Logfile of random's system information tool 1.08 (written by random/random)
Run by RH at 2011-03-19 22:04:11
Microsoft Windows 7 Ultimate
System drive D: has 48 GB (19%) free of 250 GB
Total RAM: 4095 MB (59% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:04:20, on 19. 3. 2011
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
D:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files (x86)\Internet Download Manager\IDMan.exe
D:\Program Files\Alwil Software\Avast5\AvastUI.exe
D:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe
D:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Program Files\trend micro\RH.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = http=;ftp=;https=;
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Ask Toolbar BHO - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Ask Toolbar - {D4027C7F-154A-4066-A1AD-4243D8127440} - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [HDAudDeck] D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [StartCCC] "D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SwitchBoard] D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "D:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [avast] "D:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Skype] "D:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [IDMan] D:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: CurseClientStartup.ccip
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Office Excel - res://D:\PROGRA~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Prevziať cez IDM - D:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Prevziať cez IDM všetky prepojenia - D:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O8 - Extra context menu item: Prevziať obsah FLV cez IDM - D:\Program Files (x86)\Internet Download Manager\IEGetVL.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - D:\Program Files (x86)\PokerStars\PokerStarsUpdate.exe
O9 - Extra button: Zdroje informací - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~2\MICROS~2\OFFICE11\REFIEBAR.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - D:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: AMD Reservation Manager - Advanced Micro Devices - D:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe
O23 - Service: avast! Antivirus - AVAST Software - D:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: avast! Firewall - AVAST Software - D:\Program Files\Alwil Software\Avast5\afwServ.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: Folding Service #01 (FAH-01) - Stanford University - D:\Program Files (x86)\Folding@Home #01\Folding@Home #01\FAH-Console.exe
O23 - Service: Folding Service #02 (FAH-02) - Stanford University - D:\Program Files (x86)\Folding@Home #01\Folding@Home #02\FAH-Console.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: ForceWare Intelligent Application Manager (IAM) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - D:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi 2.0 Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: lxddCATSCustConnectService - Lexmark International, Inc. - D:\Windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe
O23 - Service: lxdd_device - - D:\Windows\system32\lxddcoms.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: ForceWare IP service (nSvcIp) - Unknown owner - D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe
O23 - Service: PnkBstrA - Unknown owner - D:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9742 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
D:\Windows\system32\services.exe
D:\Windows\system32\lsass.exe
D:\Windows\system32\lsm.exe
winlogon.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\system32\atiesrxx.exe
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\AUDIODG.EXE 0x264
D:\Windows\system32\svchost.exe -k LocalService
atieclxx
D:\Windows\system32\svchost.exe -k NetworkService
"D:\Program Files\Alwil Software\Avast5\AvastSvc.exe"
"D:\Program Files\Alwil Software\Avast5\afwServ.exe"
"D:\Windows\system32\Dwm.exe"
D:\Windows\Explorer.EXE
"D:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"D:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe"
"D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"D:\Program Files\Alwil Software\Avast5\AvastUI.exe" /nogui
"taskhost.exe"
"D:\Program Files (x86)\Folding@Home #01\Folding@Home #01\FAH-Console.exe" -forceasm -local -svcstart
"D:\Program Files (x86)\Folding@Home #01\Folding@Home #02\FAH-Console.exe" -forceasm -local -svcstart
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
D:\Windows\system32\lxddcoms.exe -service
D:\Windows\SysWOW64\PnkBstrA.exe
taskeng.exe {75034EB6-DF89-4DC3-84DD-B16ECC22A87B}
D:\Windows\system32\svchost.exe -k imgsvc
"D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"D:\Program Files (x86)\IObit\Advanced SystemCare 3\AWC.exe" /startup
"D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe"
"D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:2896
"D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe"
"D:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe" /SILENT
D:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"D:\Program Files\Windows Media Player\wmpnetwk.exe"
D:\Windows\System32\svchost.exe -k LocalServicePeerNet
D:\Windows\System32\svchost.exe -k secsvcs
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=4892.c63d200.44956325 "D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" "Mozilla.Firefox.4.0" -omnijar D:\Program Files (x86)\Mozilla Firefox\omni.jar 4892 \\.\pipe\gecko-crash-server-pipe.4892 plugin
"D:\Users\RH\Desktop\RSITx64.exe"
D:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
D:\Windows\tasks\AWC Startup.job
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001Core.job
D:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2011-03-02 355680]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - D:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2011-02-23 972280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDMIEHlprObj Class - D:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2011-03-02 206256]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - D:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11 75128]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
Ask Toolbar - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-02 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - D:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2011-02-23 972280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440} - Ask Toolbar - D:\Program Files (x86)\Ask.com\GenericAskToolbar.dll [2010-09-28 1400712]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - D:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2011-02-23 814160]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=D:\Program Files (x86)\Skype\Phone\Skype.exe [2011-01-03 15028104]
"IDMan"=D:\Program Files (x86)\Internet Download Manager\IDMan.exe [2011-03-03 3278232]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeBridge]
D:\Program Files (x86)\Adobe\Adobe Bridge CS4\Bridge.exe [2008-08-28 13145448]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS4ServiceManager]
D:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe [2008-08-14 611712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
D:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2010-09-16 1164584]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
D:\Users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2010-12-06 1910152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Octoshape Streaming Services]
D:\Users\RH\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [2009-01-08 70936]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Pando Media Booster]
D:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe [2011-01-08 3046808]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2010-12-21 1483264]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
d:\program files (x86)\steam\steam.exe [2010-10-29 1242448]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"=D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2009-09-21 2583040]
"StartCCC"=D:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-01-26 336384]
"SwitchBoard"=D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=D:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"avast"=D:\Program Files\Alwil Software\Avast5\avastUI.exe [2011-02-23 3451496]
D:\Users\RH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CurseClientStartup.ccip
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 months======
2011-03-19 11:00:22 ----A---- D:\Windows\system32\drivers\aswFW.sys
2011-03-19 11:00:06 ----A---- D:\Windows\system32\drivers\aswNdis2.sys
2011-03-19 10:42:14 ----A---- D:\Windows\system32\drivers\aswSnx.sys
2011-03-19 00:02:35 ----D---- D:\Users\RH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-18 23:53:09 ----D---- D:\ProgramData\regid.1986-12.com.adobe
2011-03-18 19:56:58 ----HDC---- D:\ProgramData\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
2011-03-18 19:56:14 ----D---- D:\Program Files\Common Files\Native Instruments
2011-03-18 19:56:13 ----D---- D:\ProgramData\Native Instruments
2011-03-18 19:56:13 ----D---- D:\Program Files\Native Instruments
2011-03-17 18:58:39 ----A---- D:\Windows\system32\uxtuneup.dll
2011-03-17 18:58:38 ----A---- D:\Windows\SYSWOW64\uxtuneup.dll
2011-03-17 18:58:38 ----A---- D:\Windows\SYSWOW64\authuitu.dll
2011-03-17 18:58:38 ----A---- D:\Windows\system32\authuitu.dll
2011-03-17 18:58:13 ----A---- D:\Windows\system32\uxt40AF.tmp
2011-03-17 17:26:31 ----A---- D:\Windows\system32\TURegOpt.exe
2011-03-17 17:26:01 ----D---- D:\Users\RH\AppData\Roaming\TuneUp Software
2011-03-17 17:25:48 ----D---- D:\Program Files (x86)\TuneUp Utilities 2011
2011-03-17 17:25:15 ----D---- D:\ProgramData\TuneUp Software
2011-03-17 17:25:04 ----SHD---- D:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-17 16:51:52 ----D---- D:\Program Files (x86)\Virtual Piano
2011-03-11 17:15:44 ----D---- D:\Users\RH\AppData\Roaming\.minecraft
2011-03-10 15:27:26 ----D---- D:\Users\RH\AppData\Roaming\PSpad
2011-03-10 15:27:13 ----D---- D:\Program Files (x86)\PSPad editor
2011-03-06 13:32:08 ----D---- D:\ProgramData\ATI
2011-03-06 13:28:47 ----D---- D:\Program Files (x86)\ATI Stream
2011-03-06 13:00:53 ----D---- D:\Windows\SYSWOW64\Adobe
2011-03-04 22:49:39 ----D---- D:\Users\RH\AppData\Roaming\PlatinumHideIP
2011-03-04 22:49:39 ----D---- D:\ProgramData\PlatinumHideIP
2011-03-04 22:49:14 ----D---- D:\Program Files (x86)\Ask.com
2011-03-04 22:49:00 ----D---- D:\Program Files (x86)\PlatinumHideIP
2011-03-04 22:16:36 ----D---- D:\Users\RH\AppData\Roaming\IDM
2011-03-04 22:16:34 ----D---- D:\Users\RH\AppData\Roaming\DMCache
2011-03-04 22:16:28 ----D---- D:\Program Files (x86)\Internet Download Manager
2011-03-04 10:27:08 ----A---- D:\ProgramData\SPL4E09.tmp
2011-03-03 16:05:33 ----A---- D:\Windows\system32\drivers\idmwfp.sys
2011-02-22 14:13:14 ----D---- D:\Users\RH\AppData\Roaming\Rovio
2011-02-21 20:47:17 ----D---- D:\Program Files (x86)\LOLReplay
2011-02-20 12:05:47 ----A---- D:\Windows\SYSWOW64\javaws.exe
2011-02-20 12:05:47 ----A---- D:\Windows\SYSWOW64\javaw.exe
2011-02-20 12:05:47 ----A---- D:\Windows\SYSWOW64\java.exe
======List of files/folders modified in the last 1 months======
2011-03-19 22:04:20 ----D---- D:\Windows\Prefetch
2011-03-19 22:04:19 ----D---- D:\Windows\Temp
2011-03-19 22:04:15 ----D---- D:\Program Files\trend micro
2011-03-19 21:58:07 ----D---- D:\Program Files (x86)\Mozilla Firefox
2011-03-19 21:55:33 ----D---- D:\Users\RH\AppData\Roaming\Skype
2011-03-19 21:51:49 ----D---- D:\Windows\system32\Tasks
2011-03-19 19:08:19 ----SHD---- D:\System Volume Information
2011-03-19 18:28:45 ----D---- D:\Users\RH\AppData\Roaming\vlc
2011-03-19 17:07:04 ----D---- D:\Users\RH\AppData\Roaming\skypePM
2011-03-19 16:43:24 ----D---- D:\Windows
2011-03-19 12:49:13 ----D---- D:\ProgramData\PMB Files
2011-03-19 11:00:22 ----D---- D:\Windows\system32\drivers
2011-03-19 11:00:15 ----D---- D:\Windows\inf
2011-03-19 11:00:12 ----D---- D:\Windows\system32\DriverStore
2011-03-19 11:00:12 ----D---- D:\Windows\system32\catroot
2011-03-19 10:42:12 ----D---- D:\Windows\SysWOW64
2011-03-19 10:10:36 ----D---- D:\ProgramData\Adobe
2011-03-19 10:01:35 ----D---- D:\Windows\system32\catroot2
2011-03-19 09:59:48 ----RSD---- D:\Windows\Fonts
2011-03-18 23:56:43 ----D---- D:\Program Files (x86)\Adobe
2011-03-18 23:53:09 ----HD---- D:\ProgramData
2011-03-18 23:50:57 ----D---- D:\Windows\system32\config
2011-03-18 23:46:25 ----D---- D:\Program Files\Common Files\Adobe
2011-03-18 23:46:03 ----D---- D:\Program Files\Adobe
2011-03-18 23:45:14 ----D---- D:\Users\RH\AppData\Roaming\Adobe
2011-03-18 23:41:48 ----SHD---- D:\Windows\Installer
2011-03-18 23:41:48 ----D---- D:\Config.Msi
2011-03-18 23:40:46 ----D---- D:\Windows\winsxs
2011-03-18 19:56:14 ----D---- D:\Program Files\Common Files
2011-03-18 19:56:13 ----RD---- D:\Program Files
2011-03-18 19:56:13 ----D---- D:\Program Files (x86)\Common Files
2011-03-18 10:39:00 ----D---- D:\Windows\System32
2011-03-17 18:23:14 ----D---- D:\Windows\Tasks
2011-03-17 18:14:48 ----D---- D:\Program Files (x86)\Rockstar Games
2011-03-17 17:25:48 ----D---- D:\Program Files (x86)
2011-03-13 12:15:40 ----D---- D:\JDownloader
2011-03-13 09:56:29 ----D---- D:\Program Files\Lx_cats
2011-03-07 18:06:05 ----RSD---- D:\Windows\assembly
2011-03-07 18:06:05 ----D---- D:\Windows\Microsoft.NET
2011-03-06 13:28:41 ----D---- D:\Program Files (x86)\ATI
2011-03-06 13:28:25 ----D---- D:\Program Files\ATI Technologies
2011-03-06 13:19:19 ----D---- D:\Windows\SYSWOW64\directx
2011-03-06 13:19:12 ----HD---- D:\Windows\msdownld.tmp
2011-03-06 13:16:30 ----A---- D:\Windows\SYSWOW64\PerfStringBackup.INI
2011-03-06 13:15:53 ----A---- D:\Windows\system32\PerfStringBackup.INI
2011-03-04 19:30:32 ----A---- D:\Windows\SYSWOW64\PnkBstrB.exe
2011-03-01 14:50:43 ----D---- D:\Program Files (x86)\CityVilleBot
2011-02-23 16:04:17 ----A---- D:\Windows\SYSWOW64\aswBoot.exe
2011-02-23 16:04:07 ----A---- D:\Windows\system32\aswBoot.exe
2011-02-20 12:05:33 ----D---- D:\Program Files (x86)\Java
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 aswNdis;avast! Firewall NDIS Filter Service; D:\Windows\system32\DRIVERS\aswNdis.sys [2010-01-09 12368]
R0 aswNdis2;avast! Firewall Core Firewall Service; D:\Windows\system32\drivers\aswNdis2.sys [2011-02-23 253784]
R0 pciide;pciide; D:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 sptd;sptd; D:\Windows\System32\Drivers\sptd.sys [2010-03-28 834544]
R1 aswFW;avast! TDI Firewall driver; D:\Windows\system32\drivers\aswFW.sys [2011-02-23 127320]
R1 aswRdr;aswRdr; D:\Windows\system32\drivers\aswRdr.sys [2011-02-23 31064]
R1 aswSnx;aswSnx; D:\Windows\system32\drivers\aswSnx.sys [2011-02-23 505176]
R1 aswSP;aswSP; D:\Windows\system32\drivers\aswSP.sys [2011-02-23 280408]
R1 aswTdi;avast! Network Shield Support; D:\Windows\system32\drivers\aswTdi.sys [2011-02-23 53592]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 ISODrive;ISO DVD/CD-ROM Device Driver; \??\D:\Program Files (x86)\UltraISO\drivers\ISODrv64.sys [2010-01-29 115600]
R2 adfs;adfs; D:\Windows\system32\drivers\adfs.sys [2008-06-27 88632]
R2 aswFsBlk;aswFsBlk; D:\Windows\system32\drivers\aswFsBlk.sys [2011-02-23 22360]
R2 aswMonFlt;aswMonFlt; \??\D:\Windows\system32\drivers\aswMonFlt.sys [2011-02-23 64344]
R2 IDMWFP;IDMWFP; D:\Windows\system32\DRIVERS\idmwfp.sys [2011-01-25 142936]
R3 amdiox64;AMD IO Driver; D:\Windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; D:\Windows\system32\DRIVERS\atikmdag.sys [2011-01-27 9085952]
R3 amdkmdap;amdkmdap; D:\Windows\system32\DRIVERS\atikmpag.sys [2011-01-26 299520]
R3 AtiHDAudioService;ATI Function Driver for HD Audio Service; D:\Windows\system32\drivers\AtihdW76.sys [2010-11-17 115216]
R3 hamachi;Hamachi Network Interface; D:\Windows\system32\DRIVERS\hamachi.sys [2009-09-23 33856]
R3 NVNET;NVIDIA nForce 10/100 Mbps Ethernet ; D:\Windows\system32\DRIVERS\nvmf6264.sys [2009-04-30 339360]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
R3 usbscan;USB Scanner Driver; D:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; D:\Windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
S3 ALSysIO;ALSysIO; \??\D:\Users\RH\AppData\Local\Temp\ALSysIO64.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; D:\Windows\system32\drivers\AtiHdmi.sys [2010-01-28 116736]
S3 BthEnum;Bluetooth Request Block Driver; D:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); D:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; D:\Windows\System32\Drivers\BTHport.sys [2009-07-14 551936]
S3 BTHUSB;Bluetooth Radio USB Driver; D:\Windows\System32\Drivers\BTHUSB.sys [2009-07-14 79360]
S3 GGSAFERDriver;GGSAFER Driver; \??\D:\Program Files (x86)\Garena\plugins\UI\safedrv.sys []
S3 NVENETFD;NVIDIA nForce Networking Controller Driver; D:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
S3 pccsmcfd;PCCS Mode Change Filter Driver; D:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 s3cap;s3cap; D:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 storvsc;storvsc; D:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; D:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; D:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; D:\Windows\system32\atiesrxx.exe [2011-01-26 203776]
R2 AMD FUEL Service;AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
R2 AMD Reservation Manager;AMD Reservation Manager; D:\Program Files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
R2 avast! Antivirus;avast! Antivirus; D:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2011-02-23 42184]
R2 avast! Firewall;avast! Firewall; D:\Program Files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 FAH-01;Folding Service #01; D:\Program Files (x86)\Folding@Home #01\Folding@Home #01\FAH-Console.exe [2008-06-30 253952]
R2 FAH-02;Folding Service #02; D:\Program Files (x86)\Folding@Home #01\Folding@Home #02\FAH-Console.exe [2008-06-30 253952]
R2 ForceWare Intelligent Application Manager (IAM);ForceWare Intelligent Application Manager (IAM); D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe [2009-04-19 625184]
R2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
R2 lxdd_device;lxdd_device; D:\Windows\system32\lxddcoms.exe [2007-05-25 567216]
R2 nSvcIp;ForceWare IP service; D:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe [2009-04-19 207904]
R2 PnkBstrA;PnkBstrA; D:\Windows\syswow64\PnkBstrA.exe [2010-12-14 75136]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; D:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-02-18 2019648]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
S2 lxddCATSCustConnectService;lxddCATSCustConnectService; D:\Windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
S3 aspnet_state;ASP.NET State Service; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-31 1038088]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; D:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2010-03-31 655624]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; D:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
S3 ose;Office Source Engine; D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-12-08 628736]
S3 Steam Client Service;Steam Client Service; D:\Program Files (x86)\Common Files\Steam\SteamService.exe [2010-11-05 403240]
S3 SwitchBoard;SwitchBoard; D:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prosim o kontrolu logu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Odinstalujte AskToolbar. Jinak čisto.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
ked som sa pokusil odinstalovat Ask Toolbar vyhodilo error a zrusilo odinstalaciu
a stale dookola proste mi ho nepusti odinstalovat
Error 2738.Could not acces VBScript run time for custom action.
a stale dookola proste mi ho nepusti odinstalovat
Error 2738.Could not acces VBScript run time for custom action.
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Dejte log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
ComboFix 11-03-21.02 - RH . 03. 2011 18:22:31.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4095.2215 [GMT 1:00]
Running from: d:\users\RH\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 17:37 . 2011-03-22 17:37 -------- d-----w- d:\users\Default\AppData\Local\temp
2011-03-21 15:44 . 2011-03-21 15:44 159744 ----a-w- d:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-03-21 15:43 . 2011-03-21 15:43 -------- d-----w- d:\program files (x86)\Common Files\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\users\RH\AppData\Local\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\program files (x86)\Apple Software Update
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\programdata\Apple
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-19 20:58 . 2011-03-18 18:05 781272 ----a-w- d:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-19 20:58 . 2011-03-18 18:05 728024 ----a-w- d:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-19 20:58 . 2011-03-18 18:05 1975768 ----a-w- d:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1893336 ----a-w- d:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1874904 ----a-w- d:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-19 20:58 . 2011-03-18 18:05 15832 ----a-w- d:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-19 10:00 . 2011-02-23 14:57 127320 ----a-w- d:\windows\system32\drivers\aswFW.sys
2011-03-19 10:00 . 2011-02-23 14:56 253784 ----a-w- d:\windows\system32\drivers\aswNdis2.sys
2011-03-19 09:42 . 2011-02-23 14:57 505176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-03-18 23:02 . 2011-03-18 23:02 -------- d-----w- d:\users\RH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-18 22:53 . 2011-03-18 23:00 -------- d-----w- d:\programdata\regid.1986-12.com.adobe
2011-03-18 18:56 . 2011-03-18 18:56 -------- dc-h--w- d:\programdata\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Common Files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\programdata\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files (x86)\Common Files\Native Instruments
2011-03-17 17:58 . 2011-02-18 12:24 36160 ----a-w- d:\windows\system32\uxtuneup.dll
2011-03-17 17:58 . 2011-02-18 12:24 25920 ----a-w- d:\windows\system32\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 21312 ----a-w- d:\windows\SysWow64\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 29504 ----a-w- d:\windows\SysWow64\uxtuneup.dll
2011-03-17 17:58 . 2011-03-17 17:58 0 ----a-w- d:\windows\system32\uxt40AF.tmp
2011-03-17 16:26 . 2011-02-18 12:29 34624 ----a-w- d:\windows\system32\TURegOpt.exe
2011-03-17 16:26 . 2011-03-17 16:26 -------- d-----w- d:\users\RH\AppData\Roaming\TuneUp Software
2011-03-17 16:25 . 2011-03-17 17:58 -------- d-----w- d:\program files (x86)\TuneUp Utilities 2011
2011-03-17 16:25 . 2011-03-17 16:27 -------- d-----w- d:\programdata\TuneUp Software
2011-03-17 16:25 . 2011-03-17 16:25 -------- d-sh--w- d:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-17 15:51 . 2011-03-17 15:52 -------- d-----w- d:\program files (x86)\Virtual Piano
2011-03-11 16:15 . 2011-03-11 16:56 -------- d-----w- d:\users\RH\AppData\Roaming\.minecraft
2011-03-10 14:27 . 2011-03-10 15:48 -------- d-----w- d:\users\RH\AppData\Roaming\PSpad
2011-03-10 14:27 . 2011-03-10 14:27 -------- d-----w- d:\program files (x86)\PSPad editor
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- d:\programdata\ATI
2011-03-06 12:28 . 2011-03-06 12:28 -------- d-----w- d:\program files (x86)\ATI Stream
2011-03-06 12:00 . 2011-03-06 12:00 -------- d-----w- d:\windows\SysWow64\Adobe
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\users\RH\AppData\Roaming\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\programdata\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\Ask.com
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\PlatinumHideIP
2011-03-04 21:16 . 2011-03-06 12:02 -------- d-----w- d:\users\RH\AppData\Roaming\IDM
2011-03-04 21:16 . 2011-03-22 17:39 -------- d-----w- d:\users\RH\AppData\Roaming\DMCache
2011-03-04 21:16 . 2011-03-04 21:16 -------- d-----w- d:\program files (x86)\Internet Download Manager
2011-03-04 09:27 . 2011-03-04 09:27 1001512 ----a-w- d:\programdata\SPL4E09.tmp
2011-03-03 15:05 . 2011-01-25 10:40 142936 ----a-w- d:\windows\system32\drivers\idmwfp.sys
2011-02-22 13:13 . 2011-02-22 13:13 -------- d-----w- d:\users\RH\AppData\Roaming\Rovio
2011-02-21 19:47 . 2011-02-21 19:53 -------- d-----w- d:\program files (x86)\LOLReplay
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 18:30 . 2010-05-12 19:43 214592 ----a-w- d:\windows\SysWow64\PnkBstrB.xtr
2011-03-04 18:30 . 2010-05-12 19:40 214592 ----a-w- d:\windows\SysWow64\PnkBstrB.ex0
2011-03-04 18:30 . 2010-05-12 19:40 214592 ----a-w- d:\windows\SysWow64\PnkBstrB.exe
2011-02-23 15:04 . 2010-06-29 20:29 40648 ----a-w- d:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-26 18:55 190016 ----a-w- d:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-18 16:55 238968 ----a-w- d:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-03-26 18:56 280408 ----a-w- d:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-26 18:56 53592 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-26 18:56 31064 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-03-26 18:56 64344 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-03-26 18:56 22360 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-06-06 12:23 472808 ----a-w- d:\windows\SysWow64\deployJava1.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- d:\windows\SysWow64\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- d:\windows\SysWow64\msvcr71.dll
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- d:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- d:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- d:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2010-10-27 02:55 596480 ----a-w- d:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- d:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2010-03-03 04:15 708608 ----a-w- d:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2010-11-26 02:54 462848 ----a-w- d:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- d:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- d:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- d:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- d:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- d:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- d:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- d:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- d:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- d:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- d:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2010-03-03 03:57 4847616 ----a-w- d:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- d:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- d:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2010-11-26 02:29 3222016 ----a-w- d:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2010-03-03 03:46 4170752 ----a-w- d:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- d:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- d:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- d:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- d:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- d:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- d:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2010-03-03 03:24 3463680 ----a-w- d:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2010-11-26 02:24 5316096 ----a-w- d:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2010-03-03 03:23 58880 ----a-w- d:\windows\system32\coinst.dll
2011-01-26 22:14 . 2010-03-03 03:08 354304 ----a-w- d:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- d:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- d:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- d:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- d:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- d:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-03-03 03:06 39936 ----a-w- d:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- d:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2010-03-03 03:06 38400 ----a-w- d:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2010-03-03 03:06 28672 ----a-w- d:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- d:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "d:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-03-03 3278232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="d:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"StartCCC"="d:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SwitchBoard"="d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="d:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
d:\users\RH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-16 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare"="d:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"DivXUpdate"="d:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"FaxCenterServer"="d:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
"SunJavaUpdateSched"="d:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 avast! Firewall;avast! Firewall;d:\program files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;d:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R3 ALSysIO;ALSysIO;d:\users\RH\AppData\Local\Temp\ALSysIO64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;d:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-31 1038088]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;d:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GGSAFERDriver;GGSAFER Driver;d:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 SwitchBoard;SwitchBoard;d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 aswNdis;avast! Firewall NDIS Filter Service;d:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;d:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FAH-01;Folding Service 01;d:\program files (x86)\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;d:\program files (x86)\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 IDMWFP;IDMWFP;d:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 lxdd_device;lxdd_device;d:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-02-18 2019648]
S3 amdiox64;AMD IO Driver;d:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW76.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;d:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 d:\windows\Tasks\AWC Startup.job
- d:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-11-12 15:19]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001Core.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001UA.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- d:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 85232 ----a-w- d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="d:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = d:\windows\system32\blank.htm
mLocal Page = d:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\1jfec2ar.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - d:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvyu"="msyuv.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"msacm.l3acm"="d:\\Windows\\System32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"VIDC.FPS1"="frapsv64.dll"
"VIDC.XFR1"="xfcodec64.dll"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-22 19:06:48
ComboFix-quarantined-files.txt 2011-03-22 18:06
.
Pre-Run: 46 368 026 624 bytes free
Post-Run: 46 318 391 296 bytes free
.
- - End Of File - - 58F3A4BA6A8BCD438838FB08CBB5FB8D
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4095.2215 [GMT 1:00]
Running from: d:\users\RH\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
d:\windows\wpe pro.INI
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 17:37 . 2011-03-22 17:37 -------- d-----w- d:\users\Default\AppData\Local\temp
2011-03-21 15:44 . 2011-03-21 15:44 159744 ----a-w- d:\program files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
2011-03-21 15:43 . 2011-03-21 15:43 -------- d-----w- d:\program files (x86)\Common Files\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\users\RH\AppData\Local\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\program files (x86)\Apple Software Update
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\programdata\Apple
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-19 20:58 . 2011-03-18 18:05 781272 ----a-w- d:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-19 20:58 . 2011-03-18 18:05 728024 ----a-w- d:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-19 20:58 . 2011-03-18 18:05 1975768 ----a-w- d:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1893336 ----a-w- d:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1874904 ----a-w- d:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-19 20:58 . 2011-03-18 18:05 15832 ----a-w- d:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-19 10:00 . 2011-02-23 14:57 127320 ----a-w- d:\windows\system32\drivers\aswFW.sys
2011-03-19 10:00 . 2011-02-23 14:56 253784 ----a-w- d:\windows\system32\drivers\aswNdis2.sys
2011-03-19 09:42 . 2011-02-23 14:57 505176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-03-18 23:02 . 2011-03-18 23:02 -------- d-----w- d:\users\RH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-18 22:53 . 2011-03-18 23:00 -------- d-----w- d:\programdata\regid.1986-12.com.adobe
2011-03-18 18:56 . 2011-03-18 18:56 -------- dc-h--w- d:\programdata\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Common Files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\programdata\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files (x86)\Common Files\Native Instruments
2011-03-17 17:58 . 2011-02-18 12:24 36160 ----a-w- d:\windows\system32\uxtuneup.dll
2011-03-17 17:58 . 2011-02-18 12:24 25920 ----a-w- d:\windows\system32\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 21312 ----a-w- d:\windows\SysWow64\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 29504 ----a-w- d:\windows\SysWow64\uxtuneup.dll
2011-03-17 17:58 . 2011-03-17 17:58 0 ----a-w- d:\windows\system32\uxt40AF.tmp
2011-03-17 16:26 . 2011-02-18 12:29 34624 ----a-w- d:\windows\system32\TURegOpt.exe
2011-03-17 16:26 . 2011-03-17 16:26 -------- d-----w- d:\users\RH\AppData\Roaming\TuneUp Software
2011-03-17 16:25 . 2011-03-17 17:58 -------- d-----w- d:\program files (x86)\TuneUp Utilities 2011
2011-03-17 16:25 . 2011-03-17 16:27 -------- d-----w- d:\programdata\TuneUp Software
2011-03-17 16:25 . 2011-03-17 16:25 -------- d-sh--w- d:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-17 15:51 . 2011-03-17 15:52 -------- d-----w- d:\program files (x86)\Virtual Piano
2011-03-11 16:15 . 2011-03-11 16:56 -------- d-----w- d:\users\RH\AppData\Roaming\.minecraft
2011-03-10 14:27 . 2011-03-10 15:48 -------- d-----w- d:\users\RH\AppData\Roaming\PSpad
2011-03-10 14:27 . 2011-03-10 14:27 -------- d-----w- d:\program files (x86)\PSPad editor
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- d:\programdata\ATI
2011-03-06 12:28 . 2011-03-06 12:28 -------- d-----w- d:\program files (x86)\ATI Stream
2011-03-06 12:00 . 2011-03-06 12:00 -------- d-----w- d:\windows\SysWow64\Adobe
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\users\RH\AppData\Roaming\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\programdata\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\Ask.com
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\PlatinumHideIP
2011-03-04 21:16 . 2011-03-06 12:02 -------- d-----w- d:\users\RH\AppData\Roaming\IDM
2011-03-04 21:16 . 2011-03-22 17:39 -------- d-----w- d:\users\RH\AppData\Roaming\DMCache
2011-03-04 21:16 . 2011-03-04 21:16 -------- d-----w- d:\program files (x86)\Internet Download Manager
2011-03-04 09:27 . 2011-03-04 09:27 1001512 ----a-w- d:\programdata\SPL4E09.tmp
2011-03-03 15:05 . 2011-01-25 10:40 142936 ----a-w- d:\windows\system32\drivers\idmwfp.sys
2011-02-22 13:13 . 2011-02-22 13:13 -------- d-----w- d:\users\RH\AppData\Roaming\Rovio
2011-02-21 19:47 . 2011-02-21 19:53 -------- d-----w- d:\program files (x86)\LOLReplay
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-04 18:30 . 2010-05-12 19:43 214592 ----a-w- d:\windows\SysWow64\PnkBstrB.xtr
2011-03-04 18:30 . 2010-05-12 19:40 214592 ----a-w- d:\windows\SysWow64\PnkBstrB.ex0
2011-03-04 18:30 . 2010-05-12 19:40 214592 ----a-w- d:\windows\SysWow64\PnkBstrB.exe
2011-02-23 15:04 . 2010-06-29 20:29 40648 ----a-w- d:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-26 18:55 190016 ----a-w- d:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-18 16:55 238968 ----a-w- d:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-03-26 18:56 280408 ----a-w- d:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-26 18:56 53592 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-26 18:56 31064 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-03-26 18:56 64344 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-03-26 18:56 22360 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-06-06 12:23 472808 ----a-w- d:\windows\SysWow64\deployJava1.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- d:\windows\SysWow64\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- d:\windows\SysWow64\msvcr71.dll
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- d:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- d:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- d:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2010-10-27 02:55 596480 ----a-w- d:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- d:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2010-03-03 04:15 708608 ----a-w- d:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2010-11-26 02:54 462848 ----a-w- d:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- d:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- d:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- d:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- d:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- d:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- d:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- d:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- d:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- d:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- d:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2010-03-03 03:57 4847616 ----a-w- d:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- d:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- d:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2010-11-26 02:29 3222016 ----a-w- d:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2010-03-03 03:46 4170752 ----a-w- d:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- d:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- d:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- d:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- d:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- d:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- d:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2010-03-03 03:24 3463680 ----a-w- d:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2010-11-26 02:24 5316096 ----a-w- d:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2010-03-03 03:23 58880 ----a-w- d:\windows\system32\coinst.dll
2011-01-26 22:14 . 2010-03-03 03:08 354304 ----a-w- d:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- d:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- d:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- d:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- d:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- d:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-03-03 03:06 39936 ----a-w- d:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- d:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2010-03-03 03:06 38400 ----a-w- d:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2010-03-03 03:06 28672 ----a-w- d:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2010-09-28 21:44 1400712 ----a-w- d:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "d:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2010-09-28 1400712]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-03-03 3278232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="d:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"StartCCC"="d:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SwitchBoard"="d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="d:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
d:\users\RH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-16 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare"="d:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"DivXUpdate"="d:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"FaxCenterServer"="d:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
"SunJavaUpdateSched"="d:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 avast! Firewall;avast! Firewall;d:\program files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;d:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R3 ALSysIO;ALSysIO;d:\users\RH\AppData\Local\Temp\ALSysIO64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;d:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-31 1038088]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;d:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GGSAFERDriver;GGSAFER Driver;d:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 SwitchBoard;SwitchBoard;d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 aswNdis;avast! Firewall NDIS Filter Service;d:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;d:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FAH-01;Folding Service 01;d:\program files (x86)\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;d:\program files (x86)\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 IDMWFP;IDMWFP;d:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 lxdd_device;lxdd_device;d:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-02-18 2019648]
S3 amdiox64;AMD IO Driver;d:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW76.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;d:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 d:\windows\Tasks\AWC Startup.job
- d:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-11-12 15:19]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001Core.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001UA.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- d:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 85232 ----a-w- d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="d:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = d:\windows\system32\blank.htm
mLocal Page = d:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\1jfec2ar.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-Adobe Shockwave Player - d:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvyu"="msyuv.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"msacm.l3acm"="d:\\Windows\\System32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"VIDC.FPS1"="frapsv64.dll"
"VIDC.XFR1"="xfcodec64.dll"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-22 19:06:48
ComboFix-quarantined-files.txt 2011-03-22 18:06
.
Pre-Run: 46 368 026 624 bytes free
Post-Run: 46 318 391 296 bytes free
.
- - End Of File - - 58F3A4BA6A8BCD438838FB08CBB5FB8D
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykloná příkazy ze skriptu.Folder::
c:\program files (x86)\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
po spusteni toho scriptu vytvoreny log combo fixom
ComboFix 11-03-21.02 - RH . 03. 2011 22:20:11.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4095.2574 [GMT 1:00]
Running from: d:\users\RH\Desktop\ComboFix.exe
Command switches used :: d:\users\RH\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 21:28 . 2011-03-22 21:28 -------- d-----w- d:\users\Default\AppData\Local\temp
2011-03-22 21:28 . 2011-03-22 21:28 -------- d-----w- d:\users\Administrator\AppData\Local\temp
2011-03-21 15:43 . 2011-03-21 15:43 -------- d-----w- d:\program files (x86)\Common Files\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\users\RH\AppData\Local\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\program files (x86)\Apple Software Update
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\programdata\Apple
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-19 20:58 . 2011-03-18 18:05 781272 ----a-w- d:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-19 20:58 . 2011-03-18 18:05 728024 ----a-w- d:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-19 20:58 . 2011-03-18 18:05 1975768 ----a-w- d:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1893336 ----a-w- d:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1874904 ----a-w- d:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-19 20:58 . 2011-03-18 18:05 15832 ----a-w- d:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-19 10:00 . 2011-02-23 14:57 127320 ----a-w- d:\windows\system32\drivers\aswFW.sys
2011-03-19 10:00 . 2011-02-23 14:56 253784 ----a-w- d:\windows\system32\drivers\aswNdis2.sys
2011-03-19 09:42 . 2011-02-23 14:57 505176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-03-18 23:02 . 2011-03-18 23:02 -------- d-----w- d:\users\RH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-18 22:53 . 2011-03-18 23:00 -------- d-----w- d:\programdata\regid.1986-12.com.adobe
2011-03-18 18:56 . 2011-03-18 18:56 -------- dc-h--w- d:\programdata\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Common Files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\programdata\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files (x86)\Common Files\Native Instruments
2011-03-17 17:58 . 2011-02-18 12:24 36160 ----a-w- d:\windows\system32\uxtuneup.dll
2011-03-17 17:58 . 2011-02-18 12:24 25920 ----a-w- d:\windows\system32\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 21312 ----a-w- d:\windows\SysWow64\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 29504 ----a-w- d:\windows\SysWow64\uxtuneup.dll
2011-03-17 17:58 . 2011-03-17 17:58 0 ----a-w- d:\windows\system32\uxt40AF.tmp
2011-03-17 16:26 . 2011-02-18 12:29 34624 ----a-w- d:\windows\system32\TURegOpt.exe
2011-03-17 16:26 . 2011-03-17 16:26 -------- d-----w- d:\users\RH\AppData\Roaming\TuneUp Software
2011-03-17 16:25 . 2011-03-17 17:58 -------- d-----w- d:\program files (x86)\TuneUp Utilities 2011
2011-03-17 16:25 . 2011-03-17 16:27 -------- d-----w- d:\programdata\TuneUp Software
2011-03-17 16:25 . 2011-03-17 16:25 -------- d-sh--w- d:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-17 15:51 . 2011-03-17 15:52 -------- d-----w- d:\program files (x86)\Virtual Piano
2011-03-11 16:15 . 2011-03-11 16:56 -------- d-----w- d:\users\RH\AppData\Roaming\.minecraft
2011-03-10 14:27 . 2011-03-10 15:48 -------- d-----w- d:\users\RH\AppData\Roaming\PSpad
2011-03-10 14:27 . 2011-03-10 14:27 -------- d-----w- d:\program files (x86)\PSPad editor
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- d:\programdata\ATI
2011-03-06 12:28 . 2011-03-06 12:28 -------- d-----w- d:\program files (x86)\ATI Stream
2011-03-06 12:00 . 2011-03-06 12:00 -------- d-----w- d:\windows\SysWow64\Adobe
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\users\RH\AppData\Roaming\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\programdata\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\Ask.com
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\PlatinumHideIP
2011-03-04 21:16 . 2011-03-06 12:02 -------- d-----w- d:\users\RH\AppData\Roaming\IDM
2011-03-04 21:16 . 2011-03-22 21:28 -------- d-----w- d:\users\RH\AppData\Roaming\DMCache
2011-03-04 21:16 . 2011-03-04 21:16 -------- d-----w- d:\program files (x86)\Internet Download Manager
2011-03-04 09:27 . 2011-03-04 09:27 1001512 ----a-w- d:\programdata\SPL4E09.tmp
2011-03-03 15:05 . 2011-01-25 10:40 142936 ----a-w- d:\windows\system32\drivers\idmwfp.sys
2011-02-22 13:13 . 2011-02-22 13:13 -------- d-----w- d:\users\RH\AppData\Roaming\Rovio
2011-02-21 19:47 . 2011-02-21 19:53 -------- d-----w- d:\program files (x86)\LOLReplay
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 20:41 . 2010-05-12 19:43 234768 ----a-w- d:\windows\SysWow64\PnkBstrB.xtr
2011-03-22 20:41 . 2010-05-12 19:40 234768 ----a-w- d:\windows\SysWow64\PnkBstrB.ex0
2011-03-22 20:41 . 2010-05-12 19:40 234768 ----a-w- d:\windows\SysWow64\PnkBstrB.exe
2011-02-23 15:04 . 2010-06-29 20:29 40648 ----a-w- d:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-26 18:55 190016 ----a-w- d:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-18 16:55 238968 ----a-w- d:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-03-26 18:56 280408 ----a-w- d:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-26 18:56 53592 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-26 18:56 31064 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-03-26 18:56 64344 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-03-26 18:56 22360 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-06-06 12:23 472808 ----a-w- d:\windows\SysWow64\deployJava1.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- d:\windows\SysWow64\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- d:\windows\SysWow64\msvcr71.dll
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- d:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- d:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- d:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2010-10-27 02:55 596480 ----a-w- d:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- d:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2010-03-03 04:15 708608 ----a-w- d:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2010-11-26 02:54 462848 ----a-w- d:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- d:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- d:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- d:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- d:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- d:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- d:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- d:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- d:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- d:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- d:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2010-03-03 03:57 4847616 ----a-w- d:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- d:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- d:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2010-11-26 02:29 3222016 ----a-w- d:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2010-03-03 03:46 4170752 ----a-w- d:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- d:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- d:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- d:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- d:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- d:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- d:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2010-03-03 03:24 3463680 ----a-w- d:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2010-11-26 02:24 5316096 ----a-w- d:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2010-03-03 03:23 58880 ----a-w- d:\windows\system32\coinst.dll
2011-01-26 22:14 . 2010-03-03 03:08 354304 ----a-w- d:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- d:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- d:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- d:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- d:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- d:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-03-03 03:06 39936 ----a-w- d:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- d:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2010-03-03 03:06 38400 ----a-w- d:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2010-03-03 03:06 28672 ----a-w- d:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_17.39.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-03-22 14:14 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-03-22 18:16 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-22 14:14 32768 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-22 18:16 32768 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-22 18:16 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-22 14:14 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-03-03 3278232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="d:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"StartCCC"="d:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SwitchBoard"="d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="d:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
d:\users\RH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-16 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare"="d:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"DivXUpdate"="d:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"FaxCenterServer"="d:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
"SunJavaUpdateSched"="d:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 avast! Firewall;avast! Firewall;d:\program files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;d:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R3 ALSysIO;ALSysIO;d:\users\RH\AppData\Local\Temp\ALSysIO64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;d:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-31 1038088]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;d:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GGSAFERDriver;GGSAFER Driver;d:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 SwitchBoard;SwitchBoard;d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 aswNdis;avast! Firewall NDIS Filter Service;d:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;d:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FAH-01;Folding Service 01;d:\program files (x86)\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;d:\program files (x86)\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 IDMWFP;IDMWFP;d:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 lxdd_device;lxdd_device;d:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-02-18 2019648]
S3 amdiox64;AMD IO Driver;d:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW76.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;d:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 d:\windows\Tasks\AWC Startup.job
- d:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-11-12 15:19]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001Core.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001UA.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- d:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 85232 ----a-w- d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="d:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = d:\windows\system32\blank.htm
mLocal Page = d:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\1jfec2ar.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvyu"="msyuv.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"msacm.l3acm"="d:\\Windows\\System32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"VIDC.FPS1"="frapsv64.dll"
"VIDC.XFR1"="xfcodec64.dll"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-22 22:31:37
ComboFix-quarantined-files.txt 2011-03-22 21:31
ComboFix2.txt 2011-03-22 18:06
.
Pre-Run: 44 627 472 384 bytes free
Post-Run: 45 636 788 224 bytes free
.
- - End Of File - - 55A0FEE4DB9CDA8C366BB28800E2AEA3
ComboFix 11-03-21.02 - RH . 03. 2011 22:20:11.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4095.2574 [GMT 1:00]
Running from: d:\users\RH\Desktop\ComboFix.exe
Command switches used :: d:\users\RH\Desktop\CFScript.txt
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-02-22 to 2011-03-22 )))))))))))))))))))))))))))))))
.
.
2011-03-22 21:28 . 2011-03-22 21:28 -------- d-----w- d:\users\Default\AppData\Local\temp
2011-03-22 21:28 . 2011-03-22 21:28 -------- d-----w- d:\users\Administrator\AppData\Local\temp
2011-03-21 15:43 . 2011-03-21 15:43 -------- d-----w- d:\program files (x86)\Common Files\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\users\RH\AppData\Local\Apple
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\program files (x86)\Apple Software Update
2011-03-21 15:42 . 2011-03-21 15:42 -------- d-----w- d:\programdata\Apple
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2011-03-19 20:58 . 2011-03-18 18:05 781272 ----a-w- d:\program files (x86)\Mozilla Firefox\mozsqlite3.dll
2011-03-19 20:58 . 2011-03-18 18:05 728024 ----a-w- d:\program files (x86)\Mozilla Firefox\libGLESv2.dll
2011-03-19 20:58 . 2011-03-18 18:05 1975768 ----a-w- d:\program files (x86)\Mozilla Firefox\D3DCompiler_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1893336 ----a-w- d:\program files (x86)\Mozilla Firefox\d3dx9_42.dll
2011-03-19 20:58 . 2011-03-18 18:05 1874904 ----a-w- d:\program files (x86)\Mozilla Firefox\mozjs.dll
2011-03-19 20:58 . 2011-03-18 18:05 15832 ----a-w- d:\program files (x86)\Mozilla Firefox\mozalloc.dll
2011-03-19 20:58 . 2011-03-18 18:05 142296 ----a-w- d:\program files (x86)\Mozilla Firefox\libEGL.dll
2011-03-19 10:00 . 2011-02-23 14:57 127320 ----a-w- d:\windows\system32\drivers\aswFW.sys
2011-03-19 10:00 . 2011-02-23 14:56 253784 ----a-w- d:\windows\system32\drivers\aswNdis2.sys
2011-03-19 09:42 . 2011-02-23 14:57 505176 ----a-w- d:\windows\system32\drivers\aswSnx.sys
2011-03-18 23:02 . 2011-03-18 23:02 -------- d-----w- d:\users\RH\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2011-03-18 22:53 . 2011-03-18 23:00 -------- d-----w- d:\programdata\regid.1986-12.com.adobe
2011-03-18 18:56 . 2011-03-18 18:56 -------- dc-h--w- d:\programdata\{A0DFE2A5-DE68-41F3-8861-73E954C1D41D}
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Common Files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\programdata\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files\Native Instruments
2011-03-18 18:56 . 2011-03-18 18:56 -------- d-----w- d:\program files (x86)\Common Files\Native Instruments
2011-03-17 17:58 . 2011-02-18 12:24 36160 ----a-w- d:\windows\system32\uxtuneup.dll
2011-03-17 17:58 . 2011-02-18 12:24 25920 ----a-w- d:\windows\system32\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 21312 ----a-w- d:\windows\SysWow64\authuitu.dll
2011-03-17 17:58 . 2011-02-18 12:24 29504 ----a-w- d:\windows\SysWow64\uxtuneup.dll
2011-03-17 17:58 . 2011-03-17 17:58 0 ----a-w- d:\windows\system32\uxt40AF.tmp
2011-03-17 16:26 . 2011-02-18 12:29 34624 ----a-w- d:\windows\system32\TURegOpt.exe
2011-03-17 16:26 . 2011-03-17 16:26 -------- d-----w- d:\users\RH\AppData\Roaming\TuneUp Software
2011-03-17 16:25 . 2011-03-17 17:58 -------- d-----w- d:\program files (x86)\TuneUp Utilities 2011
2011-03-17 16:25 . 2011-03-17 16:27 -------- d-----w- d:\programdata\TuneUp Software
2011-03-17 16:25 . 2011-03-17 16:25 -------- d-sh--w- d:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-03-17 15:51 . 2011-03-17 15:52 -------- d-----w- d:\program files (x86)\Virtual Piano
2011-03-11 16:15 . 2011-03-11 16:56 -------- d-----w- d:\users\RH\AppData\Roaming\.minecraft
2011-03-10 14:27 . 2011-03-10 15:48 -------- d-----w- d:\users\RH\AppData\Roaming\PSpad
2011-03-10 14:27 . 2011-03-10 14:27 -------- d-----w- d:\program files (x86)\PSPad editor
2011-03-06 12:32 . 2011-03-06 12:32 -------- d-----w- d:\programdata\ATI
2011-03-06 12:28 . 2011-03-06 12:28 -------- d-----w- d:\program files (x86)\ATI Stream
2011-03-06 12:00 . 2011-03-06 12:00 -------- d-----w- d:\windows\SysWow64\Adobe
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\users\RH\AppData\Roaming\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\programdata\PlatinumHideIP
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\Ask.com
2011-03-04 21:49 . 2011-03-04 21:49 -------- d-----w- d:\program files (x86)\PlatinumHideIP
2011-03-04 21:16 . 2011-03-06 12:02 -------- d-----w- d:\users\RH\AppData\Roaming\IDM
2011-03-04 21:16 . 2011-03-22 21:28 -------- d-----w- d:\users\RH\AppData\Roaming\DMCache
2011-03-04 21:16 . 2011-03-04 21:16 -------- d-----w- d:\program files (x86)\Internet Download Manager
2011-03-04 09:27 . 2011-03-04 09:27 1001512 ----a-w- d:\programdata\SPL4E09.tmp
2011-03-03 15:05 . 2011-01-25 10:40 142936 ----a-w- d:\windows\system32\drivers\idmwfp.sys
2011-02-22 13:13 . 2011-02-22 13:13 -------- d-----w- d:\users\RH\AppData\Roaming\Rovio
2011-02-21 19:47 . 2011-02-21 19:53 -------- d-----w- d:\program files (x86)\LOLReplay
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-03-22 20:41 . 2010-05-12 19:43 234768 ----a-w- d:\windows\SysWow64\PnkBstrB.xtr
2011-03-22 20:41 . 2010-05-12 19:40 234768 ----a-w- d:\windows\SysWow64\PnkBstrB.ex0
2011-03-22 20:41 . 2010-05-12 19:40 234768 ----a-w- d:\windows\SysWow64\PnkBstrB.exe
2011-02-23 15:04 . 2010-06-29 20:29 40648 ----a-w- d:\windows\avastSS.scr
2011-02-23 15:04 . 2010-03-26 18:55 190016 ----a-w- d:\windows\SysWow64\aswBoot.exe
2011-02-23 15:04 . 2011-01-18 16:55 238968 ----a-w- d:\windows\system32\aswBoot.exe
2011-02-23 14:57 . 2010-03-26 18:56 280408 ----a-w- d:\windows\system32\drivers\aswSP.sys
2011-02-23 14:55 . 2010-03-26 18:56 53592 ----a-w- d:\windows\system32\drivers\aswTdi.sys
2011-02-23 14:55 . 2010-03-26 18:56 31064 ----a-w- d:\windows\system32\drivers\aswRdr.sys
2011-02-23 14:55 . 2010-03-26 18:56 64344 ----a-w- d:\windows\system32\drivers\aswMonFlt.sys
2011-02-23 14:54 . 2010-03-26 18:56 22360 ----a-w- d:\windows\system32\drivers\aswFsBlk.sys
2011-02-02 20:40 . 2010-06-06 12:23 472808 ----a-w- d:\windows\SysWow64\deployJava1.dll
2011-02-02 13:31 . 2011-02-02 13:31 499712 ----a-w- d:\windows\SysWow64\msvcp71.dll
2011-02-02 13:31 . 2011-02-02 13:31 348160 ----a-w- d:\windows\SysWow64\msvcr71.dll
2011-01-26 23:37 . 2011-01-26 23:37 9085952 ----a-w- d:\windows\system32\drivers\atikmdag.sys
2011-01-26 23:22 . 2011-01-26 23:22 22295040 ----a-w- d:\windows\system32\atio6axx.dll
2011-01-26 23:00 . 2011-01-26 23:00 143360 ----a-w- d:\windows\system32\atiapfxx.exe
2011-01-26 23:00 . 2010-10-27 02:55 596480 ----a-w- d:\windows\SysWow64\aticfx32.dll
2011-01-26 22:59 . 2011-01-26 22:59 17204736 ----a-w- d:\windows\SysWow64\atioglxx.dll
2011-01-26 22:59 . 2010-03-03 04:15 708608 ----a-w- d:\windows\system32\aticfx64.dll
2011-01-26 22:56 . 2010-11-26 02:54 462848 ----a-w- d:\windows\system32\ATIDEMGX.dll
2011-01-26 22:56 . 2011-01-26 22:56 479232 ----a-w- d:\windows\system32\atieclxx.exe
2011-01-26 22:55 . 2011-01-26 22:55 203776 ----a-w- d:\windows\system32\atiesrxx.exe
2011-01-26 22:54 . 2011-01-26 22:54 120320 ----a-w- d:\windows\system32\atitmm64.dll
2011-01-26 22:54 . 2011-01-26 22:54 423424 ----a-w- d:\windows\system32\atipdl64.dll
2011-01-26 22:53 . 2011-01-26 22:53 356352 ----a-w- d:\windows\SysWow64\atipdlxx.dll
2011-01-26 22:53 . 2011-01-26 22:53 278528 ----a-w- d:\windows\SysWow64\Oemdspif.dll
2011-01-26 22:53 . 2011-01-26 22:53 16384 ----a-w- d:\windows\system32\atimuixx.dll
2011-01-26 22:53 . 2011-01-26 22:53 59392 ----a-w- d:\windows\system32\atiedu64.dll
2011-01-26 22:53 . 2011-01-26 22:53 43520 ----a-w- d:\windows\SysWow64\ati2edxx.dll
2011-01-26 22:49 . 2011-01-26 22:49 4105728 ----a-w- d:\windows\SysWow64\atidxx32.dll
2011-01-26 22:40 . 2010-03-03 03:57 4847616 ----a-w- d:\windows\system32\atidxx64.dll
2011-01-26 22:32 . 2011-01-26 22:32 1208320 ----a-w- d:\windows\system32\atiumd6v.dll
2011-01-26 22:32 . 2011-01-26 22:32 1912832 ----a-w- d:\windows\SysWow64\atiumdmv.dll
2011-01-26 22:32 . 2010-11-26 02:29 3222016 ----a-w- d:\windows\system32\atiumd6a.dll
2011-01-26 22:28 . 2010-03-03 03:46 4170752 ----a-w- d:\windows\SysWow64\atiumdag.dll
2011-01-26 22:27 . 2011-01-26 22:27 51200 ----a-w- d:\windows\system32\aticalrt64.dll
2011-01-26 22:27 . 2011-01-26 22:27 46080 ----a-w- d:\windows\SysWow64\aticalrt.dll
2011-01-26 22:27 . 2011-01-26 22:27 44544 ----a-w- d:\windows\system32\aticalcl64.dll
2011-01-26 22:27 . 2011-01-26 22:27 44032 ----a-w- d:\windows\SysWow64\aticalcl.dll
2011-01-26 22:27 . 2011-01-26 22:27 6982144 ----a-w- d:\windows\system32\aticaldd64.dll
2011-01-26 22:25 . 2011-01-26 22:25 5580800 ----a-w- d:\windows\SysWow64\aticaldd.dll
2011-01-26 22:24 . 2010-03-03 03:24 3463680 ----a-w- d:\windows\SysWow64\atiumdva.dll
2011-01-26 22:21 . 2010-11-26 02:24 5316096 ----a-w- d:\windows\system32\atiumd64.dll
2011-01-26 22:20 . 2010-03-03 03:23 58880 ----a-w- d:\windows\system32\coinst.dll
2011-01-26 22:14 . 2010-03-03 03:08 354304 ----a-w- d:\windows\system32\atiadlxx.dll
2011-01-26 22:14 . 2011-01-26 22:14 249856 ----a-w- d:\windows\SysWow64\atiadlxy.dll
2011-01-26 22:13 . 2011-01-26 22:13 14848 ----a-w- d:\windows\system32\atig6pxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\SysWow64\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 12800 ----a-w- d:\windows\system32\atiglpxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 39936 ----a-w- d:\windows\system32\atig6txx.dll
2011-01-26 22:13 . 2011-01-26 22:13 32768 ----a-w- d:\windows\SysWow64\atigktxx.dll
2011-01-26 22:13 . 2011-01-26 22:13 299520 ----a-w- d:\windows\system32\drivers\atikmpag.sys
2011-01-26 22:12 . 2010-03-03 03:06 39936 ----a-w- d:\windows\system32\atiuxp64.dll
2011-01-26 22:12 . 2011-01-26 22:12 30720 ----a-w- d:\windows\SysWow64\atiuxpag.dll
2011-01-26 22:12 . 2010-03-03 03:06 38400 ----a-w- d:\windows\system32\atiu9p64.dll
2011-01-26 22:12 . 2010-03-03 03:06 28672 ----a-w- d:\windows\SysWow64\atiu9pag.dll
2011-01-26 22:11 . 2011-01-26 22:11 53248 ----a-w- d:\windows\system32\drivers\ati2erec.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\atimpc64.dll
2011-01-26 22:08 . 2011-01-26 22:08 53760 ----a-w- d:\windows\system32\amdpcom64.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\atimpc32.dll
2011-01-26 22:08 . 2011-01-26 22:08 52736 ----a-w- d:\windows\SysWow64\amdpcom32.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-03-22_17.39.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2011-03-22 14:14 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-03-22 18:16 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2011-03-22 14:14 32768 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-22 18:16 32768 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2011-03-22 18:16 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2011-03-22 14:14 16384 d:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="d:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"IDMan"="d:\program files (x86)\Internet Download Manager\IDMan.exe" [2011-03-03 3278232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"HDAudDeck"="d:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"StartCCC"="d:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-01-26 336384]
"SwitchBoard"="d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="d:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="d:\program files\Alwil Software\Avast5\avastUI.exe" [2011-02-23 3451496]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2010-11-29 421888]
.
d:\users\RH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-4-16 0]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="d:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"ATICustomerCare"="d:\program files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe"
"DivXUpdate"="d:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"FaxCenterServer"="d:\program files (x86)\Lexmark Fax Solutions\fm3032.exe" /s
"SunJavaUpdateSched"="d:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 avast! Firewall;avast! Firewall;d:\program files\Alwil Software\Avast5\afwServ.exe [2011-02-23 121000]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;d:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;d:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 136176]
R2 lxddCATSCustConnectService;lxddCATSCustConnectService;d:\windows\system32\spool\DRIVERS\x64\3\\lxddserv.exe [2007-05-25 34224]
R3 ALSysIO;ALSysIO;d:\users\RH\AppData\Local\Temp\ALSysIO64.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;d:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-03-31 1038088]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;d:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2010-11-11 128928]
R3 GGSAFERDriver;GGSAFER Driver;d:\program files (x86)\Garena\plugins\UI\safedrv.sys [x]
R3 SwitchBoard;SwitchBoard;d:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S0 aswNdis;avast! Firewall NDIS Filter Service;d:\windows\system32\DRIVERS\aswNdis.sys [x]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S0 sptd;sptd;d:\windows\System32\Drivers\sptd.sys [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 AMD External Events Utility;AMD External Events Utility;d:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;d:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-01-26 354304]
S2 AMD Reservation Manager;AMD Reservation Manager;d:\program files\ATI Technologies\ATI.ACE\Reservation Manager\AMD Reservation Manager.exe [2010-06-17 194496]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;d:\windows\system32\drivers\aswMonFlt.sys [x]
S2 FAH-01;Folding Service 01;d:\program files (x86)\Folding@Home 01\Folding@Home 01\FAH-Console.exe [2008-06-30 253952]
S2 FAH-02;Folding Service 02;d:\program files (x86)\Folding@Home 01\Folding@Home 02\FAH-Console.exe [2008-06-30 253952]
S2 Hamachi2Svc;LogMeIn Hamachi 2.0 Tunneling Engine;d:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2010-12-06 2101640]
S2 IDMWFP;IDMWFP;d:\windows\system32\DRIVERS\idmwfp.sys [x]
S2 lxdd_device;lxdd_device;d:\windows\system32\lxddcoms.exe [2007-05-25 567216]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-02-18 2019648]
S3 amdiox64;AMD IO Driver;d:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;d:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;d:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;d:\windows\system32\drivers\AtihdW76.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;d:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-11-29 11856]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;d:\windows\system32\drivers\viahduaa.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-03-22 d:\windows\Tasks\AWC Startup.job
- d:\program files (x86)\IObit\Advanced SystemCare 3\AWC.exe [2010-11-12 15:19]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- d:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-02 21:07]
.
2011-03-20 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001Core.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
2011-03-22 d:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2598763766-2210094117-3482642199-1001UA.job
- d:\users\RH\AppData\Local\Google\Update\GoogleUpdate.exe [2010-05-12 08:32]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-02-23 15:04 134384 ----a-w- d:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2011-03-02 16:23 85232 ----a-w- d:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"="d:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = d:\windows\system32\blank.htm
mLocal Page = d:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: E&xportovat do aplikace Microsoft Office Excel - d:\progra~2\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Prevziať cez IDM - d:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Prevziať cez IDM všetky prepojenia - d:\program files (x86)\Internet Download Manager\IEGetAll.htm
IE: Prevziať obsah FLV cez IDM - d:\program files (x86)\Internet Download Manager\IEGetVL.htm
FF - ProfilePath - d:\users\RH\AppData\Roaming\Mozilla\Firefox\Profiles\1jfec2ar.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@d:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10e.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10e.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="d:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
@Denied: (Read) (Administrators)
@Denied: (B E 1 4 5) (Administrators)
"vidc.mrle"="msrle32.dll"
"vidc.msvc"="msvidc32.dll"
"msacm.imaadpcm"="imaadp32.acm"
"msacm.msg711"="msg711.acm"
"msacm.msgsm610"="msgsm32.acm"
"msacm.msadpcm"="msadp32.acm"
"midimapper"="midimap.dll"
"wavemapper"="msacm32.drv"
"vidc.uyvy"="msyuv.dll"
"vidc.yuy2"="msyuv.dll"
"vidc.yvyu"="msyuv.dll"
"vidc.iyuv"="iyuv_32.dll"
"vidc.i420"="iyuv_32.dll"
"vidc.yvu9"="tsbyuv.dll"
"msacm.l3acm"="d:\\Windows\\System32\\l3codeca.acm"
"wave"="wdmaud.drv"
"midi"="wdmaud.drv"
"mixer"="wdmaud.drv"
"aux"="wdmaud.drv"
"VIDC.FPS1"="frapsv64.dll"
"VIDC.XFR1"="xfcodec64.dll"
"wave1"="wdmaud.drv"
"midi1"="wdmaud.drv"
"mixer1"="wdmaud.drv"
"aux1"="wdmaud.drv"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2011-03-22 22:31:37
ComboFix-quarantined-files.txt 2011-03-22 21:31
ComboFix2.txt 2011-03-22 18:06
.
Pre-Run: 44 627 472 384 bytes free
Post-Run: 45 636 788 224 bytes free
.
- - End Of File - - 55A0FEE4DB9CDA8C366BB28800E2AEA3
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
nebudem zbytocne zakladat novu temu tak to pisem sem
mam novovzniknuty problem ktory nastal po tom scane ComboFixu a restartovani PC
vcera som po tom scane combo fixu nechal PC bezat nepytalo to totizto restart..... to by bolo OK ale dnes ked som ho zapol tak nenaskocilo pozadie pracovnej plochy, ostala iba cierna tapeta ked nastavim hocijaky iny obrazok ako tapetu tak stale ostane cierna plocha.... po restartovani PC mi robi to iste cize bez zmeny a dalsi problem je v tom ze ani obrazky alebo ine ikony suborov napr. pdf subor sa mi nezobrazuju ked su v somstatnom priecinku...ikony na ploche mi zobrazi v pohode..... na mieste kde ma byt ikona je prazdne pole a pod nim nazov suboru...ked otvorim ten obrazok alebo iny subor tak sa mi zobrazi bez problemov len jeho ikonu mi neukazuje.... s podobnym problemom som sa este nestretol
ovladace na grafiku mam najnovsie
prikladam screen
http://i51.tinypic.com/hrypl2.jpg
mam novovzniknuty problem ktory nastal po tom scane ComboFixu a restartovani PC
vcera som po tom scane combo fixu nechal PC bezat nepytalo to totizto restart..... to by bolo OK ale dnes ked som ho zapol tak nenaskocilo pozadie pracovnej plochy, ostala iba cierna tapeta ked nastavim hocijaky iny obrazok ako tapetu tak stale ostane cierna plocha.... po restartovani PC mi robi to iste cize bez zmeny a dalsi problem je v tom ze ani obrazky alebo ine ikony suborov napr. pdf subor sa mi nezobrazuju ked su v somstatnom priecinku...ikony na ploche mi zobrazi v pohode..... na mieste kde ma byt ikona je prazdne pole a pod nim nazov suboru...ked otvorim ten obrazok alebo iny subor tak sa mi zobrazi bez problemov len jeho ikonu mi neukazuje.... s podobnym problemom som sa este nestretol
ovladace na grafiku mam najnovsie
prikladam screen
http://i51.tinypic.com/hrypl2.jpg
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Zkuste obvnovu systému k datu, kdy korektně fungoval. V žádném z logů CF není nic o tom, že by mazal nějaké takové soubory.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prosim o kontrolu logu
obnovit system sa neda pretoze na systemovej jednotke pocitaca nie su vytvorene ziadne body obnovenia
este prilozim jeden screen kde pri starte systemu hned vyhodi tuto hlasku podotykam ze nieje zapnuty ziadny prehliadac vyhadzuje to okamzite po starte systemu
http://i56.tinypic.com/4hti54.jpg
este prilozim jeden screen kde pri starte systemu hned vyhodi tuto hlasku podotykam ze nieje zapnuty ziadny prehliadac vyhadzuje to okamzite po starte systemu
http://i56.tinypic.com/4hti54.jpg
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prosim o kontrolu logu
Pokud nejsou body obnovy, nezbude, než oprava systému z instal. média.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?
