Re: Brontok
Napsal: 04 led 2013 00:34
OK, nechte tedy bezet APTool, snad si s nim poradi...
Stránka 2 z 3
Re: Brontok
Napsal: 04 led 2013 11:52
ten avptool zapnem podla navodu a ked mi nieco najde co mam dat stale skipovat alebo dat yes disinfect lebo ked dam toto tak mi tam nabehne dalsie okno z dalsim skenom a potom to trva 18 hodin a tolko casu nemam
Re: Brontok
Napsal: 04 led 2013 11:54
Davejte DisInfect...
Ono je to nadlouho pac havet je pekne rozlezena...
Ono je to nadlouho pac havet je pekne rozlezena...
Re: Brontok
Napsal: 04 led 2013 13:30
mozno hlupy dotaz ale neda sa to nejako inak hlavne rychlejsie?
Re: Brontok
Napsal: 04 led 2013 13:44
Ano... je to hloupý dotaz.Dabol píše:mozno hlupy dotaz ale neda sa to nejako inak hlavne rychlejsie?
Počítač zaliskaný cracky a keygeny, z čehož vyplývá i to pěkné zavirování, co si tam chováš a Ty to chceš jinak a rychleji?!
Buď rád, že Ti to kolega vyosek vůbec vyčistí. Tedy do té chvíle, než zjistí, že ty Tvoje Ultimáty jsou taky nelegální jako ta spousta her a software.
Re: Brontok
Napsal: 04 led 2013 21:46
cely den mi maze asi 3000 takychto suborov a trva to neskutocne dlho 2 krat mi avptool zamrzol a 2 krat sa mi restartol pc
Kód: Vybrat vše
4. 1. 2013 20:37:49 Deleted virus Email-Worm.Win32.Brontok.q C:\Documents and Settings\Feri\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\trz56D3.tmp High Re: Brontok
Napsal: 04 led 2013 22:00
Jak psal i kolega, PC je velmi velmi zaneseno, zrejme i diky Vasim crackum, a to docela silnou haveti...
Ja dal pokus o zpusob opravy, bud se ji ridte a nebo tlacitko Odhlasit mate vlevo nahore...
Ja dal pokus o zpusob opravy, bud se ji ridte a nebo tlacitko Odhlasit mate vlevo nahore...
Re: Brontok
Napsal: 05 led 2013 00:07
Vsetky subory vymazalo s koncovkou .tmp ako som daval hore do code, co dalej?
Re: Brontok
Napsal: 05 led 2013 00:13
Stahnete Farbar Service Scanner http://download.bleepingcomputer.com/farbar/FSS.exe
- Ulozte nejlepe na Plochu
- U vsech polozek udelejte zatrzitko (tim je oznacite pro skenovani)
- Kliknete na Scan
- Po dokonceni skenu se objevi log FSS.txt ten sem vlozte
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
Re: Brontok
Napsal: 05 led 2013 00:18
Farbar Service Scanner Version: 23-12-2012
Ran by Feri (administrator) on 05-01-2013 at 00:16:42
Running from "C:\Users\Feri\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Ran by Feri (administrator) on 05-01-2013 at 00:16:42
Running from "C:\Users\Feri\Desktop"
Windows 7 Ultimate Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Action Center:
============
Windows Update:
============
Windows Autoupdate Disabled Policy:
============================
Windows Defender:
==============
Other Services:
==============
File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
**** End of log ****
Re: Brontok
Napsal: 05 led 2013 00:19
Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/05/2013 12:18:01 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 2312) [WD-HEUR]
* C:\Windows\System32\igfxpers.exe (PID: 3840) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t
: : 1 l o c a l h o s t
1 2 7 . 0 . 0 . 1 s e c u r e . n e r o . c o m / u s / s e c u r e . a s p
1 2 7 . 0 . 0 . 1 a c t i v a t i o n @ n e r o . c o m
Program finished at: 01/05/2013 12:18:18 AM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 01/05/2013 12:18:01 AM in x64 mode.
Windows Version: Windows 7 Ultimate Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* C:\Windows\SysWOW64\ezSharedSvcHost.exe (PID: 2312) [WD-HEUR]
* C:\Windows\System32\igfxpers.exe (PID: 3840) [WD-HEUR]
2 proccesses terminated!
Checking Registry for malware related settings:
* No issues found in the Registry.
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* No issues found.
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* HOSTS file entries found:
ÿþ1 2 7 . 0 . 0 . 1 l o c a l h o s t
: : 1 l o c a l h o s t
1 2 7 . 0 . 0 . 1 s e c u r e . n e r o . c o m / u s / s e c u r e . a s p
1 2 7 . 0 . 0 . 1 a c t i v a t i o n @ n e r o . c o m
Program finished at: 01/05/2013 12:18:18 AM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)
Re: Brontok
Napsal: 05 led 2013 01:00
ComboFix 13-01-04.03 - Feri . 01. 2013 0:24.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3894.2041 [GMT 1:00]
Running from: c:\users\Feri\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\mazuki.dll
c:\users\Feri\AppData\Local\Bron.tok-17-3
c:\users\Feri\AppData\Local\Bron.tok-17-4
c:\users\Feri\AppData\Local\Bron.tok.A17.em.bin
c:\users\Feri\AppData\Local\BronFoldNetDomList.txt
c:\users\Feri\AppData\Local\JunkAtx.bin
c:\users\Feri\AppData\Local\Kosong.Bron.Tok.txt
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Templates\4896-NendangBro.com
c:\users\Feri\Favorites\Favorites.exe
c:\users\Feri\Favorites\HP\HP.exe
c:\users\Feri\Favorites\Links\Links.exe
c:\users\Feri\Favorites\Webové lokality MSN\Webové lokality MSN.exe
c:\users\Feri\Favorites\Webové lokality spoločnosti Microsoft\Webové lokality spoločnosti Microsoft.exe
c:\users\Feri\Favorites\Windows Live\Windows Live.exe
c:\users\Feri\videos\Videos.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
c:\windows\SysWow64\vbpng1.dll
F:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-04 10:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FE51D6A-1931-43C6-8F26-35493CEF94E0}\mpengine.dll
2013-01-03 22:45 . 2013-01-04 00:14 460888 ----a-w- c:\windows\system32\drivers\62285694.sys
2013-01-03 22:13 . 2013-01-03 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-03 17:53 . 2013-01-03 17:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 17:24 . 2013-01-03 17:24 -------- d-----w- C:\rsit
2013-01-03 17:10 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-03 17:10 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-03 17:10 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-03 17:10 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-03 17:10 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-03 17:10 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-03 17:10 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-03 17:10 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-03 16:54 . 2013-01-03 16:54 -------- d-----w- c:\program files\CCleaner
2013-01-03 16:10 . 2013-01-03 16:10 -------- d-----w- c:\users\Feri\AppData\Local\Ok-SendMail-Bron-tok
2013-01-03 16:07 . 2013-01-03 23:44 -------- d-----w- c:\users\Feri\AppData\Local\Loc.Mail.Bron.Tok
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\programdata\ATI
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-12-21 10:25 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 10:25 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 16:37 . 2012-12-20 16:37 -------- d-----w- c:\program files (x86)\EA Sports
2012-12-17 21:39 . 2012-12-17 21:39 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-12-17 21:35 . 2012-12-17 21:40 -------- d-----w- c:\program files (x86)\Woodcutter Simulator 2013
2012-12-12 02:09 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2011-09-02 11:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:30 . 2010-09-18 08:59 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 08:31 . 2012-12-02 08:31 5626536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:29 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:17 . 2012-12-02 08:17 23455744 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-11-12 20:29 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:58 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2012-12-02 07:50 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-07-18 12:48 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-12-02 07:46 6684672 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-07-18 12:48 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:35 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:29 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-07-18 12:48 7378944 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-07-18 12:48 6781440 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 546816 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-07-18 12:48 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2012-12-02 07:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-07-18 12:48 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2012-12-02 07:11 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-12 07:46 . 2012-11-12 07:46 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-12 07:46 . 2012-11-12 07:46 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-12 07:46 . 2012-11-12 07:46 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-12 07:46 . 2012-11-12 07:46 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-12 07:46 . 2012-11-12 07:46 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-12 07:46 . 2012-11-12 07:46 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-12 07:41 . 2012-11-12 07:41 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-11-12 07:37 . 2012-11-12 07:37 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-12 07:37 . 2012-11-12 07:37 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-30 22:50 . 2012-03-13 16:19 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-21 17:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-21 17:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-21 17:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-13 19:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-13 19:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 19:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 19:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Feri\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-24 138096]
"WinFLTray"="c:\windows\SysWow64\WinFLTray.exe" [2012-09-17 321736]
"FLBackup"="c:\program files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-09-17 275656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files (x86)\NetWorx\networx.exe" [2010-11-10 3042816]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
The Matrix_ Path of Neo Registration.lnk - c:\users\Feri\AppData\Local\Temp\{9628206C-89C5-49F4-B685-842BB2264B7F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe [N/A]
_uninst_.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_.bat [N/A]
_uninst_00431501.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_00431501.bat [N/A]
_uninst_11920320.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_11920320.bat [N/A]
_uninst_62285694.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_62285694.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Feri\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 cpuz130;cpuz130;c:\users\Feri\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-10 1030600]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-08-30 13352]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdsacjx64;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacjx64.sys [2007-05-02 17408]
R3 nmwcdsacx64;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsacx64.sys [2007-05-02 12288]
R3 nmwcdsax64;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsax64.sys [2007-05-02 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-16 1255736]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 10368]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 62285694;62285694;c:\windows\system32\DRIVERS\62285694.sys [2013-01-04 460888]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-29 20056]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-12-21 53312]
S1 WinFLAdrv;WinFLAdrv;SysWOW64\WinFLAdrv.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/03/22 15:26];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 14:48 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FLService;FLService;c:\windows\SysWow64\WinFLService.exe [2012-09-17 91336]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-05 2184496]
S2 WinVDEDrv;WinVDEDrv;c:\windows\SysWow64\WinVDEdrv.sys [2012-09-17 225680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-21 12310112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:29]
.
2013-01-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-03 22:50]
.
2013-01-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001Core1cd3ccc39438ce2.job
- c:\users\Feri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-12 11:24]
.
2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001UA1cd3ccc3956ee1a.job
- c:\users\Feri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-12 11:24]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 13:52]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 13:52]
.
2012-03-16 c:\windows\Tasks\HPCeeScheduleForFeri.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1- ... A6055BC0F8}
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mDefault_Page_URL =
mStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1- ... A6055BC0F8}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Feri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=102876&gct=hp
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-08 01:32; 509afff7834a5@509afff7834de.com; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\509afff7834a5@509afff7834de.com.xpi
FF - ExtSQL: 2012-12-03 15:43; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2013-01-03 18:13; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-Samsung.PCSync - c:\program files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe
SafeBoot-WinFLAdrv.sys
SafeBoot-SolutoService
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
AddRemove-QipGuard - c:\users\Feri\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-01-05 00:55:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-04 23:55
.
Pre-Run: 10 475 294 720 bytes free
Post-Run: 11 783 028 736 bytes free
.
- - End Of File - - DF6CD033834444626B6C011CDB73AD2A
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3894.2041 [GMT 1:00]
Running from: c:\users\Feri\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\mazuki.dll
c:\users\Feri\AppData\Local\Bron.tok-17-3
c:\users\Feri\AppData\Local\Bron.tok-17-4
c:\users\Feri\AppData\Local\Bron.tok.A17.em.bin
c:\users\Feri\AppData\Local\BronFoldNetDomList.txt
c:\users\Feri\AppData\Local\JunkAtx.bin
c:\users\Feri\AppData\Local\Kosong.Bron.Tok.txt
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Templates\4896-NendangBro.com
c:\users\Feri\Favorites\Favorites.exe
c:\users\Feri\Favorites\HP\HP.exe
c:\users\Feri\Favorites\Links\Links.exe
c:\users\Feri\Favorites\Webové lokality MSN\Webové lokality MSN.exe
c:\users\Feri\Favorites\Webové lokality spoločnosti Microsoft\Webové lokality spoločnosti Microsoft.exe
c:\users\Feri\Favorites\Windows Live\Windows Live.exe
c:\users\Feri\videos\Videos.exe
c:\windows\iun6002.exe
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\muzapp.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\DPCrProv.dll.mui
c:\windows\SysWow64\pt\DPFPApiUI.dll.mui
c:\windows\SysWow64\pt\DPPassFilter.dll.mui
c:\windows\SysWow64\vbpng1.dll
F:\Setup.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NEWDRIVER
-------\Service_NEWDRIVER
.
.
((((((((((((((((((((((((( Files Created from 2012-12-04 to 2013-01-04 )))))))))))))))))))))))))))))))
.
.
2013-01-04 10:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FE51D6A-1931-43C6-8F26-35493CEF94E0}\mpengine.dll
2013-01-03 22:45 . 2013-01-04 00:14 460888 ----a-w- c:\windows\system32\drivers\62285694.sys
2013-01-03 22:13 . 2013-01-03 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-03 17:53 . 2013-01-03 17:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 17:24 . 2013-01-03 17:24 -------- d-----w- C:\rsit
2013-01-03 17:10 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-03 17:10 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-03 17:10 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-03 17:10 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-03 17:10 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-03 17:10 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-03 17:10 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-03 17:10 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-03 16:54 . 2013-01-03 16:54 -------- d-----w- c:\program files\CCleaner
2013-01-03 16:10 . 2013-01-03 16:10 -------- d-----w- c:\users\Feri\AppData\Local\Ok-SendMail-Bron-tok
2013-01-03 16:07 . 2013-01-03 23:44 -------- d-----w- c:\users\Feri\AppData\Local\Loc.Mail.Bron.Tok
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\programdata\ATI
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-12-21 10:25 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 10:25 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 16:37 . 2012-12-20 16:37 -------- d-----w- c:\program files (x86)\EA Sports
2012-12-17 21:39 . 2012-12-17 21:39 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-12-17 21:35 . 2012-12-17 21:40 -------- d-----w- c:\program files (x86)\Woodcutter Simulator 2013
2012-12-12 02:09 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2011-09-02 11:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:30 . 2010-09-18 08:59 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 08:31 . 2012-12-02 08:31 5626536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:29 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:17 . 2012-12-02 08:17 23455744 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-11-12 20:29 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:58 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2012-12-02 07:50 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-07-18 12:48 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-12-02 07:46 6684672 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-07-18 12:48 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:35 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:29 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-07-18 12:48 7378944 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-07-18 12:48 6781440 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 546816 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-07-18 12:48 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2012-12-02 07:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-07-18 12:48 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2012-12-02 07:11 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-12 07:46 . 2012-11-12 07:46 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-12 07:46 . 2012-11-12 07:46 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-12 07:46 . 2012-11-12 07:46 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-12 07:46 . 2012-11-12 07:46 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-12 07:46 . 2012-11-12 07:46 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-12 07:46 . 2012-11-12 07:46 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-12 07:41 . 2012-11-12 07:41 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-11-12 07:37 . 2012-11-12 07:37 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-12 07:37 . 2012-11-12 07:37 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-30 22:50 . 2012-03-13 16:19 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-21 17:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-21 17:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-21 17:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-13 19:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-13 19:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 19:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 19:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Feri\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-24 138096]
"WinFLTray"="c:\windows\SysWow64\WinFLTray.exe" [2012-09-17 321736]
"FLBackup"="c:\program files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-09-17 275656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files (x86)\NetWorx\networx.exe" [2010-11-10 3042816]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2011-11-18 1492264]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
The Matrix_ Path of Neo Registration.lnk - c:\users\Feri\AppData\Local\Temp\{9628206C-89C5-49F4-B685-842BB2264B7F}\{E571E8B1-9771-465D-9DE0-3BA2D1BDAE99}\ATR1.exe [N/A]
_uninst_.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_.bat [N/A]
_uninst_00431501.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_00431501.bat [N/A]
_uninst_11920320.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_11920320.bat [N/A]
_uninst_62285694.lnk - c:\users\Feri\AppData\Local\Temp\_uninst_62285694.bat [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Feri\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 cpuz130;cpuz130;c:\users\Feri\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-10 1030600]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-08-30 13352]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdsacjx64;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacjx64.sys [2007-05-02 17408]
R3 nmwcdsacx64;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsacx64.sys [2007-05-02 12288]
R3 nmwcdsax64;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsax64.sys [2007-05-02 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-16 1255736]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 10368]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 62285694;62285694;c:\windows\system32\DRIVERS\62285694.sys [2013-01-04 460888]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-29 20056]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-12-21 53312]
S1 WinFLAdrv;WinFLAdrv;SysWOW64\WinFLAdrv.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/03/22 15:26];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 14:48 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FLService;FLService;c:\windows\SysWow64\WinFLService.exe [2012-09-17 91336]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-05 2184496]
S2 WinVDEDrv;WinVDEDrv;c:\windows\SysWow64\WinVDEdrv.sys [2012-09-17 225680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-21 12310112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:29]
.
2013-01-03 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2013-01-03 22:50]
.
2013-01-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001Core1cd3ccc39438ce2.job
- c:\users\Feri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-12 11:24]
.
2012-07-24 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001UA1cd3ccc3956ee1a.job
- c:\users\Feri\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-12 11:24]
.
2013-01-04 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 13:52]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-19 13:52]
.
2012-03-16 c:\windows\Tasks\HPCeeScheduleForFeri.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 01:53]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1- ... A6055BC0F8}
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mDefault_Page_URL =
mStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1- ... A6055BC0F8}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Feri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=102876&gct=hp
FF - prefs.js: network.proxy.gopher -
FF - prefs.js: network.proxy.gopher_port - 0
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2012-11-08 01:32; 509afff7834a5@509afff7834de.com; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\509afff7834a5@509afff7834de.com.xpi
FF - ExtSQL: 2012-12-03 15:43; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2013-01-03 18:13; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKU-Default-Run-Samsung.PCSync - c:\program files (x86)\Samsung\Samsung PC Studio 7\PcSync2.exe
SafeBoot-WinFLAdrv.sys
SafeBoot-SolutoService
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
AddRemove-QipGuard - c:\users\Feri\AppData\Roaming\QipGuard\QipGuard.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-01-05 00:55:25 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-04 23:55
.
Pre-Run: 10 475 294 720 bytes free
Post-Run: 11 783 028 736 bytes free
.
- - End Of File - - DF6CD033834444626B6C011CDB73AD2A
Re: Brontok
Napsal: 05 led 2013 20:25
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "Adobe ARM"=- "NBAgent"=- "SunJavaUpdateSched"=- File:: c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11920320.lnk c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00431501.lnk c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62285694.lnk c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk c:\windows\Tasks\Adobe Flash Player Updater.job c:\windows\Tasks\avast! Emergency Update.job c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001Core1cd3ccc39438ce2.job c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001UA1cd3ccc3956ee1a.job c:\windows\Tasks\GoogleUpdateTaskMachineCore.job c:\windows\Tasks\GoogleUpdateTaskMachineUA.job c:\windows\Tasks\HPCeeScheduleForFeri.job Driver:: cpuz130 DDS:: uStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1-D1F4-43BB-AF4E-C9A6055BC0F8} mStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1-D1F4-43BB-AF4E-C9A6055BC0F8} Firefox:: FF - ProfilePath - c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\ FF - prefs.js: browser.startup.homepage - hxxp://eu.ask.com/?l=dis&o=102876&gct=hp FF - prefs.js: network.proxy.gopher - FF - prefs.js: network.proxy.gopher_port - 0 FF - prefs.js: network.proxy.type - 0 RegLock:: [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*] [HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*] [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}] [HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security] ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraciRe: Brontok
Napsal: 05 led 2013 22:29
ComboFix 13-01-04.03 - Feri . 01. 2013 21:57:21.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3894.1789 [GMT 1:00]
Running from: c:\users\Feri\Desktop\ComboFix.exe
Command switches used :: c:\users\Feri\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00431501.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11920320.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62285694.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001Core1cd3ccc39438ce2.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001UA1cd3ccc3956ee1a.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\HPCeeScheduleForFeri.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00431501.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11920320.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62285694.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001Core1cd3ccc39438ce2.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001UA1cd3ccc3956ee1a.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForFeri.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ130
-------\Service_cpuz130
.
.
((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))
.
.
2013-01-05 21:09 . 2013-01-05 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 17:52 . 2013-01-05 17:52 -------- d-----w- c:\program files\Defraggler
2013-01-04 10:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FE51D6A-1931-43C6-8F26-35493CEF94E0}\mpengine.dll
2013-01-03 22:45 . 2013-01-04 00:14 460888 ----a-w- c:\windows\system32\drivers\62285694.sys
2013-01-03 22:13 . 2013-01-03 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-03 17:53 . 2013-01-03 17:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 17:24 . 2013-01-03 17:24 -------- d-----w- C:\rsit
2013-01-03 17:10 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-03 17:10 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-03 17:10 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-03 17:10 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-03 17:10 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-03 17:10 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-03 17:10 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-03 17:10 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-03 16:54 . 2013-01-03 16:54 -------- d-----w- c:\program files\CCleaner
2013-01-03 16:10 . 2013-01-03 16:10 -------- d-----w- c:\users\Feri\AppData\Local\Ok-SendMail-Bron-tok
2013-01-03 16:07 . 2013-01-03 23:44 -------- d-----w- c:\users\Feri\AppData\Local\Loc.Mail.Bron.Tok
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\programdata\ATI
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-12-21 10:25 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 10:25 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 16:37 . 2012-12-20 16:37 -------- d-----w- c:\program files (x86)\EA Sports
2012-12-17 21:39 . 2012-12-17 21:39 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-12-17 21:35 . 2012-12-17 21:40 -------- d-----w- c:\program files (x86)\Woodcutter Simulator 2013
2012-12-12 02:09 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2011-09-02 11:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:30 . 2010-09-18 08:59 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 08:31 . 2012-12-02 08:31 5626536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:29 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:17 . 2012-12-02 08:17 23455744 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-11-12 20:29 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:58 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2012-12-02 07:50 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-07-18 12:48 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-12-02 07:46 6684672 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-07-18 12:48 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:35 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:29 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-07-18 12:48 7378944 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-07-18 12:48 6781440 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 546816 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-07-18 12:48 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2012-12-02 07:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-07-18 12:48 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2012-12-02 07:11 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-12 07:46 . 2012-11-12 07:46 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-12 07:46 . 2012-11-12 07:46 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-12 07:46 . 2012-11-12 07:46 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-12 07:46 . 2012-11-12 07:46 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-12 07:46 . 2012-11-12 07:46 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-12 07:46 . 2012-11-12 07:46 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-12 07:41 . 2012-11-12 07:41 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-11-12 07:37 . 2012-11-12 07:37 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-12 07:37 . 2012-11-12 07:37 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-30 22:50 . 2012-03-13 16:19 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-21 17:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-21 17:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-21 17:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-13 19:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-13 19:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 19:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 19:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"="c:\windows\SysWow64\WinFLTray.exe" [2012-09-17 321736]
"FLBackup"="c:\program files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-09-17 275656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files (x86)\NetWorx\networx.exe" [2010-11-10 3042816]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Feri\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-10 1030600]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-08-30 13352]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdsacjx64;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacjx64.sys [2007-05-02 17408]
R3 nmwcdsacx64;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsacx64.sys [2007-05-02 12288]
R3 nmwcdsax64;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsax64.sys [2007-05-02 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-16 1255736]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 10368]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 62285694;62285694;c:\windows\system32\DRIVERS\62285694.sys [2013-01-04 460888]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-29 20056]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-12-21 53312]
S1 WinFLAdrv;WinFLAdrv;SysWOW64\WinFLAdrv.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/03/22 15:26];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 14:48 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FLService;FLService;c:\windows\SysWow64\WinFLService.exe [2012-09-17 91336]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-05 2184496]
S2 WinVDEDrv;WinVDEDrv;c:\windows\SysWow64\WinVDEdrv.sys [2012-09-17 225680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-21 12310112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mDefault_Page_URL =
mStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1- ... A6055BC0F8}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Feri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-11-08 01:32; 509afff7834a5@509afff7834de.com; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\509afff7834a5@509afff7834de.com.xpi
FF - ExtSQL: 2012-12-03 15:43; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2013-01-03 18:13; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-01-05 22:25:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-05 21:25
ComboFix2.txt 2013-01-04 23:55
.
Pre-Run: 109 336 924 160 bytes free
Post-Run: 108 789 850 112 bytes free
.
- - End Of File - - 6D5BE35D984F14679A2084596AF85727
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3894.1789 [GMT 1:00]
Running from: c:\users\Feri\Desktop\ComboFix.exe
Command switches used :: c:\users\Feri\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00431501.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11920320.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62285694.lnk"
"c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk"
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\avast! Emergency Update.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001Core1cd3ccc39438ce2.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001UA1cd3ccc3956ee1a.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\HPCeeScheduleForFeri.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_00431501.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_11920320.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\_uninst_62285694.lnk
c:\users\Feri\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\The Matrix_ Path of Neo Registration.lnk
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\avast! Emergency Update.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001Core1cd3ccc39438ce2.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2237007535-114823964-1511861652-1001UA1cd3ccc3956ee1a.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleForFeri.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ130
-------\Service_cpuz130
.
.
((((((((((((((((((((((((( Files Created from 2012-12-05 to 2013-01-05 )))))))))))))))))))))))))))))))
.
.
2013-01-05 21:09 . 2013-01-05 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-05 17:52 . 2013-01-05 17:52 -------- d-----w- c:\program files\Defraggler
2013-01-04 10:22 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{7FE51D6A-1931-43C6-8F26-35493CEF94E0}\mpengine.dll
2013-01-03 22:45 . 2013-01-04 00:14 460888 ----a-w- c:\windows\system32\drivers\62285694.sys
2013-01-03 22:13 . 2013-01-03 22:13 -------- d-----w- c:\programdata\Kaspersky Lab
2013-01-03 17:53 . 2013-01-03 17:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-03 17:24 . 2013-01-03 17:24 -------- d-----w- C:\rsit
2013-01-03 17:10 . 2012-10-30 22:51 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2013-01-03 17:10 . 2012-10-30 22:51 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2013-01-03 17:10 . 2012-10-30 22:51 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2013-01-03 17:10 . 2012-10-30 22:51 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2013-01-03 17:10 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2013-01-03 17:10 . 2012-10-15 16:59 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2013-01-03 17:10 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2013-01-03 17:10 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2013-01-03 16:54 . 2013-01-03 16:54 -------- d-----w- c:\program files\CCleaner
2013-01-03 16:10 . 2013-01-03 16:10 -------- d-----w- c:\users\Feri\AppData\Local\Ok-SendMail-Bron-tok
2013-01-03 16:07 . 2013-01-03 23:44 -------- d-----w- c:\users\Feri\AppData\Local\Loc.Mail.Bron.Tok
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\programdata\ATI
2012-12-30 11:47 . 2012-12-30 11:47 -------- d-----w- c:\program files (x86)\AMD AVT
2012-12-21 10:25 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 10:25 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 10:25 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-20 16:37 . 2012-12-20 16:37 -------- d-----w- c:\program files (x86)\EA Sports
2012-12-17 21:39 . 2012-12-17 21:39 -------- d-----w- c:\windows\1C4551A64743409391E41477CD655043.TMP
2012-12-17 21:35 . 2012-12-17 21:40 -------- d-----w- c:\program files (x86)\Woodcutter Simulator 2013
2012-12-12 02:09 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-14 15:49 . 2011-09-02 11:48 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-12 13:30 . 2010-09-18 08:59 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-02 08:31 . 2012-12-02 08:31 5626536 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-12-02 08:29 . 2012-12-02 08:29 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-12-02 08:17 . 2012-12-02 08:17 23455744 ----a-w- c:\windows\system32\atio6axx.dll
2012-12-02 08:00 . 2012-12-02 08:00 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-12-02 07:59 . 2012-11-12 20:29 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-12-02 07:58 . 2012-12-02 07:58 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-12-02 07:58 . 2012-12-02 07:58 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-12-02 07:58 . 2012-12-02 07:58 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-12-02 07:58 . 2012-12-02 07:58 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-12-02 07:58 . 2012-12-02 07:58 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-12-02 07:57 . 2012-12-02 07:57 18979328 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-12-02 07:54 . 2012-12-02 07:54 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-12-02 07:50 . 2012-12-02 07:50 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-12-02 07:48 . 2012-07-18 12:48 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-12-02 07:46 . 2012-12-02 07:46 6684672 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-12-02 07:41 . 2012-07-18 12:48 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-12-02 07:37 . 2012-12-02 07:37 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-12-02 07:37 . 2012-12-02 07:37 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-12-02 07:36 . 2012-12-02 07:36 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-12-02 07:35 . 2012-12-02 07:35 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-12-02 07:35 . 2012-12-02 07:35 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-12-02 07:35 . 2012-12-02 07:35 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-12-02 07:35 . 2012-12-02 07:35 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-12-02 07:29 . 2012-12-02 07:29 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-12-02 07:29 . 2012-07-18 12:48 7378944 ----a-w- c:\windows\system32\atidxx64.dll
2012-12-02 07:24 . 2012-07-18 12:48 6781440 ----a-w- c:\windows\system32\atiumd64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-12-02 07:17 . 2012-12-02 07:17 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-12-02 07:14 . 2012-12-02 07:14 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-12-02 07:14 . 2012-12-02 07:14 619008 ----a-w- c:\windows\system32\atiadlxx.dll
2012-12-02 07:14 . 2012-12-02 07:14 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-12-02 07:13 . 2012-12-02 07:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-12-02 07:13 . 2012-12-02 07:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-12-02 07:13 . 2012-12-02 07:13 546816 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-12-02 07:11 . 2012-07-18 12:48 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-12-02 07:11 . 2012-12-02 07:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-12-02 07:11 . 2012-07-18 12:48 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-12-02 07:11 . 2012-12-02 07:11 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-12 07:46 . 2012-11-12 07:46 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-12 07:46 . 2012-11-12 07:46 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-12 07:46 . 2012-11-12 07:46 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-12 07:46 . 2012-11-12 07:46 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-12 07:46 . 2012-11-12 07:46 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-12 07:46 . 2012-11-12 07:46 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-12 07:41 . 2012-11-12 07:41 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-11-12 07:37 . 2012-11-12 07:37 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-12 07:37 . 2012-11-12 07:37 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-10-30 22:50 . 2012-03-13 16:19 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-16 08:38 . 2012-11-21 17:09 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-21 17:09 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-21 17:09 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-13 19:31 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 18:17 . 2012-11-13 19:31 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-13 19:31 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-13 19:31 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinFLTray"="c:\windows\SysWow64\WinFLTray.exe" [2012-09-17 321736]
"FLBackup"="c:\program files (x86)\NewSoftware's\Folder Lock\FLComServCtrl.exe" [2012-09-17 275656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NetWorx"="c:\program files (x86)\NetWorx\networx.exe" [2010-11-10 3042816]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-12-02 642216]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"HideFastUserSwitching"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
.
R1 ArcSec;ArcSec;c:\windows\system32\drivers\ArcSec.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2009-12-16 102968]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R2 NPVR Recording Service;NPVR Recording Service;c:\program files (x86)\NPVR\NRecord.exe [x]
R3 ALSysIO;ALSysIO;c:\users\Feri\AppData\Local\Temp\ALSysIO64.sys [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-10-10 1030600]
R3 FlyPCI;FlyPCI;c:\windows\system32\drivers\FlyPCI.sys [x]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2011-08-30 13352]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 nmwcdsacjx64;Samsung USB Port;c:\windows\system32\drivers\nmwcdsacjx64.sys [2007-05-02 17408]
R3 nmwcdsacx64;Samsung USB Generic;c:\windows\system32\drivers\nmwcdsacx64.sys [2007-05-02 12288]
R3 nmwcdsax64;Samsung USB Phone Parent;c:\windows\system32\drivers\nmwcdsax64.sys [2007-05-02 171008]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-10-29 250984]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-12-21 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-12-21 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-12-21 161280]
R3 ss_bserd;SAMSUNG USB Mobile Logging Driver;c:\windows\system32\DRIVERS\ss_bserd.sys [2010-12-21 128000]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-06-02 157672]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2010-09-16 1255736]
R3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2009-09-16 10368]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
R4 hpdoccardsvc;HP Documention Flash Card Detection Service;c:\program files (x86)\Hewlett-Packard\HP ENVY Document Card Utilities\doccardsvc.exe [2010-03-24 83240]
R4 TunngleService;TunngleService;c:\program files (x86)\Tunngle\TnglCtrl.exe [2012-11-26 745368]
R4 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-05-01 2533400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 62285694;62285694;c:\windows\system32\DRIVERS\62285694.sys [2013-01-04 460888]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 DVMIO;DeviceVM IO Service;c:\windows\system32\DRIVERS\dvmio.sys [2010-01-29 20056]
S1 PSSDK42;PSSDK42;c:\windows\system32\Drivers\pssdk42.sys [2010-12-21 53312]
S1 WinFLAdrv;WinFLAdrv;SysWOW64\WinFLAdrv.sys [x]
S2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2012/03/22 15:26];c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl [2010-01-27 14:48 146928]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_1c0e2d1db9f5b08e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-12-02 240640]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 ezSharedSvc;Easybits Services for Windows;c:\windows\System32\ezSharedSvcHost.exe [x]
S2 FLService;FLService;c:\windows\SysWow64\WinFLService.exe [2012-09-17 91336]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-10-17 13592]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-01-05 2184496]
S2 WinVDEDrv;WinVDEDrv;c:\windows\SysWow64\WinVDEdrv.sys [2012-09-17 225680]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-05-01 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-10-21 12310112]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [2009-09-16 31232]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-14 487424]
"HPToneControl"="c:\program files\Hewlett-Packard\HPToneControl\HPTonectl.exe" [2009-08-19 107832]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2009-12-16 8192]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2010-01-20 611896]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-10-21 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-10-21 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-10-21 416024]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mDefault_Page_URL =
mStart Page = hxxp://www.bigseekpro.com/games4win/{B234D4C1- ... A6055BC0F8}
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant =
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - c:\users\Feri\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2012-11-08 01:32; 509afff7834a5@509afff7834de.com; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\509afff7834a5@509afff7834de.com.xpi
FF - ExtSQL: 2012-12-03 15:43; {ACAA314B-EEBA-48e4-AD47-84E31C44796C}; c:\users\Feri\AppData\Roaming\Mozilla\Firefox\Profiles\45ln4eyx.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
FF - ExtSQL: 2013-01-03 18:13; wrc@avast.com; c:\program files\AVAST Software\Avast\WebRep\FF
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226} - c:\program files (x86)\InstallShield Installation Information\{CA43FE4F-9FF2-4AD7-88F0-CC3BAC17B226}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files (x86)\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2013-01-05 22:25:12 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-05 21:25
ComboFix2.txt 2013-01-04 23:55
.
Pre-Run: 109 336 924 160 bytes free
Post-Run: 108 789 850 112 bytes free
.
- - End Of File - - 6D5BE35D984F14679A2084596AF85727
Re: Brontok
Napsal: 05 led 2013 22:33
Fajn, jak se chova PC 