Ahoj,
dnes som na notebooku mojich rodicov kupil ESET Smart security a po prvej kontrole mi nonstop vyhadzuje hlasku ze sa nasiel trojsky kon (goqi.exe - variant infiltracie Win32/Kryptik.ATDB trojsky kon) a ze bol ulozeny do karanteny, no neviem ho nijakym sposobom odstranit.
Vopred dakujem za pomoc pri rieseni problemu.
LOG z RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Erika at 2013-06-06 13:09:20
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 56 GB (47%) free of 119 GB
Total RAM: 4095 MB (61% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:09:32, on 6. 6. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
C:\Windows\SysWOW64\svchost.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe
C:\Program Files\trend micro\Erika.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: ::1 localhost
O1 - Hosts: ::1 servserv.generals.ea.com
O1 - Hosts: ::1 mangler1.generals.ea.com
O1 - Hosts: ::1 mangler2.generals.ea.com
O1 - Hosts: ::1 mangler3.generals.ea.com
O1 - Hosts: ::1 mangler4.generals.ea.com127.0.0.1 activate.adobe.com
O1 - Hosts: 92.240.237.7 status.wow-europe.com
O1 - Hosts: 92.240.237.7 launcher.worldofwarcraft.com
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Softonic-Eng7 Toolbar - {414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - D:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SRS Volume Sync Service (SRS_VolSync_Service) - SRS Labs, Inc. - C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 11021 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe"
atieclxx
"C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe" -switch-3be2f036c43042cdb03588591c9325c3
"C:\Program Files\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
Atouch64.exe
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
taskeng.exe {AE70CAD8-0F38-4033-95D5-7376A655BCD1}
"C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe"
"C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe"
"C:\Program Files (x86)\ASUS\ASUS CopyProtect\aspg.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
ATKOSD.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
"D:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
KBFiltr.exe
WDC.exe
C:\Windows\SysWOW64\IoctlSvc.exe
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Elantech\ETDCtrl.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
svchost.exe
WLIDSvcM.exe 2336
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDECK.EXE" -r
"C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide
"D:\Program Files (x86)\CCleaner\CCleaner64.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3720.d4f9100.1795540061 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll" -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "C:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "C:\Program Files (x86)\Mozilla Firefox\browser" E7CF176E110C211B 3720 "\\.\pipe\gecko-crash-server-pipe.3720" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe" --proxy-stub-channel=Flash2664.67CEBDE0.14756 --host-broker-channel=Flash2664.67CEBDE0.13476 --host-pid=2664 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe" --channel=2504.0044F3B0.392941449 --proxy-stub-channel=Flash2664.67CEBDE0.14756 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll" --host-npapi-version=27 --type=renderer
C:\Windows\system32\AUDIODG.EXE 0xa10
"C:\Windows\system32\SearchFilterHost.exe" 0 512 516 524 65536 520
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\sppsvc.exe
"D:\Download\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1336333448-3436424635-1572187058-1001Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1336333448-3436424635-1572187058-1001UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default
prefs.js - "browser.startup.homepage" - "http://www.google.sk/"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.2, {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20, {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.15"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.21.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.169 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
avg-secure-search.xml
C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default\extensions\
synchronize@nokia.suite
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
Softonic-Eng7 Toolbar - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll [2009-09-23 2261016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-23 462752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-23 171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3} - Softonic-Eng7 Toolbar - C:\Program Files (x86)\Softonic-Eng7\tbSoft.dll [2009-09-23 2261016]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"=C:\Program Files\Elantech\ETDCtrl.exe [2009-06-12 619392]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 6330568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"Google Update"=C:\Users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 116648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe [2009-06-24 272952]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2009-11-15 33120]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 116648]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}]
C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe [2008-06-24 1840424]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2011-08-15 1955208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NBKeyScan]
D:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe [2008-06-08 2221352]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk]
C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2009-11-06 12862]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-06-26 98304]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-08-17 6859392]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-07-13 2244096]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-04-20 159744]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
C:\Users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2012-08-16 6670496]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2012-08-16 4171424]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-06-06 13:09:20 ----D---- C:\rsit
2013-06-06 13:09:20 ----D---- C:\Program Files\trend micro
2013-06-06 12:50:25 ----D---- C:\Users\Erika\AppData\Roaming\ESET
2013-06-06 12:46:32 ----D---- C:\ProgramData\ESET
2013-06-06 12:46:31 ----D---- C:\Program Files\ESET
2013-05-29 23:15:03 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-05-16 15:55:36 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-16 15:55:36 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-16 15:55:36 ----A---- C:\Windows\system32\cdd.dll
2013-05-16 15:55:11 ----A---- C:\Windows\system32\shell32.dll
2013-05-16 15:55:06 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-16 15:55:06 ----A---- C:\Windows\system32\authui.dll
2013-05-16 15:55:04 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-05-16 15:55:03 ----A---- C:\Windows\system32\consent.exe
2013-05-16 15:55:02 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-05-16 15:55:02 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-05-16 15:55:02 ----A---- C:\Windows\system32\appinfo.dll
2013-05-16 15:54:45 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-16 15:54:45 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-16 15:54:41 ----A---- C:\Windows\system32\mshtml.dll
2013-05-16 15:54:39 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-05-16 15:54:36 ----A---- C:\Windows\system32\win32k.sys
======List of files/folders modified in the last 1 month======
2013-06-06 13:09:20 ----RD---- C:\Program Files
2013-06-06 13:07:06 ----AD---- C:\Windows\Temp
2013-06-06 13:03:38 ----D---- C:\Windows\system32\config
2013-06-06 12:49:23 ----SHD---- C:\Windows\Installer
2013-06-06 12:48:01 ----D---- C:\Windows\system32\drivers
2013-06-06 12:48:00 ----D---- C:\Windows\system32\DriverStore
2013-06-06 12:48:00 ----D---- C:\Windows\system32\catroot
2013-06-06 12:47:59 ----D---- C:\Windows\inf
2013-06-06 12:47:31 ----D---- C:\Windows\System32
2013-06-06 12:47:31 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-06-06 12:46:32 ----HD---- C:\ProgramData
2013-06-04 21:13:22 ----SHD---- C:\System Volume Information
2013-05-29 23:33:44 ----RD---- C:\Program Files (x86)
2013-05-27 22:09:33 ----A---- C:\Windows\system32\acovcnt.exe
2013-05-26 17:58:12 ----D---- C:\ProgramData\Skype
2013-05-26 17:58:10 ----RD---- C:\Program Files (x86)\Skype
2013-05-23 13:05:01 ----A---- C:\Windows\NeroDigital.ini
2013-05-19 03:10:07 ----D---- C:\Windows\Minidump
2013-05-19 03:09:53 ----D---- C:\Windows
2013-05-17 19:07:32 ----D---- C:\Windows\system32\Tasks
2013-05-17 18:22:27 ----D---- C:\Windows\rescache
2013-05-17 14:32:27 ----D---- C:\Windows\Microsoft.NET
2013-05-17 14:32:26 ----RSD---- C:\Windows\assembly
2013-05-17 13:06:53 ----D---- C:\Windows\winsxs
2013-05-17 13:02:42 ----D---- C:\Windows\AppPatch
2013-05-17 13:02:38 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-05-17 13:02:38 ----D---- C:\Windows\SysWOW64
2013-05-17 13:02:38 ----D---- C:\Windows\system32\sk-SK
2013-05-17 12:31:30 ----D---- C:\ProgramData\Microsoft Help
2013-05-17 12:24:07 ----A---- C:\Windows\system32\MRT.exe
2013-05-17 12:13:21 ----D---- C:\Windows\system32\catroot2
2013-05-13 12:48:05 ----D---- C:\Users\Erika\AppData\Roaming\Mozilla
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AsDsm;AsDsm; C:\Windows\system32\drivers\AsDsm.sys [2009-11-06 35384]
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-05 16440]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
R0 lullaby;lullaby; C:\Windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2009-11-29 834544]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 adfs;adfs; C:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-01-10 190232]
R2 SSPORT;SSPORT; \??\C:\Windows\system32\Drivers\SSPORT.sys [2008-01-24 11576]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-06-26 6036480]
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-06-12 112128]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-06-05 1806400]
R3 SRS_PremiumSound_Service;SRS Labs Premium Sound; C:\Windows\system32\drivers\srs_PremiumSound_amd64.sys [2009-05-18 343592]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-06-05 34872]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2009-07-09 1222144]
S2 DgiVecp;DgiVecp; \??\C:\Windows\system32\Drivers\DgiVecp.sys []
S3 a8ofnrhn;a8ofnrhn; C:\Windows\system32\drivers\a8ofnrhn.sys []
S3 ah5kmqxh;ah5kmqxh; C:\Windows\system32\drivers\ah5kmqxh.sys []
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 38424]
S3 CRFILTER;USB Mass Storage Filter; C:\Windows\system32\DRIVERS\CRFILTER.sys [2008-04-07 7168]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2011-05-13 48488]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-11-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-11-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-10-17 26112]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-11-09 9216]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-11-09 9216]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
S3 zghsdiag;ZTE General Handset Diagnostic Port; C:\Windows\system32\DRIVERS\zghsdiag.sys [2011-01-13 122624]
S3 zghsmdm;ZTE General Handset USB Modem Proprietary; C:\Windows\system32\DRIVERS\zghsmdm.sys [2011-01-13 122624]
S3 zghsnmea;ZTE General Handset NMEA Port; C:\Windows\system32\DRIVERS\zghsnmea.sys [2011-01-13 122624]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2009-09-17 359552]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-06-26 203264]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2011-08-15 2329480]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; D:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2008-06-08 877864]
R2 PLFlash DeviceIoControl Service;PLFlash DeviceIoControl Service; C:\Windows\SysWOW64\IoctlSvc.exe [2006-12-19 81920]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-05-14 3289208]
R2 SRS_VolSync_Service;SRS Volume Sync Service; C:\Program Files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [2009-07-10 128224]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2010-10-08 72704]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-05-13 1492840]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2012-09-20 30785672]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2008-06-24 537896]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-12-19 732648]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-06-26 529232]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2010-05-22 1255736]
S4 ADSMService;ADSM Service; C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe [2008-03-31 225280]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky kon
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Zdravim 
Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
- Ulozte nejlepe na Plochu a rozbalte
- Spustte kliknutim na mbanr
- Nyni postupne kliknete na Next a Update
- Po dokonceni update (aktualizace) databaze kliknete opet na Next
- Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
- Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
- Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
- Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
- PC bude restartovan
- Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
scan trval asi 30 minut.
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.06.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Erika :: TOMAS [administrator]
6. 6. 2013 15:43:35
mbar-log-2013-06-06 (15-43-35).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 246339
Time elapsed: 25 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSConfig (Trojan.Cryptor.RAVE) -> Data: -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\users\erika\goqi.exe (Trojan.Cryptor.RAVE) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Malwarebytes Anti-Rootkit BETA 1.06.0.1003
www.malwarebytes.org
Database version: v2013.06.06.04
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Erika :: TOMAS [administrator]
6. 6. 2013 15:43:35
mbar-log-2013-06-06 (15-43-35).txt
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | Deep Anti-Rootkit Scan | PUM | P2P
Scan options disabled: PUP
Objects scanned: 246339
Time elapsed: 25 minute(s), 11 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|MSConfig (Trojan.Cryptor.RAVE) -> Data: -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 1
c:\users\erika\goqi.exe (Trojan.Cryptor.RAVE) -> Delete on reboot.
Physical Sectors Detected: 0
(No malicious items detected)
(end)
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/07/2013 08:19:10 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\IoctlSvc.exe (PID: 2172) [WD-HEUR]
* C:\Windows\SysWOW64\ACEngSvr.exe (PID: 3356) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Erika\Desktop\rkill\rkill-06-07-2013-08-19-16.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
::1 servserv.generals.ea.com
::1 mangler1.generals.ea.com
::1 mangler2.generals.ea.com
::1 mangler3.generals.ea.com
::1 mangler4.generals.ea.com127.0.0.1 activate.adobe.com
92.240.237.7 status.wow-europe.com
92.240.237.7 launcher.worldofwarcraft.com
Program finished at: 06/07/2013 08:22:04 AM
Execution time: 0 hours(s), 2 minute(s), and 54 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/07/2013 08:19:10 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\IoctlSvc.exe (PID: 2172) [WD-HEUR]
* C:\Windows\SysWOW64\ACEngSvr.exe (PID: 3356) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\Erika\Desktop\rkill\rkill-06-07-2013-08-19-16.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Defender Disabled
[HKLM\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware" = dword:00000001
Checking Windows Service Integrity:
* Windows Defender (WinDefend) is not Running.
Startup Type set to: Manual
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
127.0.0.1 localhost
::1 localhost
::1 servserv.generals.ea.com
::1 mangler1.generals.ea.com
::1 mangler2.generals.ea.com
::1 mangler3.generals.ea.com
::1 mangler4.generals.ea.com127.0.0.1 activate.adobe.com
92.240.237.7 status.wow-europe.com
92.240.237.7 launcher.worldofwarcraft.com
Program finished at: 06/07/2013 08:22:04 AM
Execution time: 0 hours(s), 2 minute(s), and 54 seconds(s)
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
ComboFix 13-06-06.04 - Erika . 06. 2013 8:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.2429 [GMT 2:00]
Running from: c:\users\Erika\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
c:\users\Erika\AppData\Local\TempDIR
c:\users\Erika\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
c:\users\Erika\AppData\Roaming\.#
c:\users\Erika\AppData\Roaming\Love
c:\users\Erika\AppData\Roaming\Love\mari0\options.txt
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Recent\karaoketexty_cz.url
c:\windows\IsUn0405.exe
c:\windows\IsUn0413.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 )))))))))))))))))))))))))))))))
.
.
2013-06-07 06:38 . 2013-06-07 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-06 13:43 . 2013-06-06 14:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-06 13:42 . 2013-06-06 13:42 -------- d-----w- c:\programdata\Malwarebytes
2013-06-06 13:42 . 2013-06-06 13:42 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-06 11:09 . 2013-06-06 11:09 -------- d-----w- C:\rsit
2013-06-06 11:09 . 2013-06-06 11:09 -------- d-----w- c:\program files\trend micro
2013-06-06 10:46 . 2013-06-06 10:46 -------- d-----w- c:\program files\ESET
2013-05-16 13:55 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 13:55 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 13:55 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 13:55 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 13:55 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 13:55 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 13:55 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 13:55 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 13:55 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 13:54 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 13:54 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 13:54 . 2013-05-06 13:39 9060352 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 13:54 . 2013-02-28 12:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 13:54 . 2013-02-28 11:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 13:54 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-27 20:09 . 2009-12-02 19:40 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-05-17 10:24 . 2009-11-28 14:50 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-09 07:32 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-23 08:47 . 2013-04-23 08:48 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 08:47 . 2013-04-23 08:48 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-23 08:47 . 2010-04-21 20:24 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-23 08:42 . 2012-04-10 14:27 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-23 08:42 . 2011-09-03 07:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-19 14:47 . 2013-04-19 14:47 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-16 13:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 13:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 13:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 13:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 13:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 13:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:38 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 21:13 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 21:13 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 21:13 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:13 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 21:13 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 21:13 112640 ----a-w- c:\windows\system32\smss.exe
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2009-09-23 10:50 2261016 ----a-w- c:\program files (x86)\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys;c:\windows\SYSNATIVE\DRIVERS\CRFILTER.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys;c:\windows\SYSNATIVE\DRIVERS\zghsnmea.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys;c:\windows\SYSNATIVE\drivers\srs_PremiumSound_amd64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1336333448-3436424635-1572187058-1001Core.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 04:43]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1336333448-3436424635-1572187058-1001UA.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 04:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 192.168.0.1
FF - ProfilePath - c:\users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1336333448-3436424635-1572187058-1001\Software\SecuROM\License information*]
"datasecu"=hex:24,93,67,7b,d2,82,2d,4e,c0,05,c0,36,7d,b9,19,71,d7,43,fd,44,9f,
49,c4,4a,0d,e0,b8,31,00,4a,43,49,03,98,9a,58,ad,7f,eb,ab,d6,1e,2e,7c,06,95,\
"rkeysecu"=hex:ff,bf,a5,6c,de,a8,9d,b6,af,61,25,3e,f7,33,f9,23
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-07 08:41:22
ComboFix-quarantined-files.txt 2013-06-07 06:41
.
Pre-Run: 59 531 034 624 bytes free
Post-Run: 59 411 992 576 bytes free
.
- - End Of File - - 340DBB41BC6AC3B55A1A0480B267100D
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4095.2429 [GMT 2:00]
Running from: c:\users\Erika\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
c:\users\Erika\AppData\Local\TempDIR
c:\users\Erika\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
c:\users\Erika\AppData\Roaming\.#
c:\users\Erika\AppData\Roaming\Love
c:\users\Erika\AppData\Roaming\Love\mari0\options.txt
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Recent\karaoketexty_cz.url
c:\windows\IsUn0405.exe
c:\windows\IsUn0413.exe
.
.
((((((((((((((((((((((((( Files Created from 2013-05-07 to 2013-06-07 )))))))))))))))))))))))))))))))
.
.
2013-06-07 06:38 . 2013-06-07 06:38 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-06-06 13:43 . 2013-06-06 14:13 -------- d-----w- c:\programdata\Malwarebytes' Anti-Malware (portable)
2013-06-06 13:42 . 2013-06-06 13:42 -------- d-----w- c:\programdata\Malwarebytes
2013-06-06 13:42 . 2013-06-06 13:42 36680 ----a-w- c:\windows\system32\drivers\mbamchameleon.sys
2013-06-06 11:09 . 2013-06-06 11:09 -------- d-----w- C:\rsit
2013-06-06 11:09 . 2013-06-06 11:09 -------- d-----w- c:\program files\trend micro
2013-06-06 10:46 . 2013-06-06 10:46 -------- d-----w- c:\program files\ESET
2013-05-16 13:55 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-16 13:55 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-16 13:55 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-16 13:55 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-16 13:55 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-16 13:55 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-16 13:55 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-16 13:55 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-16 13:55 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-16 13:54 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-16 13:54 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-16 13:54 . 2013-05-06 13:39 9060352 ----a-w- c:\windows\system32\mshtml.dll
2013-05-16 13:54 . 2013-02-28 12:03 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2013-05-16 13:54 . 2013-02-28 11:38 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-05-16 13:54 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-27 20:09 . 2009-12-02 19:40 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-05-17 10:24 . 2009-11-28 14:50 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-09 07:32 . 2011-03-28 17:36 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-04-23 08:47 . 2013-04-23 08:48 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-04-23 08:47 . 2013-04-23 08:48 866720 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-04-23 08:47 . 2010-04-21 20:24 788896 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-04-23 08:42 . 2012-04-10 14:27 691592 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-23 08:42 . 2011-09-03 07:05 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-19 14:47 . 2013-04-19 14:47 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-16 13:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 13:55 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 13:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 13:55 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 13:55 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 13:55 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-12 14:45 . 2013-04-23 18:38 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-03-19 06:04 . 2013-04-10 21:13 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 21:13 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 21:13 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 21:13 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 21:13 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 21:13 112640 ----a-w- c:\windows\system32\smss.exe
2009-04-08 18:31 . 2009-04-08 18:31 106496 ----a-w- c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 05:45 . 2008-08-12 05:45 155648 ----a-w- c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
2009-09-23 10:50 2261016 ----a-w- c:\program files (x86)\Softonic-Eng7\tbSoft.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}"= "c:\program files (x86)\Softonic-Eng7\tbSoft.dll" [2009-09-23 2261016]
.
[HKEY_CLASSES_ROOT\clsid\{414b6d9d-4a95-4e8d-b5b1-149dd2d93bb3}]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 01:08 143360 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-06-26 98304]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-08-17 6859392]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-07-13 2244096]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-04-20 159744]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Erika\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys;c:\windows\SYSNATIVE\Drivers\androidusb.sys [x]
R3 CRFILTER;USB Mass Storage Filter;c:\windows\system32\DRIVERS\CRFILTER.sys;c:\windows\SYSNATIVE\DRIVERS\CRFILTER.sys [x]
R3 mbamchameleon;mbamchameleon;c:\windows\system32\drivers\mbamchameleon.sys;c:\windows\SYSNATIVE\drivers\mbamchameleon.sys [x]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys;c:\windows\SYSNATIVE\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 zghsdiag;ZTE General Handset Diagnostic Port;c:\windows\system32\DRIVERS\zghsdiag.sys;c:\windows\SYSNATIVE\DRIVERS\zghsdiag.sys [x]
R3 zghsmdm;ZTE General Handset USB Modem Proprietary;c:\windows\system32\DRIVERS\zghsmdm.sys;c:\windows\SYSNATIVE\DRIVERS\zghsmdm.sys [x]
R3 zghsnmea;ZTE General Handset NMEA Port;c:\windows\system32\DRIVERS\zghsnmea.sys;c:\windows\SYSNATIVE\DRIVERS\zghsnmea.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys;c:\windows\SYSNATIVE\DRIVERS\epfwwfp.sys [x]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys;c:\windows\SYSNATIVE\DRIVERS\lullaby.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys;c:\windows\SYSNATIVE\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys;c:\windows\SYSNATIVE\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys;c:\windows\SYSNATIVE\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys;c:\windows\SYSNATIVE\DRIVERS\EpfwLWF.sys [x]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys;c:\program files\ATKGFNEX\ASMMAP64.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
S2 SRS_VolSync_Service;SRS Volume Sync Service;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe;c:\program files\SRS Labs\SRS Premium Sound\SRS_VolSync.exe [x]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys;c:\windows\SYSNATIVE\Drivers\SSPORT.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys;c:\windows\SYSNATIVE\DRIVERS\ETD.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 SRS_PremiumSound_Service;SRS Labs Premium Sound;c:\windows\system32\drivers\srs_PremiumSound_amd64.sys;c:\windows\SYSNATIVE\drivers\srs_PremiumSound_amd64.sys [x]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys;c:\windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys;c:\windows\SYSNATIVE\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1336333448-3436424635-1572187058-1001Core.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 04:43]
.
2013-06-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1336333448-3436424635-1572187058-1001UA.job
- c:\users\Erika\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-19 04:43]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-02 00:52 159744 ----a-w- c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-06-12 619392]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uLocal Page = c:\windows\system32\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 195.34.133.21 192.168.0.1
FF - ProfilePath - c:\users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1336333448-3436424635-1572187058-1001\Software\SecuROM\License information*]
"datasecu"=hex:24,93,67,7b,d2,82,2d,4e,c0,05,c0,36,7d,b9,19,71,d7,43,fd,44,9f,
49,c4,4a,0d,e0,b8,31,00,4a,43,49,03,98,9a,58,ad,7f,eb,ab,d6,1e,2e,7c,06,95,\
"rkeysecu"=hex:ff,bf,a5,6c,de,a8,9d,b6,af,61,25,3e,f7,33,f9,23
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_228_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_228.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-06-07 08:41:22
ComboFix-quarantined-files.txt 2013-06-07 06:41
.
Pre-Run: 59 531 034 624 bytes free
Post-Run: 59 411 992 576 bytes free
.
- - End Of File - - 340DBB41BC6AC3B55A1A0480B267100D
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
- Ulozte nejlepe na plochu
- Ukoncete vsechny programy
- Kliknete na Prohledat
- Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
# AdwCleaner v2.302 - Log vytvorený 07/06/2013 o 12:02:04
# Aktualizované 06/06/2013 Xplode
# Operaený systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživateľ : Erika - TOMAS
# Spustený systém : Normálny
# Spustené z : C:\Users\Erika\Desktop\adwcleaner.exe
# Voľba [Prehľada?]
***** [Služby] *****
***** [Súbory / Adresáre] *****
Adresár Nájdené : C:\Program Files (x86)\Conduit
Adresár Nájdené : C:\Program Files (x86)\Softonic-Eng7
Adresár Nájdené : C:\Users\Erika\AppData\LocalLow\Softonic-Eng7
Súbor Nájdené : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registre] *****
Hodnota Nájdené : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Nájdené : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Nájdené : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Kľúe Nájdené : HKCU\Software\AppDataLow\Software\Conduit
Kľúe Nájdené : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Kľúe Nájdené : HKCU\Software\Conduit
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Kľúe Nájdené : HKCU\Software\Softonic
Kľúe Nájdené : HKCU\Software\YahooPartnerToolbar
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Kľúe Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Kľúe Nájdené : HKLM\Software\Conduit
Kľúe Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Nájdené : HKLM\Software\Softonic-Eng7
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internetové prehliadaee] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registre sú eisté.
-\\ Mozilla Firefox v21.0 (sk)
Súbor : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default\prefs.js
[OK] Súbor je eistý.
-\\ Opera v [Nemôžem získa? verziu]
Súbor : C:\Users\Erika\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Súbor je eistý.
*************************
AdwCleaner[R1].txt - [4304 octets] - [07/06/2013 12:02:04]
########## EOF - C:\AdwCleaner[R1].txt - [4364 octets] ##########
# Aktualizované 06/06/2013 Xplode
# Operaený systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživateľ : Erika - TOMAS
# Spustený systém : Normálny
# Spustené z : C:\Users\Erika\Desktop\adwcleaner.exe
# Voľba [Prehľada?]
***** [Služby] *****
***** [Súbory / Adresáre] *****
Adresár Nájdené : C:\Program Files (x86)\Conduit
Adresár Nájdené : C:\Program Files (x86)\Softonic-Eng7
Adresár Nájdené : C:\Users\Erika\AppData\LocalLow\Softonic-Eng7
Súbor Nájdené : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registre] *****
Hodnota Nájdené : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Nájdené : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Nájdené : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Kľúe Nájdené : HKCU\Software\AppDataLow\Software\Conduit
Kľúe Nájdené : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Kľúe Nájdené : HKCU\Software\Conduit
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Nájdené : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Kľúe Nájdené : HKCU\Software\Softonic
Kľúe Nájdené : HKCU\Software\YahooPartnerToolbar
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Kľúe Nájdené : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Kľúe Nájdené : HKLM\Software\Conduit
Kľúe Nájdené : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Nájdené : HKLM\Software\Softonic-Eng7
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Nájdené : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Nájdené : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internetové prehliadaee] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registre sú eisté.
-\\ Mozilla Firefox v21.0 (sk)
Súbor : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default\prefs.js
[OK] Súbor je eistý.
-\\ Opera v [Nemôžem získa? verziu]
Súbor : C:\Users\Erika\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Súbor je eistý.
*************************
AdwCleaner[R1].txt - [4304 octets] - [07/06/2013 12:02:04]
########## EOF - C:\AdwCleaner[R1].txt - [4364 octets] ##########
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Spustte znovu AdwCleaner
- Pokud pouzivate Win Vista ci W7, kliknete na AdwCleaner pravym a dejte Run As Administrator ci Spustit jako spravce
- Kliknete na Smazat
- PC provede opravu, restartuje se a da Vam log (C:\AdwCleaner [S1].txt) , jeho obsah vlozte sem
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
# AdwCleaner v2.302 - Log vytvorený 08/06/2013 o 01:02:01
# Aktualizované 06/06/2013 Xplode
# Operaený systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživateľ : Erika - TOMAS
# Spustený systém : Normálny
# Spustené z : C:\Users\Erika\Desktop\adwcleaner.exe
# Voľba [Vymaza?]
***** [Služby] *****
***** [Súbory / Adresáre] *****
Adresár Vymazané : C:\Program Files (x86)\Conduit
Adresár Vymazané : C:\Program Files (x86)\Softonic-Eng7
Adresár Vymazané : C:\Users\Erika\AppData\LocalLow\Softonic-Eng7
Súbor Vymazané : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registre] *****
Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\Conduit
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Kľúe Vymazané : HKCU\Software\Conduit
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Kľúe Vymazané : HKCU\Software\Softonic
Kľúe Vymazané : HKCU\Software\YahooPartnerToolbar
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Kľúe Vymazané : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Kľúe Vymazané : HKLM\Software\Conduit
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Vymazané : HKLM\Software\Softonic-Eng7
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internetové prehliadaee] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registre sú eisté.
-\\ Mozilla Firefox v21.0 (sk)
Súbor : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default\prefs.js
[OK] Súbor je eistý.
-\\ Opera v [Nemôžem získa? verziu]
Súbor : C:\Users\Erika\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Súbor je eistý.
*************************
AdwCleaner[R1].txt - [4425 octets] - [07/06/2013 12:02:04]
AdwCleaner[S1].txt - [4401 octets] - [08/06/2013 01:02:01]
########## EOF - C:\AdwCleaner[S1].txt - [4461 octets] ##########
# Aktualizované 06/06/2013 Xplode
# Operaený systém : Windows 7 Home Premium Service Pack 1 (64 bits)
# Uživateľ : Erika - TOMAS
# Spustený systém : Normálny
# Spustené z : C:\Users\Erika\Desktop\adwcleaner.exe
# Voľba [Vymaza?]
***** [Služby] *****
***** [Súbory / Adresáre] *****
Adresár Vymazané : C:\Program Files (x86)\Conduit
Adresár Vymazané : C:\Program Files (x86)\Softonic-Eng7
Adresár Vymazané : C:\Users\Erika\AppData\LocalLow\Softonic-Eng7
Súbor Vymazané : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
***** [Registre] *****
Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Vymazané : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Vymazané : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Hodnota Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}]
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\Conduit
Kľúe Vymazané : HKCU\Software\AppDataLow\Software\Softonic-Eng7
Kľúe Vymazané : HKCU\Software\Conduit
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Kľúe Vymazané : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F25AF245-4A81-40DC-92F9-E9021F207706}
Kľúe Vymazané : HKCU\Software\Softonic
Kľúe Vymazané : HKCU\Software\YahooPartnerToolbar
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Toolbar.CT2405280
Kľúe Vymazané : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Kľúe Vymazané : HKLM\Software\Conduit
Kľúe Vymazané : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Vymazané : HKLM\Software\Softonic-Eng7
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{44C9F660-E0E6-4091-B5FB-D1A38AC5E33F}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DE9028D0-5FFA-4E69-94E3-89EE8741F468}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{414B6D9D-4A95-4E8D-B5B1-149DD2D93BB3}
Kľúe Vymazané : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Softonic-Eng7 Toolbar
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Kľúe Vymazané : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
***** [Internetové prehliadaee] *****
-\\ Internet Explorer v8.0.7601.17514
[OK] Registre sú eisté.
-\\ Mozilla Firefox v21.0 (sk)
Súbor : C:\Users\Erika\AppData\Roaming\Mozilla\Firefox\Profiles\i42jx8sw.default\prefs.js
[OK] Súbor je eistý.
-\\ Opera v [Nemôžem získa? verziu]
Súbor : C:\Users\Erika\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Súbor je eistý.
*************************
AdwCleaner[R1].txt - [4425 octets] - [07/06/2013 12:02:04]
AdwCleaner[S1].txt - [4401 octets] - [08/06/2013 01:02:01]
########## EOF - C:\AdwCleaner[S1].txt - [4461 octets] ##########
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Jak se chova PC 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Uz po pouziti Malwarebytes Anti-Rootkit a odstraneni infekcie je pc ovela tichsi. predtym skoro stale isli vetraky naplno, teraz idu len minimalne pri normalnej zatazi. je aj rychlejsi, reaguje lepsie. urcite to pomohlo!
este mi prosim mozes poradit dalsie programy na vycistenie? planujem spustit CCleaner, vycistit, opravit registre. nejaky dobry defrag program by sa hodil
dakujem
este mi prosim mozes poradit dalsie programy na vycistenie? planujem spustit CCleaner, vycistit, opravit registre. nejaky dobry defrag program by sa hodil
dakujem
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Tak jeste uklidime 
Odinstalujte Combofix
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
Doporucuji provest defragmentaci disku
A pokud nejsou problemy ci dotazy, je to z me strany vse 
Odinstalujte Combofix
- Prejmenujte ComboFix na Uninstall
- Spustte jej
- Tohle smaze Combofix a jeho slozky
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
Doporucuji provest defragmentaci disku
- Nejjednodussi (ale nejmene ucinny) zpusob je pomoci utility ve windowsech
- Kliknete na Tento pocitac, dale na disk kliknete pravym tlacitkem, vyberte Vlastnosti
- prepnete se do zalozky Nastroje
- Nyni vidite pomucky Defragmentace - spustte ji kliknutim na Defragmentovat
- Toto provedte se vsemi disky
- Dalsi moznosti (a mnou doporucenou) je pres programek Defraggler http://www.stahuj.centrum.cz/utility_a_ ... efraggler/
- Program stahnete, nainstalujte (dejte fajfku pryc u yahoo toolbaru) a spustte
- Kliknete na Analyzovat
- Pokud je ve sloupci Fragmentováno vice jak 5%, doporucuji provest defragmentaci (klik na Defragmentovat)
- Postup provedte se vsemi disky
- Posledni moznost je pres jednoduchy programek JKDefrag http://www.stahuj.centrum.cz/utility_a_ ... /jkdefrag/
- Vyhodou programku je, ze se neinstaluje
- Staci tedy jen stahnout dle verze vaseho OS a rozbalit
- Nasledne spustit pomoci souboru JKDefrag pripadne JKDefrag64
- Probehne analyza disku a nasledne i defragmentace
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Ok dakujem velmi pekne za pomoc!
Vsetko je vycistene a funguje ako ma! Urcite to pomohlo
Ahoj
Vsetko je vycistene a funguje ako ma! Urcite to pomohlo
Ahoj
Re: goqi.exe -variant infiltracie Win32/Kryptik.ATDB trojsky
Zase nekdy 
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?