Po odstanění Security shield mi Superantispyware pořád hlásí nákazu, po odstanění a resetu je tam při příštím spuštění znovu. Jedná se o toto:
Security.HiJack[ImageFileExecutionOptions]
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE
(x86) HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\EHSHELL.EXE#Debugger
Může se na to nějaká dobrá duše mrknout? Díky moc...
Tady je log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by lada at 2012-03-06 06:26:55
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 904 GB (96%) free of 944 GB
Total RAM: 3839 MB (66% free)
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe" coreFrameworkHost.exe -m=rb -dt=60000
uiWatchDog.exe 1328
"C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE"
\??\C:\Windows\system32\conhost.exe "1650838455-1459443759-1078652957-635307913-957406834-1461250483114978135529886507
coreFrameworkHost.exe 1328 1
\??\C:\Windows\system32\conhost.exe "-174331509813232265110427243-1644382642-571151627799222094-639567389394097659
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\SysWOW64\AsHookDevice.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe"
"C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe"
"taskhost.exe"
"C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\svchost.exe -k HPZ12
C:\Windows\System32\svchost.exe -k HPZ12
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Trend Micro\UniClient\UiFrmWrk\uiSeAgnt.exe"
"C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
"C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 2704
"C:\Windows\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-2c93d57e-8ee9-4655-8088-e6e00bd94778 -SystemEventPortName:HostProcess-38b27005-c299-4157-affa-4c046c8b1f28 -IoCancelEventPortName:HostProcess-a4c286a3-a555-4d7d-bdb3-7a07b942dee3 -NonStateChangingEventPortName:HostProcess-65fcc222-d21a-4094-a2b0-42af2127d93b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:380e8843-dfe1-4d48-80ee-f52cc1d3d700
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe"
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\trend micro\lada.exe" /silentautolog
"C:\PROGRAM FILES (X86)\LOGMEIN\X64\LOGMEIN.EXE" ra_rc 7471201 1 1 893359492100 0 0 0 950298358 0 15 32 0 5 1712 1 0 0 0 32768
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\lada\Downloads\RSITX64.EXE"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\e715m19z.default
prefs.js - "browser.startup.homepage" - "www.yahoo.com"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0]
"Description"=
"Path"=C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@bestbuy.com/npBestBuyPcAppDetector,version=1.0]
"Description"=
"Path"=C:\ProgramData\Best Buy pc app\npBestBuyPcAppDetector.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
npCouponPrinter.xpt
C:\Program Files (x86)\Mozilla Firefox\plugins\
npCouponPrinter.dll
npMozCouponPrinter.dll
nppdf32.DEU
nppdf32.dll
nppdf32.FRA
nppdf32.JPN
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll [2010-07-20 235344]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll [2011-03-24 265744]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 63912]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1CA1377B-DC1D-4A52-9585-6E06050FAC53}]
TmIEPlugInBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll [2010-07-20 185680]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\Windows\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC}]
TmBpIeBHO Class - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll [2011-03-24 235024]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"=C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe [2011-10-08 1111568]
"Trend Micro Client Framework"=C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe [2011-02-10 197152]
"LogMeIn GUI"=C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe [2011-09-16 57928]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-02-20 2786480]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-02-20 3669680]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-10-13 17351304]
"SUPERAntiSpyware"=C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-01-20 5487488]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-02-10 98304]
"HDAudDeck"=C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2010-10-21 2489456]
"RunAIShell"=C:\Program Files (x86)\ASUS\AI Manager\AsShellApplication.exe [2009-12-23 232064]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2012-01-03 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-03 843712]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger=""C:\PROGRAM FILES (X86)\LOGMEIN\X64\LogMeInSystray.exe" -MceShellRedirect
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=lvcod64.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"MSVideo"=vfwwdm32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-03-06 06:20:45 ----D---- C:\rsit
2012-03-06 05:26:31 ----A---- C:\Windows\system32\drivers\stflt.sys
2012-03-06 05:26:27 ----D---- C:\Users\lada\AppData\Roaming\Spyware Terminator
2012-03-06 05:26:27 ----D---- C:\ProgramData\Spyware Terminator
2012-03-06 05:25:39 ----D---- C:\Program Files (x86)\Spyware Terminator
2012-03-06 04:26:43 ----D---- C:\Program Files\ProcessExplorer
2012-03-06 04:18:46 ----D---- C:\Users\lada\AppData\Roaming\GHISLER
2012-03-06 04:18:46 ----D---- C:\Program Files\Totalcmd
2012-03-06 04:18:46 ----A---- C:\Windows\UC.PIF
2012-03-06 04:18:46 ----A---- C:\Windows\RAR.PIF
2012-03-06 04:18:46 ----A---- C:\Windows\PKZIP.PIF
2012-03-06 04:18:46 ----A---- C:\Windows\PKUNZIP.PIF
2012-03-06 04:18:46 ----A---- C:\Windows\NOCLOSE.PIF
2012-03-06 04:18:46 ----A---- C:\Windows\LHA.PIF
2012-03-06 04:18:46 ----A---- C:\Windows\ARJ.PIF
2012-03-06 01:45:26 ----D---- C:\sh4ldr
2012-03-06 01:45:26 ----D---- C:\Program Files\Enigma Software Group
2012-03-06 01:44:26 ----D---- C:\Windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-05 11:24:55 ----D---- C:\Users\lada\AppData\Roaming\Nero
2012-03-05 10:50:10 ----A---- C:\Windows\system32\LMIRfsClientNP.dll
2012-03-05 10:50:10 ----A---- C:\Windows\system32\LMIport.dll
2012-03-05 10:50:10 ----A---- C:\Windows\system32\drivers\LMIRfsDriver.sys
2012-03-05 10:50:07 ----A---- C:\Windows\system32\LMIinit.dll
2012-03-05 10:50:04 ----D---- C:\ProgramData\LogMeIn
2012-03-05 10:49:56 ----D---- C:\Program Files (x86)\LogMeIn
2012-03-05 10:08:30 ----D---- C:\ProgramData\SUPERSetup
2012-03-05 10:01:36 ----D---- C:\Users\lada\AppData\Roaming\SUPERAntiSpyware.com
2012-03-05 10:01:18 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-03-05 10:01:18 ----D---- C:\Program Files\SUPERAntiSpyware
2012-02-16 07:51:43 ----D---- C:\Windows\Minidump
2012-02-15 16:40:19 ----A---- C:\Windows\system32\shell32.dll
2012-02-15 16:40:18 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-02-15 16:40:18 ----A---- C:\Windows\SYSWOW64\ntshrui.dll
2012-02-15 16:40:18 ----A---- C:\Windows\system32\ntshrui.dll
2012-02-15 16:40:15 ----A---- C:\Windows\system32\win32k.sys
2012-02-15 16:40:14 ----A---- C:\Windows\system32\drivers\afd.sys
2012-02-15 16:40:07 ----A---- C:\Windows\SYSWOW64\msvcrt.dll
2012-02-15 16:40:07 ----A---- C:\Windows\system32\msvcrt.dll
2012-02-15 16:40:03 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-02-15 16:40:03 ----A---- C:\Windows\system32\mshtml.dll
2012-02-15 16:40:02 ----A---- C:\Windows\system32\urlmon.dll
2012-02-15 16:40:02 ----A---- C:\Windows\system32\ieframe.dll
2012-02-15 16:40:01 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-02-15 16:40:01 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-02-15 16:40:01 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2012-02-15 16:40:01 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-02-15 16:40:01 ----A---- C:\Windows\system32\wininet.dll
2012-02-15 16:40:00 ----A---- C:\Windows\SYSWOW64\url.dll
2012-02-15 16:40:00 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-02-15 16:40:00 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-02-15 16:40:00 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-02-15 16:40:00 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-02-15 16:40:00 ----A---- C:\Windows\system32\url.dll
2012-02-15 16:40:00 ----A---- C:\Windows\system32\mshtmled.dll
2012-02-15 16:40:00 ----A---- C:\Windows\system32\msfeeds.dll
2012-02-15 16:40:00 ----A---- C:\Windows\system32\jsproxy.dll
2012-02-15 16:40:00 ----A---- C:\Windows\system32\ieui.dll
2012-02-15 16:40:00 ----A---- C:\Windows\system32\iertutil.dll
2012-02-11 13:39:39 ----D---- C:\Windows\Spybot - Search & Destroy
2012-02-11 13:39:39 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-02-08 19:40:44 ----D---- C:\Users\lada\AppData\Roaming\Intuit
2012-02-08 19:38:39 ----D---- C:\Program Files (x86)\TurboTax
2012-02-08 19:38:20 ----D---- C:\ProgramData\Intuit
======List of files/folders modified in the last 1 month======
2012-03-06 06:26:59 ----D---- C:\Windows\Temp
2012-03-06 06:26:57 ----D---- C:\Program Files\Trend Micro
2012-03-06 06:26:49 ----D---- C:\Windows\system32\config
2012-03-06 06:19:55 ----D---- C:\Users\lada\AppData\Roaming\Skype
2012-03-06 06:19:53 ----D---- C:\Windows\inf
2012-03-06 06:19:52 ----AD---- C:\Windows
2012-03-06 06:19:23 ----D---- C:\Windows\System32
2012-03-06 06:19:23 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-03-06 05:26:32 ----D---- C:\Windows\system32\drivers
2012-03-06 05:26:27 ----AHD---- C:\ProgramData
2012-03-06 05:25:39 ----RD---- C:\Program Files (x86)
2012-03-06 05:23:57 ----D---- C:\Windows\Prefetch
2012-03-06 04:29:43 ----SHD---- C:\Windows\Installer
2012-03-06 04:29:43 ----SD---- C:\Users\lada\AppData\Roaming\Microsoft
2012-03-06 04:29:43 ----D---- C:\Windows\system32\Tasks
2012-03-06 04:28:38 ----SHD---- C:\System Volume Information
2012-03-06 04:26:43 ----RD---- C:\Program Files
2012-03-06 04:17:58 ----D---- C:\Program Files\CCleaner
2012-03-06 02:37:27 ----D---- C:\Windows\system32\catroot2
2012-03-06 02:12:50 ----D---- C:\Windows\system32\drivers\etc
2012-03-06 01:44:24 ----D---- C:\Program Files (x86)\Common Files
2012-03-05 11:36:46 ----D---- C:\ProgramData\Trend Micro
2012-03-05 10:50:54 ----RD---- C:\Users
2012-03-05 09:32:53 ----D---- C:\Windows\SoftwareDistribution
2012-03-05 09:31:10 ----D---- C:\Users\lada\AppData\Roaming\SoftGrid Client
2012-03-04 16:25:09 ----AD---- C:\Windows\SysWOW64
2012-02-25 08:24:52 ----D---- C:\Windows\system32\DriverStore
2012-02-25 08:24:52 ----D---- C:\Windows\system32\catroot
2012-02-25 08:24:47 ----D---- C:\Program Files\Common Files\logishrd
2012-02-24 06:32:26 ----RSD---- C:\Windows\assembly
2012-02-18 00:07:40 ----D---- C:\Windows\system32\wdi
2012-02-17 23:49:09 ----D---- C:\Windows\debug
2012-02-16 08:46:09 ----D---- C:\Windows\Microsoft.NET
2012-02-16 08:19:29 ----D---- C:\Windows\winsxs
2012-02-16 08:18:29 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-02-16 08:17:35 ----D---- C:\Windows\SYSWOW64\migration
2012-02-16 08:17:35 ----D---- C:\Windows\system32\migration
2012-02-16 08:17:35 ----D---- C:\Program Files\Internet Explorer
2012-02-16 08:17:35 ----D---- C:\Program Files (x86)\Internet Explorer
2012-02-16 07:58:53 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-02-16 07:58:52 ----D---- C:\Program Files (x86)\Microsoft Application Virtualization Client
2012-02-16 07:56:33 ----A---- C:\Windows\system32\MRT.exe
2012-02-08 19:40:34 ----RSD---- C:\Windows\Fonts
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\drivers\AtiPcie.sys [2009-05-04 16440]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-13 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2010-08-24 13440]
R1 AsUpIO;AsUpIO; C:\Windows\SysWow64\drivers\AsUpIO.sys [2009-07-06 13368]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
R1 tmtdi;Trend Micro TDI Driver; C:\Windows\system32\DRIVERS\tmtdi.sys [2010-09-17 105552]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-13 59904]
R2 ASInsHelp;ASInsHelp; \??\C:\Windows\SysWow64\drivers\AsInsHelp64.sys [2008-01-04 11832]
R2 LMIInfo;LogMeIn Kernel Information Provider; \??\C:\Program Files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\C:\Windows\system32\drivers\LMIRfsDriver.sys [2011-09-16 72216]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2012-03-06 51496]
R2 tmactmon;tmactmon; C:\Windows\system32\DRIVERS\tmactmon.sys [2010-09-17 90704]
R2 tmcomm;tmcomm; C:\Windows\system32\DRIVERS\tmcomm.sys [2010-09-17 144464]
R2 tmevtmgr;tmevtmgr; C:\Windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2011-04-20 306176]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys [2010-01-27 116736]
R3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0); C:\Windows\system32\DRIVERS\CamDrL64.sys [2007-02-03 955680]
R3 lmimirr;lmimirr; C:\Windows\system32\DRIVERS\lmimirr.sys [2011-09-16 11552]
R3 LVUSBS64;Logitech USB Monitor Filter; C:\Windows\system32\drivers\LVUSBS64.sys [2007-02-03 58528]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\drivers\ASACPI.sys [2009-07-16 15416]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 usbfilter;AMD USB Filter Driver; C:\Windows\system32\DRIVERS\usbfilter.sys [2009-12-22 38456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-10-01 1349232]
S3 ahcix64s;ahcix64s; C:\Windows\system32\drivers\ahcix64s.sys [2009-11-10 234040]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2011-04-20 9319936]
S3 esgiguard;esgiguard; \??\C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 lvpopf64;Logitech POP Suppression Filter; C:\Windows\system32\DRIVERS\lvpopf64.sys [2009-10-07 271640]
S3 LVRS64;Logitech RightSound Filter Driver; C:\Windows\system32\DRIVERS\lvrs64.sys [2009-10-07 327704]
S3 LVUVC64;Logitech QuickCam Pro 5000(UVC); C:\Windows\system32\DRIVERS\lvuvc64.sys [2009-10-07 6379288]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver; C:\Windows\system32\DRIVERS\netr28x.sys [2009-05-19 702976]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 USB_RNDIS_51;USB Remote NDIS Cable Modem Network Device Driver; C:\Windows\system32\DRIVERS\usb8023.sys [2009-07-13 19968]
S4 LMIRfsClientNP;LMIRfsClientNP; C:\Windows\system32\drivers\LMIRfsClientNP.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2011-04-20 203776]
R2 Amsp;Trend Micro Solution Platform; C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe [2011-02-16 256336]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 Device Handle Service;Device Handle Service; C:\Windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
R2 IntuitUpdateServiceV4;Intuit Update Service v4; C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
R2 LMIGuardianSvc;LMIGuardianSvc; C:\Program Files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-01-31 375176]
R2 LMIMaint;LogMeIn Maintenance Service; C:\Program Files (x86)\LogMeIn\x64\RaMaint.exe [2012-01-31 147336]
R2 LogMeIn;LogMeIn; C:\Program Files (x86)\LogMeIn\x64\LogMeIn.exe [2011-09-16 407424]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe [2009-07-23 935208]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-13 27136]
R2 SBSDWSCService;SBSD Security Center Service; C:\Windows\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-02-20 1148632]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-09-06 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Kontrola po odstranění Security Shield
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po odstranění Security Shield
Poprosím o log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola po odstranění Security Shield
Tady je log z Combo Fix. Díky
ComboFix 12-03-08.01 - lada 03/08/2012 6:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2581 [GMT -6:00]
Running from: c:\users\lada\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 13:09 . 2012-03-08 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 13:45 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{976B6C17-14AC-4505-9C44-442258CA92FE}\mpengine.dll
2012-03-06 12:46 . 2012-03-06 12:46 -------- d-----w- c:\users\lada\AppData\Local\GHISLER
2012-03-06 12:20 . 2012-03-06 12:27 -------- d-----w- C:\rsit
2012-03-06 11:26 . 2012-03-06 11:26 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-03-06 11:26 . 2012-03-07 13:23 -------- d-----w- c:\programdata\Spyware Terminator
2012-03-06 11:26 . 2012-03-06 11:26 -------- d-----w- c:\users\lada\AppData\Roaming\Spyware Terminator
2012-03-06 11:25 . 2012-03-06 11:26 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-03-06 10:26 . 2012-03-06 10:26 -------- d-----w- c:\program files\ProcessExplorer
2012-03-06 10:18 . 2012-03-06 12:45 -------- d-----w- c:\program files\Totalcmd
2012-03-06 10:18 . 2012-03-06 11:44 -------- d-----w- c:\users\lada\AppData\Roaming\GHISLER
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\UC.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\RAR.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\LHA.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\ARJ.PIF
2012-03-06 07:45 . 2012-03-06 10:29 -------- d-----w- C:\sh4ldr
2012-03-06 07:45 . 2012-03-06 07:45 -------- d-----w- c:\program files\Enigma Software Group
2012-03-06 07:44 . 2012-03-06 10:29 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-06 07:44 . 2012-03-06 07:44 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-05 17:24 . 2012-03-05 17:24 -------- d-----w- c:\users\lada\AppData\Roaming\Nero
2012-03-05 16:50 . 2012-03-08 12:48 -------- d-----w- c:\users\LogMeInRemoteUser
2012-03-05 16:50 . 2012-03-05 16:50 -------- d-----w- c:\users\lada\AppData\Local\LogMeIn
2012-03-05 16:50 . 2012-02-01 03:31 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-05 16:50 . 2012-02-01 03:31 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-03-05 16:50 . 2012-02-01 03:30 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-03-05 16:50 . 2011-09-16 20:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-03-05 16:50 . 2012-02-01 03:30 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-05 16:50 . 2012-03-08 12:42 -------- d-----w- c:\programdata\LogMeIn
2012-03-05 16:49 . 2012-03-05 16:49 -------- d-----w- c:\program files (x86)\LogMeIn
2012-03-05 16:08 . 2012-03-05 16:08 -------- d-----w- c:\programdata\SUPERSetup
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\users\lada\AppData\Roaming\SUPERAntiSpyware.com
2012-03-05 16:01 . 2012-03-06 10:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-11 19:39 . 2012-03-08 00:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-11 19:39 . 2012-03-06 08:11 -------- d-----w- c:\windows\Spybot - Search & Destroy
2012-02-09 01:40 . 2012-02-09 01:40 -------- d-----w- c:\users\lada\AppData\Roaming\Intuit
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\users\lada\AppData\Local\IsolatedStorage
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-02-09 01:38 . 2012-02-09 01:38 -------- d-----w- c:\program files (x86)\TurboTax
2012-02-09 01:38 . 2012-02-09 01:39 -------- d-----w- c:\programdata\Intuit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 20:45 . 2012-01-17 20:45 10 ----a-w- c:\windows\Fonts\wfonts.key
2011-12-10 21:24 . 2011-09-29 05:12 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:14 1168216 --sha-r- c:\windows\Spybot - Search & Destroy\advcheck.dll
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\APJJNRUAI.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\FOJULJKLF.scr
2009-01-26 21:31 2144088 --sha-r- c:\windows\Spybot - Search & Destroy\NAFQMLHLNSULDH.scr
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\PABPSWMMDF.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\TeaTimer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USB_RNDIS_51;USB Remote NDIS Cable Modem Network Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-01 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 SBSDWSCService;SBSD Security Center Service;c:\windows\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-02-20 1148632]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
FF - ProfilePath - c:\users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\e715m19z.default\
FF - prefs.js: browser.startup.homepage - http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2012-03-08 07:15:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 13:15
.
Pre-Run: 948,119,998,464 bytes free
Post-Run: 947,573,190,656 bytes free
.
- - End Of File - - 0BDC1180C9DF09DA33DFA3328336844F
ComboFix 12-03-08.01 - lada 03/08/2012 6:57.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2581 [GMT -6:00]
Running from: c:\users\lada\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2012-02-08 to 2012-03-08 )))))))))))))))))))))))))))))))
.
.
2012-03-08 13:09 . 2012-03-08 13:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 13:45 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{976B6C17-14AC-4505-9C44-442258CA92FE}\mpengine.dll
2012-03-06 12:46 . 2012-03-06 12:46 -------- d-----w- c:\users\lada\AppData\Local\GHISLER
2012-03-06 12:20 . 2012-03-06 12:27 -------- d-----w- C:\rsit
2012-03-06 11:26 . 2012-03-06 11:26 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-03-06 11:26 . 2012-03-07 13:23 -------- d-----w- c:\programdata\Spyware Terminator
2012-03-06 11:26 . 2012-03-06 11:26 -------- d-----w- c:\users\lada\AppData\Roaming\Spyware Terminator
2012-03-06 11:25 . 2012-03-06 11:26 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-03-06 10:26 . 2012-03-06 10:26 -------- d-----w- c:\program files\ProcessExplorer
2012-03-06 10:18 . 2012-03-06 12:45 -------- d-----w- c:\program files\Totalcmd
2012-03-06 10:18 . 2012-03-06 11:44 -------- d-----w- c:\users\lada\AppData\Roaming\GHISLER
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\UC.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\RAR.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\LHA.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\ARJ.PIF
2012-03-06 07:45 . 2012-03-06 10:29 -------- d-----w- C:\sh4ldr
2012-03-06 07:45 . 2012-03-06 07:45 -------- d-----w- c:\program files\Enigma Software Group
2012-03-06 07:44 . 2012-03-06 10:29 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-06 07:44 . 2012-03-06 07:44 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-05 17:24 . 2012-03-05 17:24 -------- d-----w- c:\users\lada\AppData\Roaming\Nero
2012-03-05 16:50 . 2012-03-08 12:48 -------- d-----w- c:\users\LogMeInRemoteUser
2012-03-05 16:50 . 2012-03-05 16:50 -------- d-----w- c:\users\lada\AppData\Local\LogMeIn
2012-03-05 16:50 . 2012-02-01 03:31 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-05 16:50 . 2012-02-01 03:31 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-03-05 16:50 . 2012-02-01 03:30 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-03-05 16:50 . 2011-09-16 20:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-03-05 16:50 . 2012-02-01 03:30 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-05 16:50 . 2012-03-08 12:42 -------- d-----w- c:\programdata\LogMeIn
2012-03-05 16:49 . 2012-03-05 16:49 -------- d-----w- c:\program files (x86)\LogMeIn
2012-03-05 16:08 . 2012-03-05 16:08 -------- d-----w- c:\programdata\SUPERSetup
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\users\lada\AppData\Roaming\SUPERAntiSpyware.com
2012-03-05 16:01 . 2012-03-06 10:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-11 19:39 . 2012-03-08 00:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-11 19:39 . 2012-03-06 08:11 -------- d-----w- c:\windows\Spybot - Search & Destroy
2012-02-09 01:40 . 2012-02-09 01:40 -------- d-----w- c:\users\lada\AppData\Roaming\Intuit
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\users\lada\AppData\Local\IsolatedStorage
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-02-09 01:38 . 2012-02-09 01:38 -------- d-----w- c:\program files (x86)\TurboTax
2012-02-09 01:38 . 2012-02-09 01:39 -------- d-----w- c:\programdata\Intuit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 20:45 . 2012-01-17 20:45 10 ----a-w- c:\windows\Fonts\wfonts.key
2011-12-10 21:24 . 2011-09-29 05:12 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:14 1168216 --sha-r- c:\windows\Spybot - Search & Destroy\advcheck.dll
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\APJJNRUAI.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\FOJULJKLF.scr
2009-01-26 21:31 2144088 --sha-r- c:\windows\Spybot - Search & Destroy\NAFQMLHLNSULDH.scr
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\PABPSWMMDF.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\TeaTimer.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USB_RNDIS_51;USB Remote NDIS Cable Modem Network Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-01 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 SBSDWSCService;SBSD Security Center Service;c:\windows\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-02-20 1148632]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
2012-03-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
FF - ProfilePath - c:\users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\e715m19z.default\
FF - prefs.js: browser.startup.homepage - http://www.yahoo.com
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10l_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10l.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2012-03-08 07:15:11 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-08 13:15
.
Pre-Run: 948,119,998,464 bytes free
Post-Run: 947,573,190,656 bytes free
.
- - End Of File - - 0BDC1180C9DF09DA33DFA3328336844F
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po odstranění Security Shield
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Firefox::
FF - ProfilePath - c:\users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\e715m19z.default\
FF - prefs.js: browser.startup.homepage - http://www.yahoo.com
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola po odstranění Security Shield
Provedeno. Trvalo to dost dlouho, víc jak hodinu. Tady je nový log.
Díky za ochotu...
ComboFix 12-03-08.01 - lada 03/09/2012 6:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2916 [GMT -6:00]
Running from: c:\users\lada\Desktop\ComboFix.exe
Command switches used :: c:\users\lada\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 14:32 . 2012-03-09 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 13:45 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{976B6C17-14AC-4505-9C44-442258CA92FE}\mpengine.dll
2012-03-06 12:46 . 2012-03-06 12:46 -------- d-----w- c:\users\lada\AppData\Local\GHISLER
2012-03-06 12:20 . 2012-03-06 12:27 -------- d-----w- C:\rsit
2012-03-06 11:26 . 2012-03-06 11:26 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-03-06 11:26 . 2012-03-07 13:23 -------- d-----w- c:\programdata\Spyware Terminator
2012-03-06 11:26 . 2012-03-06 11:26 -------- d-----w- c:\users\lada\AppData\Roaming\Spyware Terminator
2012-03-06 11:25 . 2012-03-06 11:26 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-03-06 10:26 . 2012-03-06 10:26 -------- d-----w- c:\program files\ProcessExplorer
2012-03-06 10:18 . 2012-03-06 12:45 -------- d-----w- c:\program files\Totalcmd
2012-03-06 10:18 . 2012-03-06 11:44 -------- d-----w- c:\users\lada\AppData\Roaming\GHISLER
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\UC.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\RAR.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\LHA.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\ARJ.PIF
2012-03-06 07:45 . 2012-03-06 10:29 -------- d-----w- C:\sh4ldr
2012-03-06 07:45 . 2012-03-06 07:45 -------- d-----w- c:\program files\Enigma Software Group
2012-03-06 07:44 . 2012-03-06 10:29 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-06 07:44 . 2012-03-06 07:44 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-05 17:24 . 2012-03-05 17:24 -------- d-----w- c:\users\lada\AppData\Roaming\Nero
2012-03-05 16:50 . 2012-03-08 12:48 -------- d-----w- c:\users\LogMeInRemoteUser
2012-03-05 16:50 . 2012-03-05 16:50 -------- d-----w- c:\users\lada\AppData\Local\LogMeIn
2012-03-05 16:50 . 2012-02-01 03:31 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-05 16:50 . 2012-02-01 03:31 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-03-05 16:50 . 2012-02-01 03:30 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-03-05 16:50 . 2011-09-16 20:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-03-05 16:50 . 2012-02-01 03:30 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-05 16:50 . 2012-03-09 12:26 -------- d-----w- c:\programdata\LogMeIn
2012-03-05 16:49 . 2012-03-05 16:49 -------- d-----w- c:\program files (x86)\LogMeIn
2012-03-05 16:08 . 2012-03-05 16:08 -------- d-----w- c:\programdata\SUPERSetup
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\users\lada\AppData\Roaming\SUPERAntiSpyware.com
2012-03-05 16:01 . 2012-03-06 10:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-11 19:39 . 2012-03-08 00:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-11 19:39 . 2012-03-06 08:11 -------- d-----w- c:\windows\Spybot - Search & Destroy
2012-02-09 01:40 . 2012-02-09 01:40 -------- d-----w- c:\users\lada\AppData\Roaming\Intuit
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\users\lada\AppData\Local\IsolatedStorage
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-02-09 01:38 . 2012-02-09 01:38 -------- d-----w- c:\program files (x86)\TurboTax
2012-02-09 01:38 . 2012-02-09 01:39 -------- d-----w- c:\programdata\Intuit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 20:45 . 2012-01-17 20:45 10 ----a-w- c:\windows\Fonts\wfonts.key
2011-12-10 21:24 . 2011-09-29 05:12 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:14 1168216 --sha-r- c:\windows\Spybot - Search & Destroy\advcheck.dll
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\APJJNRUAI.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\FOJULJKLF.scr
2009-01-26 21:31 2144088 --sha-r- c:\windows\Spybot - Search & Destroy\NAFQMLHLNSULDH.scr
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\PABPSWMMDF.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\TeaTimer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-08_13.11.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-09 14:33 . 2012-03-09 14:33 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-08 13:10 . 2012-03-08 13:10 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-06 08:38 . 2012-03-08 13:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-03-06 08:38 . 2012-03-06 12:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-03-08 13:13 41400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-06 14:42 . 2012-03-08 13:13 10018 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2144176792-3369089171-3824660129-1001_UserData.bin
+ 2011-09-06 14:06 . 2012-03-09 14:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-06 14:06 . 2012-03-08 13:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-06 14:06 . 2012-03-08 13:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-06 14:06 . 2012-03-09 14:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-08 13:11 . 2012-03-08 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-09 14:33 . 2012-03-09 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-09 14:33 . 2012-03-09 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-08 13:11 . 2012-03-08 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-06 17:03 . 2012-03-09 12:26 329352 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-08 13:15 635796 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-06 12:19 635796 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-08 13:15 110254 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-06 12:19 110254 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-03-08 13:11 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-09 14:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-03-08 13:10 240708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-09 14:32 240708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-06 17:12 . 2012-03-08 13:10 29544796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2144176792-3369089171-3824660129-1001-8192.dat
+ 2011-09-06 17:12 . 2012-03-09 14:33 29544796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2144176792-3369089171-3824660129-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USB_RNDIS_51;USB Remote NDIS Cable Modem Network Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-01 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 SBSDWSCService;SBSD Security Center Service;c:\windows\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-02-20 1148632]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
FF - ProfilePath - c:\users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\e715m19z.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2012-03-09 08:38:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-09 14:38
ComboFix2.txt 2012-03-08 13:15
.
Pre-Run: 947,607,515,136 bytes free
Post-Run: 948,255,379,456 bytes free
.
- - End Of File - - 54724E205F1E0B78918C2E93EA84C9F2
Díky za ochotu...
ComboFix 12-03-08.01 - lada 03/09/2012 6:41.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.1.1033.18.3839.2916 [GMT -6:00]
Running from: c:\users\lada\Desktop\ComboFix.exe
Command switches used :: c:\users\lada\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security *Enabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Enabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-02-09 to 2012-03-09 )))))))))))))))))))))))))))))))
.
.
2012-03-09 14:32 . 2012-03-09 14:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-06 13:45 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{976B6C17-14AC-4505-9C44-442258CA92FE}\mpengine.dll
2012-03-06 12:46 . 2012-03-06 12:46 -------- d-----w- c:\users\lada\AppData\Local\GHISLER
2012-03-06 12:20 . 2012-03-06 12:27 -------- d-----w- C:\rsit
2012-03-06 11:26 . 2012-03-06 11:26 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-03-06 11:26 . 2012-03-07 13:23 -------- d-----w- c:\programdata\Spyware Terminator
2012-03-06 11:26 . 2012-03-06 11:26 -------- d-----w- c:\users\lada\AppData\Roaming\Spyware Terminator
2012-03-06 11:25 . 2012-03-06 11:26 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-03-06 10:26 . 2012-03-06 10:26 -------- d-----w- c:\program files\ProcessExplorer
2012-03-06 10:18 . 2012-03-06 12:45 -------- d-----w- c:\program files\Totalcmd
2012-03-06 10:18 . 2012-03-06 11:44 -------- d-----w- c:\users\lada\AppData\Roaming\GHISLER
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\UC.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\RAR.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\PKUNZIP.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\NOCLOSE.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\LHA.PIF
2012-03-06 10:18 . 2008-08-08 13:04 545 ----a-w- c:\windows\ARJ.PIF
2012-03-06 07:45 . 2012-03-06 10:29 -------- d-----w- C:\sh4ldr
2012-03-06 07:45 . 2012-03-06 07:45 -------- d-----w- c:\program files\Enigma Software Group
2012-03-06 07:44 . 2012-03-06 10:29 -------- d-----w- c:\windows\5B210B8AB66E4702B44D0D6F388D29EB.TMP
2012-03-06 07:44 . 2012-03-06 07:44 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-03-05 17:24 . 2012-03-05 17:24 -------- d-----w- c:\users\lada\AppData\Roaming\Nero
2012-03-05 16:50 . 2012-03-08 12:48 -------- d-----w- c:\users\LogMeInRemoteUser
2012-03-05 16:50 . 2012-03-05 16:50 -------- d-----w- c:\users\lada\AppData\Local\LogMeIn
2012-03-05 16:50 . 2012-02-01 03:31 87456 ----a-w- c:\windows\system32\LMIRfsClientNP.dll
2012-03-05 16:50 . 2012-02-01 03:31 59776 ----a-w- c:\windows\system32\Spool\prtprocs\x64\LMIproc.dll
2012-03-05 16:50 . 2012-02-01 03:30 34688 ----a-w- c:\windows\system32\LMIport.dll
2012-03-05 16:50 . 2011-09-16 20:10 72216 ----a-w- c:\windows\system32\drivers\LMIRfsDriver.sys
2012-03-05 16:50 . 2012-02-01 03:30 80768 ----a-w- c:\windows\system32\LMIinit.dll
2012-03-05 16:50 . 2012-03-09 12:26 -------- d-----w- c:\programdata\LogMeIn
2012-03-05 16:49 . 2012-03-05 16:49 -------- d-----w- c:\program files (x86)\LogMeIn
2012-03-05 16:08 . 2012-03-05 16:08 -------- d-----w- c:\programdata\SUPERSetup
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\users\lada\AppData\Roaming\SUPERAntiSpyware.com
2012-03-05 16:01 . 2012-03-06 10:13 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-03-05 16:01 . 2012-03-05 16:01 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-02-11 19:39 . 2012-03-08 00:44 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-02-11 19:39 . 2012-03-06 08:11 -------- d-----w- c:\windows\Spybot - Search & Destroy
2012-02-09 01:40 . 2012-02-09 01:40 -------- d-----w- c:\users\lada\AppData\Roaming\Intuit
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\users\lada\AppData\Local\IsolatedStorage
2012-02-09 01:39 . 2012-02-09 01:39 -------- d-----w- c:\program files (x86)\Common Files\Intuit
2012-02-09 01:38 . 2012-02-09 01:38 -------- d-----w- c:\program files (x86)\TurboTax
2012-02-09 01:38 . 2012-02-09 01:39 -------- d-----w- c:\programdata\Intuit
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-23 15:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-17 20:45 . 2012-01-17 20:45 10 ----a-w- c:\windows\Fonts\wfonts.key
2011-12-10 21:24 . 2011-09-29 05:12 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-04 16:14 1168216 --sha-r- c:\windows\Spybot - Search & Destroy\advcheck.dll
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\APJJNRUAI.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\FOJULJKLF.scr
2009-01-26 21:31 2144088 --sha-r- c:\windows\Spybot - Search & Destroy\NAFQMLHLNSULDH.scr
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\PABPSWMMDF.scr
2009-01-26 21:31 1740632 --sha-r- c:\windows\Spybot - Search & Destroy\SDUpdate.exe
2009-01-26 21:31 5365592 --sha-r- c:\windows\Spybot - Search & Destroy\SpybotSD.exe
2009-03-05 22:07 2260480 --sha-r- c:\windows\Spybot - Search & Destroy\TeaTimer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2012-03-08_13.11.45 )))))))))))))))))))))))))))))))))))))))))
.
+ 2012-03-09 14:33 . 2012-03-09 14:33 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
- 2012-03-08 13:10 . 2012-03-08 13:10 13306 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-03-06 08:38 . 2012-03-08 13:13 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2012-03-06 08:38 . 2012-03-06 12:17 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-03-08 13:13 41400 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-09-06 14:42 . 2012-03-08 13:13 10018 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2144176792-3369089171-3824660129-1001_UserData.bin
+ 2011-09-06 14:06 . 2012-03-09 14:33 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-06 14:06 . 2012-03-08 13:11 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-06 14:06 . 2012-03-08 13:11 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-06 14:06 . 2012-03-09 14:33 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-03-08 13:11 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-03-09 14:33 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 32768 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-09-11 16:36 . 2012-03-08 13:12 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-09-11 16:36 . 2012-03-09 14:34 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2012-03-08 13:11 . 2012-03-08 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-09 14:33 . 2012-03-09 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-03-09 14:33 . 2012-03-09 14:33 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-08 13:11 . 2012-03-08 13:11 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-09-06 17:03 . 2012-03-09 12:26 329352 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_FastS4.bin
+ 2009-07-14 02:36 . 2012-03-08 13:15 635796 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-03-06 12:19 635796 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-03-08 13:15 110254 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-03-06 12:19 110254 c:\windows\system32\perfc009.dat
- 2009-07-14 05:12 . 2012-03-08 13:11 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 05:12 . 2012-03-09 14:33 262144 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
- 2009-07-14 05:01 . 2012-03-08 13:10 240708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-03-09 14:32 240708 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-09-06 17:12 . 2012-03-08 13:10 29544796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2144176792-3369089171-3824660129-1001-8192.dat
+ 2011-09-06 17:12 . 2012-03-09 14:33 29544796 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2144176792-3369089171-3824660129-1001-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2012-01-20 5487488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-02-11 98304]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2010-10-22 2489456]
"RunAIShell"="c:\program files (x86)\ASUS\AI Manager\AsShellApplication.exe" [2009-12-23 232064]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2012-01-03 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-21 548528]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Best Buy pc app.lnk - c:\programdata\Best Buy pc app\ClickOnceSetup.exe [2011-2-25 15776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktop"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\image file execution options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 ahcix64s;ahcix64s;c:\windows\system32\drivers\ahcix64s.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 gupdatem;Google Update Service (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 136176]
R3 lvpopf64;Logitech POP Suppression Filter;c:\windows\system32\DRIVERS\lvpopf64.sys [x]
R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [x]
R3 LVUVC64;Logitech QuickCam Pro 5000(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [x]
R3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-10 4925184]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 USB_RNDIS_51;USB Remote NDIS Cable Modem Network Device Driver;c:\windows\system32\DRIVERS\usb8023.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV64.SYS [2011-07-22 14928]
S1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL64.SYS [2011-07-12 12368]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE64.EXE [2011-08-11 140672]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 Device Handle Service;Device Handle Service;c:\windows\SysWOW64\AsHookDevice.exe [2009-12-23 203392]
S2 IntuitUpdateServiceV4;Intuit Update Service v4;c:\program files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe [2011-08-25 13672]
S2 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn\x64\LMIGuardianSvc.exe [2012-02-01 375176]
S2 LMIInfo;LogMeIn Kernel Information Provider;c:\program files (x86)\LogMeIn\x64\RaInfo.sys [2011-09-16 15928]
S2 SBSDWSCService;SBSD Security Center Service;c:\windows\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [x]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-02-20 1148632]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 CamDrL64;Logitech QuickCam Pro 3000(PID_08B0);c:\windows\system32\DRIVERS\CamDrL64.sys [x]
S3 LVUSBS64;Logitech USB Monitor Filter;c:\windows\system32\drivers\LVUSBS64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [x]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{2D46B6DC-2207-486B-B523-A557E6D54B47}]
2010-11-21 03:24 302592 ----a-w- c:\windows\System32\cmd.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
2012-03-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-09-17 14:50]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"LogMeIn GUI"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" [2011-09-16 57928]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-02-20 2786480]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-02-20 3669680]
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ehshell.exe]
"Debugger"="c:\program files (x86)\LogMeIn\x64\LogMeInSystray.exe" -MceShellRedirect
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
Trusted Zone: intuit.com\ttlc
TCP: DhcpNameServer = 24.159.64.23 24.217.201.67 66.189.0.100
FF - ProfilePath - c:\users\lada\AppData\Roaming\Mozilla\Firefox\Profiles\e715m19z.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
.
**************************************************************************
.
Completion time: 2012-03-09 08:38:37 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-09 14:38
ComboFix2.txt 2012-03-08 13:15
.
Pre-Run: 947,607,515,136 bytes free
Post-Run: 948,255,379,456 bytes free
.
- - End Of File - - 54724E205F1E0B78918C2E93EA84C9F2
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po odstranění Security Shield
Log již vypadá čistý.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Kontrola po odstranění Security Shield
Moc děkuju 
-
Rudy
- Site Admin
- Příspěvky: 119515
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Kontrola po odstranění Security Shield
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?