Prosim o kontrolu logu combofix
Napsal: 06 zář 2011 19:05
ComboFix 11-09-06.03 - kilo . 09. 2011 19:31:21.1.2 - x86
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.1015.222 [GMT 2:00]
Running from: c:\users\kilo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml1A43.tmp
c:\programdata\xml1C57.tmp
c:\programdata\xml1D23.tmp
c:\programdata\xml86BC.tmp
c:\programdata\xml8A07.tmp
c:\programdata\xml8AA4.tmp
c:\users\kilo\AppData\Local\ApplicationHistory
c:\users\kilo\AppData\Local\ApplicationHistory\mmc.exe.959a7e97.ini
c:\users\kilo\AppData\Local\ApplicationHistory\msklc.exe.9b9f197b.ini
c:\users\kilo\AppData\Local\ApplicationHistory\WiFi SiStr.exe.2dbeb5bc.ini.inuse
c:\users\kilo\AppData\Roaming\Roaming
c:\users\kilo\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt
c:\users\kilo\Desktop\Internet Explorer.lnk
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-06 17:01 . 2011-09-06 17:01 -------- d-----w- c:\program files\Reimage
2011-09-06 15:49 . 2011-09-06 15:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKsl3f9176cc.sys
2011-09-06 11:38 . 2011-09-06 11:38 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKslab6e6dee.sys
2011-09-05 18:02 . 2011-09-05 18:02 -------- d-----w- c:\users\kilo\AppData\Local\Sony
2011-09-05 17:44 . 2011-09-05 18:25 -------- d-----w- c:\users\kilo\AppData\Roaming\Sony
2011-09-05 17:35 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\mpengine.dll
2011-09-01 19:01 . 2011-09-01 19:01 -------- d-----w- c:\program files\SystemRequirementsLab
2011-09-01 18:35 . 2011-09-01 19:03 -------- d-----w- c:\program files\NetMeter
2011-08-20 22:20 . 2011-08-20 22:20 -------- d-----w- c:\program files\Common Files\Intel Corporation
2011-08-20 21:09 . 2011-05-20 07:43 461592 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-08-20 21:04 . 2011-08-20 21:04 -------- d-----w- C:\Intel
2011-08-20 21:02 . 2011-06-29 08:51 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-08-20 20:55 . 2011-09-01 19:06 -------- d-----w- c:\users\kilo\AppData\Roaming\YoWindow
2011-08-20 20:48 . 2011-08-20 20:48 -------- d-----w- c:\program files\Driver-Soft
2011-08-13 10:23 . 2011-08-13 10:23 -------- d-----w- c:\program files\Nokia
2011-08-12 17:21 . 2011-09-05 18:13 -------- d-----w- c:\users\kilo\AppData\Roaming\vlc
2011-08-12 16:46 . 2011-08-12 16:46 -------- d-----w- c:\program files\WMA MP3 Converter 4
2011-08-12 07:29 . 2011-07-17 14:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-12 07:29 . 2011-07-17 14:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A10D0CDC-57BD-4D2A-9949-D198187E71FC}\gapaengine.dll
2011-08-11 16:01 . 2007-12-14 20:05 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2011-08-11 16:01 . 2007-11-29 06:52 40056 ----a-w- c:\windows\system32\NicInst6.dll
2011-08-11 16:01 . 2007-11-16 18:54 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2011-08-11 16:01 . 2007-08-24 15:58 28272 ----a-w- c:\windows\system32\NicCo26.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2011-07-18 19:58 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-29 04:34 . 2011-07-29 04:34 689664 ----a-w- c:\windows\yowindow.scr
2011-07-26 19:57 . 2007-01-17 15:07 304328 ----a-w- c:\windows\system32\Prounstl.exe
2011-07-08 08:12 . 2011-07-08 08:12 669816 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 08:12 . 2011-07-08 08:12 519800 ----a-w- c:\windows\system32\accesor.dll
2011-07-08 07:50 . 2011-07-08 07:50 140920 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 07:33 . 2011-07-08 07:33 2022520 ----a-w- c:\windows\system32\ncscolib.dll
2011-06-29 09:45 . 2011-06-29 09:45 192000 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-28 01:12 . 2011-06-28 01:12 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-27 15:59 . 2011-06-27 15:59 139488 ----a-w- c:\windows\system32\drivers\iANSW60.sys
2011-06-26 07:18 . 2011-05-18 06:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 13:23 . 2007-09-30 05:34 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-19 19:55 . 2011-06-19 19:55 193 ----a-w- c:\users\kilo\AppData\Roaming\DelAll.bat
2011-08-31 20:58 . 2011-04-16 13:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2010-05-18 1989120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2504984442-3820481901-754887788-1006]
"EnableNotificationsRef"=dword:00000001
.
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R1 MpKsl3e4d05ac;MpKsl3e4d05ac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCC42711-0258-4194-AD0D-986473840DB3}\MpKsl3e4d05ac.sys [x]
R1 MpKslcb30ddf1;MpKslcb30ddf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6A78FEA-61AD-4B70-AA97-9C8D79B5EB37}\MpKslcb30ddf1.sys [x]
R1 MpKslcc75e5a9;MpKslcc75e5a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0878E6C4-1C3D-4D7E-B043-B8AE1244C0E6}\MpKslcc75e5a9.sys [x]
R1 MpKslccc32002;MpKslccc32002;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0878E6C4-1C3D-4D7E-B043-B8AE1244C0E6}\MpKslccc32002.sys [x]
R1 MpKsldcf6871b;MpKsldcf6871b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A363626-028F-43A3-BD5F-EC44A1D7F14C}\MpKsldcf6871b.sys [x]
R2 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-04-23 9241088]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-03 113664]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\DRIVERS\LtkUSB.sys [2010-11-06 42984]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2011-03-03 101120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-01-13 715248]
S1 MpKsl3f9176cc;MpKsl3f9176cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKsl3f9176cc.sys [2011-09-06 28752]
S1 MpKslab6e6dee;MpKslab6e6dee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKslab6e6dee.sys [2011-09-06 28752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 112800]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-28 5120]
S3 cpuz134;cpuz134;c:\users\kilo\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CPUZ134
*NewlyCreated* - MPKSL3F9176CC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504984442-3820481901-754887788-1006Core.job
- c:\users\kilo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 05:41]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504984442-3820481901-754887788-1006UA.job
- c:\users\kilo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 05:41]
.
2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{7B372059-F556-4365-BB28-D16ACD824202}.job
- c:\windows\system32\msfeedssync.exe [2011-03-31 07:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SK_SK&c=74&bd=smb&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\kilo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\kilo\AppData\Roaming\Mozilla\Firefox\Profiles\m401qb5q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2504984442-3820481901-754887788-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F40DA5C-8AD3-49ED-04AF-2E640EADE822}*]
"janaifcpeppojbegocgf"=hex:66,61,6f,6a,6e,67,66,6f,63,65,65,63,00,f7
"pafagepjeegfdmlfaecceoadanpbpgpp"=hex:64,61,6f,6a,63,68,69,70,00,65
"hanaifcpeppojbeg"=hex:6e,62,65,61,6c,65,69,69,65,6c,61,6a,6f,6f,6b,6f,6a,63,
69,66,70,66,6e,6e,6b,6b,62,65,67,65,63,63,6f,69,62,68,68,64,68,6d,69,69,62,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-06 19:44:15
ComboFix-quarantined-files.txt 2011-09-06 17:44
.
Pre-Run: 6 503 792 640 bytes free
Post-Run: 6 352 302 080 bytes free
.
- - End Of File - - AE62385A451A2D56E9351BBFE0324B77
Microsoft® Windows Vista™ Home Basic 6.0.6002.2.1250.421.1051.18.1015.222 [GMT 2:00]
Running from: c:\users\kilo\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\xml1A43.tmp
c:\programdata\xml1C57.tmp
c:\programdata\xml1D23.tmp
c:\programdata\xml86BC.tmp
c:\programdata\xml8A07.tmp
c:\programdata\xml8AA4.tmp
c:\users\kilo\AppData\Local\ApplicationHistory
c:\users\kilo\AppData\Local\ApplicationHistory\mmc.exe.959a7e97.ini
c:\users\kilo\AppData\Local\ApplicationHistory\msklc.exe.9b9f197b.ini
c:\users\kilo\AppData\Local\ApplicationHistory\WiFi SiStr.exe.2dbeb5bc.ini.inuse
c:\users\kilo\AppData\Roaming\Roaming
c:\users\kilo\AppData\Roaming\Roaming\Nevosoft\Vampireville\settings.txt
c:\users\kilo\Desktop\Internet Explorer.lnk
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-08-06 to 2011-09-06 )))))))))))))))))))))))))))))))
.
.
2011-09-06 17:01 . 2011-09-06 17:01 -------- d-----w- c:\program files\Reimage
2011-09-06 15:49 . 2011-09-06 15:49 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKsl3f9176cc.sys
2011-09-06 11:38 . 2011-09-06 11:38 28752 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKslab6e6dee.sys
2011-09-05 18:02 . 2011-09-05 18:02 -------- d-----w- c:\users\kilo\AppData\Local\Sony
2011-09-05 17:44 . 2011-09-05 18:25 -------- d-----w- c:\users\kilo\AppData\Roaming\Sony
2011-09-05 17:35 . 2011-08-12 02:44 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\mpengine.dll
2011-09-01 19:01 . 2011-09-01 19:01 -------- d-----w- c:\program files\SystemRequirementsLab
2011-09-01 18:35 . 2011-09-01 19:03 -------- d-----w- c:\program files\NetMeter
2011-08-20 22:20 . 2011-08-20 22:20 -------- d-----w- c:\program files\Common Files\Intel Corporation
2011-08-20 21:09 . 2011-05-20 07:43 461592 ----a-w- c:\windows\system32\drivers\iaStor.sys
2011-08-20 21:04 . 2011-08-20 21:04 -------- d-----w- C:\Intel
2011-08-20 21:02 . 2011-06-29 08:51 112800 ----a-w- c:\windows\system32\IPROSetMonitor.exe
2011-08-20 20:55 . 2011-09-01 19:06 -------- d-----w- c:\users\kilo\AppData\Roaming\YoWindow
2011-08-20 20:48 . 2011-08-20 20:48 -------- d-----w- c:\program files\Driver-Soft
2011-08-13 10:23 . 2011-08-13 10:23 -------- d-----w- c:\program files\Nokia
2011-08-12 17:21 . 2011-09-05 18:13 -------- d-----w- c:\users\kilo\AppData\Roaming\vlc
2011-08-12 16:46 . 2011-08-12 16:46 -------- d-----w- c:\program files\WMA MP3 Converter 4
2011-08-12 07:29 . 2011-07-17 14:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-08-12 07:29 . 2011-07-17 14:50 439632 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A10D0CDC-57BD-4D2A-9949-D198187E71FC}\gapaengine.dll
2011-08-11 16:01 . 2007-12-14 20:05 35424 ----a-w- c:\windows\system32\e100bmsg.dll
2011-08-11 16:01 . 2007-11-29 06:52 40056 ----a-w- c:\windows\system32\NicInst6.dll
2011-08-11 16:01 . 2007-11-16 18:54 165496 ----a-w- c:\windows\system32\drivers\e100b325.sys
2011-08-11 16:01 . 2007-08-24 15:58 28272 ----a-w- c:\windows\system32\NicCo26.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-08-12 02:44 . 2011-07-18 19:58 7152464 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-07-29 04:34 . 2011-07-29 04:34 689664 ----a-w- c:\windows\yowindow.scr
2011-07-26 19:57 . 2007-01-17 15:07 304328 ----a-w- c:\windows\system32\Prounstl.exe
2011-07-08 08:12 . 2011-07-08 08:12 669816 ----a-w- c:\windows\system32\ncs2dmix.dll
2011-07-08 08:12 . 2011-07-08 08:12 519800 ----a-w- c:\windows\system32\accesor.dll
2011-07-08 07:50 . 2011-07-08 07:50 140920 ----a-w- c:\windows\system32\ncs2instutility.dll
2011-07-08 07:33 . 2011-07-08 07:33 2022520 ----a-w- c:\windows\system32\ncscolib.dll
2011-06-29 09:45 . 2011-06-29 09:45 192000 ----a-w- c:\windows\system32\Ncs2Setp.dll
2011-06-28 01:12 . 2011-06-28 01:12 30368 ----a-w- c:\windows\system32\drivers\iqvw32.sys
2011-06-27 15:59 . 2011-06-27 15:59 139488 ----a-w- c:\windows\system32\drivers\iANSW60.sys
2011-06-26 07:18 . 2011-05-18 06:39 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-22 13:23 . 2007-09-30 05:34 53248 ----a-w- c:\windows\system32\CSVer.dll
2011-06-19 19:55 . 2011-06-19 19:55 193 ----a-w- c:\users\kilo\AppData\Roaming\DelAll.bat
2011-08-31 20:58 . 2011-04-16 13:15 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2007-09-12 141848]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 827392]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 997920]
"3200 Scan2PC"="c:\windows\twain_32\Samsung\SCX3200\Scan2Pc.exe" [2010-05-18 1989120]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WAWifiMessage]
2007-01-10 23:12 317128 ----a-w- c:\program files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc\S-1-5-21-2504984442-3820481901-754887788-1006]
"EnableNotificationsRef"=dword:00000001
.
R0 szkg5;szkg5;c:\windows\system32\DRIVERS\szkg.sys [x]
R0 szkgfs;szkgfs;c:\windows\system32\drivers\szkgfs.sys [x]
R1 MpKsl3e4d05ac;MpKsl3e4d05ac;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{DCC42711-0258-4194-AD0D-986473840DB3}\MpKsl3e4d05ac.sys [x]
R1 MpKslcb30ddf1;MpKslcb30ddf1;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A6A78FEA-61AD-4B70-AA97-9C8D79B5EB37}\MpKslcb30ddf1.sys [x]
R1 MpKslcc75e5a9;MpKslcc75e5a9;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0878E6C4-1C3D-4D7E-B043-B8AE1244C0E6}\MpKslcc75e5a9.sys [x]
R1 MpKslccc32002;MpKslccc32002;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{0878E6C4-1C3D-4D7E-B043-B8AE1244C0E6}\MpKslccc32002.sys [x]
R1 MpKsldcf6871b;MpKsldcf6871b;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3A363626-028F-43A3-BD5F-EC44A1D7F14C}\MpKsldcf6871b.sys [x]
R2 AllShare;SAMSUNG AllShare Service;c:\program files\Samsung\SAMSUNG PC Share Manager\WiselinkPro.exe [2010-04-23 9241088]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2006-11-02 167936]
R3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [2009-12-18 11336]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2011-03-03 113664]
R3 FlrnUSB;Leadtek USB Network Interface;c:\windows\system32\DRIVERS\LtkUSB.sys [2010-11-06 42984]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [2011-03-03 101120]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2011-04-27 65024]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 208944]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 753504]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2008-01-13 715248]
S1 MpKsl3f9176cc;MpKsl3f9176cc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKsl3f9176cc.sys [2011-09-06 28752]
S1 MpKslab6e6dee;MpKslab6e6dee;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F9AA20A8-CE38-4379-86F3-A5B25CF0898C}\MpKslab6e6dee.sys [2011-09-06 28752]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2011-06-29 112800]
S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2009-10-28 5120]
S3 cpuz134;cpuz134;c:\users\kilo\AppData\Local\Temp\cpuz134\cpuz134_x32.sys [x]
S3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [2011-04-18 43392]
S3 NETwLv32; Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\NETwLv32.sys [2010-10-07 6639616]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - CPUZ134
*NewlyCreated* - MPKSL3F9176CC
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceNoNetwork REG_MULTI_SZ PLA DPS BFE mpssvc
bthsvcs REG_MULTI_SZ BthServ
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504984442-3820481901-754887788-1006Core.job
- c:\users\kilo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 05:41]
.
2011-05-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2504984442-3820481901-754887788-1006UA.job
- c:\users\kilo\AppData\Local\Google\Update\GoogleUpdate.exe [2011-05-14 05:41]
.
2010-09-02 c:\windows\Tasks\User_Feed_Synchronization-{7B372059-F556-4365-BB28-D16ACD824202}.job
- c:\windows\system32\msfeedssync.exe [2011-03-31 07:23]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=SK_SK&c=74&bd=smb&pf=laptop
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube to Mp3 Converter - c:\users\kilo\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\windows\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\windows\WebIE.dll
TCP: DhcpNameServer = 192.168.2.1 192.168.2.1
FF - ProfilePath - c:\users\kilo\AppData\Roaming\Mozilla\Firefox\Profiles\m401qb5q.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{474597C5-AB09-49d6-A4D5-2E8D7341384E} - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Toolbar-Locked - (no file)
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
.
.
.
**************************************************************************
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files:
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2504984442-3820481901-754887788-1006\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{8F40DA5C-8AD3-49ED-04AF-2E640EADE822}*]
"janaifcpeppojbegocgf"=hex:66,61,6f,6a,6e,67,66,6f,63,65,65,63,00,f7
"pafagepjeegfdmlfaecceoadanpbpgpp"=hex:64,61,6f,6a,63,68,69,70,00,65
"hanaifcpeppojbeg"=hex:6e,62,65,61,6c,65,69,69,65,6c,61,6a,6f,6f,6b,6f,6a,63,
69,66,70,66,6e,6e,6b,6b,62,65,67,65,63,63,6f,69,62,68,68,64,68,6d,69,69,62,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2011-09-06 19:44:15
ComboFix-quarantined-files.txt 2011-09-06 17:44
.
Pre-Run: 6 503 792 640 bytes free
Post-Run: 6 352 302 080 bytes free
.
- - End Of File - - AE62385A451A2D56E9351BBFE0324B77