ComboFix 11-08-11.02 - Datta . 08. 2011 20:06:24.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.4095.2162 [GMT 2:00]
Running from: e:\upload\ComboFix.exe
AV: Microsoft Security Essentials *Enabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Enabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Datta\AppData\Local\Temp\3dcf2df1-2a83-477c-a7dd-858967792357\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-07-11 to 2011-08-11 )))))))))))))))))))))))))))))))
.
.
2011-08-11 18:08 . 2011-08-11 18:08 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-08-11 17:20 . 2011-07-06 17:52 41272 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-08-11 17:20 . 2011-08-11 17:20 -------- d-----w- c:\programdata\Malwarebytes
2011-08-11 17:20 . 2011-08-11 17:20 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2011-08-11 17:20 . 2011-07-06 17:52 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-08-11 17:19 . 2011-08-11 17:19 -------- d-----w- c:\program files (x86)\Ask.com
2011-08-11 17:10 . 2011-08-11 17:10 -------- d-----w- c:\program files (x86)\Microsoft Security Client
2011-08-11 17:10 . 2011-08-11 17:10 -------- d-----w- c:\program files\Microsoft Security Client
2011-08-11 16:35 . 2009-10-30 13:31 33608 ----a-w- c:\windows\system32\TURegOpt.exe
2011-08-11 16:35 . 2009-10-30 13:24 25928 ----a-w- c:\windows\system32\authuitu.dll
2011-08-11 16:35 . 2009-10-30 13:24 21320 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-08-11 16:35 . 2009-10-30 13:24 36168 ----a-w- c:\windows\system32\uxtuneup.dll
2011-08-11 16:35 . 2009-10-30 13:24 30024 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-08-11 16:35 . 2011-08-11 16:35 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2010
2011-08-11 15:58 . 2011-08-11 15:58 65536 --sha-r- c:\windows\SysWow64\comres6.dll
2011-08-09 15:22 . 2011-08-09 15:22 -------- d-----w- c:\program files (x86)\Common Files\Adobe
2011-08-08 15:00 . 2011-08-08 15:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2011-08-08 15:00 . 2011-08-08 15:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2011-08-08 15:00 . 2011-08-08 15:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2011-08-08 15:00 . 2011-08-08 15:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2011-08-08 15:00 . 2011-08-08 15:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2011-08-08 15:00 . 2011-08-08 15:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2011-08-08 15:00 . 2011-08-08 15:00 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2011-08-08 14:59 . 2011-08-08 15:00 -------- d-----w- c:\program files (x86)\QuickTime
2011-08-08 14:59 . 2011-08-08 14:59 -------- d-----w- c:\programdata\Apple Computer
2011-08-06 19:04 . 2011-08-06 19:04 -------- d-----w- C:\Temp
2011-08-06 18:47 . 2011-07-20 07:45 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2011-08-06 18:47 . 2011-07-20 07:45 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2011-08-06 18:47 . 2011-07-20 07:45 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2011-08-06 18:47 . 2011-07-20 07:45 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2011-08-06 18:47 . 2011-07-20 07:45 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2011-08-06 18:47 . 2011-07-20 07:45 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2011-08-06 18:47 . 2011-07-20 07:45 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2011-08-06 18:46 . 2011-07-26 15:26 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2011-08-06 18:46 . 2011-08-06 18:46 -------- d-----w- c:\program files (x86)\MarkAny
2011-08-06 18:46 . 2011-07-26 15:26 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2011-08-06 18:45 . 2011-08-06 18:46 -------- d-----w- c:\program files (x86)\Samsung
2011-08-06 18:45 . 2011-08-06 18:46 -------- d-----w- c:\programdata\Samsung
2011-08-06 18:39 . 2011-08-08 18:56 -------- d-----w- c:\program files (x86)\DVD Catalyst
2011-08-06 18:39 . 2011-08-06 18:39 -------- d-----w- c:\users\Public\CyberLink
2011-08-06 18:37 . 2011-08-08 19:41 -------- d-----w- c:\programdata\CyberLink
2011-08-03 17:16 . 2011-08-03 17:16 -------- d-----w- c:\program files (x86)\Google
2011-08-01 17:08 . 2011-08-01 17:08 -------- d-----w- c:\program files (x86)\Apple Software Update
2011-07-31 08:44 . 2011-07-31 08:44 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2011-07-31 08:28 . 2011-08-06 18:37 -------- d-----w- c:\users\Mama
2011-07-31 07:57 . 2011-07-31 07:57 -------- d-----w- c:\windows\SysWow64\Wat
2011-07-31 07:57 . 2011-07-31 07:57 -------- d-----w- c:\windows\system32\Wat
2011-07-31 07:54 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2011-07-31 07:54 . 2011-02-19 12:04 1544192 ----a-w- c:\windows\system32\DWrite.dll
2011-07-31 07:54 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2011-07-31 07:54 . 2011-02-19 06:30 1076736 ----a-w- c:\windows\SysWow64\DWrite.dll
2011-07-31 07:54 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2011-07-31 07:53 . 2011-02-18 10:51 31232 ----a-w- c:\windows\system32\prevhost.exe
2011-07-31 07:53 . 2011-02-18 05:39 31232 ----a-w- c:\windows\SysWow64\prevhost.exe
2011-07-30 23:47 . 2011-07-30 13:56 -------- d-----w- c:\windows\Panther
2011-07-30 20:53 . 2011-07-30 20:53 -------- d-----w- c:\windows\system32\SPReview
2011-07-30 20:52 . 2011-07-30 20:52 -------- d-----w- c:\windows\system32\EventProviders
2011-07-30 20:50 . 2010-11-20 13:25 1504256 ----a-w- c:\windows\system32\wbengine.exe
2011-07-30 20:49 . 2010-11-20 13:27 67072 ----a-w- c:\windows\system32\wsnmp32.dll
2011-07-30 20:48 . 2010-11-20 13:27 529408 ----a-w- c:\windows\system32\wbemcomn.dll
2011-07-30 20:32 . 2011-03-11 06:41 1659776 ----a-w- c:\windows\system32\drivers\ntfs.sys
2011-07-30 20:32 . 2011-03-11 06:33 2565632 ----a-w- c:\windows\system32\esent.dll
2011-07-30 20:32 . 2011-03-11 05:33 1699328 ----a-w- c:\windows\SysWow64\esent.dll
2011-07-30 20:32 . 2011-03-11 06:41 189824 ----a-w- c:\windows\system32\drivers\storport.sys
2011-07-30 20:32 . 2011-03-11 06:41 166272 ----a-w- c:\windows\system32\drivers\nvstor.sys
2011-07-30 20:32 . 2011-03-11 06:41 148352 ----a-w- c:\windows\system32\drivers\nvraid.sys
2011-07-30 20:32 . 2011-03-11 06:41 410496 ----a-w- c:\windows\system32\drivers\iaStorV.sys
2011-07-30 20:32 . 2011-03-11 06:41 27008 ----a-w- c:\windows\system32\drivers\amdxata.sys
2011-07-30 20:32 . 2011-03-11 06:41 107904 ----a-w- c:\windows\system32\drivers\amdsata.sys
2011-07-30 20:32 . 2011-03-11 06:30 96768 ----a-w- c:\windows\system32\fsutil.exe
2011-07-30 20:32 . 2011-03-11 05:31 74240 ----a-w- c:\windows\SysWow64\fsutil.exe
2011-07-30 20:31 . 2011-03-25 03:29 343040 ----a-w- c:\windows\system32\drivers\usbhub.sys
2011-07-30 20:31 . 2011-03-25 03:29 98816 ----a-w- c:\windows\system32\drivers\usbccgp.sys
2011-07-30 20:31 . 2011-03-25 03:29 325120 ----a-w- c:\windows\system32\drivers\usbport.sys
2011-07-30 20:31 . 2011-03-25 03:29 52736 ----a-w- c:\windows\system32\drivers\usbehci.sys
2011-07-30 20:31 . 2011-03-25 03:29 25600 ----a-w- c:\windows\system32\drivers\usbohci.sys
2011-07-30 20:31 . 2011-03-25 03:29 30720 ----a-w- c:\windows\system32\drivers\usbuhci.sys
2011-07-30 20:31 . 2011-03-25 03:28 7936 ----a-w- c:\windows\system32\drivers\usbd.sys
2011-07-30 20:31 . 2011-04-28 03:55 552960 ----a-w- c:\windows\system32\drivers\bthport.sys
2011-07-30 20:31 . 2011-04-28 03:54 80384 ----a-w- c:\windows\system32\drivers\BTHUSB.SYS
2011-07-30 20:31 . 2010-11-20 13:24 229376 ----a-w- c:\windows\system32\fsquirt.exe
2011-07-30 20:26 . 2011-07-30 20:26 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2011-07-30 19:27 . 2011-07-30 20:29 -------- d-----w- c:\program files (x86)\Microsoft Works
2011-07-30 19:27 . 2011-07-30 19:27 -------- d-----w- c:\windows\PCHEALTH
2011-07-30 19:26 . 2011-08-11 16:52 -------- d-----w- c:\programdata\Microsoft Help
2011-07-30 19:25 . 2011-07-30 19:25 -------- d-----r- C:\MSOCache
2011-07-30 19:20 . 2011-07-30 19:20 254528 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2011-07-30 19:20 . 2011-07-30 19:20 -------- d-----w- c:\program files (x86)\DAEMON Tools Toolbar
2011-07-30 19:20 . 2011-07-30 19:20 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2011-07-30 19:19 . 2011-07-30 20:35 -------- d-----w- c:\programdata\DAEMON Tools Lite
2011-07-30 17:29 . 2011-07-30 17:29 -------- d-----w- c:\program files (x86)\AMD
2011-07-30 17:27 . 2011-07-30 17:27 -------- d-----r- c:\program files (x86)\Skype
2011-07-30 17:27 . 2011-07-30 17:27 -------- d-----w- c:\programdata\Skype
2011-07-30 17:03 . 2011-07-30 17:03 -------- d-----w- c:\program files (x86)\Microsoft
2011-07-30 17:03 . 2011-07-30 17:03 -------- d-----w- c:\program files (x86)\MSN Toolbar
2011-07-30 17:03 . 2011-07-30 20:34 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2011-07-30 17:03 . 2011-07-30 17:03 -------- d-----w- c:\program files (x86)\Bing Bar Installer
2011-07-30 17:03 . 2011-07-30 17:05 -------- d-----w- c:\programdata\HP Photo Creations
2011-07-30 17:03 . 2011-07-30 17:03 -------- d-----w- c:\program files (x86)\HP Photo Creations
2011-07-30 17:02 . 2011-07-30 17:05 -------- d-----w- c:\programdata\HP
2011-07-30 17:02 . 2011-07-30 19:35 -------- d-----w- c:\program files (x86)\HP
2011-07-30 17:01 . 2011-07-30 17:01 -------- d-----w- c:\program files\HP
2011-07-30 16:58 . 2011-07-30 16:58 -------- d-----w- c:\program files (x86)\Common Files\Java
2011-07-30 16:58 . 2011-07-30 16:57 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2011-07-30 16:57 . 2011-07-30 16:57 -------- d-----w- c:\program files (x86)\Java
2011-07-30 16:54 . 2011-07-30 16:54 -------- d-----w- c:\program files (x86)\Common Files\Apple
2011-07-30 16:54 . 2011-07-30 16:54 -------- d-----w- c:\programdata\Apple
2011-07-30 16:38 . 2011-07-30 16:38 -------- d-----w- c:\program files (x86)\Downloaded Installations
2011-07-30 16:38 . 2004-02-26 22:00 962612 ----a-w- c:\windows\SysWow64\mfc42d.dll
2011-07-30 16:38 . 2004-02-16 22:00 434252 ----a-w- c:\windows\SysWow64\MSVCRTD.DLL
2011-07-30 16:38 . 2009-09-30 09:33 24576 ----a-w- c:\windows\SysWow64\AsIO.dll
2011-07-30 16:38 . 2009-08-04 08:28 13440 ----a-w- c:\windows\SysWow64\drivers\AsIO.sys
2011-07-30 16:37 . 2008-01-04 11:34 11832 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp64.sys
2011-07-30 16:37 . 2008-01-04 11:34 10216 ----a-w- c:\windows\SysWow64\drivers\AsInsHelp32.sys
2011-07-30 16:37 . 2009-07-16 09:38 15416 ----a-w- c:\windows\system32\drivers\ASACPI.sys
2011-07-30 16:31 . 2011-07-30 16:38 -------- d-----w- c:\program files (x86)\ASUS
2011-07-30 16:20 . 2011-07-30 16:20 -------- d-----w- c:\program files (x86)\VideoLAN
2011-07-30 16:03 . 2006-10-06 12:17 53248 ------w- c:\windows\Ctregrun.exe
2011-07-30 16:03 . 2000-05-22 14:58 647872 ------w- c:\windows\SysWow64\Mscomct2.ocx
2011-07-30 15:58 . 2011-07-30 15:58 -------- d-----w- c:\program files (x86)\Common Files\Creative
2011-07-30 15:58 . 2011-07-30 16:10 -------- d--h--w- c:\program files (x86)\Creative Installation Information
2011-07-30 15:58 . 2011-07-30 15:58 -------- d-----w- c:\program files (x86)\Common Files\Creative Labs Shared
2011-07-30 15:58 . 2011-07-30 16:09 -------- d-----w- c:\program files\Creative
2011-07-30 15:56 . 2010-05-05 19:18 12288 ----a-w- c:\windows\system32\INRES.DLL
2011-07-30 15:56 . 2010-05-05 18:01 11776 ----a-w- c:\windows\SysWow64\INRES.DLL
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-30 20:57 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2011-07-30 20:57 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2011-07-30 14:23 . 2011-07-30 14:23 203776 ----a-w- c:\windows\SysWow64\webcheck.dll
2011-07-30 14:23 . 2011-07-30 14:23 249344 ----a-w- c:\windows\system32\webcheck.dll
2011-07-16 04:26 . 2011-08-11 16:48 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-07-08 04:15 . 2011-07-08 04:15 9884672 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2011-07-08 03:54 . 2011-07-08 03:54 23385600 ----a-w- c:\windows\system32\atio6axx.dll
2011-07-08 03:33 . 2011-07-08 03:33 17940992 ----a-w- c:\windows\SysWow64\atioglxx.dll
2011-07-08 03:29 . 2011-07-08 03:29 151552 ----a-w- c:\windows\system32\atiapfxx.exe
2011-07-08 03:29 . 2011-07-08 03:29 689152 ----a-w- c:\windows\SysWow64\aticfx32.dll
2011-07-08 03:28 . 2011-07-08 03:28 814592 ----a-w- c:\windows\system32\aticfx64.dll
2011-07-08 03:25 . 2011-07-08 03:25 462848 ----a-w- c:\windows\system32\ATIDEMGX.dll
2011-07-08 03:25 . 2011-07-08 03:25 485376 ----a-w- c:\windows\system32\atieclxx.exe
2011-07-08 03:25 . 2011-07-08 03:25 204288 ----a-w- c:\windows\system32\atiesrxx.exe
2011-07-08 03:23 . 2011-07-08 03:23 120320 ----a-w- c:\windows\system32\atitmm64.dll
2011-07-08 03:23 . 2011-07-08 03:23 423424 ----a-w- c:\windows\system32\atipdl64.dll
2011-07-08 03:23 . 2011-07-08 03:23 356352 ----a-w- c:\windows\SysWow64\atipdlxx.dll
2011-07-08 03:23 . 2011-07-08 03:23 278528 ----a-w- c:\windows\SysWow64\Oemdspif.dll
2011-07-08 03:23 . 2011-07-08 03:23 16384 ----a-w- c:\windows\system32\atimuixx.dll
2011-07-08 03:23 . 2011-07-08 03:23 59392 ----a-w- c:\windows\system32\atiedu64.dll
2011-07-08 03:22 . 2011-07-08 03:22 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2011-07-08 03:19 . 2011-07-08 03:19 4275712 ----a-w- c:\windows\SysWow64\atidxx32.dll
2011-07-08 03:10 . 2011-07-08 03:10 5072896 ----a-w- c:\windows\system32\atidxx64.dll
2011-07-08 03:06 . 2011-07-08 03:06 1113088 ----a-w- c:\windows\system32\atiumd6v.dll
2011-07-08 03:05 . 2011-07-08 03:05 1828864 ----a-w- c:\windows\SysWow64\atiumdmv.dll
2011-07-08 03:05 . 2011-07-08 03:05 3848704 ----a-w- c:\windows\system32\atiumd6a.dll
2011-07-08 03:02 . 2011-07-08 03:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2011-07-08 03:02 . 2011-07-08 03:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2011-07-08 03:01 . 2011-07-08 03:01 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2011-07-08 03:01 . 2011-07-08 03:01 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2011-07-08 03:01 . 2011-07-08 03:01 8134656 ----a-w- c:\windows\system32\aticaldd64.dll
2011-07-08 03:00 . 2011-07-08 03:00 4367360 ----a-w- c:\windows\SysWow64\atiumdag.dll
2011-07-08 02:58 . 2011-07-08 02:58 6740480 ----a-w- c:\windows\SysWow64\aticaldd.dll
2011-07-08 02:55 . 2011-07-08 02:55 4039680 ----a-w- c:\windows\SysWow64\atiumdva.dll
2011-07-08 02:54 . 2011-04-19 23:27 58880 ----a-w- c:\windows\system32\coinst.dll
2011-07-08 02:54 . 2011-07-08 02:54 5540864 ----a-w- c:\windows\system32\atiumd64.dll
2011-07-08 02:47 . 2011-07-08 02:47 375808 ----a-w- c:\windows\system32\atiadlxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 266240 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2011-07-08 02:47 . 2011-07-08 02:47 15360 ----a-w- c:\windows\system32\atig6pxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 13312 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 13312 ----a-w- c:\windows\system32\atiglpxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 39936 ----a-w- c:\windows\system32\atig6txx.dll
2011-07-08 02:47 . 2011-07-08 02:47 32768 ----a-w- c:\windows\SysWow64\atigktxx.dll
2011-07-08 02:47 . 2011-07-08 02:47 307712 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2011-07-08 02:46 . 2011-07-08 02:46 40960 ----a-w- c:\windows\system32\atiuxp64.dll
2011-07-08 02:46 . 2011-07-08 02:46 31744 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2011-07-08 02:46 . 2011-07-08 02:46 38912 ----a-w- c:\windows\system32\atiu9p64.dll
2011-07-08 02:45 . 2011-07-08 02:45 29184 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2011-07-08 02:45 . 2011-07-08 02:45 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2011-07-08 02:41 . 2011-07-08 02:41 53760 ----a-w- c:\windows\system32\atimpc64.dll
2011-07-08 02:41 . 2011-07-08 02:41 53760 ----a-w- c:\windows\system32\amdpcom64.dll
2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\SysWow64\atimpc32.dll
2011-07-08 02:40 . 2011-07-08 02:40 52736 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2011-07-07 21:37 . 2011-07-07 21:37 60416 ----a-w- c:\windows\system32\OVDecode64.dll
2011-07-07 21:37 . 2011-07-07 21:37 51200 ----a-w- c:\windows\system32\OpenCL.dll
2011-07-07 21:36 . 2011-07-07 21:36 16907776 ----a-w- c:\windows\system32\amdocl64.dll
2011-07-05 16:37 . 2011-07-05 16:37 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2011-07-05 16:37 . 2011-07-05 16:37 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2011-06-27 14:23 . 2011-06-27 14:23 53760 ----a-w- c:\windows\SysWow64\OVDecode.dll
2011-06-27 14:23 . 2011-06-27 14:23 43520 ----a-w- c:\windows\SysWow64\OpenCL.dll
2011-06-27 14:22 . 2011-06-27 14:22 13904896 ----a-w- c:\windows\SysWow64\amdocl.dll
2011-06-16 01:34 . 2011-06-16 01:34 2971648 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2011-06-16 01:34 . 2011-06-16 01:34 105984 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-26 16:23 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-26 1493160]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files (x86)\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2011-04-14 12036968]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2011-07-30 639864]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-07-26 958352]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-07-26 3507088]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-07-26 20880]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-07 336384]
"LifeCam"="c:\program files (x86)\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152]
"CTxfiHlp"="CTXFIHLP.EXE" [2010-05-05 25600]
"Bing Bar"="c:\program files (x86)\MSN Toolbar\Platform\5.0.1449.0\mswinext.exe" [2010-04-27 243544]
"Microsoft Default Manager"="c:\program files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe" [2009-11-11 288088]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-26 397992]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-06 449584]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files (x86)\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"HP Software Update"=c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe
.
R2 AODService;AODService;c:\program files (x86)\AMD\OverDrive\AODAssist.exe [2011-05-25 136616]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2011-07-06 366640]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2011-07-30 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2011-07-30 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 136176]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2011-07-07 365568]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 17:16]
.
2011-08-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-08-03 17:16]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-02-18 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-02-18 2093128]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-02-18 4271688]
"VX1000"="c:\windows\vVX1000.exe" [2010-05-20 762736]
"OODefragTray"="c:\windows\system32\oodtray.exe" [2008-11-03 3856128]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://szm.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MIF5BA~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 88.212.8.8 88.212.8.88
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Datta\AppData\Roaming\Mozilla\Firefox\Profiles\t25bviy3.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.csfd.cz/
FF - user.js: network.http.max-connections-per-server - 6
FF - user.js: network.http.max-persistent-connections-per-server - 3
FF - user.js: nglayout.initialpaint.delay - 750
FF - user.js: content.notify.interval - 750000
FF - user.js: content.max.tokenizing.time - 2250000
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG11.00.00.01WORKSTATION"="0EF0D8373BF73B53C0F066EA07F5577F5B61F624DE0E39351D267FAE6C0D9FBFFA507619AC185131ACFC48DEDED12B9486381CA4528B94B9ABFE5B8E7305AD8405C31B963343DFD9118EC400BB723291FDA11DD2F454F08299B911EDD648A8110951562311FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98088EDD5E5BE2F6E667A6171C11EC38DE3DA6171C11EC38DE3D9707485BCAAF94E58951A9ECEB4AB7C41428068798A6824411797B0CF954940120048AC3DA164EF3A1CE2D97EC7EE7134A6EFE1FA8E523C847A0F3FDB6A10E32F0B41A0EE61FC83E0CC3F6DEBF3DEC089DB5E87D93FD738FCA219E18B00A3ABF4D6C1F62967D11BFF7486158458BD39AC37D6D47916B9F2FF9FC97AB191D897A5DCFC5DD3275F527F349C78EFC046FF6D8933991FCBC1A6F980A7C7B427FAFE82D5ABD1225618CD8F7848B7E8ED5D47E589E7FE7D4161AD0CEF07042266822472EDB388302ADAC6D5B8F129C42C15B462717F549BB2D9902A7B11AA85F251C02B3F5EFAA7C5B722DDDD142CD08A0A11689C9552A78CFD5E9131C24D0AD171EBCF6A01FF46E813E9A9D85096A70D909E9AC57DBEFF55AD1A16356BC4EF4B06B4F93A584C4D3C634E8A33DD842B1EBB5F39CB3CA76C3C1D376505B17A9BD7989C18A24E66D4EE93CFD57D9A317A5EB9096CB28E78B148D64EAF4766ADDB39045D3410F893922BC02768515651FC9FDC7EC12527D74BE58D3B3524C70DB27A3ADF7FDAC3C63B9A2F6A1E07A1804C05CCCC029A258E53DD0333BC9D0E6060B7893D46E974B1F9F17CD04FE683C63CFD55394AF5DC98C2FBBD81DA34E9337F86711C423BF8D90862600D3581558CF61CCD51C271B2986D86F5EAC0CE23A39AADB7FD58F6758CF43F0C8FCCA06F4CF043790C0F649CDE61E5722EF1280264D01D67F4C8D2507EA4DADA81E97181D5CE71F051D69A818B50D71C71E276BA6A5806B729C58E2FAE343A3640D65FA6263E3A2F8842DCDE66CD254B326A53F8D6CCF4401F190E197ACE533034F3BB259C87276F478532222FAC12410A94768B23D3B1B942C3A32C331184BD12287179A60AFDD45B3D2E13244529DCB7EABA9EFA634C05EDABE3C6B4DE4F1DF729C52C2F4DF33FBA1079C849F1F8F992D5598A32ECC9A5048E9B97DD278C002E5AEE5F2C566E66F632DB80C5766DD6E73AD9DB14CBC2122EBEBBA6F0624644F545825CF83CF79364DE76EBDAB0B7F04437EF8FEEAE15E4FF5D9A0B69F5C9DA547153881D3480330E7BE4B92CE94FEDA42793A77EBBA7495C72B23D1CCB944A400489AB352A22CFC6F1B2E89672D7C3249AE4809A26B9779F83DCC3DAF793EAFF1B51B1A0CD3328155CACE2390A42B1367975D2757BB10C0D3D0FCFDDBFC0BEE43885E65"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files (x86)\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
.
**************************************************************************
.
Completion time: 2011-08-11 20:11:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-08-11 18:11
.
Pre-Run: 11 556 847 616 bytes free
Post-Run: 11 395 645 440 bytes free
.
- - End Of File - - 109CFEAB9C6986BE3AFC8C8FDA9D5FF9
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Ziadost o kontrolu logu s ComboFixu
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Ziadost o kontrolu logu s ComboFixu
Ještě dočistíme. Přesuňte comboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\program files (x86)\Ask.com
Registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?