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- C:\rsit 2012-12-15 17:26 . 2012-12-15 17:26 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-12-15 13:52 . 2012-12-15 13:52 -------- d-----w- c:\program files\Rockstar Games 2012-12-14 10:49 . 2012-12-14 12:46 -------- d-----w- c:\windows\Acronis 2012-11-27 14:10 . 2012-11-27 14:10 -------- d-----w- c:\users\AK\AppData\Local\Focus Home Interactive 2012-11-23 19:32 . 2012-11-23 19:32 -------- d-----w- c:\programdata\Rockstar Games 2012-11-19 09:49 . 2012-11-19 09:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60ED83E2-ACB4-449B-8047-559505EA80CB}\offreg.dll 2012-11-18 20:08 . 2009-04-29 07:46 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys 2012-11-18 20:08 . 2006-11-02 06:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll 2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmn.dll 2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmns.dll 2012-11-18 10:01 . 2012-11-18 10:01 -------- d-----w- c:\program files\Common Files\Java 2012-11-18 10:01 . 2012-11-18 10:01 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-18 10:01 . 2012-11-18 10:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-18 10:01 . 2012-11-18 10:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 08:43 . 2012-08-30 09:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 08:43 . 2012-08-30 09:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DAEMON Tools Lite"="g:\daemon tools lite\DTLite.exe" [2012-04-17 3671872] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928] "Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "RemoteControl9"="g:\powerdvd9\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336] "PDVD9LanguageShortcut"="g:\powerdvd9\PowerDVD9\Language\Language.exe" [2009-04-27 50472] "BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048] "UVS11 Preload"="g:\ulead videostudio 11\uvPL.exe" [2007-03-03 341488] "Adobe Reader Speed Launcher"="g:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672] "WinampAgent"="g:\winamp\winampa.exe" [2012-06-28 74752] "NSNetMon_ajbjbbcbbdeibjed"="g:\nsnetmon\NetMon.exe" [2012-08-29 32768] "USB3MON"="c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 144664] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 180504] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 187672] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-05-07 1433692] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344] "WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-08 2333968] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x] S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x] S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x] S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv.sys [x] S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x] . . Contents of the 'Scheduled Tasks' folder . 2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 08:43] . 2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job - c:\users\AK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 20:28] . 2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job - c:\users\AK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 20:28] . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xportovať do programu Microsoft Excel - g:\micros~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.100.2 192.168.0.200 FF - ProfilePath - c:\users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk . Binary file temp00 matches . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.032" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.abr" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ani" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bay" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.bw" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cs1" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.cur" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcr" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dcx" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.dib" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djv" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.djvu" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.emf" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.eps" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.erf" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fff" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.fpx" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.hdr" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icl" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.icn" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iff" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ilbm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.int" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.inta" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.iw4" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2c" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.j2k" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jbr" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jfif" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jif" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jp2" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpc" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpk" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.jpx" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.kdc" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.lbm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mef" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.mos" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pbr" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pcd" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pct" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pgm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pic" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pict" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pix" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ppm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.psp" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspbrush" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.pspimage" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ras" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.raw" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgb" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rgba" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rle" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rsb" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.rw2" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sgi" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.sr2" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.thm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttc" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.ttf" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11o" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11p" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.v11pf" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.wbmp" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xbm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xif" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xmp" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] @Denied: (2) (LocalSystem) "Progid"="ACDSee Photo Manager 2009.xpm" . [HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\SecuROM\License information*] "datasecu"=hex:1f,30,1b,71,58,93,a5,c5,73,a0,2f,9c,c1,f2,dd,08,d8,54,ef,b1,4c, a5,ee,83,b0,8d,3d,3c,f6,66,1d,49,40,da,8c,18,3e,a7,02,12,07,d3,48,1b,93,6c,\ "rkeysecu"=hex:ba,30,5f,4e,79,c2,79,d2,bc,ce,16,f7,92,b6,5f,57 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-12-15 18:56:15 ComboFix-quarantined-files.txt 2012-12-15 17:56 . Pre-Run: 71 101 800 448 bytes free Post-Run: 70 952 693 760 bytes free . - - End Of File - - 9E2F65C10ACD4AAAD2450F5BF6ACFB18
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 19:00 | |
|
Zatial OK? Idem urobit tu kontrolu.
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
Stiahni si cfscript z http://www.ulozto.cz/xr9Ne4u/cfscript-txt ulož na plochu pretiahni cfscript cez combofix aplikuje sa script pošli log následne z combofixu keď vyskočí poznámkový blok.Nezabudni na log MBAM pošli mi ho .
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 22:27 | |
|
Kód: Malwarebytes Anti-Malware (Skúšobná verzia) 1.65.1.1000 www.malwarebytes.org
Verzia databázy: v2012.12.15.06
Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 AK :: AK-PC [administrátor]
Ochrana: Zapnuté
15. 12. 2012 19:01:13 mbam-log-2012-12-15 (22-18-48).txt
Typ kontroly: Úplná kontrola (C:\|D:\|F:\|G:\|I:\|J:\|M:\|) Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM Možnosti kontroly vypnuté: P2P Objektov kontrolovaných: 668916 Uplynutý čas: 3 hod, 13 min, 14 sek
Detegované služby pamäte: 0 (Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0 (Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0 (Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0 (Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0 (Škodlivé položky neboli zistené)
Detegované priečinky: 0 (Škodlivé položky neboli zistené)
Detegované súbory: 1 J:\Zaloha\Fast Stone Capture 6.5\setup\keymaker\keymaker.exe (Trojan.Agent.H) -> Žiadna úloha nevykonaná.
(koniec)
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 22:28 | |
|
MBAM robilo velmi dlho tak az teraz posielam. Naslo jedneho trojana ktoreho som dal odstranit.
Teraz idem na cfscript.
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 22:48 | |
|
Kód: ComboFix 12-12-14.01 - AK . 12. 2012 22:30:55.2.4 - x86 Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.2702.1491 [GMT 1:00] Running from: c:\users\AK\Desktop\ComboFix.exe Command switches used :: c:\users\AK\Desktop\cfscript.txt AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1} SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C} SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . FILE :: "c:\windows\tasks\Adobe Flash Player Updater.job" "c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job" "c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job" . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\AK\AppData\Local\Google\Update c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdate.exe c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateBroker.exe c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateSetup.exe c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdate.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_am.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ar.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_bg.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_bn.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ca.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_cs.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_da.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_de.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_el.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_en-GB.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_en.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_es-419.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_es.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_et.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fa.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fi.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fil.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fr.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_gu.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_hi.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_hr.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_hu.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_id.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_is.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_it.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_iw.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ja.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_kn.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ko.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_lt.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_lv.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ml.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_mr.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ms.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_nl.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_no.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_pl.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-BR.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-PT.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ro.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ru.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sk.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sl.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sr.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sv.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sw.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ta.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_te.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_th.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_tr.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_uk.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ur.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_vi.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-CN.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-TW.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\psmachine.dll c:\users\AK\AppData\Local\Google\Update\1.3.21.123\psuser.dll c:\users\AK\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe c:\users\AK\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_23.0.1271.95_chrome_updater.exe c:\users\AK\AppData\Local\Google\Update\GoogleUpdate.exe c:\windows\tasks\Adobe Flash Player Updater.job c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job G:\NSNetMon g:\nsnetmon\netmon.exe g:\nsnetmon\NetMon.ini g:\nsnetmon\uninstall-netmon.exe . . ((((((((((((((((((((((((((((((((((((((( Drivers/Services ))))))))))))))))))))))))))))))))))))))))))))))))) . . -------\Service_AdobeFlashPlayerUpdateSvc -------\Service_SkypeUpdate . . ((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 ))))))))))))))))))))))))))))))) . . 2012-12-15 21:35 . 2012-12-15 21:38 -------- d-----w- c:\users\AK\AppData\Local\temp 2012-12-15 21:35 . 2012-12-15 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-15 17:59 . 2012-12-15 17:59 -------- d-----w- c:\users\AK\AppData\Roaming\Malwarebytes 2012-12-15 17:59 . 2012-12-15 17:59 -------- d-----w- c:\programdata\Malwarebytes 2012-12-15 17:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- c:\program files\trend micro 2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- C:\rsit 2012-12-15 17:26 . 2012-12-15 17:26 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys 2012-12-15 13:52 . 2012-12-15 13:52 -------- d-----w- c:\program files\Rockstar Games 2012-12-14 10:49 . 2012-12-14 12:46 -------- d-----w- c:\windows\Acronis 2012-11-27 14:10 . 2012-11-27 14:10 -------- d-----w- c:\users\AK\AppData\Local\Focus Home Interactive 2012-11-23 19:32 . 2012-11-23 19:32 -------- d-----w- c:\programdata\Rockstar Games 2012-11-19 09:49 . 2012-11-19 09:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60ED83E2-ACB4-449B-8047-559505EA80CB}\offreg.dll 2012-11-18 20:08 . 2009-04-29 07:46 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys 2012-11-18 20:08 . 2006-11-02 06:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll 2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmn.dll 2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmns.dll 2012-11-18 10:01 . 2012-11-18 10:01 -------- d-----w- c:\program files\Common Files\Java 2012-11-18 10:01 . 2012-11-18 10:01 746984 ----a-w- c:\windows\system32\deployJava1.dll 2012-11-18 10:01 . 2012-11-18 10:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll 2012-11-18 10:01 . 2012-11-18 10:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 08:43 . 2012-08-30 09:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-12-12 08:43 . 2012-08-30 09:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe . . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X] "USB3MON"="c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 144664] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 180504] "Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 187672] "StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032] "SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-05-07 1433692] "egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344] "WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-08 2333968] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys] @="Driver" . R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x] R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x] S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [x] S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x] S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x] S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x] S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S2 MBAMService;MBAMService;g:\malwarebytes' anti-malware\mbamservice.exe [x] S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x] S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x] S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x] S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [x] S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys [x] S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv.sys [x] S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x] . . . ------- Supplementary Scan ------- . uInternet Settings,ProxyOverride = *.local IE: E&xportovať do programu Microsoft Excel - g:\micros~1\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.100.2 192.168.0.200 FF - ProfilePath - c:\users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default\ . - - - - ORPHANS REMOVED - - - - . AddRemove-NSNetMon - g:\nsnetmon\uninstall-netmon.exe . . Binary file temp00 matches . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- DLLs Loaded Under Running Processes --------------------- . - - - - - - - > 'Explorer.exe'(5876) c:\advanced wheel mouse\wh_hook.dll g:\winscp\DragExt.dll . ------------------------ Other Running Processes ------------------------ . c:\program files\IDT\WDM\STacSV.exe c:\windows\system32\atieclxx.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe c:\windows\system32\taskhost.exe g:\malwarebytes' anti-malware\mbamscheduler.exe c:\windows\system32\PnkBstrA.exe g:\malwarebytes' anti-malware\mbamgui.exe c:\windows\system32\PnkBstrB.exe g:\diskdirector\OSS\reinstall_svc.exe c:\windows\system32\conhost.exe c:\advanced wheel mouse\wh_exec.exe c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE c:\program files\Windows Media Player\wmpnetwk.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe c:\windows\system32\sppsvc.exe c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe . ************************************************************************** . Completion time: 2012-12-15 22:41:00 - machine was rebooted ComboFix-quarantined-files.txt 2012-12-15 21:41 ComboFix2.txt 2012-12-15 17:56 . Pre-Run: 70 361 931 776 bytes free Post-Run: 69 850 693 632 bytes free . - - End Of File - - 0BF8720BAF41E566D107C737B8130806
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 | |
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 10:13 | |
|
OK idem na to.
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 10:25 | |
|
Na toto som nejak zabudol: 1. premenuj combofix na Uninstall a spusť .
Idem defragmentovat, je to to problem? OTC zrejme zmazalo aj combofix.
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
dobre pokračuj ďalej to je v poriadku nezabudni použiť ccleaner
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 12:19 | |
|
Ccleaner uz prebehol, teraz defragmentuje. Staci urobit Cecko teda disk so systemom? Fragmetacia C: bola iba 8% co sa mi nezda vela.
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
aj nesystemove disky samozrejme
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 13:01 | |
|
OK tak to bude mozno aj na cely den
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
to preto že tam máš veľa fragmentov
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:16 | |
|
Tak ostatne disky prebehli ovela rychlejsie. Celkovo sa mi zda, ze je teraz notebook taky sviznejsie, ale mozno si to iba namyslam.
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
Inač mal si tam jedneho mailoveho červa na odosielanie spamu
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:20 | |
|
Zda sa ze sa vyznas tak sa opytam este nieco... K mojmu novemu notebooku je vela ovladacov a utilit, je potrebne nainstalovat vsetky? Vid.: Kód: http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=5229457&prodTypeId=321957&prodSeriesId=5229455&swLang=13&taskId=135&swEnvOID=4053 Tie hlavne som samozrejme nainstaloval no viac 70% z toho zoznamu nie.
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:22 | |
|
Zrejme myslim toho Trojan.Agent.H.
Ransomware tam nakoniec ale nebol, ze? Zrejme zabralo to obnovenie bodu.
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
ovládače je potrebne všetky nainštalovať stačí ak sa pozrieš do správcu zariadení .Tie programy niesu až tak potrebne zas neviem presne ktorá na čo slúži . Nie ja nemislim toho trojana ale červa ransomware trojan si tam už nemal
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:31 | |
|
No je pravda ze v spravcovi mam 3 nezname zariadenia. Jedno z nich je urcite zariadenie na otlacok prstu, to sa mi nepodarilo rozchodit.
OK takze ale uz je vsetko v poriadku, hej?
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
máš v tam nejaké vykričniky v spravcovy zariadení skušal si inštalovať zariadenie cez správcu zariadení alebo si si stiahol ovládač a nainštaloval Z viroveho hľadiska je to v poriadku
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 16:10 | |
|
Skusal som to instalovanim driverov z HP stranky.
|
|
Registrovaný: 09.05.11 Prihlásený: 20.12.18 Príspevky: 618 Témy: 2 |
tak to skus spraviť cez správcu zariadení
|
|
Registrovaný: 15.04.09 Prihlásený: 07.01.18 Príspevky: 157 Témy: 22 Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 18:36 | |
|
Nejde mi to ani tak, ale vsetko slape ako ma tak to asi nebude nic dolezite. Chcem ti podakovat za pomoc pri cisteni mojho systemu. Takych ludi ako ty tu nie je vela. Velka vdaka. Zelam vsetko dobre.
|
|
Podobné témy | Témy | Odpovede | Zobrazenia | Posledný príspevok |
---|
| Vydieračská reklama v prehliadačoch "ransomware" v Novinky | 1 | 829 | 31.07.2009 22:32 br4n0 | | trojan,ako ho odstranim?? v Antivíry a antispywary | 26 | 3425 | 09.08.2007 9:58 Rbot | | Ako odstranim ikonu z plochy? v Operačné systémy Microsoft | 4 | 504 | 05.09.2008 10:18 Gyrxiur | | Ako odstranim sum z repro ? v Zvuk | 13 | 2448 | 12.02.2010 20:59 OmeGa | | AKO odstranim vyber systemu pri boote v Operačné systémy Microsoft | 11 | 2102 | 28.11.2009 23:22 jackaninm | | Ako odstranim subor, ktory sa neda vymazat v Operačné systémy Microsoft | 6 | 6061 | 22.02.2010 14:39 Bluedragon12 | | ransomware djvut v Antivíry a antispywary | 2 | 2483 | 11.01.2019 21:42 stanoj | | POLICIA [ Choď na stránku: 1, 2 ] v Spoločnosť, politika, psychológia, filozofia, náboženstvo | 35 | 4995 | 14.09.2007 15:21 frasier | | Ransomware kradne poštu z webmailov v Novinky | 2 | 731 | 15.12.2006 8:51 JanoF | | Slovenska policia a pokuty [ Choď na stránku: 1, 2 ] v Spoločnosť, politika, psychológia, filozofia, náboženstvo | 44 | 2430 | 20.02.2008 14:08 zmija31 | | Kanadská polícia mieni tolerovať pirátov v Novinky | 2 | 389 | 14.11.2007 15:25 mimkork | | Polícia obvinila mladíka za zdieľanie filmov v Novinky | 11 | 852 | 13.07.2012 9:15 jtbs | | Polícii ransomware zašifroval súbory aj ich zálohy, musela zaplatiť výkupné v Bezpečnosť a firewally | 0 | 528 | 22.02.2015 12:54 tatko Tom | | Klavecnica - pokazené tlačítka "*" "Fn" "S" "L CTRL" v Externé zariadenia | 9 | 2871 | 04.12.2009 12:28 vigoss99 | | Francúzska polícia migruje z XP na Ubuntu v Novinky | 3 | 347 | 31.01.2008 21:10 yaJohny | | Policia zhabala server hysteria.sk - kvoli NBU v Novinky | 9 | 1175 | 25.07.2006 11:18 Wolf |
| Nemôžete zakladať nové témy v tomto fóre Nemôžete odpovedať na témy v tomto fóre Nemôžete upravovať svoje príspevky v tomto fóre Nemôžete mazať svoje príspevky v tomto fóre
|
|