Na ochranu mam Avira, Spyware Terminator a Comodo Firewall.
Nezda sa mi, ze by mi PC nejak blblo, ale istota je istota :)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:45:36, on 15. 3. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
c:\PROGRA~2\mcafee\SITEAD~1\saui.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Users\SexFiend\Desktop\HiJackThis.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Partner BHO Class - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O4 - HKLM\..\Run: [UpdatePRCShortCut] "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" "C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System" UpdateWithCreateOnce "Software\Lenovo\OneKey App\OneKey Recovery"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Sidebar] C:\PROGRAM FILES\WINDOWS SIDEBAR\SIDEBAR.EXE /autoRun
O4 - HKCU\..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://feedflow.googlecode.com
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~2\mcafee\sitead~1\mcieplg.dll
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\windows\SysWOW64\guard32.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: COMODO System - Cleaner Service (Cleaner_Validator) - Unknown owner - C:\Program Files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe
O23 - Service: COMODO Internet Security Helper Service (cmdAgent) - COMODO - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: McAfee SiteAdvisor Service - McAfee, Inc. - C:\PROGRA~2\MCAFEE\SITEAD~1\MCSACORE.EXE
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Partner Service - Google Inc. - C:\ProgramData\Partner\Partner.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12387 bytes
Prosím o kontrolu logu
-
jaro3
- člen Security týmu
-
Guru Level 15
- Příspěvky: 43298
- Registrován: červen 07
- Bydliště: Jižní Čechy
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu, pomalé nabíhání/strašně spomalené PC
Spyware Terminator ---odinstaluj!
Dej sem log z toho scriptu Combofixu. HJT až potom , ale koukám , žes nic nefixoval , tak si to zopakuj..
Dej sem log z toho scriptu Combofixu. HJT až potom , ale koukám , žes nic nefixoval , tak si to zopakuj..
Při práci s programy HJT, ComboFix,MbAM, SDFix aj. zavřete všechny ostatní aplikace a prohlížeče!
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Neposílejte logy do soukromých zpráv.Po dobu mé nepřítomnosti mě zastupuje memphisto , Žbeky a Orcus.
Pokud budete spokojeni , můžete podpořit naše forum:Podpora fóra
Re: Prosím o kontrolu, pomalé nabíhání/strašně spomalené PC
Ten log z Combofixu ako ziskam?
Ja som HJT este nikdy nerobil totiz.
Ja som HJT este nikdy nerobil totiz.
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu, pomalé nabíhání/strašně spomalené PC
Tak sis stačí přečíst návod v úvodu sekce nebo se zeptat. A ne dělat, že je vše OK...
Udělals ten combofix skript, co po tobě chtěl jaro? Pokud jo, na konci ti vyskočil CF log
Udělals ten combofix skript, co po tobě chtěl jaro? Pokud jo, na konci ti vyskočil CF log
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Re: Prosím o kontrolu, pomalé nabíhání/strašně spomalené PC
Posielam CF log
ComboFix 12-03-15.03 - SexFiend . 03. 2012 20:33:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.6143.4300 [GMT 1:00]
Running from: c:\users\SexFiend\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\QIP 2012\Core\MousePhone.dll
c:\windows\cscmondump.bin
c:\windows\iun6002.exe
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 19:39 . 2012-03-15 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 20:02 . 2012-03-11 21:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-14 19:47 . 2012-03-14 19:48 -------- d-----w- c:\programdata\Comodo
2012-03-14 19:46 . 2012-03-14 19:47 -------- d-----w- c:\programdata\Comodo Downloader
2012-03-14 15:44 . 2012-03-14 15:44 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-03-14 15:12 . 2012-03-14 15:12 -------- d-----w- c:\program files (x86)\MSSOAP
2012-03-14 15:12 . 2012-03-14 15:12 -------- d-----w- c:\program files (x86)\Webroot
2012-03-14 11:50 . 2012-03-14 12:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-14 11:34 . 2012-03-14 11:34 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-14 11:32 . 2012-03-14 15:09 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-14 11:32 . 2012-03-14 15:09 -------- d-----w- c:\programdata\Lavasoft
2012-03-14 07:28 . 2012-03-14 07:28 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-03-14 07:22 . 2012-03-14 07:22 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-03-13 18:46 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 18:46 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 18:46 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 18:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:10 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:10 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:10 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:10 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:10 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:10 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:10 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 07:39 . 2012-03-12 07:59 -------- d-----w- c:\program files (x86)\THQ
2012-03-09 19:02 . 2012-03-09 19:02 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-03-08 19:37 . 2012-03-08 19:37 -------- d-----w- c:\programdata\Canneverbe Limited
2012-03-08 19:37 . 2012-03-08 19:37 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-03-08 06:37 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-03-08 06:37 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-03-08 06:37 . 2010-02-04 09:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-03-08 06:37 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-03-08 06:37 . 2010-02-04 09:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-03-08 06:37 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-03-08 06:37 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-03-08 06:37 . 2010-02-04 09:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-03-08 06:36 . 2012-03-08 06:36 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-03-08 06:36 . 2012-03-08 06:36 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-08 06:36 . 2012-03-08 06:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-07 11:16 . 2012-03-07 11:16 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-07 06:41 . 2012-03-07 06:41 -------- d-----w- c:\program files (x86)\WB Games
2012-03-06 16:00 . 2012-03-06 16:00 -------- d-----w- c:\programdata\WEBREG
2012-03-06 15:59 . 2012-03-06 15:59 -------- d-----w- c:\programdata\Hewlett-Packard
2012-03-06 15:59 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-06 15:57 . 2012-03-06 15:57 -------- d-----w- c:\programdata\HP Product Assistant
2012-03-06 15:56 . 2012-03-06 15:56 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-03-06 15:55 . 2012-03-06 15:55 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-03-06 15:55 . 2012-03-06 15:57 -------- d-----w- c:\program files (x86)\HP
2012-03-06 15:54 . 2012-03-06 16:00 -------- d-----w- c:\programdata\HP
2012-03-06 15:54 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax7.dll
2012-03-06 15:54 . 2009-07-08 10:51 740864 ----a-w- c:\windows\system32\hpotscl6.dll
2012-03-06 15:54 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-03-06 15:54 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-03-06 15:54 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst15.dll
2012-02-29 10:20 . 2012-02-29 10:20 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-29 10:18 . 2009-09-04 16:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-02-29 10:18 . 2009-09-04 16:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2012-02-29 10:18 . 2009-09-04 16:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-02-29 10:18 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-02-29 10:08 . 2012-02-29 10:08 -------- d-----w- c:\program files (x86)\bitComposer Games
2012-02-29 09:49 . 2012-02-29 09:52 -------- d-----w- c:\program files (x86)\Scorpions WinCheater
2012-02-28 19:42 . 2012-02-28 19:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-28 11:09 . 2012-02-28 11:09 -------- d-----w- c:\program files\Frameworkx
2012-02-28 09:22 . 2012-02-28 09:22 -------- d-----w- c:\program files\CCleaner
2012-02-28 08:56 . 2012-02-28 08:56 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-28 08:56 . 2012-02-28 08:56 -------- d-----w- c:\windows\system32\Wat
2012-02-28 07:47 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-28 07:46 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-28 07:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-28 07:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-28 07:46 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-28 07:46 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-28 07:46 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-28 07:46 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-28 07:46 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-28 07:46 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-28 07:45 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-28 07:45 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-28 07:45 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-28 07:45 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-28 07:45 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-28 07:45 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-28 07:44 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-28 07:44 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-28 07:41 . 2012-03-14 19:47 -------- d-----w- c:\program files\COMODO
2012-02-28 07:41 . 2012-02-28 07:41 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-02-28 07:28 . 2012-03-09 06:36 -------- d-----w- c:\program files (x86)\Activision
2012-02-28 07:27 . 2012-02-28 07:27 -------- d-sh--w- c:\windows\ftpcache
2012-02-27 23:03 . 2012-03-06 16:38 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-02-27 23:01 . 2011-12-18 23:22 4078592 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-02-27 23:01 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2012-02-27 23:01 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-02-27 23:01 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-02-27 23:01 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-02-27 23:01 . 2006-04-02 13:47 630784 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-02-27 23:01 . 2004-05-18 19:16 39936 ----a-w- c:\windows\SysWow64\huffyuv.dll
2012-02-27 23:01 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-02-27 23:01 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-02-27 23:01 . 2012-02-15 18:00 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-02-27 23:01 . 2012-02-27 23:01 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-02-27 22:53 . 2012-02-27 22:59 -------- d-----w- c:\programdata\Win7codecs
2012-02-27 22:25 . 2012-02-27 22:25 -------- d-----w- c:\programdata\Martau
2012-02-27 22:25 . 2012-02-27 22:25 -------- d-----w- c:\program files (x86)\Total Uninstall 5
2012-02-27 21:35 . 2012-02-27 21:35 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-27 21:34 . 2012-02-27 21:34 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-02-27 21:34 . 2012-02-28 08:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-27 21:33 . 2012-02-27 21:33 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-02-27 21:32 . 2012-02-27 21:32 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-02-27 21:32 . 2012-03-13 18:43 -------- d-----w- c:\programdata\Microsoft Help
2012-02-27 21:31 . 2012-02-27 21:31 -------- d-----r- C:\MSOCache
2012-02-27 21:18 . 2012-02-27 21:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-27 21:18 . 2012-02-27 21:18 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-27 21:18 . 2012-02-27 21:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-27 20:32 . 2012-02-27 20:32 -------- d-----w- c:\program files (x86)\QIP 2012
2012-02-27 19:57 . 2012-02-27 19:57 -------- d-----w- c:\programdata\ACD Systems
2012-02-27 19:57 . 2012-02-27 19:57 -------- d-----w- c:\program files (x86)\Common Files\ACD Systems
2012-02-27 19:57 . 2012-02-27 19:57 -------- d-----w- c:\program files (x86)\ACD Systems
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-06-30 08:38 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-06-30 08:38 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-06-30 08:38 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-06-30 08:37 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-06-30 08:37 389840 ----a-w- c:\windows\system32\guard64.dll
2012-02-27 18:52 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-03 19:27 . 2011-06-30 08:38 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-12-10 02:07 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-14 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-12-10 332272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 371648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\MCAFEE\SITEAD~1\MCSACORE.EXE [2012-01-13 103440]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c63958-68e0-11e1-b831-c89cdcb235c4}]
\shell\AutoRun\command - H:\SETUP.EXE
\shell\dinstall\command - h:\directx\dxsetup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e0769c-6188-11e1-9f02-c89cdcb235c4}]
\shell\AutoRun\command - E:\Setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae74da5b-629b-11e1-b97f-c89cdcb235c4}]
\shell\AutoRun\command - f:\setup\rsrc\Autorun.exe
\shell\dinstall\command - f:\directx\dxsetup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae74da5e-629b-11e1-b97f-c89cdcb235c4}]
\shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO SYSTEM-CLEANER\Updater.exe [2010-12-09 12:08]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 02:07]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 02:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-12-10 02:07 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-12-10 206176]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=LEND
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: googlecode.com\feedflow
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2012-03-15 20:44:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-15 19:44
.
Pre-Run: 301 419 749 376 bytes free
Post-Run: 301 257 797 632 bytes free
.
- - End Of File - - 1268E2D9CA976ED96E0CFCF0E6A85FF6
ComboFix 12-03-15.03 - SexFiend . 03. 2012 20:33:40.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.6143.4300 [GMT 1:00]
Running from: c:\users\SexFiend\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files (x86)\QIP 2012\Core\MousePhone.dll
c:\windows\cscmondump.bin
c:\windows\iun6002.exe
c:\windows\WinRAR
c:\windows\WinRAR\uninstall.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-02-15 to 2012-03-15 )))))))))))))))))))))))))))))))
.
.
2012-03-15 19:39 . 2012-03-15 19:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-14 20:02 . 2012-03-11 21:13 41200 ----a-w- c:\windows\system32\cmdcsr.dll
2012-03-14 19:47 . 2012-03-14 19:48 -------- d-----w- c:\programdata\Comodo
2012-03-14 19:46 . 2012-03-14 19:47 -------- d-----w- c:\programdata\Comodo Downloader
2012-03-14 15:44 . 2012-03-14 15:44 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-03-14 15:12 . 2012-03-14 15:12 -------- d-----w- c:\program files (x86)\MSSOAP
2012-03-14 15:12 . 2012-03-14 15:12 -------- d-----w- c:\program files (x86)\Webroot
2012-03-14 11:50 . 2012-03-14 12:40 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-03-14 11:34 . 2012-03-14 11:34 55384 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2012-03-14 11:32 . 2012-03-14 15:09 -------- dc----w- c:\windows\system32\DRVSTORE
2012-03-14 11:32 . 2012-03-14 15:09 -------- d-----w- c:\programdata\Lavasoft
2012-03-14 07:28 . 2012-03-14 07:28 -------- d-----w- c:\program files (x86)\Microsoft WSE
2012-03-14 07:22 . 2012-03-14 07:22 -------- d-----w- c:\program files (x86)\Electronic Arts
2012-03-13 18:46 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-13 18:46 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-13 18:46 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 18:36 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 18:36 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 18:36 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 17:10 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 17:10 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 17:10 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 17:10 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 17:10 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 17:10 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 17:10 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-12 07:39 . 2012-03-12 07:59 -------- d-----w- c:\program files (x86)\THQ
2012-03-09 19:02 . 2012-03-09 19:02 -------- d-----w- c:\program files (x86)\Common Files\McAfee
2012-03-08 19:37 . 2012-03-08 19:37 -------- d-----w- c:\programdata\Canneverbe Limited
2012-03-08 19:37 . 2012-03-08 19:37 -------- d-----w- c:\program files (x86)\CDBurnerXP
2012-03-08 06:37 . 2010-02-04 09:01 78680 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2012-03-08 06:37 . 2010-02-04 09:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-03-08 06:37 . 2010-02-04 09:01 530776 ----a-w- c:\windows\system32\XAudio2_6.dll
2012-03-08 06:37 . 2010-02-04 09:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-03-08 06:37 . 2010-02-04 09:01 24920 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2012-03-08 06:37 . 2010-02-04 09:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-03-08 06:37 . 2010-02-04 09:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-03-08 06:37 . 2010-02-04 09:01 176984 ----a-w- c:\windows\system32\xactengine3_6.dll
2012-03-08 06:36 . 2012-03-08 06:36 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-03-08 06:36 . 2012-03-08 06:36 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-08 06:36 . 2012-03-08 06:36 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-07 11:16 . 2012-03-07 11:16 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-03-07 06:41 . 2012-03-07 06:41 -------- d-----w- c:\program files (x86)\WB Games
2012-03-06 16:00 . 2012-03-06 16:00 -------- d-----w- c:\programdata\WEBREG
2012-03-06 15:59 . 2012-03-06 15:59 -------- d-----w- c:\programdata\Hewlett-Packard
2012-03-06 15:59 . 2009-07-14 01:41 230400 ----a-w- c:\windows\system32\Spool\prtprocs\x64\hpzppw71.dll
2012-03-06 15:57 . 2012-03-06 15:57 -------- d-----w- c:\programdata\HP Product Assistant
2012-03-06 15:56 . 2012-03-06 15:56 -------- d-----w- c:\program files (x86)\Common Files\HP
2012-03-06 15:55 . 2012-03-06 15:55 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2012-03-06 15:55 . 2012-03-06 15:57 -------- d-----w- c:\program files (x86)\HP
2012-03-06 15:54 . 2012-03-06 16:00 -------- d-----w- c:\programdata\HP
2012-03-06 15:54 . 2009-07-08 10:51 938496 ----a-w- c:\windows\system32\hpowiax7.dll
2012-03-06 15:54 . 2009-07-08 10:51 740864 ----a-w- c:\windows\system32\hpotscl6.dll
2012-03-06 15:54 . 2009-07-08 10:51 642360 ----a-w- c:\windows\system32\hpzids40.dll
2012-03-06 15:54 . 2009-07-08 10:51 551424 ----a-w- c:\windows\system32\hppldcoi.dll
2012-03-06 15:54 . 2009-07-08 10:51 505344 ----a-w- c:\windows\system32\hpovst15.dll
2012-02-29 10:20 . 2012-02-29 10:20 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-29 10:18 . 2009-09-04 16:44 517960 ----a-w- c:\windows\system32\XAudio2_5.dll
2012-02-29 10:18 . 2009-09-04 16:44 238936 ----a-w- c:\windows\SysWow64\xactengine3_5.dll
2012-02-29 10:18 . 2009-09-04 16:44 176968 ----a-w- c:\windows\system32\xactengine3_5.dll
2012-02-29 10:18 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\SysWow64\d3dcsx_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 5554512 ----a-w- c:\windows\system32\d3dcsx_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 2582888 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 235344 ----a-w- c:\windows\SysWow64\d3dx11_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 285024 ----a-w- c:\windows\system32\d3dx11_42.dll
2012-02-29 10:18 . 2009-09-04 16:29 2475352 ----a-w- c:\windows\system32\D3DX9_42.dll
2012-02-29 10:08 . 2012-02-29 10:08 -------- d-----w- c:\program files (x86)\bitComposer Games
2012-02-29 09:49 . 2012-02-29 09:52 -------- d-----w- c:\program files (x86)\Scorpions WinCheater
2012-02-28 19:42 . 2012-02-28 19:42 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-02-28 11:09 . 2012-02-28 11:09 -------- d-----w- c:\program files\Frameworkx
2012-02-28 09:22 . 2012-02-28 09:22 -------- d-----w- c:\program files\CCleaner
2012-02-28 08:56 . 2012-02-28 08:56 -------- d-----w- c:\windows\SysWow64\Wat
2012-02-28 08:56 . 2012-02-28 08:56 -------- d-----w- c:\windows\system32\Wat
2012-02-28 07:47 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-02-28 07:46 . 2011-10-26 05:21 43520 ----a-w- c:\windows\system32\csrsrv.dll
2012-02-28 07:46 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-28 07:46 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-28 07:46 . 2011-09-29 16:29 1923952 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-02-28 07:46 . 2011-03-12 12:08 1465344 ----a-w- c:\windows\system32\XpsPrint.dll
2012-02-28 07:46 . 2011-03-12 11:23 870912 ----a-w- c:\windows\SysWow64\XpsPrint.dll
2012-02-28 07:46 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-02-28 07:46 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-02-28 07:46 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-28 07:45 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-28 07:45 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
2012-02-28 07:45 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-02-28 07:45 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-02-28 07:45 . 2011-11-05 05:32 2048 ----a-w- c:\windows\system32\tzres.dll
2012-02-28 07:45 . 2011-11-05 04:26 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-02-28 07:44 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-02-28 07:44 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-02-28 07:41 . 2012-03-14 19:47 -------- d-----w- c:\program files\COMODO
2012-02-28 07:41 . 2012-02-28 07:41 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2012-02-28 07:28 . 2012-03-09 06:36 -------- d-----w- c:\program files (x86)\Activision
2012-02-28 07:27 . 2012-02-28 07:27 -------- d-sh--w- c:\windows\ftpcache
2012-02-27 23:03 . 2012-03-06 16:38 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-02-27 23:01 . 2011-12-18 23:22 4078592 ----a-w- c:\windows\SysWow64\x264vfw.dll
2012-02-27 23:01 . 2011-12-07 18:32 216064 ----a-w- c:\windows\SysWow64\lagarith.dll
2012-02-27 23:01 . 2011-06-24 15:44 243200 ----a-w- c:\windows\SysWow64\xvidvfw.dll
2012-02-27 23:01 . 2011-06-24 15:28 650752 ----a-w- c:\windows\SysWow64\xvidcore.dll
2012-02-27 23:01 . 2008-09-24 19:41 839680 ----a-w- c:\windows\SysWow64\lameACM.acm
2012-02-27 23:01 . 2006-04-02 13:47 630784 ----a-w- c:\windows\SysWow64\vp7vfw.dll
2012-02-27 23:01 . 2004-05-18 19:16 39936 ----a-w- c:\windows\SysWow64\huffyuv.dll
2012-02-27 23:01 . 2011-12-21 18:14 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm
2012-02-27 23:01 . 2011-03-02 11:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-02-27 23:01 . 2012-02-15 18:00 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-02-27 23:01 . 2012-02-27 23:01 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-02-27 22:53 . 2012-02-27 22:59 -------- d-----w- c:\programdata\Win7codecs
2012-02-27 22:25 . 2012-02-27 22:25 -------- d-----w- c:\programdata\Martau
2012-02-27 22:25 . 2012-02-27 22:25 -------- d-----w- c:\program files (x86)\Total Uninstall 5
2012-02-27 21:35 . 2012-02-27 21:35 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-02-27 21:34 . 2012-02-27 21:34 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2012-02-27 21:34 . 2012-02-28 08:53 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-02-27 21:33 . 2012-02-27 21:33 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-02-27 21:32 . 2012-02-27 21:32 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-02-27 21:32 . 2012-03-13 18:43 -------- d-----w- c:\programdata\Microsoft Help
2012-02-27 21:31 . 2012-02-27 21:31 -------- d-----r- C:\MSOCache
2012-02-27 21:18 . 2012-02-27 21:21 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-02-27 21:18 . 2012-02-27 21:18 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-02-27 21:18 . 2012-02-27 21:18 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-02-27 20:32 . 2012-02-27 20:32 -------- d-----w- c:\program files (x86)\QIP 2012
2012-02-27 19:57 . 2012-02-27 19:57 -------- d-----w- c:\programdata\ACD Systems
2012-02-27 19:57 . 2012-02-27 19:57 -------- d-----w- c:\program files (x86)\Common Files\ACD Systems
2012-02-27 19:57 . 2012-02-27 19:57 -------- d-----w- c:\program files (x86)\ACD Systems
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-11 21:13 . 2011-06-30 08:38 43248 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-03-11 21:13 . 2011-06-30 08:38 577824 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-03-11 21:13 . 2011-06-30 08:38 22696 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-03-11 21:13 . 2011-06-30 08:37 301224 ----a-w- c:\windows\SysWow64\guard32.dll
2012-03-11 21:13 . 2011-06-30 08:37 389840 ----a-w- c:\windows\system32\guard64.dll
2012-02-27 18:52 . 2010-06-24 19:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-03 19:27 . 2011-06-30 08:38 93200 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-01-04 00:48 . 2012-01-04 00:48 354176 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-12-10 02:07 433648 ----a-w- c:\programdata\Partner\Partner.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-10 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-14 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 136176]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Partner Service;Partner Service;c:\programdata\Partner\Partner.exe [2011-12-10 332272]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 fbfmon;fbfmon;c:\windows\system32\drivers\fbfmon.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BPntDrv;BPntDrv;c:\windows\system32\drivers\BPntDrv.sys [x]
S1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
S1 CFRPD;CFRPD;c:\windows\system32\DRIVERS\CFRPD.sys [x]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [x]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224]
S2 Cleaner_Validator;COMODO System - Cleaner Service;c:\program files\COMODO\COMODO System-Cleaner\Cleaner_Validator.exe [2010-12-09 371648]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\MCAFEE\SITEAD~1\MCSACORE.EXE [2012-01-13 103440]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c63958-68e0-11e1-b831-c89cdcb235c4}]
\shell\AutoRun\command - H:\SETUP.EXE
\shell\dinstall\command - h:\directx\dxsetup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e0769c-6188-11e1-9f02-c89cdcb235c4}]
\shell\AutoRun\command - E:\Setup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae74da5b-629b-11e1-b97f-c89cdcb235c4}]
\shell\AutoRun\command - f:\setup\rsrc\Autorun.exe
\shell\dinstall\command - f:\directx\dxsetup.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae74da5e-629b-11e1-b97f-c89cdcb235c4}]
\shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-14 c:\windows\Tasks\COMODO Updater.job
- c:\program files\COMODO\COMODO SYSTEM-CLEANER\Updater.exe [2010-12-09 12:08]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 02:07]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-10 02:07]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}]
2011-12-10 02:07 750064 ----a-w- c:\programdata\Partner\Partner64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-02-08 10060832]
"Lenovo EE Boot Optimizer"="c:\program files (x86)\Lenovo\Boot Optimizer\PopWnd.exe" [2011-12-10 206176]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-03-11 9569096]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=LEND
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
Trusted Zone: googlecode.com\feedflow
TCP: DhcpNameServer = 192.168.1.254
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SpywareTerminatorShield - c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
HKLM-Run-SpywareTerminatorUpdater - c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
AddRemove-WinRAR - c:\windows\WinRAR\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
.
**************************************************************************
.
Completion time: 2012-03-15 20:44:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-15 19:44
.
Pre-Run: 301 419 749 376 bytes free
Post-Run: 301 257 797 632 bytes free
.
- - End Of File - - 1268E2D9CA976ED96E0CFCF0E6A85FF6
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Prosím o kontrolu logu
Combofix máš spustit s tím skriptem!
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
-
Žbeky
- Moderátor
-
Guru Level 13
- Příspěvky: 22288
- Registrován: květen 08
- Bydliště: Vsetín - Pardubice
- Pohlaví:
- Stav:
Offline
Re: Prosím o kontrolu logu
Ty jsi fakt matěj, co se montuješ do cizích témat? 
A vůbec ti to nepříjde divné ani blbé
Máš 3 antispywary:
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
2 vypni
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
A vůbec ti to nepříjde divné ani blbéMáš 3 antispywary:
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: COMODO Defense+ *Enabled/Updated* {FEEA52D5-051E-08DD-07EF-2F009097607D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
2 vypni
Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:
Poznámka: Nepoužij k označení skriptu funkci VYBRAT VŠE
Kód: Vybrat vše
KillAll::
Folder::
c:\programdata\Spybot - Search & Destroy
c:\program files (x86)\Webroot
c:\programdata\Lavasoft
c:\program files (x86)\Common Files\McAfee
c:\progra~2\MCAFEE
c:\program files (x86)\Spyware Terminator
File::
c:\windows\system32\drivers\stflt.sys
c:\windows\system32\drivers\SBREDrv.sys
Driver::
McAfee SiteAdvisor Service
Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{60c63958-68e0-11e1-b831-c89cdcb235c4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{64e0769c-6188-11e1-9f02-c89cdcb235c4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae74da5b-629b-11e1-b97f-c89cdcb235c4}]
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ae74da5e-629b-11e1-b97f-c89cdcb235c4}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=-
DDS::
uStart Page = hxxp://www.google.com/ig/redirectdomain ... &bmod=LEND
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.
Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu
V SZ řeším jen záležitosti týkající se fóra. Na prosby a žádosti o technickou podporu nereaguji. Díky za pochopení.
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
HiJackThis + návod - HW Monitor - Jak označit příspěvek za vyřešený - Pravidla fóra
Kdo je online
Uživatelé prohlížející si toto fórum: Žádní registrovaní uživatelé a 66 hostů