 | | |
| Autor | Správa |
|---|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra |
Ani neviem ako, ale dnes mi vyskocila obrazovka o zablokovani PC. Netusim kde som to chytil.  Ako to co najednoduchsie odstranime? Poradte nejaky program. Uz som myslel ze to mam hotove ale Spyhunter je plateny. Ten to nasiel.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | |
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra |  Napísal autor témy chameleo: 15.12.2012 18:21 | |
|
Dal som obnovit system z bodu 5 hodin dozadu, mohlo by to pomoct?
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
rob radšej čo hovorim to je istejšie
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 18:34 | |
|
ok idem na to
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 18:46 | |
|
Kód: Logfile of random's system information tool 1.09 (written by random/random)
Run by AK at 2012-12-15 18:36:51
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 68 GB (69%) free of 99 GB
Total RAM: 2702 MB (56% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default
prefs.js - "browser.startup.homepage" - "http://www.google.sk"
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.135 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.9.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=G:\java\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69]
"Description"=RealPlayer(tm) LiveConnect-Enabled Plug-In
"Path"=G:\Magic Video Converter\codec\real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69]
"Description"=6.0.12.69
"Path"=G:\Magic Video Converter\codec\real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
G:\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
G:\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
G:\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default\extensions\
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - G:\java\bin\ssv.dll [2012-11-18 449512]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - G:\java\bin\jp2ssv.dll [2012-11-18 155384]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"=G:\PowerDVD9\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]
"PDVD9LanguageShortcut"=G:\PowerDVD9\PowerDVD9\Language\Language.exe [2009-04-27 50472]
"BDRegion"=C:\Program Files\Cyberlink\Shared Files\brs.exe [2009-09-01 75048]
"UVS11 Preload"=G:\Ulead VideoStudio 11\uvPL.exe [2007-03-03 341488]
"Adobe Reader Speed Launcher"=G:\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"WinampAgent"=G:\Winamp\winampa.exe [2012-06-28 74752]
"NSNetMon_ajbjbbcbbdeibjed"=G:\NSNetMon\NetMon.exe [2012-08-29 32768]
"USB3MON"=C:\Program Files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-03-27 291608]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2012-03-26 144664]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2012-03-26 180504]
"Persistence"=C:\Windows\system32\igfxpers.exe [2012-03-26 187672]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-03-29 636032]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files\AMD AVT\bin\kdbsync.exe aml []
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray.exe [2012-05-07 1433692]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 3117344]
"WheelMouse"=C:\ADVANC~1\wh_exec.exe [2010-05-26 147456]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-03-08 2333968]
"IAStorIcon"=C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe [2012-02-29 56088]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"QlbCtrl.exe"=C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2009-06-17 288312]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=G:\DAEMON Tools Lite\DTLite.exe [2012-04-17 3671872]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Google Update"=C:\Users\AK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 116648]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2012-03-26 325120]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"VIDC.ACDV"=ACDV.dll
"VIDC.FFDS"=ff_vfw.dll
"msacm.dvacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\Vio\Dvacm.acm
"msacm.MPEGacm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\MPEGacm.acm
"msacm.ulmp3acm"=C:\PROGRA~1\COMMON~1\ULEADS~1\MPEG\ulmp3acm.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-12-15 18:36:53 ----D---- C:\Program Files\trend micro
2012-12-15 18:36:51 ----D---- C:\rsit
2012-12-15 18:26:42 ----A---- C:\Windows\system32\drivers\TrueSight.sys
2012-12-15 14:52:24 ----D---- C:\Program Files\Rockstar Games
2012-12-14 11:49:23 ----D---- C:\Windows\Acronis
2012-11-23 20:32:08 ----D---- C:\ProgramData\Rockstar Games
2012-11-23 17:47:53 ----A---- C:\Windows\system32\xactengine3_7.dll
2012-11-23 17:47:52 ----A---- C:\Windows\system32\d3dx11_43.dll
2012-11-23 17:47:52 ----A---- C:\Windows\system32\d3dcsx_43.dll
2012-11-23 17:47:51 ----A---- C:\Windows\system32\d3dx10_43.dll
2012-11-23 17:47:50 ----A---- C:\Windows\system32\XAudio2_6.dll
2012-11-23 17:47:50 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2012-11-23 17:47:50 ----A---- C:\Windows\system32\xactengine3_6.dll
2012-11-23 17:47:49 ----A---- C:\Windows\system32\XAudio2_5.dll
2012-11-23 17:47:49 ----A---- C:\Windows\system32\xactengine3_5.dll
2012-11-23 17:47:48 ----A---- C:\Windows\system32\D3DCompiler_42.dll
2012-11-23 17:47:45 ----A---- C:\Windows\system32\d3dx11_42.dll
2012-11-23 17:47:45 ----A---- C:\Windows\system32\d3dcsx_42.dll
2012-11-23 17:47:44 ----A---- C:\Windows\system32\D3DX9_42.dll
2012-11-23 17:47:40 ----A---- C:\Windows\system32\XAPOFX1_3.dll
2012-11-23 17:47:36 ----A---- C:\Windows\system32\XAudio2_3.dll
2012-11-23 17:47:36 ----A---- C:\Windows\system32\XAPOFX1_2.dll
2012-11-23 17:47:35 ----A---- C:\Windows\system32\xactengine3_3.dll
2012-11-23 17:47:35 ----A---- C:\Windows\system32\X3DAudio1_5.dll
2012-11-18 21:08:13 ----A---- C:\Windows\system32\drivers\HpqKbFiltr.sys
2012-11-18 21:08:12 ----A---- C:\Windows\system32\drivers\wdfcoinstaller01005.dll
2012-11-18 21:08:05 ----A---- C:\Windows\system32\BttnCmn.dll
2012-11-18 21:08:04 ----A---- C:\Windows\system32\BttnCmns.dll
2012-11-18 11:01:42 ----D---- C:\ProgramData\Sun
2012-11-18 11:01:42 ----D---- C:\Program Files\Common Files\Java
2012-11-18 11:01:36 ----A---- C:\Windows\system32\deployJava1.dll
2012-11-18 11:01:35 ----A---- C:\Windows\system32\npDeployJava1.dll
2012-11-18 11:01:35 ----A---- C:\Windows\system32\javaws.exe
2012-11-18 11:01:27 ----A---- C:\Windows\system32\WindowsAccessBridge.dll
2012-11-18 11:01:27 ----A---- C:\Windows\system32\javaw.exe
2012-11-18 11:01:27 ----A---- C:\Windows\system32\java.exe
======List of files/folders modified in the last 1 month======
2012-12-15 18:36:53 ----RD---- C:\Program Files
2012-12-15 18:36:50 ----D---- C:\Windows\Temp
2012-12-15 18:33:35 ----D---- C:\Windows\System32
2012-12-15 18:33:35 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-12-15 18:33:34 ----D---- C:\Windows\inf
2012-12-15 18:28:21 ----D---- C:\Windows\system32\Tasks
2012-12-15 18:26:42 ----D---- C:\Windows\system32\drivers
2012-12-15 18:23:13 ----D---- C:\Windows\system32\config
2012-12-15 18:15:08 ----D---- C:\Users\AK\AppData\Roaming\Skype
2012-12-15 18:14:04 ----HD---- C:\Program Files\InstallShield Installation Information
2012-12-15 18:13:54 ----SHD---- C:\System Volume Information
2012-12-15 18:13:36 ----D---- C:\ProgramData\Ubisoft
2012-12-15 18:11:01 ----D---- C:\Windows\system32\wfp
2012-12-15 18:10:59 ----D---- C:\Windows\system32\wbem
2012-12-15 18:10:59 ----D---- C:\Windows
2012-12-15 18:10:19 ----D---- C:\Windows\Tasks
2012-12-15 18:10:19 ----D---- C:\Windows\system32\drivers\etc
2012-12-15 18:10:18 ----D---- C:\Windows\system32\catroot2
2012-12-15 18:10:16 ----D---- C:\Users\AK\AppData\Roaming\uTorrent
2012-12-15 18:10:13 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-12-15 18:10:12 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-12-15 18:10:06 ----D---- C:\Windows\registration
2012-12-15 18:10:03 ----RSD---- C:\Windows\assembly
2012-12-15 18:09:59 ----HD---- C:\ProgramData
2012-12-15 16:35:42 ----D---- C:\Windows\Prefetch
2012-12-13 11:01:04 ----D---- C:\Users\AK\AppData\Roaming\Adobe
2012-12-12 09:43:43 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-12-08 16:51:31 ----D---- C:\Users\AK\AppData\Roaming\Audacity
2012-12-05 15:24:25 ----D---- C:\Users\AK\AppData\Roaming\Sports Interactive
2012-11-29 12:18:28 ----D---- C:\Windows\system32\NDF
2012-11-27 15:25:19 ----D---- C:\Windows\winsxs
2012-11-27 15:15:17 ----SHD---- C:\Windows\Installer
2012-11-18 21:08:49 ----D---- C:\Program Files\Hewlett-Packard
2012-11-18 21:08:20 ----D---- C:\Windows\system32\catroot
2012-11-18 21:08:19 ----D---- C:\Windows\system32\DriverStore
2012-11-18 21:07:38 ----D---- C:\Users\AK\AppData\Roaming\hpqLog
2012-11-18 19:15:30 ----D---- C:\Windows\system32\drivers\UMDF
2012-11-18 11:01:42 ----D---- C:\Program Files\Common Files
2012-11-16 14:17:47 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 amdkmpfd;AMD PCI Root Bus Lower Filter; C:\Windows\system32\DRIVERS\amdkmpfd.sys [2012-03-20 22144]
R0 fltsrv;Acronis Storage Filter Management; C:\Windows\system32\DRIVERS\fltsrv.sys [2012-08-29 76768]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2012-02-01 470808]
R0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-03-27 15640]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-08-29 170752]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 175360]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-19 388096]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-29 242240]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 103112]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-03-29 9183744]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-03-29 265216]
R3 athr;Qualcomm Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2012-03-09 2877952]
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2010-11-20 60416]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
R3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\Windows\system32\DRIVERS\ewusbmdm.sys [2007-02-28 92032]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2011-12-06 280576]
R3 intelkmd;intelkmd; C:\Windows\system32\DRIVERS\igdpmd32.sys [2012-03-26 13212672]
R3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0; C:\Windows\system32\DRIVERS\iusb3hub.sys [2012-03-27 349976]
R3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible; C:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-03-27 792856]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2012-08-24 147768]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt86win7.sys [2011-11-23 491112]
R3 SPUVCbv;SPUVCb Driver Service; C:\Windows\System32\Drivers\SPUVCbv.sys [2012-03-26 2862712]
R3 STHDA;@%SystemRoot%\system32\stlang.dll,-10329; C:\Windows\system32\DRIVERS\stwrt.sys [2012-05-07 445952]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2012-03-08 320272]
R3 whfltr2k;WheelMouse USB Lower Filter Driver; C:\Windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 7424]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2010-11-20 393216]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 15872]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-19 84992]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TrueSight;TrueSight; \??\C:\Windows\system32\drivers\TrueSight.sys [2012-12-15 14336]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 17920]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-03-29 163328]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 Capture Device Service;Capture Device Service; C:\Program Files\Common Files\InterVideo\DeviceService\DevSvc.exe [2007-03-06 198168]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-03-07 913144]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-29 13592]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-06-22 625816]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-09-03 66872]
R2 PnkBstrB;PnkBstrB; C:\Windows\system32\PnkBstrB.exe [2012-09-03 107832]
R2 Správce výběru OS;Aktivátor Správce výběru OS Acronis; G:\DiskDirector\OSS\reinstall_svc.exe [2011-12-12 2156952]
R2 STacSV;@%SystemRoot%\system32\stlang.dll,-10129; C:\Program Files\IDT\WDM\STacSV.exe [2012-05-07 299090]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
R3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2008-10-21 228656]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-12 250808]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 cphs;Intel(R) Content Protection HECI Service; C:\Windows\system32\IntelCpHeciSvc.exe [2012-03-26 276248]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-08-29 654848]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 18:57 | |
|
Kód: ComboFix 12-12-14.01 - AK . 12. 2012 18:50:43.1.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.2702.1378 [GMT 1:00]
Running from: c:\users\AK\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\0tbpw.pad
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 17:55 . 2012-12-15 17:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- c:\program files\trend micro
2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- C:\rsit
2012-12-15 17:26 . 2012-12-15 17:26 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-12-15 13:52 . 2012-12-15 13:52 -------- d-----w- c:\program files\Rockstar Games
2012-12-14 10:49 . 2012-12-14 12:46 -------- d-----w- c:\windows\Acronis
2012-11-27 14:10 . 2012-11-27 14:10 -------- d-----w- c:\users\AK\AppData\Local\Focus Home Interactive
2012-11-23 19:32 . 2012-11-23 19:32 -------- d-----w- c:\programdata\Rockstar Games
2012-11-19 09:49 . 2012-11-19 09:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60ED83E2-ACB4-449B-8047-559505EA80CB}\offreg.dll
2012-11-18 20:08 . 2009-04-29 07:46 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2012-11-18 20:08 . 2006-11-02 06:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmn.dll
2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2012-11-18 10:01 . 2012-11-18 10:01 -------- d-----w- c:\program files\Common Files\Java
2012-11-18 10:01 . 2012-11-18 10:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-18 10:01 . 2012-11-18 10:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-18 10:01 . 2012-11-18 10:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 08:43 . 2012-08-30 09:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 08:43 . 2012-08-30 09:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="g:\daemon tools lite\DTLite.exe" [2012-04-17 3671872]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"RemoteControl9"="g:\powerdvd9\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="g:\powerdvd9\PowerDVD9\Language\Language.exe" [2009-04-27 50472]
"BDRegion"="c:\program files\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"UVS11 Preload"="g:\ulead videostudio 11\uvPL.exe" [2007-03-03 341488]
"Adobe Reader Speed Launcher"="g:\adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-21 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]
"WinampAgent"="g:\winamp\winampa.exe" [2012-06-28 74752]
"NSNetMon_ajbjbbcbbdeibjed"="g:\nsnetmon\NetMon.exe" [2012-08-29 32768]
"USB3MON"="c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 187672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-05-07 1433692]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-08 2333968]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-06-17 288312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-12-15 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-30 08:43]
.
2012-12-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job
- c:\users\AK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 20:28]
.
2012-12-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job
- c:\users\AK\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-08 20:28]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - g:\micros~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.2 192.168.0.200
FF - ProfilePath - c:\users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk
.
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.032"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.abr"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ani"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bay"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.bw"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cs1"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.cur"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcr"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dcx"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.dib"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djv"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.djvu"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.emf"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.eps"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.erf"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fff"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.fpx"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.hdr"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icl"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.icn"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iff"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ilbm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.int"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.inta"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.iw4"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2c"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.j2k"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jbr"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jfif"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jif"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jp2"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpc"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpk"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.jpx"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.kdc"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.lbm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mef"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.mos"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pbr"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pcd"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pct"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pgm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pic"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pict"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pix"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ppm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.psp"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspbrush"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.pspimage"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ras"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.raw"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgb"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rgba"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rle"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rsb"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.rw2"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sgi"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.sr2"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.thm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttc"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.ttf"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11o\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11o"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11p\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11p"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v11pf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.v11pf"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.wbmp"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xbm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xif"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xmp"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 2009.xpm"
.
[HKEY_USERS\S-1-5-21-1825509883-2854182527-2505073359-1000\Software\SecuROM\License information*]
"datasecu"=hex:1f,30,1b,71,58,93,a5,c5,73,a0,2f,9c,c1,f2,dd,08,d8,54,ef,b1,4c,
a5,ee,83,b0,8d,3d,3c,f6,66,1d,49,40,da,8c,18,3e,a7,02,12,07,d3,48,1b,93,6c,\
"rkeysecu"=hex:ba,30,5f,4e,79,c2,79,d2,bc,ce,16,f7,92,b6,5f,57
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-12-15 18:56:15
ComboFix-quarantined-files.txt 2012-12-15 17:56
.
Pre-Run: 71 101 800 448 bytes free
Post-Run: 70 952 693 760 bytes free
.
- - End Of File - - 9E2F65C10ACD4AAAD2450F5BF6ACFB18
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 19:00 | |
|
Zatial OK? Idem urobit tu kontrolu.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
Stiahni si cfscript z http://www.ulozto.cz/xr9Ne4u/cfscript-txt ulož na plochu pretiahni cfscript cez combofix aplikuje sa script pošli log následne z combofixu keď vyskočí poznámkový blok.Nezabudni na log MBAM pošli mi ho .
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 22:27 | |
|
Kód: Malwarebytes Anti-Malware (Skúšobná verzia) 1.65.1.1000
www.malwarebytes.org
Verzia databázy: v2012.12.15.06
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 8.0.7601.17514
AK :: AK-PC [administrátor]
Ochrana: Zapnuté
15. 12. 2012 19:01:13
mbam-log-2012-12-15 (22-18-48).txt
Typ kontroly: Úplná kontrola (C:\|D:\|F:\|G:\|I:\|J:\|M:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 668916
Uplynutý čas: 3 hod, 13 min, 14 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 1
J:\Zaloha\Fast Stone Capture 6.5\setup\keymaker\keymaker.exe (Trojan.Agent.H) -> Žiadna úloha nevykonaná.
(koniec)
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 22:28 | |
|
MBAM robilo velmi dlho tak az teraz posielam. Naslo jedneho trojana ktoreho som dal odstranit.
Teraz idem na cfscript.
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 15.12.2012 22:48 | |
|
Kód: ComboFix 12-12-14.01 - AK . 12. 2012 22:30:55.2.4 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.2702.1491 [GMT 1:00]
Running from: c:\users\AK\Desktop\ComboFix.exe
Command switches used :: c:\users\AK\Desktop\cfscript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\tasks\Adobe Flash Player Updater.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\AK\AppData\Local\Google\Update
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler.exe
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleCrashHandler64.exe
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdate.exe
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateBroker.exe
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateHelper.msi
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateOnDemand.exe
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\GoogleUpdateSetup.exe
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdate.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_am.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ar.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_bg.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_bn.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ca.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_cs.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_da.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_de.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_el.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_en-GB.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_en.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_es-419.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_es.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_et.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fa.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fi.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fil.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_fr.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_gu.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_hi.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_hr.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_hu.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_id.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_is.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_it.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_iw.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ja.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_kn.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ko.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_lt.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_lv.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ml.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_mr.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ms.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_nl.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_no.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_pl.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-BR.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_pt-PT.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ro.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ru.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sk.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sl.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sr.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sv.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_sw.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ta.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_te.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_th.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_tr.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_uk.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_ur.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_vi.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-CN.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\goopdateres_zh-TW.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\psmachine.dll
c:\users\AK\AppData\Local\Google\Update\1.3.21.123\psuser.dll
c:\users\AK\AppData\Local\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.125\GoogleUpdateB6998767.exe
c:\users\AK\AppData\Local\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\23.0.1271.97\23.0.1271.97_23.0.1271.95_chrome_updater.exe
c:\users\AK\AppData\Local\Google\Update\GoogleUpdate.exe
c:\windows\tasks\Adobe Flash Player Updater.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1825509883-2854182527-2505073359-1000UA.job
G:\NSNetMon
g:\nsnetmon\netmon.exe
g:\nsnetmon\NetMon.ini
g:\nsnetmon\uninstall-netmon.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_AdobeFlashPlayerUpdateSvc
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-11-15 to 2012-12-15 )))))))))))))))))))))))))))))))
.
.
2012-12-15 21:35 . 2012-12-15 21:38 -------- d-----w- c:\users\AK\AppData\Local\temp
2012-12-15 21:35 . 2012-12-15 21:35 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-15 17:59 . 2012-12-15 17:59 -------- d-----w- c:\users\AK\AppData\Roaming\Malwarebytes
2012-12-15 17:59 . 2012-12-15 17:59 -------- d-----w- c:\programdata\Malwarebytes
2012-12-15 17:59 . 2012-09-29 18:54 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- c:\program files\trend micro
2012-12-15 17:36 . 2012-12-15 17:37 -------- d-----w- C:\rsit
2012-12-15 17:26 . 2012-12-15 17:26 14336 ----a-w- c:\windows\system32\drivers\TrueSight.sys
2012-12-15 13:52 . 2012-12-15 13:52 -------- d-----w- c:\program files\Rockstar Games
2012-12-14 10:49 . 2012-12-14 12:46 -------- d-----w- c:\windows\Acronis
2012-11-27 14:10 . 2012-11-27 14:10 -------- d-----w- c:\users\AK\AppData\Local\Focus Home Interactive
2012-11-23 19:32 . 2012-11-23 19:32 -------- d-----w- c:\programdata\Rockstar Games
2012-11-19 09:49 . 2012-11-19 09:49 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{60ED83E2-ACB4-449B-8047-559505EA80CB}\offreg.dll
2012-11-18 20:08 . 2009-04-29 07:46 15872 ----a-w- c:\windows\system32\drivers\HpqKbFiltr.sys
2012-11-18 20:08 . 2006-11-02 06:09 1419232 ----a-w- c:\windows\system32\drivers\wdfcoinstaller01005.dll
2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmn.dll
2012-11-18 20:08 . 2008-09-08 13:31 1885488 ----a-w- c:\windows\system32\BttnCmns.dll
2012-11-18 10:01 . 2012-11-18 10:01 -------- d-----w- c:\program files\Common Files\Java
2012-11-18 10:01 . 2012-11-18 10:01 746984 ----a-w- c:\windows\system32\deployJava1.dll
2012-11-18 10:01 . 2012-11-18 10:01 821736 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-11-18 10:01 . 2012-11-18 10:01 93672 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 08:43 . 2012-08-30 09:46 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-12 08:43 . 2012-08-30 09:46 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"USB3MON"="c:\program files\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-03-26 144664]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-03-26 180504]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-03-26 187672]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-29 636032]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2012-05-07 1433692]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 3117344]
"WheelMouse"="c:\advanc~1\wh_exec.exe" [2010-05-26 147456]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2012-03-08 2333968]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
S0 amdkmpfd;AMD PCI Root Bus Lower Filter;c:\windows\system32\DRIVERS\amdkmpfd.sys [x]
S0 fltsrv;Acronis Storage Filter Management;c:\windows\system32\DRIVERS\fltsrv.sys [x]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 MBAMService;MBAMService;g:\malwarebytes' anti-malware\mbamservice.exe [x]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd32.sys [x]
S3 iusb3hub;Ovládač rozbočovača Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovládač hostiteľského radiča Intel(R) USB 3.0 eXtensible;c:\windows\system32\DRIVERS\iusb3xhc.sys [x]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
S3 SPUVCbv;SPUVCb Driver Service;c:\windows\system32\Drivers\SPUVCbv.sys [x]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [x]
.
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - g:\micros~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.2 192.168.0.200
FF - ProfilePath - c:\users\AK\AppData\Roaming\Mozilla\Firefox\Profiles\vta23p9f.default\
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-NSNetMon - g:\nsnetmon\uninstall-netmon.exe
.
.
Binary file temp00 matches
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5876)
c:\advanced wheel mouse\wh_hook.dll
g:\winscp\DragExt.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\IDT\WDM\STacSV.exe
c:\windows\system32\atieclxx.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\InterVideo\DeviceService\DevSvc.exe
c:\windows\system32\taskhost.exe
g:\malwarebytes' anti-malware\mbamscheduler.exe
c:\windows\system32\PnkBstrA.exe
g:\malwarebytes' anti-malware\mbamgui.exe
c:\windows\system32\PnkBstrB.exe
g:\diskdirector\OSS\reinstall_svc.exe
c:\windows\system32\conhost.exe
c:\advanced wheel mouse\wh_exec.exe
c:\program files\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\windows\system32\sppsvc.exe
c:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
.
**************************************************************************
.
Completion time: 2012-12-15 22:41:00 - machine was rebooted
ComboFix-quarantined-files.txt 2012-12-15 21:41
ComboFix2.txt 2012-12-15 17:56
.
Pre-Run: 70 361 931 776 bytes free
Post-Run: 69 850 693 632 bytes free
.
- - End Of File - - 0BF8720BAF41E566D107C737B8130806
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 | |
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 10:13 | |
|
OK idem na to. 
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 10:25 | |
|
Na toto som nejak zabudol:
1. premenuj combofix na Uninstall a spusť .
Idem defragmentovat, je to to problem? OTC zrejme zmazalo aj combofix.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
dobre pokračuj ďalej to je v poriadku nezabudni použiť ccleaner
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 12:19 | |
|
Ccleaner uz prebehol, teraz defragmentuje. Staci urobit Cecko teda disk so systemom? Fragmetacia C: bola iba 8% co sa mi nezda vela.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
aj nesystemove disky samozrejme
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 13:01 | |
|
OK tak to bude mozno aj na cely den
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
to preto že tam máš veľa fragmentov
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:16 | |
|
Tak ostatne disky prebehli ovela rychlejsie. Celkovo sa mi zda, ze je teraz notebook taky sviznejsie, ale mozno si to iba namyslam.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
Inač mal si tam jedneho mailoveho červa na odosielanie spamu
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:20 | |
|
Zda sa ze sa vyznas tak sa opytam este nieco... K mojmu novemu notebooku je vela ovladacov a utilit, je potrebne nainstalovat vsetky? Vid.: Kód: http://h20000.www2.hp.com/bizsupport/TechSupport/SoftwareIndex.jsp?lang=en&cc=us&prodNameId=5229457&prodTypeId=321957&prodSeriesId=5229455&swLang=13&taskId=135&swEnvOID=4053 Tie hlavne som samozrejme nainstaloval no viac 70% z toho zoznamu nie.
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:22 | |
|
Zrejme myslim toho Trojan.Agent.H.
Ransomware tam nakoniec ale nebol, ze? Zrejme zabralo to obnovenie bodu.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
ovládače je potrebne všetky nainštalovať stačí ak sa pozrieš do správcu zariadení .Tie programy niesu až tak potrebne zas neviem presne ktorá na čo slúži .
Nie ja nemislim toho trojana ale červa ransomware trojan si tam už nemal
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 14:31 | |
|
No je pravda ze v spravcovi mam 3 nezname zariadenia. Jedno z nich je urcite zariadenie na otlacok prstu, to sa mi nepodarilo rozchodit.
OK takze ale uz je vsetko v poriadku, hej?
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
máš v tam nejaké vykričniky v spravcovy zariadení skušal si inštalovať zariadenie cez správcu zariadení alebo si si stiahol ovládač a nainštaloval Z viroveho hľadiska je to v poriadku
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 16:10 | |
|
Skusal som to instalovanim driverov z HP stranky.
|
|
Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2 |
tak to skus spraviť cez správcu zariadení
|
|
Registrovaný: 15.04.09
Prihlásený: 07.01.18
Príspevky: 157
Témy: 22
Bydlisko: Nitra | Napísal autor témy chameleo: 16.12.2012 18:36 | |
|
Nejde mi to ani tak, ale vsetko slape ako ma tak to asi nebude nic dolezite. Chcem ti podakovat za pomoc pri cisteni mojho systemu. Takych ludi ako ty tu nie je vela. Velka vdaka. Zelam vsetko dobre.
|
|
Podobné témy | | Témy | Odpovede | Zobrazenia | Posledný príspevok |
|---|
 | Vydieračská reklama v prehliadačoch "ransomware" v Novinky | 1 | 829 | 31.07.2009 22:32 br4n0  |  | trojan,ako ho odstranim?? v Antivíry a antispywary | 26 | 3420 | 09.08.2007 9:58 Rbot | | Ako odstranim sum z repro ? v Zvuk | 13 | 2443 | 12.02.2010 20:59 OmeGa | | Ako odstranim ikonu z plochy? v Operačné systémy Microsoft | 4 | 502 | 05.09.2008 10:18 Gyrxiur | | AKO odstranim vyber systemu pri boote v Operačné systémy Microsoft | 11 | 2101 | 28.11.2009 23:22 jackaninm | | Ako odstranim subor, ktory sa neda vymazat v Operačné systémy Microsoft | 6 | 6050 | 22.02.2010 14:39 Bluedragon12 | | ransomware djvut v Antivíry a antispywary | 2 | 2470 | 11.01.2019 21:42 stanoj |  | POLICIA [ Choď na stránku: 1, 2 ] v Spoločnosť, politika, psychológia, filozofia, náboženstvo | 35 | 4992 | 14.09.2007 15:21 frasier | | Ransomware kradne poštu z webmailov v Novinky | 2 | 730 | 15.12.2006 8:51 JanoF | | Slovenska policia a pokuty [ Choď na stránku: 1, 2 ] v Spoločnosť, politika, psychológia, filozofia, náboženstvo | 44 | 2428 | 20.02.2008 14:08 zmija31 | | Kanadská polícia mieni tolerovať pirátov v Novinky | 2 | 387 | 14.11.2007 15:25 mimkork | | Polícia obvinila mladíka za zdieľanie filmov v Novinky | 11 | 850 | 13.07.2012 9:15 jtbs | | Polícii ransomware zašifroval súbory aj ich zálohy, musela zaplatiť výkupné v Bezpečnosť a firewally | 0 | 527 | 22.02.2015 12:54 tatko Tom | | Klavecnica - pokazené tlačítka "*" "Fn" "S" "L CTRL" v Externé zariadenia | 9 | 2864 | 04.12.2009 12:28 vigoss99 | | Číňania napadli slovenských aktivistov, polícia sa prizerala v Spoločnosť, politika, psychológia, filozofia, náboženstvo | 15 | 1315 | 28.06.2009 22:25 Triminka | | Francúzska polícia migruje z XP na Ubuntu v Novinky | 3 | 344 | 31.01.2008 21:10 yaJohny |
| Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre
|
|
