Vírus ? Kontrola CF

[Vlasta333]

Tento proces stále vyskakuje pod systemom32 sdfsdf




Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:26:36, on 24. 12. 2010
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16700)
Boot mode: Normal

Running processes:
C:\Users\Cash\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cash\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cash\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Cash\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: Shell=Explorer.exe "C:\Users\Cash\AppData\Roaming\lsass.exe"
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: HP Print Enhancer - {0347C33E-8762-4905-BF09-768834316C61} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: HP Smart BHO Class - {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Show or hide HP Smart Web Printing - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Ulead Burning Helper (UleadBurningHelper) - Ulead Systems, Inc. - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7488 bytes




Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Verzia databázy: 5388

Windows 6.1.7600
Internet Explorer 8.0.7600.16385

24. 12. 2010 17:19:56
mbam-log-2010-12-24 (17-19-56).txt

Typ kontroly: Úplná kontrola (C:\|)
Objektov kontrolovaných: 242858
Uplynutý čas: 18 min, 55 sek

Infikované služby pamäte: 0
Infikované moduly pamäte: 0
Infikované registračné kľúče: 0
Infikované registračné hodnoty: 0
Infikované položky registračných dát: 0
Infikované priečinky: 0
Infikované súbory: 0

Infikované služby pamäte:
(Škodlivé položky neboli zistené)

Infikované moduly pamäte:
(Škodlivé položky neboli zistené)

Infikované registračné kľúče:
(Škodlivé položky neboli zistené)

Infikované registračné hodnoty:
(Škodlivé položky neboli zistené)

Infikované položky registračných dát:
(Škodlivé položky neboli zistené)

Infikované priečinky:
(Škodlivé položky neboli zistené)

Infikované súbory:
(Škodlivé položky neboli zistené)


ComboFix 10-12-24.01 - Cash . 12. 2010 19:44:56.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4087.2837 [GMT 1:00]
Running from: c:\users\Cash\Desktop\ComboFix.exe
AV: COMODO Antivirus *Disabled/Updated* {675CEE69-9702-A524-3989-6D7CC8BF3695}
FW: COMODO Firewall *Disabled* {5F676F4C-DD6D-A47C-12D6-C449366C71EE}
SP: COMODO Defense+ *Disabled/Updated* {DC3D0F8D-B138-AAAA-0339-560EB3387C28}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\SysWow64\Drivers\mndrg.sys

.
((((((((((((((((((((((((( Files Created from 2010-11-24 to 2010-12-24 )))))))))))))))))))))))))))))))
.

2010-12-24 18:48 . 2010-12-24 18:48 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-12-24 16:32 . 2010-12-24 16:32 -------- d-----w- C:\VritualRoot
2010-12-24 15:55 . 2010-12-24 18:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2010-12-24 15:31 . 2010-12-24 18:38 -------- d-----w- c:\programdata\Comodo
2010-12-24 15:31 . 2010-12-24 18:26 -------- d-----w- c:\program files\COMODO
2010-12-24 15:31 . 2010-12-24 15:31 1060864 ----a-w- c:\windows\SysWow64\mfc71.dll
2010-12-24 14:13 . 2010-12-24 14:13 -------- d-----w- c:\program files (x86)\Common Files\Steam
2010-12-24 12:39 . 2010-12-24 12:39 -------- d-----w- C:\!KillBox
2010-12-24 12:29 . 2010-12-24 12:29 -------- d-----w- c:\programdata\Paradoxx
2010-12-24 12:28 . 2010-12-24 13:07 -------- d-----w- c:\program files (x86)\T-Mobile Communication Center
2010-12-24 11:21 . 2010-12-24 13:07 -------- d-----w- c:\programdata\Malwarebytes
2010-12-24 11:21 . 2010-12-20 17:09 38224 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2010-12-24 09:32 . 2010-11-16 11:01 8199504 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2C45B7A9-6435-4641-9D76-F665213FF989}\mpengine.dll
2010-12-24 09:21 . 2010-12-24 09:21 -------- d-----w- c:\program files (x86)\Trend Micro
2010-12-20 13:24 . 2010-12-20 13:28 -------- d-----w- c:\programdata\CyberLink
2010-12-20 13:24 . 2010-12-24 13:07 -------- d-----w- c:\program files (x86)\Common Files\CyberLink
2010-12-20 13:23 . 2010-12-24 13:07 -------- d-----w- c:\program files (x86)\CyberLink
2010-12-20 13:23 . 2010-12-20 13:22 29480 ----a-w- c:\windows\SysWow64\msxml3a.dll
2010-12-18 22:26 . 2010-12-18 22:26 -------- d-----w- c:\program files (x86)\MSXML 4.0
2010-12-18 09:34 . 2010-12-18 09:34 -------- d-----w- c:\programdata\WEBREG
2010-12-18 09:32 . 2010-12-18 09:32 -------- d-----w- c:\programdata\HP Product Assistant
2010-12-18 09:32 . 2010-12-18 09:32 -------- d-----w- c:\windows\SysWow64\spool
2010-12-18 09:31 . 2010-12-18 09:31 -------- d-----w- c:\program files (x86)\Common Files\Hewlett-Packard
2010-12-18 09:31 . 2010-12-18 09:31 -------- d-----w- c:\program files (x86)\Common Files\HP
2010-12-18 09:30 . 2010-12-23 10:19 -------- d-----w- c:\program files (x86)\HP
2010-12-18 09:30 . 2010-12-18 09:30 -------- d-----w- c:\program files\HP
2010-12-18 09:29 . 2010-12-18 09:33 -------- d-----w- c:\programdata\HP
2010-12-18 08:58 . 2010-12-18 08:58 -------- d-----w- c:\programdata\Hewlett-Packard
2010-12-17 18:56 . 2010-10-27 04:32 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2010-12-17 18:56 . 2010-11-02 04:40 496128 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-12-17 18:56 . 2010-11-02 04:40 305152 ----a-w- c:\windows\SysWow64\taskcomp.dll
2010-12-17 18:56 . 2010-11-02 04:34 192000 ----a-w- c:\windows\SysWow64\taskeng.exe
2010-12-17 18:56 . 2010-11-02 04:34 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
2010-12-17 18:56 . 2010-10-20 04:54 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2010-12-17 18:56 . 2010-10-20 02:58 294400 ----a-w- c:\windows\SysWow64\atmfd.dll
2010-12-17 18:56 . 2010-10-16 04:36 314368 ----a-w- c:\windows\SysWow64\webio.dll
2010-12-12 12:45 . 2010-12-12 12:45 -------- d-----w- c:\program files (x86)\ArcSoft
2010-12-11 20:32 . 2010-12-24 13:45 -------- d-----w- c:\program files (x86)\JDownloader
2010-12-04 22:41 . 2010-12-04 22:41 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2010-12-04 18:14 . 2010-12-04 18:14 -------- d-----w- c:\program files (x86)\MKVtoolnix
2010-12-04 11:54 . 2010-12-04 11:54 -------- d-----w- c:\programdata\Electronic Arts
2010-12-04 11:54 . 2010-12-04 11:54 -------- d-----w- c:\programdata\EA Core
2010-12-04 09:22 . 2010-12-11 11:12 -------- d-----w- c:\program files (x86)\RapidShareManager
2010-12-04 09:22 . 2010-12-04 09:22 -------- d-----w- c:\program files (x86)\Common Files\Java
2010-12-04 09:21 . 2010-12-04 09:21 411368 ----a-w- c:\windows\SysWow64\deployJava1.dll
2010-12-04 09:21 . 2010-12-04 09:21 -------- d-----w- c:\program files (x86)\Java
2010-12-03 22:16 . 2010-12-03 22:16 -------- d-----w- c:\programdata\ashampoo
2010-12-03 22:16 . 2010-12-03 22:16 -------- d-----w- c:\program files (x86)\Ashampoo
2010-12-02 21:14 . 2010-12-02 21:14 -------- d-----w- C:\WindowsOffBackup
2010-12-02 21:03 . 2010-12-02 21:03 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2010-12-02 21:03 . 2010-12-02 21:03 -------- d-----w- c:\windows\PCHEALTH
2010-12-02 21:03 . 2010-12-02 21:03 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework
2010-12-02 21:03 . 2010-12-02 21:03 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2010-12-02 21:02 . 2010-12-02 21:02 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8
2010-12-02 21:02 . 2010-12-02 21:02 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services
2010-12-02 21:01 . 2010-12-02 21:05 -------- d-----w- c:\programdata\Microsoft Help
2010-12-02 21:01 . 2010-12-02 21:01 -------- d-----r- C:\MSOCache
2010-12-02 20:39 . 2010-12-04 12:42 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2010-12-02 20:36 . 2010-12-24 13:07 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2010-12-02 20:35 . 2010-12-02 20:36 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2010-12-02 20:35 . 2010-12-02 20:35 -------- d-----w- c:\programdata\DAEMON Tools Lite
2010-12-02 19:50 . 2010-12-12 12:46 -------- d--h--w- c:\programdata\ArcSoft
2010-12-02 19:50 . 2010-12-02 19:50 -------- d-----w- c:\program files (x86)\Common Files\ArcSoft
2010-12-02 19:50 . 2005-07-16 01:35 245408 ----a-w- c:\windows\SysWow64\unicows.dll
2010-12-02 19:50 . 2010-12-02 19:50 -------- d-----w- c:\program files (x86)\Common Files\Ulead Systems
2010-12-02 19:49 . 2008-08-13 08:35 20480 ----a-w- c:\program files\Windows Sidebar\Gadgets\PVR2Remote.Gadget\ClassLibrary1.dll
2010-12-02 19:49 . 2010-12-02 19:49 -------- d-----w- c:\program files\WinFast
2010-12-02 19:46 . 2010-12-02 19:46 -------- d-----w- c:\program files (x86)\The KMPlayer
2010-12-02 19:42 . 2010-12-02 19:43 -------- d-----w- c:\windows\SysWow64\WinFast
2010-12-02 19:14 . 2010-12-02 19:14 -------- d-----w- c:\windows\SysWow64\Macromed
2010-11-30 22:30 . 2009-09-10 05:52 257024 ----a-w- c:\windows\SysWow64\msv1_0.dll
2010-11-30 22:28 . 2010-12-02 21:03 -------- d-----w- c:\program files (x86)\Microsoft.NET
2010-11-30 22:27 . 2009-11-25 11:47 99176 ----a-w- c:\windows\SysWow64\PresentationHostProxy.dll
2010-11-30 22:27 . 2009-11-25 11:47 49472 ----a-w- c:\windows\SysWow64\netfxperf.dll
2010-11-30 22:27 . 2009-11-25 11:47 297808 ----a-w- c:\windows\SysWow64\mscoree.dll
2010-11-30 22:27 . 2009-11-25 11:47 295264 ----a-w- c:\windows\SysWow64\PresentationHost.exe
2010-11-30 22:27 . 2009-11-25 11:47 1130824 ----a-w- c:\windows\SysWow64\dfshim.dll
2010-11-30 21:49 . 2010-09-01 05:14 167424 ----a-w- c:\program files\Windows Media Player\wmplayer.exe
2010-11-30 21:49 . 2010-09-01 04:26 164864 ----a-w- c:\program files (x86)\Windows Media Player\wmplayer.exe
2010-11-30 21:49 . 2010-09-01 04:23 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2010-11-30 21:48 . 2009-12-29 06:55 172032 ----a-w- c:\windows\SysWow64\wintrust.dll
2010-11-30 21:47 . 2010-08-27 05:46 9728 ----a-w- c:\windows\SysWow64\sscore.dll
2010-11-30 21:47 . 2010-01-09 06:52 132608 ----a-w- c:\windows\SysWow64\cabview.dll
2010-11-30 08:36 . 2010-12-02 20:31 -------- d-----w- c:\program files (x86)\totalcmd
2010-11-30 08:36 . 2010-07-07 06:55 545 ----a-w- c:\windows\UC.PIF
2010-11-30 08:36 . 2010-07-07 06:55 545 ----a-w- c:\windows\RAR.PIF
2010-11-30 08:36 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKZIP.PIF
2010-11-30 08:36 . 2010-07-07 06:55 545 ----a-w- c:\windows\PKUNZIP.PIF
2010-11-30 08:36 . 2010-07-07 06:55 545 ----a-w- c:\windows\NOCLOSE.PIF
2010-11-30 08:36 . 2010-07-07 06:55 545 ----a-w- c:\windows\LHA.PIF
2010-11-30 08:36 . 2010-07-07 06:55 545 ----a-w- c:\windows\ARJ.PIF
2010-11-30 06:16 . 2010-11-29 23:25 -------- d-----w- c:\windows\Panther
2010-11-30 06:16 . 2010-11-30 06:16 -------- d-----w- C:\Boot
2010-11-30 00:03 . 2010-11-30 00:03 -------- d-----w- C:\NVIDIA
2010-11-30 00:02 . 2010-12-24 18:37 -------- d-----w- c:\programdata\NVIDIA
2010-11-29 23:41 . 2010-12-02 20:55 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2010-11-29 23:41 . 2010-11-29 23:41 -------- d-----w- c:\programdata\NVIDIA Corporation
2010-11-29 23:41 . 2010-11-29 23:41 -------- d-----w- c:\program files\NVIDIA Corporation
2010-11-29 23:34 . 2010-11-29 23:34 -------- d-----w- c:\program files (x86)\Renesas Electronics
2010-11-29 23:34 . 2010-12-24 18:32 -------- d-sh--w- c:\windows\Installer
2010-11-29 23:34 . 2010-11-29 23:34 -------- d-----w- c:\programdata\Downloaded Installations
2010-11-29 23:33 . 2010-11-29 23:33 -------- d-----w- c:\windows\SysWow64\RTCOM
2010-11-29 23:33 . 2010-11-29 23:33 -------- d-----w- c:\program files\Realtek
2010-11-29 23:33 . 2010-07-22 08:48 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2010-11-29 23:33 . 2010-11-29 23:34 -------- d--h--w- c:\program files (x86)\Temp
2010-11-29 23:33 . 2010-07-27 05:54 1251944 ------r- c:\windows\RtlExUpd.dll
2010-11-29 23:33 . 2010-12-02 19:50 -------- d-----w- c:\program files (x86)\Common Files\InstallShield
2010-11-29 23:33 . 2010-11-29 23:33 -------- d-----w- c:\program files (x86)\Marvell
2010-11-29 23:32 . 2010-11-29 23:33 -------- d-----w- c:\program files (x86)\Realtek
2010-11-29 23:32 . 2010-12-24 13:07 -------- d--h--w- c:\program files (x86)\InstallShield Installation Information
2010-11-29 23:31 . 2010-11-29 23:31 -------- d-----w- c:\program files (x86)\Intel
2010-11-29 23:31 . 2010-06-17 11:02 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2010-11-29 23:31 . 2010-11-29 23:31 -------- d-----w- C:\Intel
2010-11-29 23:29 . 2010-12-19 12:22 -------- d-----w- c:\program files (x86)\TeamViewer
2010-11-29 23:25 . 2010-12-24 18:28 -------- d-----w- c:\users\Cash
2010-11-29 23:25 . 2010-11-29 23:25 -------- d-----w- C:\Recovery

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-12-20 13:22 . 2009-05-21 19:21 505128 ----a-w- c:\windows\SysWow64\msvcp71.dll
2010-12-20 13:22 . 2009-05-21 17:57 353576 ----a-w- c:\windows\SysWow64\msvcr71.dll
2010-11-02 04:34 . 2010-12-17 18:56 179712 ----a-w- c:\windows\SysWow64\schtasks.exe
.

((((((((((((((((((((((((((((( SnapShot@2010-12-24_11.16.31 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-30 00:06 . 2010-12-24 18:39 36862 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2010-12-24 18:39 32826 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2010-12-24 13:08 . 2010-12-24 18:22 67584 c:\windows\system32\LogFiles\Srt\bootstat.dat
+ 2009-07-14 05:30 . 2010-12-24 18:32 86016 c:\windows\system32\DriverStore\infpub.dat
- 2009-07-14 05:30 . 2010-12-18 09:30 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2010-09-10 22:40 . 2010-09-10 22:40 88304 c:\windows\system32\DriverStore\FileRepository\inspect.inf_amd64_neutral_5379ce3149166da4\inspect.sys
+ 2010-12-24 11:21 . 2010-12-20 17:08 24152 c:\windows\system32\drivers\mbam.sys
+ 2010-09-10 22:40 . 2010-09-10 22:40 88304 c:\windows\system32\drivers\inspect.sys
+ 2010-09-10 22:40 . 2010-09-10 22:40 33208 c:\windows\system32\drivers\cmdhlp.sys
+ 2010-09-10 22:40 . 2010-09-10 22:40 20864 c:\windows\system32\drivers\cmderd.sys
+ 2010-11-30 06:24 . 2010-12-24 18:37 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-30 06:24 . 2010-12-22 11:43 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-30 06:24 . 2010-12-24 18:37 49152 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2010-12-24 18:37 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 16:46 . 2010-12-24 16:46 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
- 2010-11-29 23:33 . 2010-12-24 09:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-29 23:33 . 2010-12-24 18:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2010-11-29 23:33 . 2010-12-24 18:38 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-29 23:33 . 2010-12-24 09:16 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2010-11-29 23:33 . 2010-12-24 09:16 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-29 23:33 . 2010-12-24 18:38 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-29 23:27 . 2010-12-24 18:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-29 23:27 . 2010-12-24 09:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2010-11-29 23:27 . 2010-12-24 09:16 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-11-29 23:27 . 2010-12-24 18:38 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-12-24 14:13 . 2010-12-24 14:13 27648 c:\windows\Installer\{048298C9-A4D3-490B-9FF9-AB023A9238F3}\Icon048298C91.exe
- 2010-12-20 10:12 . 2010-12-20 10:12 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 12800 c:\windows\assembly\GAC\Microsoft.DirectX.Diagnostics\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Diagnostics.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 53248 c:\windows\assembly\GAC\Microsoft.DirectX.AudioVideoPlayback\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.AudioVideoPlayback.dll
+ 2010-11-29 23:40 . 2010-12-24 18:39 9158 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1314463622-957107430-3337573159-1001_UserData.bin
+ 2010-12-24 18:37 . 2010-12-24 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-24 09:16 . 2010-12-24 09:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2010-12-24 09:16 . 2010-12-24 09:16 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-12-24 18:37 . 2010-12-24 18:37 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2010-09-10 22:41 . 2010-09-10 22:41 285480 c:\windows\SysWOW64\guard32.dll
+ 2010-12-24 18:29 . 2010-12-24 18:29 109224 c:\windows\SysWOW64\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
- 2009-07-14 02:36 . 2010-12-24 09:21 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-24 18:42 618714 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2010-12-24 18:42 107034 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2010-12-24 09:21 107034 c:\windows\system32\perfc009.dat
+ 2010-09-10 22:41 . 2010-09-10 22:41 362784 c:\windows\system32\guard64.dll
- 2009-07-14 05:30 . 2010-12-18 09:30 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2010-12-24 18:32 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2010-12-24 18:32 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2010-12-18 09:30 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2010-09-10 22:40 . 2010-09-10 22:40 249496 c:\windows\system32\drivers\cmdGuard.sys
+ 2009-07-14 05:38 . 2010-12-24 18:26 262144 c:\windows\system32\config\systemprofile\ntuser.dat
- 2009-07-14 05:38 . 2010-11-30 06:18 262144 c:\windows\system32\config\systemprofile\ntuser.dat
+ 2010-12-24 16:32 . 2010-12-24 16:32 109224 c:\windows\system32\config\systemprofile\AppData\Local\GDIPFONTCACHEV1.DAT
+ 2009-07-14 05:01 . 2010-12-24 18:36 397604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-12-24 18:36 . 2010-12-24 18:36 397604 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1314463622-957107430-3337573159-1001-12288.dat
+ 2010-12-24 14:27 . 2010-12-24 14:27 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 223232 c:\windows\assembly\GAC\Microsoft.DirectX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 178176 c:\windows\assembly\GAC\Microsoft.DirectX.DirectSound\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectSound.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 364544 c:\windows\assembly\GAC\Microsoft.DirectX.DirectPlay\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectPlay.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 159232 c:\windows\assembly\GAC\Microsoft.DirectX.DirectInput\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectInput.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 145920 c:\windows\assembly\GAC\Microsoft.DirectX.DirectDraw\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.DirectDraw.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2911.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 578560 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2910.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2909.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 577536 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2908.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 577024 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2907.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 576000 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2906.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 567296 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2905.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 563712 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2904.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 473600 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3D\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3D.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 2846720 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2903.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2010-12-24 14:27 . 2010-12-24 14:27 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
- 2010-12-20 10:12 . 2010-12-20 10:12 2676224 c:\windows\assembly\GAC\Microsoft.DirectX.Direct3DX\1.0.2902.0__31bf3856ad364e35\Microsoft.DirectX.Direct3DX.dll
+ 2009-07-14 02:34 . 2010-12-24 13:29 10223616 c:\windows\system32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:34 . 2010-12-24 10:12 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2010-12-24 18:28 . 2010-12-24 18:29 11619736 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\1UYRK3EB\gb_setup_3.1.170563.30[1].exe
+ 2010-12-24 16:33 . 2010-12-24 16:33 11619736 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\10BPZJBH\gb_setup_3.1.170563.30[1].exe
+ 2010-12-24 18:31 . 2010-12-24 18:31 27027456 c:\windows\Installer\3e9d4.msi
+ 2010-07-23 14:56 . 2010-07-23 14:56 10961920 c:\windows\Installer\326a61.msi
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]
@="Service"

R0 pdnpves;pdnpves;c:\windows\system32\drivers\mndrg.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SetupNTGLM7X;SetupNTGLM7X;F:\NTGLM7X.sys [x]
S0 mv91xx;mv91xx;c:\windows\system32\DRIVERS\mv91xx.sys [2010-07-01 293416]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2010-12-02 834544]
S1 archlp;archlp;c:\windows\system32\drivers\archlp.sys [2010-01-12 142848]
S1 cmderd;COMODO Internet Security Eradication Driver;c:\windows\system32\DRIVERS\cmderd.sys [2010-09-10 20864]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-09-10 249496]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-09-10 33208]
S2 {1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC};Power Control [2010/12/20 14:24];c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl [2010-08-26 11:18 146928]
S2 CLPSLS;COMODO livePCsupport Service;c:\program files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2010-11-19 158112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-09 248936]
S2 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-04-27 83080]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-04-27 184968]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 344680]
S3 WFLR6654;WinFast TV2000 XP Global/Global TV (XC2028);c:\windows\system32\drivers\wfeaglxt.sys [2009-10-21 474240]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - CMDERD
*NewlyCreated* - CMDGUARD
*NewlyCreated* - CMDHLP

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2010-12-23 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314463622-957107430-3337573159-1001Core.job
- c:\users\Cash\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 19:12]

2010-12-24 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1314463622-957107430-3337573159-1001UA.job
- c:\users\Cash\AppData\Local\Google\Update\GoogleUpdate.exe [2010-12-02 19:12]
.

--------- x86-64 -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-09-10 8892360]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
TCP: {5C71A9CE-62A1-4B31-A7C2-1CABFACCC132} = 156.154.70.25,156.154.71.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Malwarebytes' Anti-Malware_is1 - c:\program files (x86)\Malwarebytes' Anti-Malware\unins000.exe



[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{1BA31E5A-C098-42d8-8F88-3C9F78A2FDDC}]
"ImagePath"="\??\c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)

[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"

[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2010-12-24 19:49:41
ComboFix-quarantined-files.txt 2010-12-24 18:49
ComboFix2.txt 2010-12-24 11:17

Pre-Run: 73 887 342 592 bytes free
Post-Run: 73 721 909 248 bytes free

- - End Of File - - 4F55FAC803FCECF331D1D980244D72B1

[Rudy]

Dejte log z ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode, pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k nezadoucim kolizim s rezidentem antispyware

[Vlasta333]

Zdravím Rudy a príjemné sviatky prajem
Log z ComboFix je v téme naspodu

[Rudy]

Pardon, přehlédl jsem. Otevřrte poznámkový blok a zkopírujte do něj:

Driver::
pdnpves

Uložte na plochju jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkaz ze skriptu.

[Vlasta333]

Veliké díky "Rudy"

Už je to OK
PF 2011 !

[Rudy]

Nemáte zač a v novém roce hodně úspěchů!