Kód: Vybrat vše
ComboFix 12-06-16.02 - Tomík . 06. 2012 13:05:12.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4010.2413 [GMT 2:00]
Running from: c:\users\TomÝk\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 09:57 . 2012-06-18 09:58 -------- d-----w- c:\program files (x86)\Ask.com
2012-06-18 09:57 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-18 09:57 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-18 09:57 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-18 09:57 . 2012-06-18 09:58 -------- d-----w- c:\programdata\Avira
2012-06-18 09:57 . 2012-06-18 09:57 -------- d-----w- c:\program files (x86)\Avira
2012-06-18 07:37 . 2012-06-18 07:37 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 07:37 . 2012-06-18 07:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 07:37 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 19:37 . 2012-06-17 19:37 -------- d-----w- C:\_OTL
2012-06-17 11:24 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8AA522E-DE23-499F-9287-AF80F557F6E9}\mpengine.dll
2012-06-15 03:21 . 2011-09-06 08:39 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-14 07:45 . 2012-06-14 07:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-14 07:45 . 2012-06-14 07:45 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 07:44 . 2012-05-04 17:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-14 07:44 . 2012-05-04 17:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-14 07:44 . 2012-06-14 07:44 -------- d-----w- c:\program files (x86)\Java
2012-06-13 21:20 . 2012-06-17 21:37 -------- d-----w- c:\program files\NETGATE
2012-06-13 19:05 . 2012-06-14 19:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 19:05 . 2012-06-14 19:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 07:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-13 07:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 06:54 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 06:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 06:54 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 06:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 06:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 11:11 . 2012-06-12 11:11 -------- d-----w- c:\programdata\RELOADED
2012-06-09 13:25 . 2012-06-09 13:25 -------- d-----w- c:\users\Public\CyberLink
2012-06-09 12:49 . 2012-06-09 12:51 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-09 12:48 . 2012-06-09 12:55 -------- d-----w- c:\programdata\Nero
2012-06-09 12:44 . 2011-12-01 09:42 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-06-09 12:44 . 2012-06-09 12:55 -------- d-----w- c:\program files (x86)\Nero
2012-06-09 12:44 . 2012-06-09 12:44 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-09 12:44 . 2011-12-01 09:42 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-06-09 11:46 . 2012-06-09 11:46 -------- d-----w- c:\program files\MediaInfo
2012-06-08 19:21 . 2012-06-08 19:22 -------- d-----w- c:\programdata\DVD Shrink
2012-06-08 19:21 . 2012-06-08 19:21 -------- d-----w- c:\program files (x86)\DVD Shrink
2012-06-02 23:46 . 2012-06-02 23:46 -------- d-----w- c:\programdata\Intel
2012-06-02 16:16 . 2012-06-02 16:16 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-02 16:08 . 2012-05-26 10:36 204800 ----a-w- c:\windows\system32\unrar64.dll
2012-06-02 16:08 . 2012-06-02 16:08 -------- d-----w- c:\program files\MPC-HC
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- c:\windows\system32\Wat
2012-06-02 13:23 . 2012-06-02 13:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-01 23:11 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-01 23:11 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-01 23:11 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-01 23:11 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-01 23:11 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-01 23:11 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-01 23:11 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-01 23:08 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-01 23:08 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-06-01 23:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-01 23:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-01 23:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-01 23:08 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-01 23:08 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-01 23:08 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-01 23:08 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-01 20:46 . 2012-06-01 20:46 -------- d-----w- c:\programdata\ALM
2012-06-01 20:45 . 2012-06-01 20:45 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-01 20:44 . 2012-06-01 20:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-01 20:26 . 2012-06-01 20:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-01 20:22 . 2012-06-01 20:26 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-01 20:22 . 2012-06-01 20:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-01 20:06 . 2012-06-01 20:06 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-01 20:04 . 2012-06-01 20:14 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-06-01 18:01 . 2012-06-01 18:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-06-01 18:00 . 2012-06-02 16:25 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-01 17:59 . 2012-06-01 17:59 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-06-01 17:59 . 2012-06-01 17:59 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-01 17:58 . 2012-06-13 06:57 -------- d-----w- c:\programdata\Microsoft Help
2012-06-01 17:58 . 2012-06-01 17:58 -------- d-----r- C:\MSOCache
2012-06-01 17:42 . 2012-06-01 17:42 -------- d-----w- c:\programdata\Media Get LLC
2012-06-01 17:41 . 2012-06-01 17:41 -------- d-----w- c:\programdata\IBUpdaterService
2012-06-01 17:34 . 2012-06-01 17:34 -------- d-----w- c:\program files (x86)\MusicJet
2012-06-01 17:34 . 2012-06-01 17:34 -------- dc-h--w- c:\programdata\{8890AAED-0271-4F75-ABAA-79FDD6B94AD2}
2012-06-01 17:33 . 2012-06-01 17:33 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\windows\SysWow64\spool
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\programdata\Sony
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\program files (x86)\Sony
2012-06-01 16:53 . 2012-06-01 16:53 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-06-01 16:50 . 2012-06-12 17:34 -------- d-----w- c:\program files (x86)\JDownloader
2012-06-01 16:49 . 2012-06-01 16:49 -------- d-----w- c:\programdata\Ask
2012-06-01 16:47 . 2012-06-01 16:47 -------- d-----w- c:\program files (x86)\Foxit Software
2012-06-01 16:44 . 2012-06-01 16:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-01 16:43 . 2012-06-01 16:43 -------- d-----w- c:\program files (x86)\PhotoScape
2012-06-01 16:40 . 2012-06-01 16:40 -------- d-----w- c:\program files (x86)\PANDORA.TV
2012-06-01 16:40 . 2012-06-01 16:41 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-06-01 16:39 . 2012-06-11 18:09 -------- d-----w- c:\program files (x86)\AIMP3
2012-06-01 16:37 . 2012-06-01 16:37 -------- d-----w- c:\program files (x86)\Mp3tag
2012-06-01 16:32 . 2012-06-01 16:32 -------- d-----w- c:\program files (x86)\Opera
2012-06-01 16:26 . 2012-06-01 16:26 -------- d-----w- c:\programdata\McAfee
2012-06-01 16:26 . 2012-06-01 16:26 -------- d-----w- c:\windows\system32\Macromed
2012-06-01 16:24 . 2012-06-01 16:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-01 16:18 . 2012-06-01 16:18 -------- d--h--w- c:\programdata\Common Files
2012-06-01 16:10 . 2012-06-01 16:45 -------- d-----w- c:\program files (x86)\ICQ7M
2012-06-01 15:33 . 2012-06-01 15:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-01 14:53 . 2012-06-01 14:53 -------- d-----w- c:\program files\CCleaner
2012-06-01 14:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-01 14:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-01 14:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-01 14:16 . 2012-06-01 15:33 -------- d-----r- c:\program files (x86)\Skype
2012-06-01 14:15 . 2012-06-08 15:24 -------- d-----w- c:\programdata\Skype
2012-06-01 14:15 . 2012-06-01 14:15 -------- d-----w- c:\program files\Elantech
2012-06-01 14:14 . 2012-06-01 14:16 -------- d-----w- c:\users\Tomík
2012-06-01 14:12 . 2012-06-01 14:12 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 14:14 . 2010-06-24 02:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-29 15:25 1519312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-29 1564880]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_SK
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Tomík\AppData\Roaming\Mozilla\Firefox\Profiles\mvob3y62.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_SK
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_SK&apn_uid=2b2a0d97-51c4-4f10-b13b-0a95633cb59c&apn_ptnrs=%5EABZ&apn_sauid=6F256DAC-5A60-43DC-8BBD-AF888BD722F0&apn_dtid=%5EYYYYYY%5EYY%5ESK&&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKLM-Run-ETDCtrl - c:\program files (x86)\Elantech\ETDCtrl.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2012-06-18 13:21:42 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 11:21
.
Pre-Run: 222 196 453 376 bytes free
Post-Run: 221 963 890 688 bytes free
.
- - End Of File - - 493BD2F3EF1F64DE8EA67945068C53CA
Kód: Vybrat vše
KILLALL::
Folder::
c:\program files (x86)\Ask.com
c:\program files\NETGATE
Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[-HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"=-
"AdobeCS6ServiceManager"=-
"AdobeCS5ServiceManager"=-
"NBAgent"=-
"SunJavaUpdateSched"=-
"Malwarebytes' Anti-Malware"=-
"ApnUpdater"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
Driver::
SpyEmrg
SkypeUpdate
SpyEmrgGuard
Extra::
FireFox::
FF - ProfilePath - c:\users\Tomík\AppData\Roaming\Mozilla\Firefox\Profiles\mvob3y62.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_SK&apn_uid=2b2a0d97-51c4-4f10-b13b-0a95633cb59c&apn_ptnrs=%5EABZ&apn_sauid=6F256DAC-5A60-43DC-8BBD-AF888BD722F0&apn_dtid=%5EYYYYYY%5EYY%5ESK&&q=
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
ClearJavaCache::
Kód: Vybrat vše
ComboFix 12-06-16.02 - Tomík . 06. 2012 14:13:03.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4010.2481 [GMT 2:00]
Running from: c:\users\TomÝk\Desktop\ComboFix.exe
Command switches used :: c:\users\TomÝk\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 12:22 . 2012-06-18 12:22 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-18 12:22 . 2012-06-18 12:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-18 09:57 . 2012-06-18 09:58 -------- d-----w- c:\program files (x86)\Ask.com
2012-06-18 09:57 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-18 09:57 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-18 09:57 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-18 09:57 . 2012-06-18 09:58 -------- d-----w- c:\programdata\Avira
2012-06-18 09:57 . 2012-06-18 09:57 -------- d-----w- c:\program files (x86)\Avira
2012-06-18 07:37 . 2012-06-18 07:37 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 07:37 . 2012-06-18 07:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 07:37 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 19:37 . 2012-06-17 19:37 -------- d-----w- C:\_OTL
2012-06-17 11:24 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8AA522E-DE23-499F-9287-AF80F557F6E9}\mpengine.dll
2012-06-15 03:21 . 2011-09-06 08:39 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-14 07:45 . 2012-06-14 07:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-14 07:45 . 2012-06-14 07:45 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 07:44 . 2012-05-04 17:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-14 07:44 . 2012-05-04 17:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-14 07:44 . 2012-06-14 07:44 -------- d-----w- c:\program files (x86)\Java
2012-06-13 21:20 . 2012-06-17 21:37 -------- d-----w- c:\program files\NETGATE
2012-06-13 19:05 . 2012-06-14 19:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 19:05 . 2012-06-14 19:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 07:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-13 07:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 06:54 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 06:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 06:54 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 06:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 06:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 11:11 . 2012-06-12 11:11 -------- d-----w- c:\programdata\RELOADED
2012-06-09 13:25 . 2012-06-09 13:25 -------- d-----w- c:\users\Public\CyberLink
2012-06-09 12:49 . 2012-06-09 12:51 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-09 12:48 . 2012-06-09 12:55 -------- d-----w- c:\programdata\Nero
2012-06-09 12:44 . 2011-12-01 09:42 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-06-09 12:44 . 2012-06-09 12:55 -------- d-----w- c:\program files (x86)\Nero
2012-06-09 12:44 . 2012-06-09 12:44 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-09 12:44 . 2011-12-01 09:42 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-06-09 11:46 . 2012-06-09 11:46 -------- d-----w- c:\program files\MediaInfo
2012-06-08 19:21 . 2012-06-08 19:22 -------- d-----w- c:\programdata\DVD Shrink
2012-06-08 19:21 . 2012-06-08 19:21 -------- d-----w- c:\program files (x86)\DVD Shrink
2012-06-02 23:46 . 2012-06-02 23:46 -------- d-----w- c:\programdata\Intel
2012-06-02 16:16 . 2012-06-02 16:16 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-02 16:08 . 2012-05-26 10:36 204800 ----a-w- c:\windows\system32\unrar64.dll
2012-06-02 16:08 . 2012-06-02 16:08 -------- d-----w- c:\program files\MPC-HC
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- c:\windows\system32\Wat
2012-06-02 13:23 . 2012-06-02 13:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-01 23:11 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-01 23:11 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-01 23:11 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-01 23:11 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-01 23:11 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-01 23:11 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-01 23:11 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-01 23:08 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-01 23:08 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-06-01 23:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-01 23:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-01 23:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-01 23:08 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-01 23:08 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-01 23:08 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-01 23:08 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-01 20:46 . 2012-06-01 20:46 -------- d-----w- c:\programdata\ALM
2012-06-01 20:45 . 2012-06-01 20:45 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-01 20:44 . 2012-06-01 20:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-01 20:26 . 2012-06-01 20:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-01 20:22 . 2012-06-01 20:26 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-01 20:22 . 2012-06-01 20:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-01 20:06 . 2012-06-01 20:06 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-01 20:04 . 2012-06-01 20:14 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-06-01 18:01 . 2012-06-01 18:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-06-01 18:00 . 2012-06-02 16:25 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-01 17:59 . 2012-06-01 17:59 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-06-01 17:59 . 2012-06-01 17:59 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-01 17:58 . 2012-06-13 06:57 -------- d-----w- c:\programdata\Microsoft Help
2012-06-01 17:58 . 2012-06-01 17:58 -------- d-----r- C:\MSOCache
2012-06-01 17:42 . 2012-06-01 17:42 -------- d-----w- c:\programdata\Media Get LLC
2012-06-01 17:41 . 2012-06-01 17:41 -------- d-----w- c:\programdata\IBUpdaterService
2012-06-01 17:34 . 2012-06-01 17:34 -------- d-----w- c:\program files (x86)\MusicJet
2012-06-01 17:34 . 2012-06-01 17:34 -------- dc-h--w- c:\programdata\{8890AAED-0271-4F75-ABAA-79FDD6B94AD2}
2012-06-01 17:33 . 2012-06-01 17:33 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\windows\SysWow64\spool
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\programdata\Sony
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\program files (x86)\Sony
2012-06-01 16:53 . 2012-06-01 16:53 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-06-01 16:50 . 2012-06-12 17:34 -------- d-----w- c:\program files (x86)\JDownloader
2012-06-01 16:49 . 2012-06-01 16:49 -------- d-----w- c:\programdata\Ask
2012-06-01 16:47 . 2012-06-01 16:47 -------- d-----w- c:\program files (x86)\Foxit Software
2012-06-01 16:44 . 2012-06-01 16:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-01 16:43 . 2012-06-01 16:43 -------- d-----w- c:\program files (x86)\PhotoScape
2012-06-01 16:40 . 2012-06-01 16:40 -------- d-----w- c:\program files (x86)\PANDORA.TV
2012-06-01 16:40 . 2012-06-01 16:41 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-06-01 16:39 . 2012-06-11 18:09 -------- d-----w- c:\program files (x86)\AIMP3
2012-06-01 16:37 . 2012-06-01 16:37 -------- d-----w- c:\program files (x86)\Mp3tag
2012-06-01 16:32 . 2012-06-01 16:32 -------- d-----w- c:\program files (x86)\Opera
2012-06-01 16:26 . 2012-06-01 16:26 -------- d-----w- c:\programdata\McAfee
2012-06-01 16:26 . 2012-06-01 16:26 -------- d-----w- c:\windows\system32\Macromed
2012-06-01 16:24 . 2012-06-01 16:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-01 16:18 . 2012-06-01 16:18 -------- d--h--w- c:\programdata\Common Files
2012-06-01 16:10 . 2012-06-01 16:45 -------- d-----w- c:\program files (x86)\ICQ7M
2012-06-01 15:33 . 2012-06-01 15:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-01 14:53 . 2012-06-01 14:53 -------- d-----w- c:\program files\CCleaner
2012-06-01 14:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-01 14:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-01 14:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-01 14:16 . 2012-06-01 15:33 -------- d-----r- c:\program files (x86)\Skype
2012-06-01 14:15 . 2012-06-08 15:24 -------- d-----w- c:\programdata\Skype
2012-06-01 14:15 . 2012-06-01 14:15 -------- d-----w- c:\program files\Elantech
2012-06-01 14:14 . 2012-06-01 14:16 -------- d-----w- c:\users\Tomík
2012-06-01 14:12 . 2012-06-01 14:12 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 14:14 . 2010-06-24 02:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_11.16.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-18 11:26 42452 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-18 11:26 37782 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-01 14:15 . 2012-06-18 11:26 6308 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1571869238-3936240484-2151935606-1001_UserData.bin
- 2012-06-18 11:16 . 2012-06-18 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-18 12:23 . 2012-06-18 12:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-18 11:16 . 2012-06-18 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-18 12:23 . 2012-06-18 12:23 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-18 11:28 616008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 10:00 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-18 11:28 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-18 10:00 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-18 11:15 482304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-18 12:22 482304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-01 18:53 . 2012-06-18 12:22 16834012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1571869238-3936240484-2151935606-1001-8192.dat
- 2012-06-01 18:53 . 2012-06-18 11:15 16834012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1571869238-3936240484-2151935606-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2012-05-29 15:25 1519312 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2012-05-29 1519312]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2012-05-29 1564880]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R1 SpyEmrg;Spy Emergency Driver;c:\windows\system32\Drivers\spyemrg.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SpyEmrgGuard;Spy Emergency Real-Time Shield Driver;c:\windows\system32\Drivers\spyemrg_guard.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_SK
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Tomík\AppData\Roaming\Mozilla\Firefox\Profiles\mvob3y62.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_SK
FF - prefs.js: keyword.URL - hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10401&locale=en_SK&apn_uid=2b2a0d97-51c4-4f10-b13b-0a95633cb59c&apn_ptnrs=%5EABZ&apn_sauid=6F256DAC-5A60-43DC-8BBD-AF888BD722F0&apn_dtid=%5EYYYYYY%5EYY%5ESK&&q=
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2012-06-18 14:28:40 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 12:28
ComboFix2.txt 2012-06-18 11:21
.
Pre-Run: 221 895 401 472 bytes free
Post-Run: 221 825 724 416 bytes free
.
- - End Of File - - 35508F0640788018E20DB6867795C6F9Kód: Vybrat vše
Windows IP Configuration
Host Name . . . . . . . . . . . . : Tomˇk-PC
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : chello.sk
Wireless LAN adapter Pripojenie bezdr“tovej siete 2:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Virtual WiFi Miniport Adapter
Physical Address. . . . . . . . . : DC-A9-71-57-FB-4E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Pripojenie bezdr“tovej siete:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel(R) Centrino(R) Wireless-N 130
Physical Address. . . . . . . . . : DC-A9-71-57-FB-4D
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Ethernet adapter Lok lne pripojenie:
Connection-specific DNS Suffix . : chello.sk
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : E8-11-32-D3-54-4A
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::a7:a354:d917:cec8%13(Preferred)
IPv4 Address. . . . . . . . . . . : 85.216.202.154(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 18. jŁna 2012 14:30:07
Lease Expires . . . . . . . . . . : 20. jŁna 2012 13:21:18
Default Gateway . . . . . . . . . : 85.216.202.1
DHCP Server . . . . . . . . . . . : 217.23.240.20
DHCPv6 IAID . . . . . . . . . . . : 300421426
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-15-F7-91-BA-E8-11-32-69-88-C8
DNS Servers . . . . . . . . . . . : 195.34.133.21
212.186.211.21
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Sieśov‚ pripojenie Bluetooth:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
Physical Address. . . . . . . . . : DC-A9-71-57-FB-51
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.chello.sk:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : chello.sk
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter 6TO4 Adapter:
Connection-specific DNS Suffix . : chello.sk
Description . . . . . . . . . . . : Microsoft 6to4 Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2002:55d8:ca9a::55d8:ca9a(Preferred)
Default Gateway . . . . . . . . . : 2002:c058:6301::c058:6301
DNS Servers . . . . . . . . . . . : 195.34.133.21
212.186.211.21
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{2092781E-D341-476E-A3BB-9E2E397DB080}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
IPv6 Address. . . . . . . . . . . : 2001:0:5ef5:79fb:3476:188c:aa27:3565(Preferred)
Link-local IPv6 Address . . . . . : fe80::3476:188c:aa27:3565%17(Preferred)
Default Gateway . . . . . . . . . :
NetBIOS over Tcpip. . . . . . . . : Disabled
Tunnel adapter isatap.{D3956EF5-171B-4DCA-8B6A-9CBBFA74A098}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #3
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{2271EA09-7B23-4A91-A655-8283B759D2E7}:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #4
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Server: viedns09.chello.at
Address: 195.34.133.21
Name: facebook.com
Addresses: 2a03:2880:10:1f02:face:b00c:0:25
2a03:2880:2110:3f01:face:b00c::
2a03:2880:10:8f01:face:b00c:0:25
69.171.242.11
66.220.158.11
66.220.149.11
69.171.229.11
69.171.224.37
Pinging facebook.com [69.171.242.11] with 32 bytes of data:
Reply from 69.171.242.11: bytes=32 time=112ms TTL=245
Reply from 69.171.242.11: bytes=32 time=115ms TTL=245
Ping statistics for 69.171.242.11:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 112ms, Maximum = 115ms, Average = 113ms
===========================================================================
Interface List
18...dc a9 71 57 fb 4e ......Microsoft Virtual WiFi Miniport Adapter
16...dc a9 71 57 fb 4d ......Intel(R) Centrino(R) Wireless-N 130
13...e8 11 32 d3 54 4a ......Realtek PCIe GBE Family Controller
12...dc a9 71 57 fb 51 ......Bluetooth Device (Personal Area Network)
1...........................Software Loopback Interface 1
19...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
20...00 00 00 00 00 00 00 e0 Microsoft 6to4 Adapter
33...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #2
17...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
34...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #3
35...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #4
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 85.216.202.1 85.216.202.154 10
85.216.202.0 255.255.255.0 On-link 85.216.202.154 266
85.216.202.154 255.255.255.255 On-link 85.216.202.154 266
85.216.202.255 255.255.255.255 On-link 85.216.202.154 266
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 85.216.202.154 266
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 85.216.202.154 266
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
20 1110 ::/0 2002:c058:6301::c058:6301
1 306 ::1/128 On-link
17 58 2001::/32 On-link
17 306 2001:0:5ef5:79fb:3476:188c:aa27:3565/128
On-link
20 1010 2002::/16 On-link
20 266 2002:55d8:ca9a::55d8:ca9a/128
On-link
13 266 fe80::/64 On-link
17 306 fe80::/64 On-link
13 266 fe80::a7:a354:d917:cec8/128
On-link
17 306 fe80::3476:188c:aa27:3565/128
On-link
1 306 ff00::/8 On-link
17 306 ff00::/8 On-link
13 266 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
Kód: Vybrat vše
ComboFix 12-06-16.02 - Tomík . 06. 2012 14:53:33.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.4010.2455 [GMT 2:00]
Running from: C:\ComboFix.exe
Command switches used :: C:\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Ask.com
c:\program files (x86)\Ask.com\assets\oobe\b.png
c:\program files (x86)\Ask.com\assets\oobe\bl.png
c:\program files (x86)\Ask.com\assets\oobe\br.png
c:\program files (x86)\Ask.com\assets\oobe\l.png
c:\program files (x86)\Ask.com\assets\oobe\pointer.png
c:\program files (x86)\Ask.com\assets\oobe\r.png
c:\program files (x86)\Ask.com\assets\oobe\t.png
c:\program files (x86)\Ask.com\assets\oobe\tl.png
c:\program files (x86)\Ask.com\assets\oobe\tr.png
c:\program files (x86)\Ask.com\AviraBrowserSecurity.exe
c:\program files (x86)\Ask.com\cb_756e.ico
c:\program files (x86)\Ask.com\cobrand.ico
c:\program files (x86)\Ask.com\config.xml
c:\program files (x86)\Ask.com\favicon.ico
c:\program files (x86)\Ask.com\fv_624b.ico
c:\program files (x86)\Ask.com\GenericAskToolbar.dll
c:\program files (x86)\Ask.com\mupcfg.xml
c:\program files (x86)\Ask.com\precache.exe
c:\program files (x86)\Ask.com\SaUpdate.exe
c:\program files (x86)\Ask.com\Updater\config.xml
c:\program files (x86)\Ask.com\Updater\Updater.exe
c:\program files (x86)\Ask.com\UpdateTask.exe
c:\program files\NETGATE
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_SPYEMRG
-------\Legacy_SPYEMRGGUARD
-------\Service_SkypeUpdate
-------\Service_SpyEmrg
-------\Service_SpyEmrgGuard
.
.
((((((((((((((((((((((((( Files Created from 2012-05-18 to 2012-06-18 )))))))))))))))))))))))))))))))
.
.
2012-06-18 13:02 . 2012-06-18 13:02 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-06-18 09:57 . 2012-05-02 13:24 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-06-18 09:57 . 2012-04-27 08:20 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-18 09:57 . 2012-04-24 22:32 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-06-18 09:57 . 2012-06-18 09:58 -------- d-----w- c:\programdata\Avira
2012-06-18 09:57 . 2012-06-18 09:57 -------- d-----w- c:\program files (x86)\Avira
2012-06-18 07:37 . 2012-06-18 07:37 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 07:37 . 2012-06-18 07:37 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 07:37 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-17 19:37 . 2012-06-17 19:37 -------- d-----w- C:\_OTL
2012-06-17 11:24 . 2012-05-14 23:41 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B8AA522E-DE23-499F-9287-AF80F557F6E9}\mpengine.dll
2012-06-15 03:21 . 2011-09-06 08:39 174640 ----a-w- c:\windows\system32\drivers\SYMEVENT64x86.SYS
2012-06-14 07:45 . 2012-06-14 07:45 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-06-14 07:45 . 2012-06-14 07:45 -------- d-----w- c:\program files (x86)\Oracle
2012-06-14 07:44 . 2012-05-04 17:29 687504 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-14 07:44 . 2012-05-04 17:29 772504 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-06-14 07:44 . 2012-06-14 07:44 -------- d-----w- c:\program files (x86)\Java
2012-06-13 19:05 . 2012-06-14 19:30 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-13 19:05 . 2012-06-14 19:30 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 07:16 . 2012-05-04 11:00 366592 ----a-w- c:\windows\system32\qdvd.dll
2012-06-13 07:16 . 2012-05-04 09:59 514560 ----a-w- c:\windows\SysWow64\qdvd.dll
2012-06-13 06:54 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 06:54 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 06:54 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 06:54 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 06:54 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 06:54 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 06:54 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-12 11:11 . 2012-06-12 11:11 -------- d-----w- c:\programdata\RELOADED
2012-06-09 13:25 . 2012-06-09 13:25 -------- d-----w- c:\users\Public\CyberLink
2012-06-09 12:49 . 2012-06-09 12:51 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-06-09 12:48 . 2012-06-09 12:55 -------- d-----w- c:\programdata\Nero
2012-06-09 12:44 . 2011-12-01 09:42 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-06-09 12:44 . 2012-06-09 12:55 -------- d-----w- c:\program files (x86)\Nero
2012-06-09 12:44 . 2012-06-09 12:44 -------- dc----w- c:\windows\system32\DRVSTORE
2012-06-09 12:44 . 2011-12-01 09:42 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-06-09 11:46 . 2012-06-09 11:46 -------- d-----w- c:\program files\MediaInfo
2012-06-08 19:21 . 2012-06-08 19:22 -------- d-----w- c:\programdata\DVD Shrink
2012-06-08 19:21 . 2012-06-08 19:21 -------- d-----w- c:\program files (x86)\DVD Shrink
2012-06-02 23:46 . 2012-06-02 23:46 -------- d-----w- c:\programdata\Intel
2012-06-02 16:16 . 2012-06-02 16:16 -------- d-----w- c:\program files (x86)\VideoLAN
2012-06-02 16:08 . 2012-05-26 10:36 204800 ----a-w- c:\windows\system32\unrar64.dll
2012-06-02 16:08 . 2012-06-02 16:08 -------- d-----w- c:\program files\MPC-HC
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- c:\windows\SysWow64\Wat
2012-06-02 13:43 . 2012-06-02 13:43 -------- d-----w- c:\windows\system32\Wat
2012-06-02 13:23 . 2012-06-02 13:23 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-06-01 23:11 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-06-01 23:11 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-06-01 23:11 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-06-01 23:11 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-06-01 23:11 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-06-01 23:11 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-06-01 23:11 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-06-01 23:08 . 2011-10-01 05:45 886784 ----a-w- c:\program files\Common Files\System\wab32.dll
2012-06-01 23:08 . 2011-10-01 04:37 708608 ----a-w- c:\program files (x86)\Common Files\System\wab32.dll
2012-06-01 23:08 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-06-01 23:08 . 2012-03-17 07:58 75120 ----a-w- c:\windows\system32\drivers\partmgr.sys
2012-06-01 23:08 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-06-01 23:08 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-06-01 23:08 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-06-01 23:08 . 2011-10-15 06:31 723456 ----a-w- c:\windows\system32\EncDec.dll
2012-06-01 23:08 . 2011-10-15 05:38 534528 ----a-w- c:\windows\SysWow64\EncDec.dll
2012-06-01 20:46 . 2012-06-01 20:46 -------- d-----w- c:\programdata\ALM
2012-06-01 20:45 . 2012-06-01 20:45 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-06-01 20:44 . 2012-06-01 20:44 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-06-01 20:26 . 2012-06-01 20:59 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-06-01 20:22 . 2012-06-01 20:26 -------- d-----w- c:\program files\Common Files\Adobe
2012-06-01 20:22 . 2012-06-01 20:47 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2012-06-01 20:06 . 2012-06-01 20:06 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-01 20:04 . 2012-06-01 20:14 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-06-01 18:01 . 2012-06-01 18:01 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-06-01 18:00 . 2012-06-02 16:25 -------- d-----w- c:\program files (x86)\Microsoft.NET
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-06-01 18:00 . 2012-06-01 18:00 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2012-06-01 17:59 . 2012-06-01 17:59 -------- d-----w- c:\program files\Microsoft Analysis Services
2012-06-01 17:59 . 2012-06-01 17:59 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2012-06-01 17:58 . 2012-06-13 06:57 -------- d-----w- c:\programdata\Microsoft Help
2012-06-01 17:58 . 2012-06-01 17:58 -------- d-----r- C:\MSOCache
2012-06-01 17:42 . 2012-06-01 17:42 -------- d-----w- c:\programdata\Media Get LLC
2012-06-01 17:41 . 2012-06-01 17:41 -------- d-----w- c:\programdata\IBUpdaterService
2012-06-01 17:34 . 2012-06-01 17:34 -------- d-----w- c:\program files (x86)\MusicJet
2012-06-01 17:34 . 2012-06-01 17:34 -------- dc-h--w- c:\programdata\{8890AAED-0271-4F75-ABAA-79FDD6B94AD2}
2012-06-01 17:33 . 2012-06-01 17:33 -------- d-----w- c:\program files (x86)\uTorrent
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\windows\SysWow64\spool
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\programdata\Sony
2012-06-01 17:09 . 2012-06-01 17:09 -------- d-----w- c:\program files (x86)\Sony
2012-06-01 16:53 . 2012-06-01 16:53 -------- d-----w- c:\program files (x86)\DsNET Corp
2012-06-01 16:50 . 2012-06-12 17:34 -------- d-----w- c:\program files (x86)\JDownloader
2012-06-01 16:49 . 2012-06-01 16:49 -------- d-----w- c:\programdata\Ask
2012-06-01 16:47 . 2012-06-01 16:47 -------- d-----w- c:\program files (x86)\Foxit Software
2012-06-01 16:44 . 2012-06-01 16:44 8769696 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-06-01 16:43 . 2012-06-01 16:43 -------- d-----w- c:\program files (x86)\PhotoScape
2012-06-01 16:40 . 2012-06-01 16:40 -------- d-----w- c:\program files (x86)\PANDORA.TV
2012-06-01 16:40 . 2012-06-01 16:41 -------- d-----w- c:\program files (x86)\The KMPlayer
2012-06-01 16:39 . 2012-06-11 18:09 -------- d-----w- c:\program files (x86)\AIMP3
2012-06-01 16:37 . 2012-06-01 16:37 -------- d-----w- c:\program files (x86)\Mp3tag
2012-06-01 16:32 . 2012-06-01 16:32 -------- d-----w- c:\program files (x86)\Opera
2012-06-01 16:26 . 2012-06-01 16:26 -------- d-----w- c:\programdata\McAfee
2012-06-01 16:26 . 2012-06-01 16:26 -------- d-----w- c:\windows\system32\Macromed
2012-06-01 16:24 . 2012-06-01 16:24 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-06-01 16:18 . 2012-06-01 16:18 -------- d--h--w- c:\programdata\Common Files
2012-06-01 16:10 . 2012-06-01 16:45 -------- d-----w- c:\program files (x86)\ICQ7M
2012-06-01 15:33 . 2012-06-01 15:33 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-06-01 14:53 . 2012-06-01 14:53 -------- d-----w- c:\program files\CCleaner
2012-06-01 14:20 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-06-01 14:20 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-06-01 14:20 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-06-01 14:16 . 2012-06-01 15:33 -------- d-----r- c:\program files (x86)\Skype
2012-06-01 14:15 . 2012-06-08 15:24 -------- d-----w- c:\programdata\Skype
2012-06-01 14:15 . 2012-06-01 14:15 -------- d-----w- c:\program files\Elantech
2012-06-01 14:14 . 2012-06-01 14:16 -------- d-----w- c:\users\Tomík
2012-06-01 14:12 . 2012-06-01 14:12 -------- d-----w- C:\Recovery
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-01 14:14 . 2010-06-24 02:33 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-18_11.16.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-06-18 12:32 42968 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-06-18 12:32 37926 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2012-06-01 14:15 . 2012-06-18 12:32 6630 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1571869238-3936240484-2151935606-1001_UserData.bin
- 2012-06-18 11:16 . 2012-06-18 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-18 13:03 . 2012-06-18 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-18 11:16 . 2012-06-18 11:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-06-18 13:03 . 2012-06-18 13:03 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2009-07-14 02:36 . 2012-06-18 12:35 616008 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-06-18 10:00 616008 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-06-18 12:35 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-06-18 10:00 106388 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-06-18 11:15 482304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-06-18 13:03 482304 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-06-01 18:53 . 2012-06-18 13:03 16834012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1571869238-3936240484-2151935606-1001-8192.dat
- 2012-06-01 18:53 . 2012-06-18 11:15 16834012 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1571869238-3936240484-2151935606-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-14 257224]
R3 Bluetooth Media Service;Bluetooth Media Service;c:\program files (x86)\Intel\Bluetooth\mediasrv.exe [2011-03-30 1321296]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 51740536]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-21 129976]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [x]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 AntiVirWebService;Avira Web Protection;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-01 465360]
S2 Bluetooth Device Monitor;Bluetooth Device Monitor;c:\program files (x86)\Intel\Bluetooth\devmonsrv.exe [2011-03-30 923984]
S2 Bluetooth OBEX Service;Bluetooth OBEX Service;c:\program files (x86)\Intel\Bluetooth\obexsrv.exe [2011-03-30 1001808]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-04 1997416]
S2 PanService;PandoraService;c:\program files (x86)\PANDORA.TV\PanService\PandoraService.exe [2011-12-21 578264]
S2 SGDrv;SGDrv;c:\windows\system32\DRIVERS\SGdrv64.sys [x]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-05-05 2656536]
S3 btmaux;Intel Bluetooth Auxiliary Service;c:\windows\system32\DRIVERS\btmaux.sys [x]
S3 btmhsf;btmhsf;c:\windows\system32\DRIVERS\btmhsf.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 iBtFltCoex;iBtFltCoex;c:\windows\system32\DRIVERS\iBtFltCoex.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2012-06-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-13 19:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-12 12558440]
"BTMTrayAgent"="c:\program files (x86)\Intel\Bluetooth\btmshell.dll" [2011-03-30 10372368]
"ETDCtrl"="c:\program files (x86)\Elantech\ETDCtrl.exe" [BU]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-02 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-02 392984]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-02 417560]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_SK
mStart Page = hxxp://samsung.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
FF - ProfilePath - c:\users\Tomík\AppData\Roaming\Mozilla\Firefox\Profiles\mvob3y62.default\
FF - prefs.js: browser.startup.homepage - hxxp://search.avira.com/?l=dis&o=APN10401&gct=hp&dc=EU&locale=en_SK
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
AddRemove-{79A765E1-C399-405B-85AF-466F52E918B0} - c:\program files (x86)\Ask.com\Updater\Updater.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Samsung\Easy Support Center\SSCKbdHk.exe
.
**************************************************************************
.
Completion time: 2012-06-18 15:09:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-18 13:09
ComboFix2.txt 2012-06-18 12:28
ComboFix3.txt 2012-06-18 11:21
.
Pre-Run: 221 675 180 032 bytes free
Post-Run: 221 416 419 328 bytes free
.
- - End Of File - - 60DBEB03A4AAEF1811DACE20C540C70B
