Dobrý den, mohly by ste skontrolovat tento log,pretoze som cez skype dostal virus(vola sa Doktor.bot (cerv) alebo tak nejak) eset mi to nedokaze viriesit. Dakujem za kazdu radu
Logfile of random's system information tool 1.09 (written by random/random)
Run by Administrator at 2012-10-09 16:25:31
Microsoft Windows 7 ARC Gamer Edition
System drive C: has 29 GB (14%) free of 200 GB
Total RAM: 3519 MB (66% free)
HijackThis download failed
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
C:\Windows\tasks\Norton Security Scan for Administrator.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="
"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn.me/esnsonar,version=0.70.4]
"Description"=ESN Sonar browser plugin
"Path"=C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=1.116.0]
"Description"=
"Path"=C:\Program Files\Battlelog Web Plugins\1.116.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=1.122.0]
"Description"=
"Path"=C:\Program Files\Battlelog Web Plugins\1.122.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@esn/esnlaunch,version=1.138.0]
"Description"=
"Path"=C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files\Mozilla Firefox\plugins\
np-mswmp.dll
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\extensions\
{687578b9-7132-4a7a-80e4-30ee31099e03}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-04-04 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-12-12 194432]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-16 325408]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-16 42272]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{687578b9-7132-4a7a-80e4-30ee31099e03} - uTorrentControl2 Toolbar - C:\Program Files\uTorrentControl2\prxtbuTor.dll [2011-05-09 176936]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]
"4StoryPrePatch"=C:\Program Files\Gameforge4D\4Story_CZ\PrePatch.exe [2012-03-04 327680]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2012-03-06 421736]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5.5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-18 254696]
"BCSSync"=C:\Program Files\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"DivXUpdate"=C:\Program Files\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"LogMeIn Hamachi Ui"=C:\Program Files\LogMeIn Hamachi\hamachi-2-ui.exe [2012-08-29 1996200]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXBannerAdPlugin.dll [2012-07-31 90112]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXDownloadManagerPlugin.dll [2012-07-31 66048]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXMediaManagerPlugin.dll [2012-07-31 335872]
"B Register C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll"=C:\Program Files\DivX\DivX Plus Player\DPXPlugins\DPXPlayerPlugin.dll [2012-07-31 1101824]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-04-18 1383936]
"DAEMON Tools Pro Agent"=C:\Program Files\DAEMON Tools Pro\DTAgent.exe [2012-02-02 3035968]
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
AutorunsDisabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2011-02-12 4220304]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=0
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=l3codecp.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"vidc.VP60"=C:\Windows\system32\vp6vfw.dll
"vidc.VP61"=C:\Windows\system32\vp6vfw.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
======List of files/folders created in the last 1 month======
2012-10-09 16:25:31 ----D---- C:\rsit
2012-10-09 16:25:31 ----D---- C:\Program Files\trend micro
2012-10-09 14:27:20 ----A---- C:\Users\Administrator\AppData\Roaming\1FAE.exe
2012-10-08 17:06:37 ----A---- C:\Users\Administrator\AppData\Roaming\5058.exe
2012-10-08 15:18:17 ----A---- C:\Users\Administrator\AppData\Roaming\236C.exe
2012-10-07 17:25:29 ----D---- C:\ProgramData\Solidshield
2012-10-07 17:17:36 ----D---- C:\Program Files\Bohemia Interactive
2012-10-07 15:11:18 ----A---- C:\Users\Administrator\AppData\Roaming\BB93.exe
2012-10-07 13:44:27 ----A---- C:\Users\Administrator\AppData\Roaming\3A1E.exe
2012-10-07 12:41:38 ----A---- C:\Users\Administrator\AppData\Roaming\B86F.exe
2012-10-07 12:02:30 ----A---- C:\Users\Administrator\AppData\Roaming\E2E8.exe
2012-10-07 11:24:29 ----A---- C:\Users\Administrator\AppData\Roaming\15B9.exe
2012-10-07 11:13:08 ----A---- C:\Users\Administrator\AppData\Roaming\B0E4.exe
2012-10-07 10:58:20 ----A---- C:\Users\Administrator\AppData\Roaming\24EE.exe
2012-10-06 20:45:06 ----N---- C:\Windows\system32\MpSigStub.exe
2012-10-06 20:31:26 ----D---- C:\Windows\temp
2012-10-06 20:31:24 ----A---- C:\ComboFix.txt
2012-10-06 20:28:07 ----D---- C:\$RECYCLE.BIN
2012-10-06 20:20:27 ----A---- C:\Windows\zip.exe
2012-10-06 20:20:27 ----A---- C:\Windows\SWSC.exe
2012-10-06 20:20:27 ----A---- C:\Windows\SWREG.exe
2012-10-06 20:20:27 ----A---- C:\Windows\sed.exe
2012-10-06 20:20:27 ----A---- C:\Windows\PEV.exe
2012-10-06 20:20:27 ----A---- C:\Windows\NIRCMD.exe
2012-10-06 20:20:27 ----A---- C:\Windows\MBR.exe
2012-10-06 20:20:27 ----A---- C:\Windows\grep.exe
2012-10-06 20:20:10 ----D---- C:\Qoobox
2012-10-06 20:19:56 ----D---- C:\Windows\erdnt
2012-10-02 18:40:23 ----D---- C:\Program Files\LG Electronics
2012-09-27 16:45:41 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-27 16:45:34 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-27 16:44:58 ----D---- C:\Windows\system32\RsFx
2012-09-27 16:40:59 ----D---- C:\Program Files\Microsoft SQL Server
2012-09-27 16:34:55 ----D---- C:\Windows\system32\1033
2012-09-27 16:34:31 ----D---- C:\Windows\symbols
2012-09-27 16:34:21 ----D---- C:\Program Files\Microsoft SDKs
2012-09-27 16:34:20 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2012-09-27 16:34:20 ----D---- C:\Program Files\Microsoft Help Viewer
2012-09-27 16:34:20 ----D---- C:\Program Files\Common Files\Merge Modules
2012-09-27 16:23:13 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2012-09-27 14:41:31 ----A---- C:\Windows\system32\PresentationHostProxy.dll
2012-09-27 14:41:31 ----A---- C:\Windows\system32\PresentationHost.exe
2012-09-27 14:41:31 ----A---- C:\Windows\system32\netfxperf.dll
2012-09-27 14:41:31 ----A---- C:\Windows\system32\mscoree.dll
2012-09-27 14:41:31 ----A---- C:\Windows\system32\dfshim.dll
2012-09-27 14:26:00 ----A---- C:\log.txt
2012-09-27 14:25:56 ----A---- C:\Windows\system32\drivers\USBDrv.sys
2012-09-17 21:02:33 ----D---- C:\Program Files\Paradox
======List of files/folders modified in the last 1 month======
2012-10-09 16:25:32 ----D---- C:\Windows\Prefetch
2012-10-09 16:25:31 ----RD---- C:\Program Files
2012-10-09 16:06:59 ----D---- C:\ProgramData\PMB Files
2012-10-09 14:25:05 ----D---- C:\Program Files\Mozilla Firefox
2012-10-09 14:25:00 ----D---- C:\Windows\system32\config
2012-10-09 14:24:08 ----D---- C:\ProgramData\NVIDIA
2012-10-08 20:42:56 ----D---- C:\Windows\system32\catroot2
2012-10-07 20:12:14 ----D---- C:\Users\Administrator\AppData\Roaming\uTorrent
2012-10-07 17:25:29 ----D---- C:\ProgramData
2012-10-07 17:21:44 ----RSD---- C:\Windows\assembly
2012-10-07 17:21:14 ----SHD---- C:\System Volume Information
2012-10-07 14:16:07 ----SHD---- C:\Windows\Installer
2012-10-06 20:45:06 ----D---- C:\Windows\System32
2012-10-06 20:31:27 ----D---- C:\Windows\system32\drivers
2012-10-06 20:31:26 ----D---- C:\Windows
2012-10-06 20:28:51 ----D---- C:\Windows\inf
2012-10-06 20:28:09 ----A---- C:\Windows\system.ini
2012-10-06 20:28:02 ----D---- C:\Windows\system32\drivers\etc
2012-10-06 20:24:30 ----D---- C:\Windows\AppPatch
2012-10-06 20:24:28 ----D---- C:\Program Files\Common Files
2012-10-06 19:01:55 ----A---- C:\Windows\system32\PnkBstrB.exe
2012-10-06 19:01:33 ----D---- C:\Users\Administrator\AppData\Roaming\Skype
2012-10-06 17:37:14 ----D---- C:\ProgramData\Skype
2012-10-05 12:28:58 ----D---- C:\Program Files\Battlelog Web Plugins
2012-10-02 20:10:07 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-02 18:40:43 ----D---- C:\Windows\system32\catroot
2012-10-02 18:40:42 ----D---- C:\Windows\system32\DriverStore
2012-10-01 20:51:28 ----D---- C:\Users\Administrator\AppData\Roaming\Adobe
2012-09-27 16:57:47 ----D---- C:\Windows\Microsoft.NET
2012-09-27 16:44:12 ----D---- C:\Program Files\Microsoft.NET
2012-09-27 16:43:31 ----D---- C:\Windows\winsxs
2012-09-27 16:42:50 ----SD---- C:\Users\Administrator\AppData\Roaming\Microsoft
2012-09-27 16:38:41 ----SD---- C:\ProgramData\Microsoft
2012-09-27 16:35:08 ----D---- C:\Program Files\Common Files\microsoft shared
2012-09-27 16:34:21 ----D---- C:\Program Files\MSBuild
2012-09-27 14:42:03 ----D---- C:\Windows\system32\en-US
2012-09-27 14:41:16 ----D---- C:\Windows\SoftwareDistribution
2012-09-25 19:23:06 ----D---- C:\ProgramData\Origin
2012-09-25 19:22:53 ----D---- C:\Program Files\Origin
2012-09-25 18:49:45 ----D---- C:\Users\Administrator\AppData\Roaming\.minecraft
2012-09-22 17:55:54 ----A---- C:\Windows\WORDPAD.INI
2012-09-13 12:28:54 ----D---- C:\Program Files\Common Files\Symantec Shared
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 50624]
R0 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\Windows\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-17 242240]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 33656]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x32.sys [2011-09-21 21992]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2011-08-10 163424]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
R3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller; C:\Windows\system32\DRIVERS\l160x86.sys [2009-07-14 47104]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\Windows\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2004-08-13 5810]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda32v.sys [2012-01-17 148800]
S0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\Windows\System32\drivers\sfdrv01.sys [2006-03-26 51200]
S0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\Windows\System32\drivers\sfsync04.sys [2006-03-24 50176]
S0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\Windows\System32\drivers\sfvfs02.sys [2005-11-03 63488]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 catchme;catchme; \??\C:\Users\ADMINI~1\AppData\Local\Temp\catchme.sys []
S3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-14 43008]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 sscdbus;SAMSUNG USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\sscdbus.sys [2011-07-20 104648]
S3 sscdmdfl;SAMSUNG Mobile Modem Filter; C:\Windows\system32\DRIVERS\sscdmdfl.sys [2011-07-20 14920]
S3 sscdmdm;SAMSUNG Mobile Modem Drivers; C:\Windows\system32\DRIVERS\sscdmdm.sys [2011-07-20 132424]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 USBAAPL;Apple Mobile USB Driver; C:\Windows\System32\Drivers\usbaapl.sys [2012-02-15 43520]
S3 usbbus;LGE Mobile Composite USB Device; C:\Windows\system32\DRIVERS\lgusbbus.sys [2008-11-19 13056]
S3 UsbDiag;LGE Mobile USB Serial Port; C:\Windows\system32\DRIVERS\lgusbdiag.sys [2008-11-19 19968]
S3 USBModem;LGE Mobile USB Modem; C:\Windows\system32\DRIVERS\lgusbmodem.sys [2008-11-19 24832]
S3 usbUDisc;usbUDisc; C:\Windows\system32\DRIVERS\USBDrv.sys [2012-09-27 13824]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2009-07-14 34944]
S4 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2012-02-27 55144]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2011-08-31 390504]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-08-29 1385896]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-02-29 645440]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
R2 PnkBstrA;PnkBstrA; C:\Windows\system32\PnkBstrA.exe [2012-02-27 76888]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
R2 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2012-03-06 821608]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-02-26 136176]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files\Microsoft Office\Office14\GROOVE.EXE [2010-12-27 31124344]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-15 113120]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S4 KMService;KMService; C:\Windows\system32\srvany.exe [2012-02-12 8192]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S4 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Skype virus - červ
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Skype virus - červ
Zdravím!
Poprosím o log ComboFix:
Poprosím o log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Skype virus - červ
Combofix log
ComboFix 12-10-04.02 - Administrator . 10. 2012 18:55:57.2.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2518 [GMT 2:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\15B9.exe
c:\users\Administrator\AppData\Roaming\1FAE.exe
c:\users\Administrator\AppData\Roaming\236C.exe
c:\users\Administrator\AppData\Roaming\24EE.exe
c:\users\Administrator\AppData\Roaming\2B23.exe
c:\users\Administrator\AppData\Roaming\3A1E.exe
c:\users\Administrator\AppData\Roaming\5058.exe
c:\users\Administrator\AppData\Roaming\56B2.exe
c:\users\Administrator\AppData\Roaming\A325.exe
c:\users\Administrator\AppData\Roaming\A94C.exe
c:\users\Administrator\AppData\Roaming\A9CB.exe
c:\users\Administrator\AppData\Roaming\B0E4.exe
c:\users\Administrator\AppData\Roaming\B86F.exe
c:\users\Administrator\AppData\Roaming\BB93.exe
c:\users\Administrator\AppData\Roaming\DDEC.exe
c:\users\Administrator\AppData\Roaming\E2E8.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 17:01 . 2012-10-15 17:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-15 17:01 . 2012-10-15 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-06 18:26 . 2012-10-15 17:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2012-09-27 14:45 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-27 14:45 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-27 14:44 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\RsFx
2012-09-27 14:40 . 2012-09-27 14:45 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-27 14:38 . 2012-09-27 14:47 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 14:34 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\1033
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\windows\symbols
2012-09-27 14:34 . 2012-09-27 14:40 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-27 14:34 . 2012-09-27 14:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-27 14:23 . 2012-09-27 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-27 12:41 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-27 12:41 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-27 12:41 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-09-27 12:41 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-27 12:41 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2012-09-17 19:02 . 2012-09-17 19:02 -------- d-----w- c:\program files\Paradox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 13:32 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-15 13:32 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-15 13:32 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-15 13:32 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 17:16]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 17:16]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 02:46]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 02:46]
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Efgegi"="c:\\Users\\Administrator\\AppData\\Roaming\\Efgegi.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,47,58,b9,f1,33,dc,44,b6,d5,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,47,58,b9,f1,33,dc,44,b6,d5,5b,\
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\SecuROM\License information*]
"datasecu"=hex:62,ad,d7,c1,22,56,c0,e4,7e,00,43,68,d6,ef,38,ea,58,45,f4,4a,b3,
be,07,8f,05,b3,c6,86,f6,be,72,be,83,f5,1b,91,74,c6,8f,30,e8,bb,d9,6a,e6,85,\
"rkeysecu"=hex:37,56,83,d6,ff,0d,77,ec,21,b3,9b,7d,bb,45,09,08
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-15 19:03:25
ComboFix-quarantined-files.txt 2012-10-15 17:03
ComboFix2.txt 2012-10-06 18:31
.
Pre-Run: 30 450 900 992 bytes free
Post-Run: 30 108 852 224 bytes free
.
- - End Of File - - 8DF513E75555B780DEF11CF4A8C4E061
ComboFix 12-10-04.02 - Administrator . 10. 2012 18:55:57.2.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2518 [GMT 2:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\15B9.exe
c:\users\Administrator\AppData\Roaming\1FAE.exe
c:\users\Administrator\AppData\Roaming\236C.exe
c:\users\Administrator\AppData\Roaming\24EE.exe
c:\users\Administrator\AppData\Roaming\2B23.exe
c:\users\Administrator\AppData\Roaming\3A1E.exe
c:\users\Administrator\AppData\Roaming\5058.exe
c:\users\Administrator\AppData\Roaming\56B2.exe
c:\users\Administrator\AppData\Roaming\A325.exe
c:\users\Administrator\AppData\Roaming\A94C.exe
c:\users\Administrator\AppData\Roaming\A9CB.exe
c:\users\Administrator\AppData\Roaming\B0E4.exe
c:\users\Administrator\AppData\Roaming\B86F.exe
c:\users\Administrator\AppData\Roaming\BB93.exe
c:\users\Administrator\AppData\Roaming\DDEC.exe
c:\users\Administrator\AppData\Roaming\E2E8.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-15 to 2012-10-15 )))))))))))))))))))))))))))))))
.
.
2012-10-15 17:01 . 2012-10-15 17:01 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-15 17:01 . 2012-10-15 17:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-06 18:26 . 2012-10-15 17:01 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2012-09-27 14:45 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-27 14:45 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-27 14:44 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\RsFx
2012-09-27 14:40 . 2012-09-27 14:45 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-27 14:38 . 2012-09-27 14:47 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 14:34 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\1033
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\windows\symbols
2012-09-27 14:34 . 2012-09-27 14:40 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-27 14:34 . 2012-09-27 14:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-27 14:23 . 2012-09-27 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-27 12:41 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-27 12:41 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-27 12:41 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-09-27 12:41 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-27 12:41 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2012-09-17 19:02 . 2012-09-17 19:02 -------- d-----w- c:\program files\Paradox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 13:32 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-15 13:32 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-15 13:32 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-15 13:32 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"= "c:\program files\uTorrentControl2\prxtbuTor.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - PNKBSTRK
.
Contents of the 'Scheduled Tasks' folder
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 17:16]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-02-26 17:16]
.
2012-10-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 02:46]
.
2012-10-15 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
- c:\users\Administrator\AppData\Local\Google\Update\GoogleUpdate.exe [2012-02-11 02:46]
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Efgegi"="c:\\Users\\Administrator\\AppData\\Roaming\\Efgegi.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,47,58,b9,f1,33,dc,44,b6,d5,5b,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,e0,47,58,b9,f1,33,dc,44,b6,d5,5b,\
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\SecuROM\License information*]
"datasecu"=hex:62,ad,d7,c1,22,56,c0,e4,7e,00,43,68,d6,ef,38,ea,58,45,f4,4a,b3,
be,07,8f,05,b3,c6,86,f6,be,72,be,83,f5,1b,91,74,c6,8f,30,e8,bb,d9,6a,e6,85,\
"rkeysecu"=hex:37,56,83,d6,ff,0d,77,ec,21,b3,9b,7d,bb,45,09,08
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-10-15 19:03:25
ComboFix-quarantined-files.txt 2012-10-15 17:03
ComboFix2.txt 2012-10-06 18:31
.
Pre-Run: 30 450 900 992 bytes free
Post-Run: 30 108 852 224 bytes free
.
- - End Of File - - 8DF513E75555B780DEF11CF4A8C4E061
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Skype virus - červ
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
Folder::
c:\program files\uTorrentControl2
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"=-
[-HKEY_CLASSES_ROOT\clsid\{687578b9-7132-4a7a-80e4-30ee31099e03}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{687578b9-7132-4a7a-80e4-30ee31099e03}"=-
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{687578B9-7132-4A7A-80E4-30EE31099E03}"=-
RegLock::
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Internet Explorer\User Preferences]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Regnull::
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\SecuROM\License information*]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Skype virus - červ
urobil som ako ste mi povedal a vyhodilo my dalsi log
ComboFix 12-10-04.02 - Administrator . 10. 2012 18:14:10.3.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2560 [GMT 2:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentControl2
c:\program files\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl2\ldrtbuTor.dll
c:\program files\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl2\prxtbuTor.dll
c:\program files\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl2\tbuTor.dll
c:\program files\uTorrentControl2\toolbar.cfg
c:\program files\uTorrentControl2\ToolbarContextMenu.xml
c:\program files\uTorrentControl2\uninstall.exe
c:\program files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 16:19 . 2012-10-16 16:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-16 16:19 . 2012-10-16 16:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-16 16:19 . 2012-10-16 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 17:48 . 2012-10-10 17:48 1241088 ----a-w- c:\users\Administrator\AppData\Roaming\Efgegi.exe
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2012-09-27 14:45 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-27 14:45 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-27 14:44 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\RsFx
2012-09-27 14:40 . 2012-09-27 14:45 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-27 14:38 . 2012-09-27 14:47 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 14:34 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\1033
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\windows\symbols
2012-09-27 14:34 . 2012-09-27 14:40 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-27 14:34 . 2012-09-27 14:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-27 14:23 . 2012-09-27 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-27 12:41 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-27 12:41 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-27 12:41 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-09-27 12:41 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-27 12:41 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2012-09-17 19:02 . 2012-09-17 19:02 -------- d-----w- c:\program files\Paradox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 13:32 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-15 13:32 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-15 13:32 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-15 13:32 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 80.87.208.29 80.87.208.166
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Efgegi"="c:\\Users\\Administrator\\AppData\\Roaming\\Efgegi.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2272)
c:\program files\Microangelo On Display\MODIcon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-16 18:23:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 16:23
ComboFix2.txt 2012-10-15 17:03
ComboFix3.txt 2012-10-06 18:31
.
Pre-Run: 29 852 131 328 bytes free
Post-Run: 29 779 558 400 bytes free
.
- - End Of File - - C88D8B0C1CD3EA79B57CC65E88A3C434
ComboFix 12-10-04.02 - Administrator . 10. 2012 18:14:10.3.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2560 [GMT 2:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
Command switches used :: c:\users\Administrator\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\uTorrentControl2
c:\program files\uTorrentControl2\GottenAppsContextMenu.xml
c:\program files\uTorrentControl2\ldrtbuTor.dll
c:\program files\uTorrentControl2\OtherAppsContextMenu.xml
c:\program files\uTorrentControl2\prxtbuTor.dll
c:\program files\uTorrentControl2\SharedAppsContextMenu.xml
c:\program files\uTorrentControl2\tbuTor.dll
c:\program files\uTorrentControl2\toolbar.cfg
c:\program files\uTorrentControl2\ToolbarContextMenu.xml
c:\program files\uTorrentControl2\uninstall.exe
c:\program files\uTorrentControl2\uTorrentControl2ToolbarHelper.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-108348271-2500877364-2576925-500UA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-09-16 to 2012-10-16 )))))))))))))))))))))))))))))))
.
.
2012-10-16 16:19 . 2012-10-16 16:20 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-16 16:19 . 2012-10-16 16:19 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-16 16:19 . 2012-10-16 16:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-10 17:48 . 2012-10-10 17:48 1241088 ----a-w- c:\users\Administrator\AppData\Roaming\Efgegi.exe
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2012-09-27 14:45 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-27 14:45 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-27 14:44 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\RsFx
2012-09-27 14:40 . 2012-09-27 14:45 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-27 14:38 . 2012-09-27 14:47 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 14:34 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\1033
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\windows\symbols
2012-09-27 14:34 . 2012-09-27 14:40 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-27 14:34 . 2012-09-27 14:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-27 14:23 . 2012-09-27 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-27 12:41 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-27 12:41 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-27 12:41 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-09-27 12:41 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-27 12:41 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
2012-09-17 19:02 . 2012-09-17 19:02 -------- d-----w- c:\program files\Paradox
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-15 13:32 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-15 13:32 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-15 13:32 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-15 13:32 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 80.87.208.29 80.87.208.166
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-uTorrentControl2 Toolbar - c:\program files\uTorrentControl2\uninstall.exe
.
.
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Efgegi"="c:\\Users\\Administrator\\AppData\\Roaming\\Efgegi.exe"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2272)
c:\program files\Microangelo On Display\MODIcon.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
c:\windows\system32\conhost.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\DAEMON Tools Pro\DTShellHlp.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2012-10-16 18:23:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-10-16 16:23
ComboFix2.txt 2012-10-15 17:03
ComboFix3.txt 2012-10-06 18:31
.
Pre-Run: 29 852 131 328 bytes free
Post-Run: 29 779 558 400 bytes free
.
- - End Of File - - C88D8B0C1CD3EA79B57CC65E88A3C434
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Skype virus - červ
Log již vypadá čistý. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Skype virus - červ
dakujem zatial nic ak sa to prejavy tak vam poviem
Este raz dakujem za pomoc.
Este raz dakujem za pomoc.
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Skype virus - červ
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Skype virus - červ
zas sa prejavyl ten spam virus na skype vkladam log z combofixu
ComboFix 12-10-04.02 - Administrator . 10. 2012 20:22:36.4.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2744 [GMT 2:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\16A8.exe
c:\users\Administrator\AppData\Roaming\308.exe
c:\users\Administrator\AppData\Roaming\364D.exe
c:\users\Administrator\AppData\Roaming\3D75.exe
c:\users\Administrator\AppData\Roaming\4292.exe
c:\users\Administrator\AppData\Roaming\51CF.tmp
c:\users\Administrator\AppData\Roaming\5EC4.exe
c:\users\Administrator\AppData\Roaming\DE88.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 18:27 . 2012-10-19 18:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-19 18:27 . 2012-10-19 18:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-19 18:27 . 2012-10-19 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 13:38 . 2012-10-19 14:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\.techniclauncher
2012-10-17 14:15 . 2012-10-17 14:15 -------- d-----w- c:\users\Administrator\.borland
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Common Files\Borland Shared
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Borland
2012-10-17 14:11 . 2012-10-17 14:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\TeamViewer
2012-10-17 14:02 . 2012-10-17 14:02 -------- d-----w- c:\program files\Skype
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2012-09-27 14:45 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-27 14:45 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-27 14:44 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\RsFx
2012-09-27 14:40 . 2012-09-27 14:45 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-27 14:38 . 2012-09-27 14:47 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 14:34 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\1033
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\windows\symbols
2012-09-27 14:34 . 2012-09-27 14:40 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-27 14:34 . 2012-09-27 14:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-27 14:23 . 2012-09-27 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-27 12:41 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-27 12:41 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-27 12:41 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-09-27 12:41 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-27 12:41 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 17:53 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-18 17:53 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-18 17:53 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-18 17:52 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
Completion time: 2012-10-19 20:29:20
ComboFix-quarantined-files.txt 2012-10-19 18:29
ComboFix2.txt 2012-10-16 16:23
ComboFix3.txt 2012-10-15 17:03
ComboFix4.txt 2012-10-06 18:31
.
Pre-Run: 34 087 223 296 bytes free
Post-Run: 33 904 300 032 bytes free
.
- - End Of File - - 3BBC35D4B79346CF40A5C014EA5A9D89
ComboFix 12-10-04.02 - Administrator . 10. 2012 20:22:36.4.2 - x86
Microsoft Windows 7 ARC Gamer Edition 6.1.7600.0.1252.1.1033.18.3519.2744 [GMT 2:00]
Running from: c:\users\Administrator\Downloads\ComboFix.exe
AV: ESET Smart Security 5.0 *Enabled/Outdated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Enabled/Outdated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
* Resident AV is active
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Roaming\16A8.exe
c:\users\Administrator\AppData\Roaming\308.exe
c:\users\Administrator\AppData\Roaming\364D.exe
c:\users\Administrator\AppData\Roaming\3D75.exe
c:\users\Administrator\AppData\Roaming\4292.exe
c:\users\Administrator\AppData\Roaming\51CF.tmp
c:\users\Administrator\AppData\Roaming\5EC4.exe
c:\users\Administrator\AppData\Roaming\DE88.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-09-19 to 2012-10-19 )))))))))))))))))))))))))))))))
.
.
2012-10-19 18:27 . 2012-10-19 18:27 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-10-19 18:27 . 2012-10-19 18:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-19 18:27 . 2012-10-19 18:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-19 13:38 . 2012-10-19 14:05 -------- d-----w- c:\users\Administrator\AppData\Roaming\.techniclauncher
2012-10-17 14:15 . 2012-10-17 14:15 -------- d-----w- c:\users\Administrator\.borland
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Common Files\Borland Shared
2012-10-17 14:13 . 2012-10-17 14:13 -------- d-----w- c:\program files\Borland
2012-10-17 14:11 . 2012-10-17 14:15 -------- d-----w- c:\users\Administrator\AppData\Roaming\TeamViewer
2012-10-17 14:02 . 2012-10-17 14:02 -------- d-----w- c:\program files\Skype
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- C:\rsit
2012-10-09 14:25 . 2012-10-09 14:25 -------- d-----w- c:\program files\trend micro
2012-10-07 15:25 . 2012-10-07 15:25 -------- d-----w- c:\programdata\Solidshield
2012-10-07 15:17 . 2012-10-07 15:17 -------- d-----w- c:\program files\Bohemia Interactive
2012-10-06 18:45 . 2012-09-18 22:59 6980552 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3AD824BE-4E3A-447C-9BB7-0413B3032608}\mpengine.dll
2012-10-06 18:45 . 2012-05-31 10:25 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-10-02 16:40 . 2012-10-02 16:40 -------- d-----w- c:\program files\LG Electronics
2012-10-02 16:40 . 2009-05-12 06:46 212992 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGSetCDROMAutoRun.exe
2012-10-02 16:40 . 2008-12-17 02:14 32768 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\LGPsLvDlChk.dll
2012-10-02 16:40 . 2009-04-06 04:58 1461760 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\tools\LGUSBModemDrivers_WHQL_ML_Ver_4.9.4_All_NP.msi
2012-10-02 16:40 . 2008-04-01 09:15 20480 ----a-r- c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Templates\H\SendScsiCmd.dll
2012-09-27 14:45 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-09-27 14:45 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-09-27 14:44 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\RsFx
2012-09-27 14:40 . 2012-09-27 14:45 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-27 14:38 . 2012-09-27 14:47 1276192 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1033\ResourceCache.dll
2012-09-27 14:34 . 2012-09-27 14:44 -------- d-----w- c:\windows\system32\1033
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\windows\symbols
2012-09-27 14:34 . 2012-09-27 14:40 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-27 14:34 . 2012-09-27 14:37 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-09-27 14:34 . 2012-09-27 14:34 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-09-27 14:23 . 2012-09-27 14:23 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-27 12:41 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2012-09-27 12:41 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2012-09-27 12:41 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2012-09-27 12:41 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2012-09-27 12:41 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2012-09-27 12:25 . 2012-09-27 12:25 13824 ----a-w- c:\windows\system32\drivers\USBDrv.sys
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-18 17:53 . 2012-02-11 06:58 139328 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2012-10-18 17:53 . 2012-04-05 12:36 281520 ----a-w- c:\windows\system32\PnkBstrB.exe
2012-10-18 17:53 . 2012-02-13 16:58 281520 ----a-w- c:\windows\system32\PnkBstrB.xtr
2012-10-18 17:52 . 2012-02-11 06:58 280904 ----a-w- c:\windows\system32\PnkBstrB.ex0
2012-08-15 07:30 . 2012-02-29 17:26 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[-] 2010-05-04 . 41D5CD162477BCE0D585D4B2424DD5EB . 2951168 . . [6.1.7600.16385] . . c:\windows\explorer.exe
[7] 2009-10-31 . C76153C7ECA00FA852BB0C193378F917 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe
[7] 2009-10-31 . 2626FC9755BE22F805D3CFA0CE3EE727 . 2614272 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe
[7] 2009-08-03 . 9FF6C4C91A3711C0A3B18F87B08B518D . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe
[7] 2009-08-03 . B95EEB0F4E5EFBF1038A35B3351CF047 . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe
[7] 2009-07-14 . 15BC38A7492BEFE831966ADB477CF76F . 2613248 . . [6.1.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe
.
[7] 2009-07-14 . 2C32E3E596CFE660353753EABEFB0540 . 673048 . . [8.00.7600.16385] . . c:\windows\winsxs\x86_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7600.16385_none_b346f9b4861b55c2\iexplore.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-04-18 1383936]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
"DAEMON Tools Pro Agent"="c:\program files\DAEMON Tools Pro\DTAgent.exe" [2012-02-02 3035968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
"4StoryPrePatch"="c:\program files\Gameforge4D\4Story_CZ\PrePatch.exe" [2012-03-04 327680]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-06 421736]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-03-15 499608]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"DivXUpdate"="c:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"LogMeIn Hamachi Ui"="c:\program files\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-08-29 1996200]
.
c:\users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
R2 gupdate;Služba Google Update (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 usbUDisc;usbUDisc;c:\windows\system32\DRIVERS\USBDrv.sys [x]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 KMService;KMService;c:\windows\system32\srvany.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x32.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
S3 AtcL001;NDIS Miniport Driver for Atheros L1 Gigabit Ethernet Controller;c:\windows\system32\DRIVERS\l160x86.sys [x]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-13 c:\windows\Tasks\Norton Security Scan for Administrator.job
- c:\progra~1\NORTON~2\Engine\372~1.5\Nss.exe [2012-07-08 09:45]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyOverride = *.local
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\gqa8r2or.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3072253&SearchSource=2&q=
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_avi_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_divx_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.doc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\WINWORD.EXE"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.docx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Word.Document.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2t\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_mkv_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mod\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pptx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="PowerPoint.Show.12"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.properties\UserChoice]
@Denied: (2) (Administrator)
"Progid"="properties_auto_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="TIFImage.Document"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_vob_file"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-108348271-2500877364-2576925-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="OpenOffice.org.Xls"
.
Completion time: 2012-10-19 20:29:20
ComboFix-quarantined-files.txt 2012-10-19 18:29
ComboFix2.txt 2012-10-16 16:23
ComboFix3.txt 2012-10-15 17:03
ComboFix4.txt 2012-10-06 18:31
.
Pre-Run: 34 087 223 296 bytes free
Post-Run: 33 904 300 032 bytes free
.
- - End Of File - - 3BBC35D4B79346CF40A5C014EA5A9D89
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Skype virus - červ
Udělejte sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Skype virus - červ
AVPtool som stiahol, pri spúšťaní mi zobrazilo error s tím, že mám spraviť reset PC. Od vtedy, čo som resetol PC, tak nejde internet, všetky drivery sú zmazané, nejde mi Windows AERO, eset neaktivuje rezidentné štíty, ...
Pozeral som v autorun, či tam nenájdem niečo nezvyčajné/neznáme, ale takmer všetko v zložke driver bolo žlté s chybou FileNotFound.
Teraz je vidno, že PC je totálne zavírované. Mám spraviť nejaké logy a pomôžete mi s tím, alebo radšej zálohu a reinstall windows?
Ďakujem za pomoc a prepáčte že odpisujem takou odozvou.
Pozeral som v autorun, či tam nenájdem niečo nezvyčajné/neznáme, ale takmer všetko v zložke driver bolo žlté s chybou FileNotFound.
Teraz je vidno, že PC je totálne zavírované. Mám spraviť nejaké logy a pomôžete mi s tím, alebo radšej zálohu a reinstall windows?
Ďakujem za pomoc a prepáčte že odpisujem takou odozvou.
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Skype virus - červ
Zkuste AVPTool spustit v nouz. režimu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Skype virus - červ
spustim Avp tool a zampnem sken. Vyhodi mi ze tam je nejaky trojak tak dam aby ho vymazalo. Ked to doroby tak zrazu resetne pc.A ked spustim normalny windows tak eset ma stale vypnute ochrany a v safe mode neni ani nainstalovany,ke ho spustim znova (ten avp tool ) tak to ide odznova najde trojak ,vymaze ho a resetne pc......
-
Rudy
- Site Admin
- Příspěvky: 119520
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Skype virus - červ
Dostenete informaci, o jaký troják se jedná a kde je umístěn?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Skype virus - červ
viem kde sa nachadza a aky je to trojak no pise sa tam ( HEUR:Trojan.Win32.Generic
Přispějete na provoz fóra?