Re: WARNING! Your Flash Player may be out of date,,2
Napsal: 16 kvě 2014 05:12
dobre rano,
zasielam report:
hlaska s update flash mi zatial nevyskocila ..vacsina stranok mi ide otvorit, ale napr. pri pokuse otvorit facebook mi vyhodi:
1. ak mam zapnuty eset, tak mi vyskoci ze je na zozname potencialnych hrozieb ( nic som v nastaveni eset nemenila, a predtym to islo v poho)
2. ak nemam zapnuty eset, tak vypise_ this webpage is not avaiable...ale momentalne to uz vypisuje hlasku : warning.yr flast player.....
ComboFix 14-05-10.01 - Princess . 05. 2014 5:54.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3069.1898 [GMT 2:00]
Running from: \\PRINCESS-PC\Users\Princess\Downloads\ComboFix.exe
Command switches used :: c:\users\Princess\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Princess\AppData\Local\Temp\_MEI21562\_ctypes.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_elementtree.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_hashlib.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_multiprocessing.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_socket.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_ssl.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\pyexpat.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\pysqlite2._sqlite.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\python27.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\pythoncom27.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\PyWinTypes27.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\select.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\unicodedata.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32api.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32com.shell.shell.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32crypt.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32event.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32file.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32gui.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32inet.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32pdh.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32pipe.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32process.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32profile.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32security.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32ts.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\windows._lib_cacheinvalidation.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._animate.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._controls_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._core_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._gdi_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._html2.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._misc_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._windows_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._wizard.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxbase294u_net_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxbase294u_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_adv_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_core_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_html_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-04-16 to 2014-05-16 )))))))))))))))))))))))))))))))
.
.
2014-05-16 03:59 . 2014-05-16 03:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-16 03:59 . 2014-05-16 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-12 04:22 . 2014-05-16 04:02 -------- d-----w- c:\users\Princess\AppData\Local\temp
2014-05-11 13:52 . 2014-05-15 17:45 -------- d-----w- c:\users\Princess\AppData\Roaming\BitTorrent
2014-05-11 11:27 . 2014-05-11 11:27 -------- d-----w- C:\_OTL
2014-05-11 09:57 . 2014-05-11 09:57 512 ----a-w- C:\PhysicalMBR.bin
2014-05-11 08:03 . 2014-05-11 08:04 -------- d-----w- c:\program files\trend micro
2014-05-11 07:43 . 2014-05-11 07:50 -------- d-----w- C:\AdwCleaner
2014-05-11 07:41 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-11 06:21 . 2014-05-12 12:56 -------- d-----w- c:\windows\system32\MpEngineStore
2014-05-10 08:03 . 2014-05-10 08:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 08:03 . 2014-05-10 08:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 18:19 . 2014-05-10 04:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 5074384]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-07-05 888832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-05-16 691696]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 104712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-10 19:07 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 128.199.225.64 37.1.198.204
FF - ProfilePath - c:\users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\1uki8sqa.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*B*a*xżë=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*h*d*t*v*Ě[řk\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*H*=Ď?J]
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,4d,6f,76,69,65,25,32,30,26,25,32,30,
53,65,72,69,61,6c,73,2f,68,69,6d,79,6d,2f,48,6f,77,2e,49,2e,4d,65,74,2e,59,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*)ΓJ]
"0"=hex:74,00,68,00,65,00,2e,00,62,00,69,00,67,00,2e,00,62,00,61,00,6e,00,67,
00,2e,00,74,00,68,00,65,00,6f,00,72,00,79,00,2e,00,37,00,30,00,32,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-05-16 06:04:45 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-16 04:04
ComboFix2.txt 2014-05-12 19:15
ComboFix3.txt 2014-05-12 04:27
.
Pre-Run: 37 127 266 304 bytes free
Post-Run: 37 119 725 568 bytes free
.
- - End Of File - - 58D5FDF63526E517145851BEAD708C73
A36C5E4F47E84449FF07ED3517B43A31
zasielam report:
hlaska s update flash mi zatial nevyskocila ..vacsina stranok mi ide otvorit, ale napr. pri pokuse otvorit facebook mi vyhodi:
1. ak mam zapnuty eset, tak mi vyskoci ze je na zozname potencialnych hrozieb ( nic som v nastaveni eset nemenila, a predtym to islo v poho)
2. ak nemam zapnuty eset, tak vypise_ this webpage is not avaiable...ale momentalne to uz vypisuje hlasku : warning.yr flast player.....
ComboFix 14-05-10.01 - Princess . 05. 2014 5:54.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1033.18.3069.1898 [GMT 2:00]
Running from: \\PRINCESS-PC\Users\Princess\Downloads\ComboFix.exe
Command switches used :: c:\users\Princess\Desktop\CFScript.txt
AV: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Princess\AppData\Local\Temp\_MEI21562\_ctypes.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_elementtree.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_hashlib.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_multiprocessing.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_socket.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\_ssl.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\pyexpat.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\pysqlite2._sqlite.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\python27.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\pythoncom27.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\PyWinTypes27.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\select.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\unicodedata.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32api.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32com.shell.shell.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32crypt.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32event.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32file.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32gui.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32inet.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32pdh.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32pipe.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32process.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32profile.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32security.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\win32ts.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\windows._lib_cacheinvalidation.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._animate.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._controls_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._core_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._gdi_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._html2.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._misc_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._windows_.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wx._wizard.pyd
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxbase294u_net_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxbase294u_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_adv_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_core_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_html_vc90.dll
c:\users\Princess\AppData\Local\Temp\_MEI21562\wxmsw294u_webview_vc90.dll
.
.
((((((((((((((((((((((((( Files Created from 2014-04-16 to 2014-05-16 )))))))))))))))))))))))))))))))
.
.
2014-05-16 03:59 . 2014-05-16 03:59 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-05-16 03:59 . 2014-05-16 03:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-05-12 04:22 . 2014-05-16 04:02 -------- d-----w- c:\users\Princess\AppData\Local\temp
2014-05-11 13:52 . 2014-05-15 17:45 -------- d-----w- c:\users\Princess\AppData\Roaming\BitTorrent
2014-05-11 11:27 . 2014-05-11 11:27 -------- d-----w- C:\_OTL
2014-05-11 09:57 . 2014-05-11 09:57 512 ----a-w- C:\PhysicalMBR.bin
2014-05-11 08:03 . 2014-05-11 08:04 -------- d-----w- c:\program files\trend micro
2014-05-11 07:43 . 2014-05-11 07:50 -------- d-----w- C:\AdwCleaner
2014-05-11 07:41 . 2010-08-30 06:34 536576 ----a-w- c:\windows\system32\sqlite3.dll
2014-05-11 06:21 . 2014-05-12 12:56 -------- d-----w- c:\windows\system32\MpEngineStore
2014-05-10 08:03 . 2014-05-10 08:03 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-10 08:03 . 2014-05-10 08:03 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-09 18:19 . 2014-05-10 04:44 -------- d-----w- c:\program files\Mozilla Maintenance Service
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedEditOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedViewOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2014-04-25 08:03 579400 ----a-w- c:\program files\Google\Drive\googledrivesync32.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2009-10-30 369200]
"GoogleDriveSync"="c:\program files\Google\Drive\googledrivesync.exe" [2014-04-25 22415552]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2014-02-10 20922016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2013-11-21 959904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-11-26 5074384]
"PhilipsDM"="c:\program files\Philips\Philips Device Manager\Bin\DeviceManager.exe" [2007-07-05 888832]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-05-16 691696]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2013-10-23 172192]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2012-11-26 1329304]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-10-08 104712]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-05-10 19:07 1078088 ----a-w- c:\program files\Google\Chrome\Application\34.0.1847.131\Installer\chrmstp.exe
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 128.199.225.64 37.1.198.204
FF - ProfilePath - c:\users\Princess\AppData\Roaming\Mozilla\Firefox\Profiles\1uki8sqa.default\
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*B*a*xżë=\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*h*d*t*v*Ě[řk\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*H*=Ď?J\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ]
@Class="Shell"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*)ΓJ\OpenWithList]
@Class="Shell"
"a"="vlc.exe"
"MRUList"="a"
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*H*=Ď?J]
"0"=hex:66,69,6c,65,3a,2f,2f,2f,44,3a,2f,4d,6f,76,69,65,25,32,30,26,25,32,30,
53,65,72,69,61,6c,73,2f,68,69,6d,79,6d,2f,48,6f,77,2e,49,2e,4d,65,74,2e,59,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
[HKEY_USERS\S-1-5-21-903371570-962786371-1426814640-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RecentDocs\.*)ΓJ]
"0"=hex:74,00,68,00,65,00,2e,00,62,00,69,00,67,00,2e,00,62,00,61,00,6e,00,67,
00,2e,00,74,00,68,00,65,00,6f,00,72,00,79,00,2e,00,37,00,30,00,32,00,2e,00,\
"MRUListEx"=hex:00,00,00,00,ff,ff,ff,ff
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\system32\sppsvc.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
.
**************************************************************************
.
Completion time: 2014-05-16 06:04:45 - machine was rebooted
ComboFix-quarantined-files.txt 2014-05-16 04:04
ComboFix2.txt 2014-05-12 19:15
ComboFix3.txt 2014-05-12 04:27
.
Pre-Run: 37 127 266 304 bytes free
Post-Run: 37 119 725 568 bytes free
.
- - End Of File - - 58D5FDF63526E517145851BEAD708C73
A36C5E4F47E84449FF07ED3517B43A31
