ComboFix 12-05-09.01 - kauboun . 05. 2012 17:09:30.1.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.1789.1058 [GMT 2:00]
Running from: c:\users\kauboun\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Amazon.ico
c:\programdata\MercadoLivre.ico
c:\users\kauboun\AppData\Roaming\Love
c:\users\kauboun\AppData\Roaming\Love\mari0\options.txt
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-04-09 to 2012-05-09 )))))))))))))))))))))))))))))))
.
.
2012-05-09 15:21 . 2012-05-09 15:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 09:37 . 2012-05-09 12:04 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4494CE65-E2CD-4D9B-B572-D82806CAFA4A}\offreg.dll
2012-05-09 08:59 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 08:58 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:58 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 08:58 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 08:58 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 08:58 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 08:58 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 08:58 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 08:57 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 08:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 08:57 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4494CE65-E2CD-4D9B-B572-D82806CAFA4A}\mpengine.dll
2012-04-29 19:34 . 2012-04-29 19:34 -------- d-----w- c:\program files\Common Files\Skype
2012-04-28 12:23 . 2012-04-28 12:27 -------- d-----w- c:\programdata\Protexis
2012-04-28 12:23 . 2012-04-28 12:24 -------- d-----w- c:\users\kauboun\AppData\Roaming\Corel
2012-04-28 12:12 . 2012-04-28 12:12 -------- d-----w- c:\users\kauboun\AppData\Local\Microsoft Help
2012-04-28 12:06 . 2012-04-28 12:06 -------- d-----w- c:\program files\Microsoft SDKs
2012-04-28 12:06 . 2012-04-28 12:07 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-04-28 12:06 . 2012-04-28 12:23 -------- d-----w- c:\programdata\Microsoft Help
2012-04-26 06:14 . 2012-04-26 06:14 -------- d-----w- c:\users\kauboun\AppData\Local\AMD
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\users\kauboun\AppData\Roaming\ATI
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\users\kauboun\AppData\Local\ATI
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\programdata\ATI
2012-04-25 19:28 . 2012-04-26 06:09 -------- d-----w- c:\programdata\AMD
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\AMD AVT
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\AMD APP
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-25 19:25 . 2010-02-18 07:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-04-25 19:23 . 2012-04-25 19:23 -------- d-----w- c:\program files\ATI
2012-04-25 19:22 . 2012-04-25 19:27 -------- d-----w- c:\program files\ATI Technologies
2012-04-25 19:17 . 2012-04-25 19:20 -------- d-----w- C:\AMD
2012-04-17 18:58 . 2012-04-17 18:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\OpenAL
2012-04-17 18:58 . 2012-04-17 18:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-17 17:34 . 2012-04-17 17:34 -------- d-----w- c:\program files\Common Files\Java
2012-04-16 21:44 . 2012-04-16 21:44 -------- d-----w- c:\program files\minecraft
2012-04-16 21:22 . 2012-04-30 17:19 -------- d-----w- c:\users\kauboun\AppData\Roaming\.minecraft
2012-04-16 16:02 . 2012-04-16 16:02 -------- d-----w- c:\program files\Common Files\Raxco
2012-04-15 14:36 . 2012-04-15 17:09 -------- d-----w- c:\users\kauboun\AppData\Roaming\VDownloader
2012-04-15 14:36 . 2012-04-15 14:38 -------- d-----w- c:\users\kauboun\AppData\Local\VDownloader
2012-04-15 14:25 . 2010-01-26 09:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-04-15 14:25 . 2012-04-16 12:32 -------- d-----w- c:\program files\VDownloader
2012-04-12 16:15 . 2012-04-12 16:16 -------- d-----w- c:\users\kauboun\AppData\Local\Facebook
2012-04-12 10:56 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 08:15 . 2012-04-07 02:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 08:15 . 2011-12-19 22:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 17:33 . 2011-12-17 14:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 20:58 . 2011-12-17 14:46 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13 . 2009-07-13 22:09 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00 . 2012-04-06 02:00 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-03-07 00:15 . 2011-12-17 10:37 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-12-17 10:37 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-12-17 10:41 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-12-17 10:41 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 08:13 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-12-17 10:41 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-12-17 10:41 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-12-17 10:41 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-12-17 10:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 18:02 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-13 18:02 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-30 02:12 . 2012-03-11 19:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-10-19 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^kauboun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\kauboun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
2012-04-12 16:15 137536 ----atw- c:\users\kauboun\AppData\Local\Facebook\Update\FacebookUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 17:05 421736 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 27016]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 497280]
S2 lxbv_device;lxbv_device;c:\windows\system32\lxbvcoms.exe [2007-04-25 537520]
S2 PDFSFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2011-09-07 66832]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 275968]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 08:15]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000Core.job
- c:\users\kauboun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 16:15]
.
2012-04-17 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000UA.job
- c:\users\kauboun\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-04-12 16:15]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 10:41]
.
2012-04-17 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 10:41]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.212.8.8 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}: DhcpNameServer = 88.212.8.8 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\2456C6B696E6F5E4B2F5446313238334: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\35556513: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\35556523: DhcpNameServer = 158.197.16.31 192.168.1.254
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\46C696E6B6: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\B6165726F657E6: DhcpNameServer = 88.212.8.8 192.168.0.1
FF - ProfilePath - c:\users\kauboun\AppData\Roaming\Mozilla\Firefox\Profiles\zgicqz7l.default\
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
Completion time: 2012-05-09 17:26:15
ComboFix-quarantined-files.txt 2012-05-09 15:26
.
Pre-Run: 10 282 921 984 bytes free
Post-Run: 10 785 153 024 bytes free
.
- - End Of File - - 74BB7CF9C82B518DF38B5728A631D4FF
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
poprosim kontrolu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Pozn.: Proč používáte ComboFix bez předchozí kontroly RSIT? Chcete si zbořit systém?
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Folder::
c:\users\kauboun\AppData\Local\Facebook\Update
File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Pozn.: Proč používáte ComboFix bez předchozí kontroly RSIT? Chcete si zbořit systém?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
-
KAUBOUN
- 5. stupeň - BAN
- Příspěvky: 156
- Registrován: 18 říj 2006 23:24
- Bydliště: Slovakia/Košice/terasa
- Kontaktovat uživatele:
Re: poprosim kontrolu
ComboFix 12-05-09.01 - kauboun . 05. 2012 7:00.4.1 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.1789.1119 [GMT 2:00]
Running from: c:\users\kauboun\Desktop\ComboFix.exe
Command switches used :: c:\users\kauboun\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kauboun\AppData\Local\Facebook\Update
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\kauboun\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 05:12 . 2012-05-10 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 08:59 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 08:58 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:58 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 08:58 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 08:58 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 08:58 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 08:58 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 08:58 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 08:57 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 08:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 08:57 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4494CE65-E2CD-4D9B-B572-D82806CAFA4A}\mpengine.dll
2012-04-29 19:34 . 2012-04-29 19:34 -------- d-----w- c:\program files\Common Files\Skype
2012-04-28 12:23 . 2012-04-28 12:27 -------- d-----w- c:\programdata\Protexis
2012-04-28 12:23 . 2012-04-28 12:24 -------- d-----w- c:\users\kauboun\AppData\Roaming\Corel
2012-04-28 12:12 . 2012-04-28 12:12 -------- d-----w- c:\users\kauboun\AppData\Local\Microsoft Help
2012-04-28 12:06 . 2012-04-28 12:06 -------- d-----w- c:\program files\Microsoft SDKs
2012-04-28 12:06 . 2012-04-28 12:07 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-04-28 12:06 . 2012-04-28 12:23 -------- d-----w- c:\programdata\Microsoft Help
2012-04-26 06:14 . 2012-04-26 06:14 -------- d-----w- c:\users\kauboun\AppData\Local\AMD
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\users\kauboun\AppData\Roaming\ATI
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\users\kauboun\AppData\Local\ATI
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\programdata\ATI
2012-04-25 19:28 . 2012-04-26 06:09 -------- d-----w- c:\programdata\AMD
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\AMD AVT
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\AMD APP
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-25 19:25 . 2010-02-18 07:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-04-25 19:23 . 2012-04-25 19:23 -------- d-----w- c:\program files\ATI
2012-04-25 19:22 . 2012-04-25 19:27 -------- d-----w- c:\program files\ATI Technologies
2012-04-25 19:17 . 2012-04-25 19:20 -------- d-----w- C:\AMD
2012-04-17 18:58 . 2012-04-17 18:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\OpenAL
2012-04-17 18:58 . 2012-04-17 18:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-17 17:34 . 2012-04-17 17:34 -------- d-----w- c:\program files\Common Files\Java
2012-04-16 21:44 . 2012-04-16 21:44 -------- d-----w- c:\program files\minecraft
2012-04-16 21:22 . 2012-04-30 17:19 -------- d-----w- c:\users\kauboun\AppData\Roaming\.minecraft
2012-04-16 16:02 . 2012-04-16 16:02 -------- d-----w- c:\program files\Common Files\Raxco
2012-04-15 14:36 . 2012-04-15 17:09 -------- d-----w- c:\users\kauboun\AppData\Roaming\VDownloader
2012-04-15 14:36 . 2012-04-15 14:38 -------- d-----w- c:\users\kauboun\AppData\Local\VDownloader
2012-04-15 14:25 . 2010-01-26 09:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-04-15 14:25 . 2012-04-16 12:32 -------- d-----w- c:\program files\VDownloader
2012-04-12 16:15 . 2012-04-12 16:16 -------- d-----w- c:\users\kauboun\AppData\Local\Facebook
2012-04-12 10:56 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 08:15 . 2012-04-07 02:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 08:15 . 2011-12-19 22:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 17:33 . 2011-12-17 14:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 20:58 . 2011-12-17 14:46 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13 . 2009-07-13 22:09 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00 . 2012-04-06 02:00 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-03-07 00:15 . 2011-12-17 10:37 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-12-17 10:37 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-12-17 10:41 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-12-17 10:41 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 08:13 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-12-17 10:41 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-12-17 10:41 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-12-17 10:41 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-12-17 10:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 18:02 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-13 18:02 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-30 02:12 . 2012-03-11 19:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-09_15.21.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-17 10:41 . 2012-05-10 04:42 35632 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-05-10 05:15 39632 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-17 10:24 . 2012-05-09 14:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-17 10:24 . 2012-05-10 05:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-17 10:24 . 2012-05-09 14:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 10:24 . 2012-05-10 05:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-05-10 05:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-05-09 14:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2012-05-10 04:47 87696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-17 10:32 . 2012-05-10 05:15 8974 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2906503541-894232675-1437103822-1000_UserData.bin
+ 2012-05-10 04:39 . 2012-05-10 05:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-09 10:49 . 2012-05-09 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-09 10:49 . 2012-05-09 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-10 04:39 . 2012-05-10 05:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:47 . 2012-05-09 21:29 424732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-05-09 10:47 424732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-15 23:47 . 2012-05-09 21:29 1022824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-04-15 23:47 . 2012-05-09 10:47 1022824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-17 15:08 . 2012-05-09 21:29 7394128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2906503541-894232675-1437103822-1000-8192.dat
- 2011-12-17 15:08 . 2012-05-09 10:47 7394128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2906503541-894232675-1437103822-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-10-19 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^kauboun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\kauboun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 17:05 421736 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 27016]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 497280]
S2 lxbv_device;lxbv_device;c:\windows\system32\lxbvcoms.exe [2007-04-25 537520]
S2 PDFSFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2011-09-07 66832]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 275968]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 08:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.212.8.8 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}: DhcpNameServer = 88.212.8.8 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\2456C6B696E6F5E4B2F5446313238334: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\35556513: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\35556523: DhcpNameServer = 158.197.16.31 192.168.1.254
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\46C696E6B6: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\B6165726F657E6: DhcpNameServer = 88.212.8.8 192.168.0.1
FF - ProfilePath - c:\users\kauboun\AppData\Roaming\Mozilla\Firefox\Profiles\zgicqz7l.default\
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(6920)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Raxco\Shared\PDEngine.exe
c:\program files\Raxco\PerfectDisk\PDAgentS1.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-10 07:21:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 05:21
ComboFix2.txt 2012-05-09 15:26
.
Pre-Run: 11 036 434 432 bytes free
Post-Run: 10 908 332 032 bytes free
.
- - End Of File - - CBC815D4A5377FC12EB64CB48E50F90A
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.1789.1119 [GMT 2:00]
Running from: c:\users\kauboun\Desktop\ComboFix.exe
Command switches used :: c:\users\kauboun\Desktop\cfscript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: ZoneAlarm Free Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\kauboun\AppData\Local\Facebook\Update
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\kauboun\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\kauboun\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2906503541-894232675-1437103822-1000UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-04-10 to 2012-05-10 )))))))))))))))))))))))))))))))
.
.
2012-05-10 05:12 . 2012-05-10 05:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-05-09 08:59 . 2012-03-30 10:23 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-05-09 08:58 . 2012-03-31 04:29 936960 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2012-05-09 08:58 . 2012-03-31 04:30 1221632 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2012-05-09 08:58 . 2012-03-31 04:29 989184 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2012-05-09 08:58 . 2012-03-31 04:29 969216 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2012-05-09 08:58 . 2012-03-31 04:39 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-05-09 08:58 . 2012-03-31 04:39 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-05-09 08:58 . 2012-03-31 02:36 2343424 ----a-w- c:\windows\system32\win32k.sys
2012-05-09 08:57 . 2012-03-17 07:27 56176 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-05-09 08:57 . 2012-03-03 05:31 1077248 ----a-w- c:\windows\system32\DWrite.dll
2012-05-08 08:57 . 2012-04-13 07:36 6734704 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{4494CE65-E2CD-4D9B-B572-D82806CAFA4A}\mpengine.dll
2012-04-29 19:34 . 2012-04-29 19:34 -------- d-----w- c:\program files\Common Files\Skype
2012-04-28 12:23 . 2012-04-28 12:27 -------- d-----w- c:\programdata\Protexis
2012-04-28 12:23 . 2012-04-28 12:24 -------- d-----w- c:\users\kauboun\AppData\Roaming\Corel
2012-04-28 12:12 . 2012-04-28 12:12 -------- d-----w- c:\users\kauboun\AppData\Local\Microsoft Help
2012-04-28 12:06 . 2012-04-28 12:06 -------- d-----w- c:\program files\Microsoft SDKs
2012-04-28 12:06 . 2012-04-28 12:07 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-04-28 12:06 . 2012-04-28 12:23 -------- d-----w- c:\programdata\Microsoft Help
2012-04-26 06:14 . 2012-04-26 06:14 -------- d-----w- c:\users\kauboun\AppData\Local\AMD
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\users\kauboun\AppData\Roaming\ATI
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\users\kauboun\AppData\Local\ATI
2012-04-25 19:34 . 2012-04-25 19:34 -------- d-----w- c:\programdata\ATI
2012-04-25 19:28 . 2012-04-26 06:09 -------- d-----w- c:\programdata\AMD
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\AMD AVT
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\AMD APP
2012-04-25 19:28 . 2012-04-25 19:28 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-04-25 19:25 . 2010-02-18 07:18 37944 ----a-w- c:\windows\system32\drivers\amdiox86.sys
2012-04-25 19:23 . 2012-04-25 19:23 -------- d-----w- c:\program files\ATI
2012-04-25 19:22 . 2012-04-25 19:27 -------- d-----w- c:\program files\ATI Technologies
2012-04-25 19:17 . 2012-04-25 19:20 -------- d-----w- C:\AMD
2012-04-17 18:58 . 2012-04-17 18:58 444952 ----a-w- c:\windows\system32\wrap_oal.dll
2012-04-17 18:58 . 2012-04-17 18:58 -------- d-----w- c:\program files\OpenAL
2012-04-17 18:58 . 2012-04-17 18:58 109080 ----a-w- c:\windows\system32\OpenAL32.dll
2012-04-17 17:34 . 2012-04-17 17:34 -------- d-----w- c:\program files\Common Files\Java
2012-04-16 21:44 . 2012-04-16 21:44 -------- d-----w- c:\program files\minecraft
2012-04-16 21:22 . 2012-04-30 17:19 -------- d-----w- c:\users\kauboun\AppData\Roaming\.minecraft
2012-04-16 16:02 . 2012-04-16 16:02 -------- d-----w- c:\program files\Common Files\Raxco
2012-04-15 14:36 . 2012-04-15 17:09 -------- d-----w- c:\users\kauboun\AppData\Roaming\VDownloader
2012-04-15 14:36 . 2012-04-15 14:38 -------- d-----w- c:\users\kauboun\AppData\Local\VDownloader
2012-04-15 14:25 . 2010-01-26 09:11 444283 ----a-w- c:\program files\Common Files\WinPcapNmap.exe
2012-04-15 14:25 . 2012-04-16 12:32 -------- d-----w- c:\program files\VDownloader
2012-04-12 16:15 . 2012-04-12 16:16 -------- d-----w- c:\users\kauboun\AppData\Local\Facebook
2012-04-12 10:56 . 2012-03-01 05:46 19824 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 10:56 . 2012-03-01 05:37 172544 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 10:56 . 2012-03-01 05:33 159232 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 10:56 . 2012-03-01 05:29 5120 ----a-w- c:\windows\system32\wmi.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-05-06 08:15 . 2012-04-07 02:48 419488 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-05-06 08:15 . 2011-12-19 22:15 70304 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-04-17 17:33 . 2011-12-17 14:46 472808 ----a-w- c:\windows\system32\deployJava1.dll
2012-04-16 20:58 . 2011-12-17 14:46 637848 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-04-06 05:21 . 2012-04-06 05:21 9334784 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-04-06 02:22 . 2012-04-06 02:22 159744 ----a-w- c:\windows\system32\atiapfxx.exe
2012-04-06 02:21 . 2012-04-06 02:21 909312 ----a-w- c:\windows\system32\aticfx32.dll
2012-04-06 02:16 . 2012-04-06 02:16 442368 ----a-w- c:\windows\system32\ATIDEMGX.dll
2012-04-06 02:16 . 2012-04-06 02:16 451072 ----a-w- c:\windows\system32\atieclxx.exe
2012-04-06 02:15 . 2012-04-06 02:15 217600 ----a-w- c:\windows\system32\atiesrxx.exe
2012-04-06 02:14 . 2012-04-06 02:14 159744 ----a-w- c:\windows\system32\atitmmxx.dll
2012-04-06 02:14 . 2012-04-06 02:14 20992 ----a-w- c:\windows\system32\atimuixx.dll
2012-04-06 02:14 . 2012-04-06 02:14 43520 ----a-w- c:\windows\system32\ati2edxx.dll
2012-04-06 02:13 . 2009-07-13 22:09 6800896 ----a-w- c:\windows\system32\atidxx32.dll
2012-04-06 02:00 . 2012-04-06 02:00 52736 ----a-w- c:\windows\system32\coinst.dll
2012-04-06 01:50 . 2012-04-06 01:50 19753984 ----a-w- c:\windows\system32\atioglxx.dll
2012-04-06 01:34 . 2012-04-06 01:34 1831424 ----a-w- c:\windows\system32\atiumdmv.dll
2012-04-06 01:34 . 2012-04-06 01:34 6203392 ----a-w- c:\windows\system32\atiumdag.dll
2012-04-06 01:30 . 2012-04-06 01:30 46080 ----a-w- c:\windows\system32\aticalrt.dll
2012-04-06 01:30 . 2012-04-06 01:30 44032 ----a-w- c:\windows\system32\aticalcl.dll
2012-04-06 01:25 . 2012-04-06 01:25 13764096 ----a-w- c:\windows\system32\aticaldd.dll
2012-04-06 01:22 . 2012-04-06 01:22 4795904 ----a-w- c:\windows\system32\atiumdva.dll
2012-04-06 01:11 . 2012-04-06 01:11 360448 ----a-w- c:\windows\system32\atiadlxx.dll
2012-04-06 01:11 . 2012-04-06 01:11 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 33280 ----a-w- c:\windows\system32\atigktxx.dll
2012-04-06 01:10 . 2012-04-06 01:10 275968 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-04-06 01:09 . 2012-04-06 01:09 41984 ----a-w- c:\windows\system32\atiuxpag.dll
2012-04-06 01:09 . 2012-04-06 01:09 32256 ----a-w- c:\windows\system32\atiu9pag.dll
2012-04-06 01:09 . 2012-04-06 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\atimpc32.dll
2012-04-06 01:06 . 2012-04-06 01:06 53760 ----a-w- c:\windows\system32\amdpcom32.dll
2012-04-05 20:34 . 2012-04-05 20:34 159232 ----a-w- c:\windows\system32\clinfo.exe
2012-04-05 20:34 . 2012-04-05 20:34 64512 ----a-w- c:\windows\system32\OpenVideo.dll
2012-04-05 20:33 . 2012-04-05 20:33 56320 ----a-w- c:\windows\system32\OVDecode.dll
2012-04-05 20:32 . 2012-04-05 20:32 13007872 ----a-w- c:\windows\system32\amdocl.dll
2012-04-05 20:32 . 2012-04-05 20:32 50176 ----a-w- c:\windows\system32\OpenCL.dll
2012-03-09 12:06 . 2012-03-09 12:06 24576 ----a-w- c:\windows\system32\kdbsdk32.dll
2012-03-07 00:15 . 2011-12-17 10:37 41184 ----a-w- c:\windows\avastSS.scr
2012-03-07 00:15 . 2011-12-17 10:37 201352 ----a-w- c:\windows\system32\aswBoot.exe
2012-03-07 00:03 . 2011-12-17 10:41 612184 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-03-07 00:03 . 2011-12-17 10:41 337880 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-03-07 00:02 . 2012-02-25 08:13 44376 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-03-07 00:01 . 2011-12-17 10:41 53848 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-03-07 00:01 . 2011-12-17 10:41 57688 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-03-07 00:01 . 2011-12-17 10:41 20696 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-02-23 08:18 . 2011-12-17 10:57 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 05:34 . 2012-03-13 18:02 919040 ----a-w- c:\windows\system32\rdpcorets.dll
2012-02-17 05:34 . 2012-03-13 18:02 826880 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 04:14 . 2012-03-13 18:02 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:13 . 2012-03-13 18:02 24576 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-30 02:12 . 2012-03-11 19:32 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-05-09_15.21.37 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-12-17 10:41 . 2012-05-10 04:42 35632 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-05-10 05:15 39632 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-12-17 10:24 . 2012-05-09 14:52 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-12-17 10:24 . 2012-05-10 05:14 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-12-17 10:24 . 2012-05-09 14:52 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-12-17 10:24 . 2012-05-10 05:14 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:41 . 2012-05-10 05:14 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:41 . 2012-05-09 14:52 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:34 . 2012-05-10 04:47 87696 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\SoftwareProtectionPlatform\Cache\cache.dat
+ 2011-12-17 10:32 . 2012-05-10 05:15 8974 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2906503541-894232675-1437103822-1000_UserData.bin
+ 2012-05-10 04:39 . 2012-05-10 05:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-09 10:49 . 2012-05-09 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-05-09 10:49 . 2012-05-09 10:49 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-05-10 04:39 . 2012-05-10 05:13 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 04:47 . 2012-05-09 21:29 424732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-05-09 10:47 424732 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-04-15 23:47 . 2012-05-09 21:29 1022824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2012-04-15 23:47 . 2012-05-09 10:47 1022824 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-12-17 15:08 . 2012-05-09 21:29 7394128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2906503541-894232675-1437103822-1000-8192.dat
- 2011-12-17 15:08 . 2012-05-09 10:47 7394128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2906503541-894232675-1437103822-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-03-07 00:15 123536 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-03-07 4241512]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-10-19 738944]
"ZoneAlarm"="c:\program files\CheckPoint\ZoneAlarm\zatray.exe" [2011-10-26 73360]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKLM\~\startupfolder\C:^Users^kauboun^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^MagicDisc.lnk]
path=c:\users\kauboun\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MagicDisc.lnk
backup=c:\windows\pss\MagicDisc.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-06 17:05 421736 ----a-w- d:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QlbCtrl.exe]
2009-11-11 14:11 287800 ----a-r- c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QLBCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2012-02-29 06:55 17148552 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-18 12:02 254696 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [2012-02-29 158856]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-06 257696]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2011-12-17 136176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 15872]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 217600]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-04-05 291840]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [2012-03-05 45184]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-03-07 57688]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 26168]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-10-19 27016]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-10-19 497280]
S2 lxbv_device;lxbv_device;c:\windows\system32\lxbvcoms.exe [2007-04-25 537520]
S2 PDFSFilter;PDFsFilter;c:\windows\system32\DRIVERS\PDFsFilter.sys [2011-09-07 66832]
S3 amdiox86;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox86.sys [2010-02-18 37944]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 9334784]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 275968]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-05-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-07 08:15]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.212.8.8 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}: DhcpNameServer = 88.212.8.8 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\2456C6B696E6F5E4B2F5446313238334: DhcpNameServer = 192.168.2.1 192.168.2.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\35556513: DhcpNameServer = 192.168.2.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\35556523: DhcpNameServer = 158.197.16.31 192.168.1.254
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\46C696E6B6: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{866ADAC8-684D-4F23-897E-0011D623259C}\B6165726F657E6: DhcpNameServer = 88.212.8.8 192.168.0.1
FF - ProfilePath - c:\users\kauboun\AppData\Roaming\Mozilla\Firefox\Profiles\zgicqz7l.default\
.
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'lsass.exe'(624)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
- - - - - - - > 'Explorer.exe'(6920)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Raxco\PerfectDisk\PDAgent.exe
c:\program files\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files\Common Files\Raxco\Shared\PDEngine.exe
c:\program files\Raxco\PerfectDisk\PDAgentS1.exe
c:\windows\system32\conhost.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-05-10 07:21:55 - machine was rebooted
ComboFix-quarantined-files.txt 2012-05-10 05:21
ComboFix2.txt 2012-05-09 15:26
.
Pre-Run: 11 036 434 432 bytes free
Post-Run: 10 908 332 032 bytes free
.
- - End Of File - - CBC815D4A5377FC12EB64CB48E50F90A
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: poprosim kontrolu
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?