Zdravim mam tento problem, uz asi tyzden. Najprv som si myslel, ze to bude daka chybna verzia Firefoxu, ale ked sa mi to potom stalo par krat aj s Chrome, takze to zrejme bude iny problem...
Logfile of random's system information tool 1.09 (written by random/random)
Run by User at 2012-03-11 16:21:45
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 12 GB (38%) free of 31 GB
Total RAM: 2047 MB (70% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:21:56, on 11.3.2012
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
D:\A4Tech\Mouse\Amoumain.exe
D:\KYE\ERGOME~1\SyTray.exe
C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\WINDOWS\PixArt\PAC7302\Monitor.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\UAService7.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
D:\Stiahnute veci\RSIT.exe
C:\Program Files\trend micro\User.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page =
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - (no file)
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [WheelMouse] D:\A4Tech\Mouse\Amoumain.exe
O4 - HKLM\..\Run: [ErgoMedia] D:\KYE\ERGOME~1\SyTray.exe
O4 - HKLM\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe" -scheduler
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [PAC7302_Monitor] C:\WINDOWS\PixArt\PAC7302\Monitor.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Google Update] "C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Zdroje informácií - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {D0C0F75C-683A-4390-A791-1ACFD5599AB8} (Oberon Flash Game Host) - http://icq.oberon-media.com/Gameshell/G ... meHost.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} (GameDesire Snooker) - http://67.15.101.33/g_bin/eng/snooker_2_0_0_35.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Unknown owner - C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Update Service (gupdate1c99747bf7003d2) (gupdate1c99747bf7003d2) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Nero BackItUp Scheduler 4.0 - Nero AG - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\system32\HPZipm12.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: SecuROM User Access Service (V7) (UserAccess7) - Unknown owner - C:\WINDOWS\system32\UAService7.exe
--
End of file - 8168 bytes
======Scheduled tasks folder======
C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PC-User.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
C:\WINDOWS\tasks\NeroLiveEpgUpdate-PC_User.job
=========Mozilla firefox=========
ProfilePath - C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wcsbiwn6.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://www.pcforum.sk/index.php"
prefs.js - "extensions.enabledItems" - "{20a82645-c095-46ed-80e3-08825760534b}:0.0.0, {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9, firebug@software.joehewitt.com:1.6.2, {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.16"
"{20a82645-c095-46ed-80e3-08825760534b}"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\WINDOWS\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=]
"Description"=iTunes Detector Plug-in
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Apple.com/iTunes,version=1.0]
"Description"=
"Path"=D:\iTunes\Mozilla Plugins\npitunes.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Web Player
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WPF,version=3.5]
"Description"=Windows Presentation Foundation plug-in for Mozilla browsers
"Path"=C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nppl3260;version=6.0.11.3088]
"Description"=RealMedia Plugin
"Path"=D:\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.3006]
"Description"=RealPlayer Version Plugin
"Path"=D:\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=]
"Description"=
"Path"=
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll
C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nppl3260.xpt
nsIQTScriptablePlugin.xpt
nsJSRealPlayerPlugin.xpt
C:\Program Files\Mozilla Firefox\plugins\
Ganymede.class
npdeployJava1.dll
NPOFFICE.DLL
nppdf32.dll
nppl3260.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
NPROULETTE.dll
nprpjplug.dll
QuickTimePlugin.class
C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wcsbiwn6.default\extensions\
{6AC85730-7D0F-4de0-B3FA-21142DD85326}
{c45c406e-ab73-11d8-be73-000a95be3b12}
C:\Documents and Settings\User\Application Data\Mozilla\Firefox\Profiles\wcsbiwn6.default\searchplugins\
vyhledvn-vide-ve-slub-youtube.xml
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2006-03-20 213936]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2006-03-20 86960]
"WheelMouse"=D:\A4Tech\Mouse\Amoumain.exe [2007-05-15 204800]
"ErgoMedia"=D:\KYE\ERGOME~1\SyTray.exe [2007-02-27 1843200]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\isuspm.exe [2006-03-20 213936]
"SoundMan"=C:\WINDOWS\SOUNDMAN.EXE [2005-10-24 90112]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
"PAC7302_Monitor"=C:\WINDOWS\PixArt\PAC7302\Monitor.exe [2006-11-03 319488]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2011-07-28 98304]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 3080264]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"AdobeBridge"= []
"Google Update"=C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-01-02 843712]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2012-01-03 37296]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-07-22 402432]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
C:\WINDOWS\system32\browserchoice.exe [2010-02-12 293376]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Documents and Settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-10-19 136176]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
C:\Program Files\HP\HP Software Update\HPWuSchd2.exe [2006-02-19 49152]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
D:\iTunes\iTunesHelper.exe [2010-09-01 421160]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
D:\CyberLink\PowerDVD8\PowerDVD8\Language\Language.exe [2007-12-14 50472]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files\QuickTime\qttask.exe [2010-08-10 421888]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
D:\CyberLink\PowerDVD8\PowerDVD8\PDVD8Serv.exe [2008-03-20 83240]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
C:\Program Files\Common Files\Acronis\Plán2\schedhlp.exe [2010-06-03 362872]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
d:\steam\steam.exe -silent []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg]
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
D:\Acronis\TrueImageHome\TrueImageMonitor.exe [2010-06-03 5129720]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
C:\PROGRA~1\Adobe\ACROBA~1.0\Reader\READER~1.EXE []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
C:\PROGRA~1\COMMON~1\AUTODE~1\ACSTAR~1.EXE [2006-03-05 11000]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
C:\PROGRA~1\HP\DIGITA~1\bin\hpqthb08.exe [2006-02-10 73728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
D:\PIXELA\EVERIO~1\MBCAME~1.EXE []
C:\Documents and Settings\All Users\Start Menu\Programs\Startup
HP Digital Imaging Monitor.lnk - C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Documents and Settings\User\Start Menu\Programs\Startup
Adobe Gamma.lnk - C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2011-07-28 188416]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\procexp90.Sys]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\PEVSystemStart]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\procexp90.Sys]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=1
"NoDriveAutoRun"=67108863
"NoDriveTypeAutoRun"=323
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe"="C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe"
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe"="C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqCopy.exe:*:Enabled:hpqcopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe"="C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe:*:Enabled:hpfccopy.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe"
"C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe"="C:\Program Files\HP\Digital Imaging\Unload\HpqDIA.exe:*:Enabled:hpqdia.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe"="C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe"
"C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe"="C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe"
"C:\Program Files\Messenger\msmsgs.exe"="C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\totalcmd\TOTALCMD.EXE"="C:\Program Files\totalcmd\TOTALCMD.EXE:*:Enabled:Total Commander 32 bit international version, file manager replacement for Windows"
"D:\CyberLink\PowerDVD8\PowerDVD8\PowerDVD8.exe"="D:\CyberLink\PowerDVD8\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"C:\WINDOWS\system32\dpnsvr.exe"="C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server"
"C:\WINDOWS\system32\dxdiag.exe"="C:\WINDOWS\system32\dxdiag.exe:*:Enabled:Microsoft DirectX Diagnostic Tool"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Mozilla Firefox\firefox.exe"="C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
"D:\Lavasoft\Ad-Aware\Ad-Aware.exe"="D:\Lavasoft\Ad-Aware\Ad-Aware.exe:*:Enabled:Ad-Aware"
"C:\Program Files\ESET\nod32.exe"="C:\Program Files\ESET\nod32.exe:*:Enabled:NOD32"
"C:\Program Files\ESET\nod32kui.exe"="C:\Program Files\ESET\nod32kui.exe:*:Enabled:NOD32 Control Center"
"C:\Program Files\Skype\Plugin Manager\skypePM.exe"="C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager"
"D:\hry\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="D:\hry\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"
"C:\Program Files\FlashAD2706\flashAD2706.exe"="C:\Program Files\FlashAD2706\flashAD2706.exe:*:Enabled:flash AD2706"
"C:\Program Files\Internet Explorer\iexplore.exe"="C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer"
"D:\hry\Activision\Modern Warfare 2\iw4mp.exe"="D:\hry\Activision\Modern Warfare 2\iw4mp.exe:*:Enabled:iw4mp"
"C:\Program Files\Google\Google Earth\client\googleearth.exe"="C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth"
"D:\hry\Activision\Modern Warfare 2\iw4mp.dat"="D:\hry\Activision\Modern Warfare 2\iw4mp.dat:*:Enabled:iw4mp"
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe"="C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth"
"D:\Steam\Steam.exe"="D:\Steam\Steam.exe:*:Enabled:Steam"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour Service"
"D:\iTunes\iTunes.exe"="D:\iTunes\iTunes.exe:*:Enabled:iTunes"
"D:\hry\Activision\Call of Duty - Black Ops\BlackOps.exe"="D:\hry\Activision\Call of Duty - Black Ops\BlackOps.exe:*:Disabled:BlackOps"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe"="C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe:*:Enabled:Malwarebytes' Anti-Malware"
"D:\hry\Activision\Modern Warfare 2\iw4sp.exe"="D:\hry\Activision\Modern Warfare 2\iw4sp.exe:*:Enabled:iw4sp"
"D:\xampp\apache\bin\httpd.exe"="D:\xampp\apache\bin\httpd.exe:*:Enabled:Apache HTTP Server"
"D:\xampp\mysql\bin\mysqld.exe"="D:\xampp\mysql\bin\mysqld.exe:*:Enabled:The MySQL Server"
"C:\WINDOWS\system32\dpvsetup.exe"="C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test"
"C:\WINDOWS\system32\rundll32.exe"="C:\WINDOWS\system32\rundll32.exe:*:Enabled:Run a DLL as an App"
"D:\hry\Valve\Portal 2\portal2.exe"="D:\hry\Valve\Portal 2\portal2.exe:*:Enabled:portal2"
"D:\hry\Microsoft Games\Zoo Tycoon 2\zt.exe"="D:\hry\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable"
"C:\Program Files\Skype\Phone\Skype.exe"="C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype"
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"D:\CyberLink\PowerDVD8\PowerDVD8\PowerDVD8.exe"="D:\CyberLink\PowerDVD8\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\drivers\svchost.exe"="%windir%\system32\drivers\svchost.exe:*:Enabled:svchost"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"midimapper"=midimap.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msadpcm"=msadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.trspch"=tssoft32.acm
"vidc.cvid"=iccvid.dll
"VIDC.I420"=msh263.drv
"vidc.iv31"=ir32_32.dll
"vidc.iv32"=ir32_32.dll
"vidc.iv41"=ir41_32.ax
"VIDC.IYUV"=iyuv_32.dll
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVU9"=tsbyuv.dll
"VIDC.YVYU"=msyuv.dll
"wavemapper"=msacm32.drv
"msacm.msg723"=msg723.acm
"vidc.M263"=msh263.drv
"vidc.M261"=msh261.drv
"msacm.msaudio1"=msaud32.acm
"msacm.sl_anet"=sl_anet.acm
"msacm.iac2"=C:\WINDOWS\system32\iac25_32.ax
"vidc.iv50"=ir50_32.dll
"msacm.l3acm"=C:\WINDOWS\system32\l3codeca.acm
"vidc.VP60"=C:\WINDOWS\system32\vp6vfw.dll
"vidc.VP61"=C:\WINDOWS\system32\vp6vfw.dll
"VIDC.FFDS"=ff_vfw.dll
"VIDC.FPS1"=frapsvid.dll
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave"=wdmaud.drv
"aux"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave1"=wdmaud.drv
"vidc.tscc"=tsccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv
"wave4"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
======File associations======
.js - open -
.scr - open - C:\WINDOWS\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2012-03-09 19:42:54 ----D---- C:\rsit
2012-03-05 17:54:05 ----D---- C:\Program Files\ESET
2012-03-05 17:54:05 ----D---- C:\Documents and Settings\All Users\Application Data\ESET
2012-02-16 10:19:50 ----HDC---- C:\WINDOWS\$NtUninstallKB2660465$
2012-02-16 10:17:32 ----HDC---- C:\WINDOWS\$NtUninstallKB2661637$
2012-02-16 09:31:33 ----N---- C:\WINDOWS\system32\iacenc.dll
======List of files/folders modified in the last 1 month======
2012-03-11 16:21:48 ----D---- C:\Program Files\trend micro
2012-03-11 16:21:20 ----D---- C:\Documents and Settings\User\Application Data\PSpad
2012-03-11 16:21:20 ----D---- C:\Documents and Settings\User\Application Data\Media Player Classic
2012-03-11 16:21:01 ----D---- C:\WINDOWS
2012-03-11 16:10:18 ----D---- C:\WINDOWS\temp
2012-03-10 20:02:48 ----N---- C:\WINDOWS\SchedLgU.Txt
2012-03-10 18:05:59 ----SHD---- C:\WINDOWS\Installer
2012-03-10 18:05:58 ----D---- C:\Config.Msi
2012-03-10 18:05:57 ----D---- C:\WINDOWS\system32
2012-03-09 19:43:06 ----D---- C:\WINDOWS\Prefetch
2012-03-05 17:56:50 ----HD---- C:\WINDOWS\inf
2012-03-05 17:56:50 ----D---- C:\WINDOWS\system32\drivers
2012-03-05 17:56:32 ----D---- C:\WINDOWS\system32\CatRoot2
2012-03-05 17:54:05 ----D---- C:\Program Files
2012-02-27 20:14:20 ----A---- C:\WINDOWS\cdplayer.ini
2012-02-23 14:16:24 ----SHD---- C:\WINDOWS\CSC
2012-02-21 13:02:15 ----D---- C:\WINDOWS\Debug
2012-02-18 10:11:03 ----D---- C:\Program Files\Mozilla Firefox
2012-02-16 12:51:18 ----RSD---- C:\WINDOWS\assembly
2012-02-16 12:48:05 ----D---- C:\WINDOWS\Microsoft.NET
2012-02-16 11:43:16 ----D---- C:\Program Files\Microsoft Silverlight
2012-02-16 10:24:52 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2012-02-16 10:24:32 ----D---- C:\WINDOWS\WinSxS
2012-02-16 10:20:00 ----A---- C:\WINDOWS\system32\MRT.exe
2012-02-16 10:19:54 ----RSHDC---- C:\WINDOWS\system32\dllcache
2012-02-16 10:19:38 ----D---- C:\Program Files\Internet Explorer
2012-02-16 10:19:15 ----HD---- C:\WINDOWS\$hf_mig$
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 PxHelp20;PxHelp20; C:\WINDOWS\System32\Drivers\PxHelp20.sys [2005-08-19 46080]
R0 sfdrv01;StarForce Protection Environment Driver (version 1.x); C:\WINDOWS\System32\drivers\sfdrv01.sys [2006-03-26 51200]
R0 sfhlp02;StarForce Protection Helper Driver (version 2.x); C:\WINDOWS\System32\drivers\sfhlp02.sys [2006-03-13 6656]
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x); C:\WINDOWS\System32\drivers\sfsync03.sys [2005-12-06 35328]
R0 sfsync04;StarForce Protection Synchronization Driver (version 4.x); C:\WINDOWS\System32\drivers\sfsync04.sys [2006-03-24 50176]
R0 sfvfs02;StarForce Protection VFS Driver (version 2.x); C:\WINDOWS\System32\drivers\sfvfs02.sys [2005-11-03 63488]
R0 snapman;Acronis Snapshots Manager; C:\WINDOWS\system32\DRIVERS\snapman.sys [2010-12-12 166272]
R0 sptd;sptd; C:\WINDOWS\System32\Drivers\sptd.sys [2010-04-04 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\WINDOWS\system32\DRIVERS\tdrpm258.sys [2010-12-12 911680]
R0 timounter;Acronis Backup Archive Explorer; C:\WINDOWS\system32\DRIVERS\timntr.sys [2010-12-12 581984]
R0 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
R1 Amfilter;A4Tech Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\Amfilter.sys [2007-05-14 9216]
R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2011-08-04 118104]
R1 epfwtdi;epfwtdi; C:\WINDOWS\system32\DRIVERS\epfwtdi.sys [2011-08-04 61936]
R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 36352]
R1 kbdhid;Keyboard HID Driver; C:\WINDOWS\system32\DRIVERS\kbdhid.sys [2008-04-14 14592]
R2 atksgt;atksgt; C:\WINDOWS\system32\DRIVERS\atksgt.sys [2010-04-04 281760]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2011-08-09 154136]
R2 epfw;epfw; C:\WINDOWS\system32\DRIVERS\epfw.sys [2011-08-04 147480]
R2 lirsgt;lirsgt; C:\WINDOWS\system32\DRIVERS\lirsgt.sys [2010-04-04 25888]
R2 port_nt;port_nt; \??\c:\windows\system32\drivers\port_nt.sys []
R3 afcdp;afcdp; C:\WINDOWS\system32\DRIVERS\afcdp.sys [2010-12-12 160704]
R3 ALCXWDM;Service for Realtek AC97 Audio (WDM); C:\WINDOWS\system32\drivers\ALCXWDM.SYS [2005-10-26 3786944]
R3 Amusbprt;A4Tech HID-compliant Mouse Driver; C:\WINDOWS\system32\DRIVERS\Amusbprt.sys [2007-05-14 14336]
R3 ati2mtag;ati2mtag; C:\WINDOWS\system32\DRIVERS\ati2mtag.sys [2011-07-28 7084544]
R3 AtiHdmiService;ATI Function Driver for HDMI Service; C:\WINDOWS\system32\drivers\AtiHdmi.sys [2008-10-31 93184]
R3 Epfwndis;Eset Personal Firewall; C:\WINDOWS\system32\DRIVERS\Epfwndis.sys [2011-08-09 39824]
R3 GEARAspiWDM;GEAR ASPI Filter Driver; C:\WINDOWS\system32\DRIVERS\GEARAspiWDM.sys [2009-05-18 26600]
R3 HDAudBus;Microsoft UAA Bus Driver for High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 pfc;Padus ASPI Shell; C:\WINDOWS\system32\drivers\pfc.sys [2003-09-19 21248]
R3 RTL8023xp;Realtek 10/100/1000 PCI NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys [2008-02-25 105088]
R3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 Ad-Watch Connect Filter;Ad-Watch Connect Kernel Filter; \??\C:\WINDOWS\system32\drivers\NSDriver.sys []
S3 ae3xxnsr;ae3xxnsr; C:\WINDOWS\system32\drivers\ae3xxnsr.sys []
S3 CCDECODE;Closed Caption Decoder; C:\WINDOWS\system32\DRIVERS\CCDECODE.sys [2004-07-09 16384]
S3 cpuz132;cpuz132; \??\C:\DOCUME~1\User\LOCALS~1\Temp\cpuz132\cpuz132_x32.sys []
S3 dtscsi;dtscsi; C:\WINDOWS\System32\Drivers\dtscsi.sys []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2008-04-28 13352]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2008-04-28 20520]
S3 GMSIPCI;GMSIPCI; \??\E:\INSTALL\GMSIPCI.SYS []
S3 hamachi;Hamachi Network Interface; C:\WINDOWS\system32\DRIVERS\hamachi.sys [2009-01-26 25280]
S3 HPZid412;IEEE-1284.4 Driver HPZid412; C:\WINDOWS\system32\DRIVERS\HPZid412.sys [2006-04-13 49664]
S3 HPZipr12;Print Class Driver for IEEE-1284.4 HPZipr12; C:\WINDOWS\system32\DRIVERS\HPZipr12.sys [2006-04-13 16496]
S3 HPZius12;USB to IEEE-1284.4 Translation Driver HPZius12; C:\WINDOWS\system32\DRIVERS\HPZius12.sys [2006-04-13 21568]
S3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
S3 MSICPL;MSICPL; \??\E:\install4\MSICPL.sys []
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\WINDOWS\system32\drivers\MSTEE.sys [2002-12-12 5504]
S3 NABTSFEC;NABTS/FEC VBI Codec; C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys [2004-07-09 83968]
S3 NdisIP;Microsoft TV/Video Connection; C:\WINDOWS\system32\DRIVERS\NdisIP.sys [2004-07-09 10112]
S3 nm;Network Monitor Driver; C:\WINDOWS\system32\DRIVERS\NMnt.sys [2008-04-14 40320]
S3 NTACCESS;NTACCESS; \??\E:\NTACCESS.sys []
S3 PAC7302;Eye 312; C:\WINDOWS\system32\DRIVERS\PAC7302.SYS [2007-06-14 457856]
S3 pcouffin;VSO Software pcouffin; C:\WINDOWS\System32\Drivers\pcouffin.sys [2007-06-24 47360]
S3 se45bus;Sony Ericsson Device 069 driver (WDM); C:\WINDOWS\system32\DRIVERS\se45bus.sys [2006-11-30 61536]
S3 se45mdfl;Sony Ericsson Device 069 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\se45mdfl.sys [2006-11-30 9360]
S3 se45mdm;Sony Ericsson Device 069 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\se45mdm.sys [2006-11-30 97088]
S3 se45mgmt;Sony Ericsson Device 069 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\se45mgmt.sys [2006-11-30 88624]
S3 se45nd5;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (NDIS); C:\WINDOWS\system32\DRIVERS\se45nd5.sys [2006-11-30 18704]
S3 se45obex;Sony Ericsson Device 069 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\se45obex.sys [2006-11-30 86432]
S3 se45unic;Sony Ericsson Device 069 USB Ethernet Emulation SEMC45 (WDM); C:\WINDOWS\system32\DRIVERS\se45unic.sys [2006-11-30 90800]
S3 SetupNTGLM7X;SetupNTGLM7X; \??\E:\NTGLM7X.sys []
S3 SLIP;BDA Slip De-Framer; C:\WINDOWS\system32\DRIVERS\SLIP.sys [2004-07-09 10880]
S3 streamip;BDA IPSink; C:\WINDOWS\system32\DRIVERS\StreamIP.sys [2004-07-09 14976]
S3 USBAAPL;Apple Mobile USB Driver; C:\WINDOWS\System32\Drivers\usbaapl.sys [2010-04-19 41984]
S3 usbaudio;USB Audio Driver (WDM); C:\WINDOWS\system32\drivers\usbaudio.sys [2008-04-13 60032]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S3 vaxscsi;vaxscsi; C:\WINDOWS\System32\Drivers\vaxscsi.sys [2007-10-08 223128]
S3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
S3 WpdUsb;WpdUsb; C:\WINDOWS\system32\DRIVERS\wpdusb.sys [2006-10-18 38528]
S3 WSTCODEC;World Standard Teletext Codec; C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS [2004-07-09 18688]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 WS2IFSL;Prostredie podpory poskytovateľa služby Windows Socket 2.0 Non-IFS Service; C:\WINDOWS\System32\drivers\ws2ifsl.sys [2001-08-23 12032]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files\Common Files\Acronis\Plán2\schedul2.exe [2010-06-03 752096]
R2 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe [2010-12-12 2480048]
R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [2010-08-13 144672]
R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2011-07-28 643072]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2010-07-27 345376]
R2 CCALib8;Canon Camera Access Library 8; C:\Program Files\Canon\CAL\CALMAIN.exe [2006-03-30 96341]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2011-09-22 974944]
R2 MDM;Machine Debug Manager; C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE [2003-06-19 322120]
R2 Nero BackItUp Scheduler 4.0;Nero BackItUp Scheduler 4.0; C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe [2008-09-30 935208]
R2 UserAccess7;SecuROM User Access Service (V7); C:\WINDOWS\system32\UAService7.exe [2007-01-25 126976]
R2 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2009-01-13 593920]
S2 gupdate1c99747bf7003d2;Google Update Service (gupdate1c99747bf7003d2); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-25 133104]
S2 Pml Driver HPZ12;Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.exe [2006-03-03 69632]
S3 Adobe LM Service;Adobe LM Service; C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2007-03-08 72704]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2009-11-21 77944]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2009-07-03 651720]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2009-02-25 133104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2010-09-01 820008]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Prehliadac sa sam vypne: FF, Chrome
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prehliadac sa sam vypne: FF, Chrome
Také zdravím!
Poprosím o log ComboFix.
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prehliadac sa sam vypne: FF, Chrome
ComboFix 12-03-10.02 - User 11.03.2012 18:35:30.5.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1419 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\User\Application Data\inst.exe
c:\documents and settings\User\Application Data\vso_ts_preview.xml
c:\documents and settings\User\WINDOWS
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-09 18:42 . 2012-03-09 18:43 -------- d-----w- C:\rsit
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\program files\ESET
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-02-16 08:31 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 08:31 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 16:32 . 2011-05-18 16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2004-08-03 22:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-03 23:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-03 23:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-03 21:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 09:10 . 2011-03-23 09:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"WheelMouse"="d:\a4tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"ErgoMedia"="d:\kye\ERGOME~1\SyTray.exe" [2007-02-27 1843200]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-20 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-19 13:36 136176 -----tw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 06:32 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2010-06-03 11:27 362872 ----a-w- c:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-06-03 11:25 5129720 ----a-w- d:\acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\hry\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2007 15:50 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12.12.2010 14:35 911680]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12.12.2010 14:35 2480048]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2.3.2007 18:51 3608]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12.12.2010 14:35 160704]
S2 gupdate1c99747bf7003d2;Google Update Service (gupdate1c99747bf7003d2);c:\program files\Google\Update\GoogleUpdate.exe [25.2.2009 13:51 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.4.2008 19:16 13352]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.2.2009 13:51 133104]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.6.2007 18:26 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [8.10.2007 18:17 223128]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-18 02:44]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 12:50]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 12:50]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-11 13:36]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-11 13:36]
.
2011-12-31 c:\windows\Tasks\NeroLiveEpgUpdate-PC_User.job
- d:\nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.33/g_bin/eng/snooker_2_0_0_35.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\wcsbiwn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pcforum.sk/index.php
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Steam - d:\steam\steam.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 18:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1993962763-1580436667-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0f,39,01,74,eb,85,6a,27,4c,bb,ce,0e,9b,dc,5c,c9,0c,05,57,44,61,
47,29,db,dc,04,78,2d,5d,ad,14,1b,33,1c,ae,b8,0c,f4,dd,46,91,6f,cf,27,fb,d8,\
"rkeysecu"=hex:60,49,a0,d5,3a,f1,47,45,fc,b1,32,41,0f,a1,2a,40
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-03-11 18:44:31
ComboFix-quarantined-files.txt 2012-03-11 17:44
.
Pre-Run: 11 717 591 040 bytes free
Post-Run: 9 adresárov, 11 828 936 704 voľných bajtov
.
- - End Of File - - BCB0D784326C9451F77BC6593B08DB74
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1419 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\All Users\Application Data\TEMP
c:\documents and settings\User\Application Data\inst.exe
c:\documents and settings\User\Application Data\vso_ts_preview.xml
c:\documents and settings\User\WINDOWS
c:\windows\iun6002.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-09 18:42 . 2012-03-09 18:43 -------- d-----w- C:\rsit
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\program files\ESET
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-02-16 08:31 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 08:31 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 16:32 . 2011-05-18 16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2004-08-03 22:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-03 23:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-03 23:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-03 21:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 09:10 . 2011-03-23 09:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"WheelMouse"="d:\a4tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"ErgoMedia"="d:\kye\ERGOME~1\SyTray.exe" [2007-02-27 1843200]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-20 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2010-10-19 13:36 136176 -----tw- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 06:32 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2010-06-03 11:27 362872 ----a-w- c:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-06-03 11:25 5129720 ----a-w- d:\acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\hry\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2007 15:50 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12.12.2010 14:35 911680]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12.12.2010 14:35 2480048]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2.3.2007 18:51 3608]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12.12.2010 14:35 160704]
S2 gupdate1c99747bf7003d2;Google Update Service (gupdate1c99747bf7003d2);c:\program files\Google\Update\GoogleUpdate.exe [25.2.2009 13:51 133104]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.4.2008 19:16 13352]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [25.2.2009 13:51 133104]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.6.2007 18:26 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [8.10.2007 18:17 223128]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-18 02:44]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 12:50]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-02-25 12:50]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-11 13:36]
.
2012-03-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
- c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-12-11 13:36]
.
2011-12-31 c:\windows\Tasks\NeroLiveEpgUpdate-PC_User.job
- d:\nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.33/g_bin/eng/snooker_2_0_0_35.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\wcsbiwn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pcforum.sk/index.php
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
HKCU-Run-AdobeBridge - (no file)
MSConfigStartUp-Steam - d:\steam\steam.exe
MSConfigStartUp-swg - c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 18:42
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-1993962763-1580436667-725345543-1003\Software\SecuROM\License information*]
"datasecu"=hex:0f,39,01,74,eb,85,6a,27,4c,bb,ce,0e,9b,dc,5c,c9,0c,05,57,44,61,
47,29,db,dc,04,78,2d,5d,ad,14,1b,33,1c,ae,b8,0c,f4,dd,46,91,6f,cf,27,fb,d8,\
"rkeysecu"=hex:60,49,a0,d5,3a,f1,47,45,fc,b1,32,41,0f,a1,2a,40
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1292)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
Completion time: 2012-03-11 18:44:31
ComboFix-quarantined-files.txt 2012-03-11 17:44
.
Pre-Run: 11 717 591 040 bytes free
Post-Run: 9 adresárov, 11 828 936 704 voľných bajtov
.
- - End Of File - - BCB0D784326C9451F77BC6593B08DB74
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prehliadac sa sam vypne: FF, Chrome
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
Folder::
c:\program files\Google\Update
c:\documents and settings\User\Local Settings\Application Data\Google\Update
Regnull::
[HKEY_USERS\S-1-5-21-1993962763-1580436667-725345543-1003\Software\SecuROM\License information*]
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prehliadac sa sam vypne: FF, Chrome
ComboFix 12-03-10.02 - User 11.03.2012 19:38:54.6.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1387 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Local Settings\Application Data\Google\Update
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdate.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_am.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_da.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_de.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_el.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_en.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_es.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_et.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_id.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_is.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_it.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_no.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_te.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_th.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\psmachine.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.78\chrome_updater.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{501D05E8-84E1-422C-841A-1475093CAFD2}\chrome_updater.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{CEC42687-4CA1-450B-94EE-D0540DC2DEC5}\GoogleUpdateSetup.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files\Google\Update\Download\{E5E7C90D-36D4-41F6-B7AB-E2AC626F1610}\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate1c99747bf7003d2
-------\Legacy_gupdate1c99747bf7003d2
-------\Service_gupdate1c99747bf7003d2
-------\Service_gupdatem
-------\Service_gupdate1c99747bf7003d2
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-09 18:42 . 2012-03-09 18:43 -------- d-----w- C:\rsit
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\program files\ESET
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-02-16 08:31 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 08:31 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 16:32 . 2011-05-18 16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2004-08-03 22:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-03 23:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-03 23:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-03 21:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 09:10 . 2011-03-23 09:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"WheelMouse"="d:\a4tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"ErgoMedia"="d:\kye\ERGOME~1\SyTray.exe" [2007-02-27 1843200]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-20 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 06:32 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2010-06-03 11:27 362872 ----a-w- c:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-06-03 11:25 5129720 ----a-w- d:\acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\hry\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2007 15:50 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12.12.2010 14:35 911680]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12.12.2010 14:35 2480048]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2.3.2007 18:51 3608]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12.12.2010 14:35 160704]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\User\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\User\LOCALS~1\Temp\CFcatchme.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.4.2008 19:16 13352]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.6.2007 18:26 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [8.10.2007 18:17 223128]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-18 02:44]
.
2011-12-31 c:\windows\Tasks\NeroLiveEpgUpdate-PC_User.job
- d:\nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.33/g_bin/eng/snooker_2_0_0_35.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\wcsbiwn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pcforum.sk/index.php
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Update - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 19:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(684)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
d:\itunes\iTunesMiniPlayer.dll
d:\itunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
d:\itunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\UAService7.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-03-11 19:52:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-11 18:52
ComboFix2.txt 2012-03-11 17:44
.
Pre-Run: 11 801 792 512 bytes free
Post-Run: 9 adresárov, 11 685 236 736 voľných bajtov
.
- - End Of File - - 71D391D48F9DCD89817274717F280876
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.421.1033.18.2047.1387 [GMT 1:00]
Running from: c:\documents and settings\User\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\User\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
FW: ESET personal firewall *Enabled* {E5E70D32-0101-4340-86A3-A7B0F1C8FFE0}
.
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
file zipped: c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\User\Local Settings\Application Data\Google\Update
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdate.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_am.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_da.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_de.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_el.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_en.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_es.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_et.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_id.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_is.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_it.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_no.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_te.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_th.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\psmachine.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\1.3.21.99\psuser.dll
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{4DC8B4CA-1BDA-483E-B5FA-D3C12E15B62D}\17.0.963.78\chrome_updater.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{501D05E8-84E1-422C-841A-1475093CAFD2}\chrome_updater.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\Download\{CEC42687-4CA1-450B-94EE-D0540DC2DEC5}\GoogleUpdateSetup.exe
c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
c:\program files\Google\Update
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler.exe
c:\program files\Google\Update\1.3.21.99\GoogleCrashHandler64.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdate.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateBroker.exe
c:\program files\Google\Update\1.3.21.99\GoogleUpdateHelper.msi
c:\program files\Google\Update\1.3.21.99\GoogleUpdateOnDemand.exe
c:\program files\Google\Update\1.3.21.99\goopdate.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_am.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ar.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bg.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_bn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ca.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_cs.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_da.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_de.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_el.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en-GB.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_en.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es-419.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_es.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_et.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fa.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fil.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_fr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_gu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_hu.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_id.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_is.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_it.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_iw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ja.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_kn.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ko.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lt.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_lv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ml.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_mr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ms.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_nl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_no.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-BR.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_pt-PT.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ro.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ru.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sl.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sv.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_sw.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ta.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_te.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_th.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_tr.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_uk.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_ur.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_vi.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-CN.dll
c:\program files\Google\Update\1.3.21.99\goopdateres_zh-TW.dll
c:\program files\Google\Update\1.3.21.99\npGoogleUpdate3.dll
c:\program files\Google\Update\1.3.21.99\psmachine.dll
c:\program files\Google\Update\1.3.21.99\psuser.dll
c:\program files\Google\Update\Download\{430FD4D0-B729-4F61-AA34-91526481799D}\1.3.21.99\GoogleUpdateSetup.exe
c:\program files\Google\Update\Download\{74AF07D8-FB8F-4D51-8AC7-927721D56EBB}\0.0.0.0\GoogleEarth-Win-Bundle-6.1.0.5001.exe
c:\program files\Google\Update\Download\{E5E7C90D-36D4-41F6-B7AB-E2AC626F1610}\GoogleUpdateSetup.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1993962763-1580436667-725345543-1003UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_gupdate1c99747bf7003d2
-------\Legacy_gupdate1c99747bf7003d2
-------\Service_gupdate1c99747bf7003d2
-------\Service_gupdatem
-------\Service_gupdate1c99747bf7003d2
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2012-02-11 to 2012-03-11 )))))))))))))))))))))))))))))))
.
.
2012-03-09 18:42 . 2012-03-09 18:43 -------- d-----w- C:\rsit
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\program files\ESET
2012-03-05 16:54 . 2012-03-05 16:54 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2012-02-16 08:31 . 2012-01-11 19:06 3072 -c----w- c:\windows\system32\dllcache\iacenc.dll
2012-02-16 08:31 . 2012-01-11 19:06 3072 ------w- c:\windows\system32\iacenc.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-02-17 16:32 . 2011-05-18 16:20 414368 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-01-12 16:53 . 2004-08-03 22:17 1859968 ----a-w- c:\windows\system32\win32k.sys
2011-12-17 19:46 . 2004-08-03 23:56 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-12-17 19:46 . 2004-08-03 23:56 916992 ----a-w- c:\windows\system32\wininet.dll
2011-12-17 19:46 . 2004-08-03 23:56 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-12-16 12:22 . 2004-08-03 21:59 385024 ----a-w- c:\windows\system32\html.iec
2012-02-18 09:10 . 2011-03-23 09:58 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2006-03-20 213936]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-03-20 86960]
"WheelMouse"="d:\a4tech\Mouse\Amoumain.exe" [2007-05-15 204800]
"ErgoMedia"="d:\kye\ERGOME~1\SyTray.exe" [2007-02-27 1843200]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\isuspm.exe" [2006-03-20 213936]
"SoundMan"="SOUNDMAN.EXE" [2005-10-24 90112]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-08-10 421888]
"PAC7302_Monitor"="c:\windows\PixArt\PAC7302\Monitor.exe" [2006-11-03 319488]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-07-28 98304]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-01-03 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 3080264]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2008-04-14 53760]
.
c:\documents and settings\User\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2007-2-20 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2006-2-19 288472]
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^AutoCAD Startup Accelerator.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\AutoCAD Startup Accelerator.lnk
backup=c:\windows\pss\AutoCAD Startup Accelerator.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Photosmart Premier Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Photosmart Premier Fast Start.lnk
backup=c:\windows\pss\HP Photosmart Premier Fast Start.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^MBCameraMonitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\MBCameraMonitor.lnk
backup=c:\windows\pss\MBCameraMonitor.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-01-02 09:07 843712 ----a-r- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2012-01-03 21:51 37296 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2010-03-06 02:44 500208 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
2010-07-22 21:10 402432 ----a-w- c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BrowserChoice]
2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HP Software Update]
2006-02-19 00:41 49152 ----a-w- c:\program files\HP\HP Software Update\hpwuSchd2.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2010-09-01 06:32 421160 ----a-w- d:\itunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 09:36 50472 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-08-10 03:15 421888 ----a-w- c:\program files\QuickTime\QTTask.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 18:23 83240 ----a-w- d:\cyberlink\PowerDVD8\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
2010-06-03 11:27 362872 ----a-w- c:\program files\Common Files\Acronis\Plán2\schedhlp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
2010-02-19 12:37 517096 ----a-w- c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TrueImageMonitor.exe]
2010-06-03 11:25 5129720 ----a-w- d:\acronis\TrueImageHome\TrueImageMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\totalcmd\\TOTALCMD.EXE"=
"d:\\CyberLink\\PowerDVD8\\PowerDVD8\\PowerDVD8.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"c:\\WINDOWS\\system32\\dxdiag.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4mp.dat"=
"c:\\Program Files\\Google\\Google Earth\\plugin\\geplugin.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"d:\\hry\\Activision\\Modern Warfare 2\\iw4sp.exe"=
"d:\\xampp\\apache\\bin\\httpd.exe"=
"d:\\xampp\\mysql\\bin\\mysqld.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"d:\\hry\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 sfsync03;StarForce Protection Synchronization Driver (version 3.x);c:\windows\system32\drivers\sfsync03.sys [6.12.2005 16:11 35328]
R0 sptd;sptd;c:\windows\system32\drivers\sptd.sys [23.3.2007 15:50 691696]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [12.12.2010 14:35 911680]
R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [4.8.2011 9:20 118104]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\Common Files\Acronis\CDP\afcdpsrv.exe [12.12.2010 14:35 2480048]
R2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [22.9.2011 12:03 974944]
R2 port_nt;port_nt;c:\windows\system32\drivers\port_nt.sys [2.3.2007 18:51 3608]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [12.12.2010 14:35 160704]
S3 CFcatchme;CFcatchme;\??\c:\docume~1\User\LOCALS~1\Temp\CFcatchme.sys --> c:\docume~1\User\LOCALS~1\Temp\CFcatchme.sys [?]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [28.4.2008 19:16 13352]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\drivers\pcouffin.sys [24.6.2007 18:26 47360]
S3 SetupNTGLM7X;SetupNTGLM7X;\??\e:\ntglm7x.sys --> e:\NTGLM7X.sys [?]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19.2.2010 13:37 517096]
S3 vaxscsi;vaxscsi;c:\windows\system32\drivers\vaxscsi.sys [8.10.2007 18:17 223128]
.
Contents of the 'Scheduled Tasks' folder
.
2010-11-08 c:\windows\Tasks\AdobeAAMUpdater-1.0-PC-User.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-12-18 02:44]
.
2011-12-31 c:\windows\Tasks\NeroLiveEpgUpdate-PC_User.job
- d:\nero\Nero 9\Nero Live\NeroLive.exe [2008-09-18 11:51]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: {FDDBE2B8-6602-4AD8-946D-94C5A32FA6C5} - hxxp://67.15.101.33/g_bin/eng/snooker_2_0_0_35.cab
FF - ProfilePath - c:\documents and settings\User\Application Data\Mozilla\Firefox\Profiles\wcsbiwn6.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.pcforum.sk/index.php
.
- - - - ORPHANS REMOVED - - - -
.
MSConfigStartUp-Google Update - c:\documents and settings\User\Local Settings\Application Data\Google\Update\GoogleUpdate.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2012-03-11 19:46
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(1296)
c:\windows\system32\Ati2evxx.dll
c:\windows\system32\atiadlxx.dll
.
- - - - - - - > 'explorer.exe'(684)
c:\windows\system32\WININET.dll
c:\progra~1\WINDOW~2\wmpband.dll
d:\itunes\iTunesMiniPlayer.dll
d:\itunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll
d:\itunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll
c:\windows\system32\msi.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Acronis\Plán2\schedul2.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
c:\program files\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\windows\system32\UAService7.exe
c:\windows\SOUNDMAN.EXE
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\program files\Canon\CAL\CALMAIN.exe
c:\program files\HP\Digital Imaging\bin\hpqSTE08.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\ccc.exe
.
**************************************************************************
.
Completion time: 2012-03-11 19:52:13 - machine was rebooted
ComboFix-quarantined-files.txt 2012-03-11 18:52
ComboFix2.txt 2012-03-11 17:44
.
Pre-Run: 11 801 792 512 bytes free
Post-Run: 9 adresárov, 11 685 236 736 voľných bajtov
.
- - End Of File - - 71D391D48F9DCD89817274717F280876
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prehliadac sa sam vypne: FF, Chrome
Smazáno. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prehliadac sa sam vypne: FF, Chrome
To zistim az zajtra, pretoze ono to zvykne nahodne spadnut. Tak skusim zajtra vecer napisat, ze ci to zabralo alebo nie. 
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prehliadac sa sam vypne: FF, Chrome
OK. Zítra večer tu budu.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prehliadac sa sam vypne: FF, Chrome
Tak vypada to byt v pohode, lebo mi za cely den ani raz nespadol prehliadac. Zase raz ste mi pomohli. Dakujem velmi pekne.
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prehliadac sa sam vypne: FF, Chrome
Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Prehliadac sa sam vypne: FF, Chrome
Zdravím, našiel som po googlení tento príspevok pripájam co mi napísal combofix lebo priatelke pravidelne padá chrome. Za odpoveď vopred ďakujem.
ComboFix 14-08-19.01 - _Enik_ 20.08.2014 19:51:50.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.421.1051.18.3982.2201 [GMT 2:00]
Running from: c:\users\_Enik_\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\_Enik_\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3CF2E941-8FA0-4A62-823A-72BDAB9D119F}.xps
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Service_nethfdrv
.
.
((((((((((((((((((((((((( Files Created from 2014-07-20 to 2014-08-20 )))))))))))))))))))))))))))))))
.
.
2014-08-19 20:28 . 2014-08-20 07:40 -------- d-----w- c:\users\_Enik_\AppData\Roaming\ViberPC
2014-08-19 20:26 . 2014-08-20 17:26 -------- d-----w- c:\users\_Enik_\AppData\Local\Viber
2014-08-19 18:25 . 2014-08-19 18:27 -------- d-----w- c:\users\_Enik_\AppData\Roaming\Dropbox
2014-08-19 17:01 . 2014-08-06 23:59 11319200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E3116E9-F24B-4852-871F-09F466CE38EC}\mpengine.dll
2014-08-19 17:00 . 2014-01-19 07:38 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-19 16:54 . 2014-08-19 16:54 43152 ----a-w- c:\windows\avastSS.scr
2014-08-19 16:48 . 2014-08-02 00:15 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-19 16:48 . 2014-08-02 00:15 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-19 16:43 . 2014-08-19 16:43 -------- d-----w- c:\programdata\Emsisoft
2014-08-19 15:47 . 2014-08-19 15:49 -------- d-----w- c:\program files (x86)\Google
2014-08-19 15:45 . 2014-08-19 15:46 -------- d-----w- c:\users\_Enik_\AppData\Local\Deployment
2014-08-19 15:45 . 2014-08-19 15:45 -------- d-----w- c:\users\_Enik_\AppData\Local\Apps
2014-08-19 15:41 . 2014-08-20 18:01 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2014-08-19 15:20 . 2014-08-19 15:21 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-19 15:09 . 2014-08-20 17:24 -------- d-----w- c:\program files\Enigma Software Group
2014-08-19 15:08 . 2014-08-19 15:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-08-19 11:29 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-19 11:29 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-19 11:17 . 2014-08-19 11:17 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-08-19 10:47 . 2014-08-19 10:47 687 ----a-w- C:\awh191D.tmp
2014-08-19 10:40 . 2014-08-19 10:40 687 ----a-w- C:\awh3DF4.tmp
2014-08-19 10:39 . 2014-08-20 17:10 -------- d-----w- c:\program files (x86)\Ge-Force
2014-08-19 10:39 . 2014-08-19 16:39 -------- d-----w- c:\program files (x86)\Sense
2014-08-19 10:38 . 2014-08-19 10:46 -------- d-----w- c:\program files (x86)\YouTube Accelerator
2014-08-19 10:37 . 2014-08-19 10:37 -------- d-----w- c:\users\_Enik_\AppData\Local\CrashRpt
2014-08-19 10:37 . 2014-08-19 10:43 -------- d-----w- c:\users\_Enik_\AppData\Local\5534
2014-08-19 10:36 . 2014-08-19 10:36 -------- d-----w- c:\users\_Enik_\AppData\Local\globalUpdate
2014-08-19 10:36 . 2014-08-19 10:36 -------- d-----w- c:\program files (x86)\globalUpdate
2014-08-19 10:36 . 2014-08-19 11:20 -------- d-----w- c:\program files (x86)\HD-V1.9
2014-08-19 10:35 . 2014-08-19 10:35 -------- d-----w- c:\programdata\IePluginServices
2014-08-19 10:35 . 2014-08-19 11:10 -------- d-----w- c:\users\_Enik_\AppData\Roaming\istartsurf
2014-08-19 10:35 . 2014-08-19 17:02 -------- d-----w- c:\programdata\MailUpdate
2014-08-19 10:35 . 2014-08-19 10:35 -------- d-----w- c:\users\_Enik_\AppData\Roaming\MailUpdate
2014-08-19 10:35 . 2014-08-19 15:21 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-08-18 13:40 . 2014-06-13 01:57 1453400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-18 13:40 . 2014-06-13 01:55 199680 ----a-w- c:\windows\system32\cdd.dll
2014-08-18 13:23 . 2014-06-05 17:30 10116608 ----a-w- c:\windows\system32\twinui.dll
2014-08-18 13:23 . 2014-06-05 13:12 8857600 ----a-w- c:\windows\SysWow64\twinui.dll
2014-08-18 13:23 . 2014-06-05 17:29 2885632 ----a-w- c:\windows\system32\msi.dll
2014-08-18 13:23 . 2014-06-05 17:28 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-08-18 13:23 . 2014-06-05 13:11 2416128 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-18 13:23 . 2014-06-05 17:28 2306560 ----a-w- c:\windows\system32\authui.dll
2014-08-18 13:23 . 2014-06-05 13:10 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-18 13:23 . 2014-06-05 17:56 112984 ----a-w- c:\windows\system32\consent.exe
2014-08-18 13:23 . 2014-06-05 17:29 393216 ----a-w- c:\windows\system32\msihnd.dll
2014-08-18 13:23 . 2014-06-05 13:10 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-08-18 13:23 . 2014-06-05 13:11 295424 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-18 13:20 . 2014-06-19 23:35 1312768 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-18 13:20 . 2014-06-19 22:24 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-18 13:20 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-08-18 13:20 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-11 20:34 . 2014-08-11 20:34 -------- d-----w- c:\users\_Enik_\AppData\Local\Skype
2014-08-11 20:34 . 2014-08-11 20:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-11 20:34 . 2014-08-11 20:34 -------- d-----r- c:\program files (x86)\Skype
2014-08-10 17:57 . 2014-08-10 17:57 -------- d-----w- c:\users\_Enik_\AppData\Roaming\Atari
2014-08-10 17:56 . 2014-08-10 17:56 -------- d-----w- c:\users\_Enik_\AppData\Roaming\Leadertech
2014-08-10 17:52 . 2014-08-10 17:52 -------- d-----w- c:\program files (x86)\Atari
2014-08-10 17:51 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2014-08-10 17:51 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2014-08-10 17:51 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2014-08-10 17:51 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2014-08-10 17:51 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2014-08-10 17:51 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2014-08-10 17:51 . 2014-08-10 17:51 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2014-08-10 17:51 . 2014-08-10 17:51 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2014-08-10 16:13 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-10 16:13 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2014-08-10 16:13 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2014-08-07 13:58 . 2014-08-07 13:58 -------- d-----w- c:\windows\SysWow64\sda
2014-08-07 13:57 . 2014-08-07 13:57 9888912 ----a-w- c:\windows\SysWow64\RtsBaStorIcon.dll
2014-08-07 13:57 . 2014-08-07 13:57 298640 ----a-w- c:\windows\system32\drivers\RtsBaStor.sys
2014-08-02 17:44 . 2014-08-02 17:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-02 17:44 . 2014-08-02 17:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-02 17:44 . 2014-08-02 17:44 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 16:54 . 2014-06-16 06:28 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-19 16:54 . 2014-06-16 06:28 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-19 16:54 . 2014-06-16 06:28 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-19 16:54 . 2014-06-16 06:28 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-19 16:54 . 2014-06-16 06:28 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-19 16:54 . 2014-06-16 06:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-19 16:54 . 2014-06-16 06:28 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-19 16:54 . 2014-06-16 06:28 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-19 16:54 . 2014-06-16 06:28 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-12 20:37 . 2014-06-18 16:39 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-17 23:27 . 2014-07-09 15:53 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 15:53 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-16 06:54 . 2014-06-16 06:55 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
2014-06-16 06:54 . 2014-06-16 06:55 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
2014-06-16 06:54 . 2014-06-16 06:55 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1361336 ----a-w- c:\windows\system32\tosade.dll
2014-06-16 06:54 . 2014-06-16 06:55 2079816 ----a-w- c:\windows\RtlExUpd.dll
2014-06-16 06:54 . 2014-06-16 06:55 946736 ----a-w- c:\windows\system32\SFSS_APO.dll
2014-06-16 06:54 . 2014-06-16 06:55 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2014-06-16 06:54 . 2014-06-16 06:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-06-16 06:54 . 2014-06-16 06:55 221024 ----a-w- c:\windows\system32\SFNHK64.dll
2014-06-16 06:54 . 2014-06-16 06:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-06-16 06:54 . 2014-06-16 06:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-06-16 06:54 . 2014-06-16 06:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-06-16 06:54 . 2014-06-16 06:55 148416 ----a-w- c:\windows\system32\tadefxapo.dll
2014-06-16 06:54 . 2014-06-16 06:55 78688 ----a-w- c:\windows\system32\SFAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2014-06-16 06:54 . 2014-06-16 06:55 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-16 06:54 . 2014-06-16 06:55 3441992 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-16 06:54 . 2014-06-16 06:55 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-06-16 06:54 . 2014-06-16 06:55 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-16 06:54 . 2014-06-16 06:55 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 3744328 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-06-16 06:54 . 2014-06-16 06:55 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2014-06-16 06:54 . 2014-06-16 06:55 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 1003592 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-16 06:54 . 2014-06-16 06:55 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 613448 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-16 06:54 . 2014-06-16 06:55 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-06-16 06:54 . 2014-06-16 06:55 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-06-16 06:54 . 2014-06-16 06:55 26987520 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-16 06:54 . 2014-06-16 06:55 142920 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1284680 ----a-w- c:\windows\system32\RTCOM64.dll
2014-06-16 06:54 . 2014-06-16 06:55 394616 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2014-06-16 06:54 . 2014-06-16 06:55 9123608 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-16 06:54 . 2014-06-16 06:55 14035712 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-16 06:54 . 2014-06-16 06:55 920320 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-16 06:54 . 2014-06-16 06:55 612728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-16 06:54 . 2014-06-16 06:55 395208 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2014-06-16 06:54 . 2014-06-16 06:55 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2014-06-16 06:54 . 2014-06-16 06:55 2032896 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1903872 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-16 06:54 . 2014-06-16 06:55 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2014-06-16 06:54 . 2014-06-16 06:55 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 501192 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2014-06-16 06:54 . 2014-06-16 06:55 487368 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2014-06-16 06:54 . 2014-06-16 06:55 415688 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2014-06-16 06:54 . 2014-06-16 06:55 2735648 ----a-w- c:\windows\system32\FMAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-16 06:54 . 2014-06-16 06:55 208072 ----a-w- c:\windows\system32\AERTAC64.dll
2014-06-16 06:54 . 2014-06-16 06:55 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2014-06-16 06:50 . 2014-06-16 06:50 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-16 06:33 . 2014-06-16 06:33 451 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-16 06:22 . 2014-06-16 06:22 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-16 06:21 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-11 04:18 . 2014-07-09 15:53 4038144 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 14:06 . 2014-07-09 15:07 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 15:07 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-09 15:34 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 16:15 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 16:15 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 16:15 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 16:15 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 15:10 576512 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611191111}]
2014-08-19 10:39 630632 ----a-w- c:\program files (x86)\Ge-Force\Ge-Force-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}]
2014-08-19 10:39 630632 ----a-w- c:\program files (x86)\Sense\Sense-bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-16 20:23 223432 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-16 20:23 223432 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-16 20:23 223432 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"Viber"="c:\users\_Enik_\AppData\Local\Viber\Viber.exe" [2014-07-24 936656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-19 4085896]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2014-02-17 389368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\users\_Enik_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
devenv.bat [2014-7-21 62]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\System32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 vmicheartbeat;Hyper-V Heartbeat Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 StartMenuService;StartMenu8 Service;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 YouTubeAcceleratorService;YouTubeAcceleratorService;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 m76usb;M76USB Bluetooth Device Driver;c:\windows\System32\drivers\m76usb.sys;c:\windows\SYSNATIVE\drivers\m76usb.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-19 15:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-1.job
- c:\program files (x86)\Ge-Force\Ge-Force-codedownloader.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-2.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-2.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-4.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-4.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-6.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-6.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-7.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-7.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-1.job
- c:\program files (x86)\Sense\Sense-codedownloader.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-11.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-11.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-2.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-2.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-3.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-3.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-4.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-4.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-6.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-6.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-7.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-7.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\c802dce0-09df-40b7-8f4d-1ca8081da1f4.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-4.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4194670394-735890548-744640843-1001Core.job
- c:\users\_Enik_\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-02 13:04]
.
2014-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4194670394-735890548-744640843-1001UA.job
- c:\users\_Enik_\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-02 13:04]
.
2014-08-20 c:\windows\Tasks\fc30c4c6-2610-429e-9dcc-19f037198f37.job
- c:\program files (x86)\HD-V1.9\fc30c4c6-2610-429e-9dcc-19f037198f37.exe [2014-08-19 10:36]
.
2014-08-20 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19 15:47]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-16 20:23 262344 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-16 20:23 262344 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-16 20:23 262344 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-19 16:54 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-16 13550152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=14084445 ... J5R2NZJ5RX
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=14084445 ... J5R2NZJ5RX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}
LSP: c:\program files (x86)\YouTube Accelerator\ytalsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
BHO-{11111111-1111-1111-1111-110611171192} - (no file)
BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu8.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
.
**************************************************************************
.
Completion time: 2014-08-20 20:07:42 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-20 18:07
.
Pre-Run: 205 762 887 680 bytes free
Post-Run: 205 450 018 816 bytes free
.
- - End Of File - - 1836F357B7CA0A74509F3F79287C1CD5
A36C5E4F47E84449FF07ED3517B43A31
ComboFix 14-08-19.01 - _Enik_ 20.08.2014 19:51:50.1.4 - x64
Microsoft Windows 8 6.2.9200.0.1250.421.1051.18.3982.2201 [GMT 2:00]
Running from: c:\users\_Enik_\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: avast! Antivirus *Disabled/Updated* {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\_Enik_\AppData\Local\Microsoft\Windows\Temporary Internet Files\{3CF2E941-8FA0-4A62-823A-72BDAB9D119F}.xps
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_globalUpdate
-------\Service_nethfdrv
.
.
((((((((((((((((((((((((( Files Created from 2014-07-20 to 2014-08-20 )))))))))))))))))))))))))))))))
.
.
2014-08-19 20:28 . 2014-08-20 07:40 -------- d-----w- c:\users\_Enik_\AppData\Roaming\ViberPC
2014-08-19 20:26 . 2014-08-20 17:26 -------- d-----w- c:\users\_Enik_\AppData\Local\Viber
2014-08-19 18:25 . 2014-08-19 18:27 -------- d-----w- c:\users\_Enik_\AppData\Roaming\Dropbox
2014-08-19 17:01 . 2014-08-06 23:59 11319200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5E3116E9-F24B-4852-871F-09F466CE38EC}\mpengine.dll
2014-08-19 17:00 . 2014-01-19 07:38 270496 ------w- c:\windows\system32\MpSigStub.exe
2014-08-19 16:54 . 2014-08-19 16:54 43152 ----a-w- c:\windows\avastSS.scr
2014-08-19 16:48 . 2014-08-02 00:15 704480 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-08-19 16:48 . 2014-08-02 00:15 105440 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-08-19 16:43 . 2014-08-19 16:43 -------- d-----w- c:\programdata\Emsisoft
2014-08-19 15:47 . 2014-08-19 15:49 -------- d-----w- c:\program files (x86)\Google
2014-08-19 15:45 . 2014-08-19 15:46 -------- d-----w- c:\users\_Enik_\AppData\Local\Deployment
2014-08-19 15:45 . 2014-08-19 15:45 -------- d-----w- c:\users\_Enik_\AppData\Local\Apps
2014-08-19 15:41 . 2014-08-20 18:01 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2014-08-19 15:20 . 2014-08-19 15:21 -------- d-----w- c:\windows\1F7E4FF9D2E542589AE1E16E6CB3252A.TMP
2014-08-19 15:09 . 2014-08-20 17:24 -------- d-----w- c:\program files\Enigma Software Group
2014-08-19 15:08 . 2014-08-19 15:08 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-08-19 11:29 . 2014-06-10 22:44 35480 ----a-w- c:\windows\system32\TsWpfWrp.exe
2014-08-19 11:29 . 2014-06-10 22:43 35480 ----a-w- c:\windows\SysWow64\TsWpfWrp.exe
2014-08-19 11:17 . 2014-08-19 11:17 -------- d-----w- c:\windows\ServiceProfiles\LocalService\winhttp
2014-08-19 10:47 . 2014-08-19 10:47 687 ----a-w- C:\awh191D.tmp
2014-08-19 10:40 . 2014-08-19 10:40 687 ----a-w- C:\awh3DF4.tmp
2014-08-19 10:39 . 2014-08-20 17:10 -------- d-----w- c:\program files (x86)\Ge-Force
2014-08-19 10:39 . 2014-08-19 16:39 -------- d-----w- c:\program files (x86)\Sense
2014-08-19 10:38 . 2014-08-19 10:46 -------- d-----w- c:\program files (x86)\YouTube Accelerator
2014-08-19 10:37 . 2014-08-19 10:37 -------- d-----w- c:\users\_Enik_\AppData\Local\CrashRpt
2014-08-19 10:37 . 2014-08-19 10:43 -------- d-----w- c:\users\_Enik_\AppData\Local\5534
2014-08-19 10:36 . 2014-08-19 10:36 -------- d-----w- c:\users\_Enik_\AppData\Local\globalUpdate
2014-08-19 10:36 . 2014-08-19 10:36 -------- d-----w- c:\program files (x86)\globalUpdate
2014-08-19 10:36 . 2014-08-19 11:20 -------- d-----w- c:\program files (x86)\HD-V1.9
2014-08-19 10:35 . 2014-08-19 10:35 -------- d-----w- c:\programdata\IePluginServices
2014-08-19 10:35 . 2014-08-19 11:10 -------- d-----w- c:\users\_Enik_\AppData\Roaming\istartsurf
2014-08-19 10:35 . 2014-08-19 17:02 -------- d-----w- c:\programdata\MailUpdate
2014-08-19 10:35 . 2014-08-19 10:35 -------- d-----w- c:\users\_Enik_\AppData\Roaming\MailUpdate
2014-08-19 10:35 . 2014-08-19 15:21 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-08-18 13:40 . 2014-06-13 01:57 1453400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2014-08-18 13:40 . 2014-06-13 01:55 199680 ----a-w- c:\windows\system32\cdd.dll
2014-08-18 13:23 . 2014-06-05 17:30 10116608 ----a-w- c:\windows\system32\twinui.dll
2014-08-18 13:23 . 2014-06-05 13:12 8857600 ----a-w- c:\windows\SysWow64\twinui.dll
2014-08-18 13:23 . 2014-06-05 17:29 2885632 ----a-w- c:\windows\system32\msi.dll
2014-08-18 13:23 . 2014-06-05 17:28 2146304 ----a-w- c:\windows\system32\actxprxy.dll
2014-08-18 13:23 . 2014-06-05 13:11 2416128 ----a-w- c:\windows\SysWow64\msi.dll
2014-08-18 13:23 . 2014-06-05 17:28 2306560 ----a-w- c:\windows\system32\authui.dll
2014-08-18 13:23 . 2014-06-05 13:10 2037760 ----a-w- c:\windows\SysWow64\authui.dll
2014-08-18 13:23 . 2014-06-05 17:56 112984 ----a-w- c:\windows\system32\consent.exe
2014-08-18 13:23 . 2014-06-05 17:29 393216 ----a-w- c:\windows\system32\msihnd.dll
2014-08-18 13:23 . 2014-06-05 13:10 754176 ----a-w- c:\windows\SysWow64\actxprxy.dll
2014-08-18 13:23 . 2014-06-05 13:11 295424 ----a-w- c:\windows\SysWow64\msihnd.dll
2014-08-18 13:20 . 2014-06-19 23:35 1312768 ----a-w- c:\windows\system32\rpcrt4.dll
2014-08-18 13:20 . 2014-06-19 22:24 694272 ----a-w- c:\windows\SysWow64\rpcrt4.dll
2014-08-18 13:20 . 2014-05-29 04:04 94552 ----a-w- c:\windows\system32\drivers\mountmgr.sys
2014-08-18 13:20 . 2014-05-08 01:34 328024 ----a-w- c:\windows\system32\drivers\Classpnp.sys
2014-08-11 20:34 . 2014-08-11 20:34 -------- d-----w- c:\users\_Enik_\AppData\Local\Skype
2014-08-11 20:34 . 2014-08-11 20:34 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-08-11 20:34 . 2014-08-11 20:34 -------- d-----r- c:\program files (x86)\Skype
2014-08-10 17:57 . 2014-08-10 17:57 -------- d-----w- c:\users\_Enik_\AppData\Roaming\Atari
2014-08-10 17:56 . 2014-08-10 17:56 -------- d-----w- c:\users\_Enik_\AppData\Roaming\Leadertech
2014-08-10 17:52 . 2014-08-10 17:52 -------- d-----w- c:\program files (x86)\Atari
2014-08-10 17:51 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2014-08-10 17:51 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2014-08-10 17:51 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2014-08-10 17:51 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2014-08-10 17:51 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2014-08-10 17:51 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2014-08-10 17:51 . 2014-08-10 17:51 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2014-08-10 17:51 . 2014-08-10 17:51 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2014-08-10 16:13 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2014-08-10 16:13 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2014-08-10 16:13 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2014-08-07 13:58 . 2014-08-07 13:58 -------- d-----w- c:\windows\SysWow64\sda
2014-08-07 13:57 . 2014-08-07 13:57 9888912 ----a-w- c:\windows\SysWow64\RtsBaStorIcon.dll
2014-08-07 13:57 . 2014-08-07 13:57 298640 ----a-w- c:\windows\system32\drivers\RtsBaStor.sys
2014-08-02 17:44 . 2014-08-02 17:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-08-02 17:44 . 2014-08-02 17:44 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-08-02 17:44 . 2014-08-02 17:44 -------- d-----w- c:\program files (x86)\Java
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-08-19 16:54 . 2014-06-16 06:28 427360 ----a-w- c:\windows\system32\drivers\aswsp.sys
2014-08-19 16:54 . 2014-06-16 06:28 92008 ----a-w- c:\windows\system32\drivers\aswstm.sys
2014-08-19 16:54 . 2014-06-16 06:28 79184 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2014-08-19 16:54 . 2014-06-16 06:28 65776 ----a-w- c:\windows\system32\drivers\aswRvrt.sys
2014-08-19 16:54 . 2014-06-16 06:28 307344 ----a-w- c:\windows\system32\aswBoot.exe
2014-08-19 16:54 . 2014-06-16 06:28 29208 ----a-w- c:\windows\system32\drivers\aswHwid.sys
2014-08-19 16:54 . 2014-06-16 06:28 224896 ----a-w- c:\windows\system32\drivers\aswVmm.sys
2014-08-19 16:54 . 2014-06-16 06:28 1041168 ----a-w- c:\windows\system32\drivers\aswsnx.sys
2014-08-19 16:54 . 2014-06-16 06:28 93568 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2014-07-12 20:37 . 2014-06-18 16:39 96441528 ----a-w- c:\windows\system32\MRT.exe
2014-06-17 23:27 . 2014-07-09 15:53 1440256 ----a-w- c:\windows\SysWow64\osk.exe
2014-06-17 23:24 . 2014-07-09 15:53 1557504 ----a-w- c:\windows\system32\osk.exe
2014-06-16 06:54 . 2014-06-16 06:55 836544 ----a-w- c:\windows\system32\tadefxapo264.dll
2014-06-16 06:54 . 2014-06-16 06:55 65944 ----a-w- c:\windows\system32\tepeqapo64.dll
2014-06-16 06:54 . 2014-06-16 06:55 2103040 ----a-w- c:\windows\system32\WavesGUILib64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1361336 ----a-w- c:\windows\system32\tosade.dll
2014-06-16 06:54 . 2014-06-16 06:55 2079816 ----a-w- c:\windows\RtlExUpd.dll
2014-06-16 06:54 . 2014-06-16 06:55 946736 ----a-w- c:\windows\system32\SFSS_APO.dll
2014-06-16 06:54 . 2014-06-16 06:55 81248 ----a-w- c:\windows\system32\SFCOM64.dll
2014-06-16 06:54 . 2014-06-16 06:55 518896 ----a-w- c:\windows\system32\SRSTSX64.dll
2014-06-16 06:54 . 2014-06-16 06:55 221024 ----a-w- c:\windows\system32\SFNHK64.dll
2014-06-16 06:54 . 2014-06-16 06:55 211184 ----a-w- c:\windows\system32\SRSTSH64.dll
2014-06-16 06:54 . 2014-06-16 06:55 198896 ----a-w- c:\windows\system32\SRSHP64.dll
2014-06-16 06:54 . 2014-06-16 06:55 155888 ----a-w- c:\windows\system32\SRSWOW64.dll
2014-06-16 06:54 . 2014-06-16 06:55 148416 ----a-w- c:\windows\system32\tadefxapo.dll
2014-06-16 06:54 . 2014-06-16 06:55 78688 ----a-w- c:\windows\system32\SFAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 74064 ----a-w- c:\windows\SysWow64\SFCOM.dll
2014-06-16 06:54 . 2014-06-16 06:55 1662024 ----a-w- c:\windows\system32\RTSnMg64.cpl
2014-06-16 06:54 . 2014-06-16 06:55 3441992 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-06-16 06:54 . 2014-06-16 06:55 331880 ----a-w- c:\windows\system32\RtlCPAPI64.dll
2014-06-16 06:54 . 2014-06-16 06:55 2794056 ----a-w- c:\windows\system32\RtPgEx64.dll
2014-06-16 06:54 . 2014-06-16 06:55 78680 ----a-w- c:\windows\system32\RTEEG64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 375128 ----a-w- c:\windows\system32\RTEEP64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 3744328 ----a-w- c:\windows\system32\RtkAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 149608 ----a-w- c:\windows\system32\RtkCfg64.dll
2014-06-16 06:54 . 2014-06-16 06:55 14952 ----a-w- c:\windows\system32\RtkCoLDR64.dll
2014-06-16 06:54 . 2014-06-16 06:55 101208 ----a-w- c:\windows\system32\RTEEL64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 1003592 ----a-w- c:\windows\system32\RtkApi64.dll
2014-06-16 06:54 . 2014-06-16 06:55 204120 ----a-w- c:\windows\system32\RTEED64A.dll
2014-06-16 06:54 . 2014-06-16 06:55 613448 ----a-w- c:\windows\system32\RtDataProc64.dll
2014-06-16 06:54 . 2014-06-16 06:55 310104 ----a-w- c:\windows\system32\RP3DHT64.dll
2014-06-16 06:54 . 2014-06-16 06:55 310104 ----a-w- c:\windows\system32\RP3DAA64.dll
2014-06-16 06:54 . 2014-06-16 06:55 26987520 ----a-w- c:\windows\system32\RCoRes64.dat
2014-06-16 06:54 . 2014-06-16 06:55 142920 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1284680 ----a-w- c:\windows\system32\RTCOM64.dll
2014-06-16 06:54 . 2014-06-16 06:55 394616 ----a-w- c:\windows\system32\MaxxVolumeSDAPO.dll
2014-06-16 06:54 . 2014-06-16 06:55 9123608 ----a-w- c:\windows\system32\MaxxAudioVnA64.dll
2014-06-16 06:54 . 2014-06-16 06:55 14035712 ----a-w- c:\windows\system32\MaxxAudioRealtek64.dll
2014-06-16 06:54 . 2014-06-16 06:55 920320 ----a-w- c:\windows\system32\MaxxAudioAPOShell64.dll
2014-06-16 06:54 . 2014-06-16 06:55 612728 ----a-w- c:\windows\system32\MaxxAudioAPO4064.dll
2014-06-16 06:54 . 2014-06-16 06:55 395208 ----a-w- c:\windows\system32\MaxxAudioAPO30.dll
2014-06-16 06:54 . 2014-06-16 06:55 318808 ----a-w- c:\windows\system32\MaxxAudioAPO20.dll
2014-06-16 06:54 . 2014-06-16 06:55 2032896 ----a-w- c:\windows\system32\MaxxAudioEQ64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1903872 ----a-w- c:\windows\system32\MaxxAudioRealtek264.dll
2014-06-16 06:54 . 2014-06-16 06:55 603984 ----a-w- c:\windows\system32\KAAPORT64.dll
2014-06-16 06:54 . 2014-06-16 06:55 712296 ----a-w- c:\windows\system32\DTSSymmetryDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 693352 ----a-w- c:\windows\system32\DTSVoiceClarityDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 501192 ----a-w- c:\windows\system32\DTSU2PLFX64.dll
2014-06-16 06:54 . 2014-06-16 06:55 487368 ----a-w- c:\windows\system32\DTSU2PGFX64.dll
2014-06-16 06:54 . 2014-06-16 06:55 415688 ----a-w- c:\windows\system32\DTSU2PREC64.dll
2014-06-16 06:54 . 2014-06-16 06:55 2735648 ----a-w- c:\windows\system32\FMAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1756264 ----a-w- c:\windows\system32\DTSS2SpeakerDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1568360 ----a-w- c:\windows\system32\DTSS2HeadphoneDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 728680 ----a-w- c:\windows\system32\DTSBassEnhancementDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 491112 ----a-w- c:\windows\system32\DTSNeoPCDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 432744 ----a-w- c:\windows\system32\DTSLimiterDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 428648 ----a-w- c:\windows\system32\DTSGainCompensatorDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 242792 ----a-w- c:\windows\system32\DTSLFXAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 242792 ----a-w- c:\windows\system32\DTSGFXAPO64.dll
2014-06-16 06:54 . 2014-06-16 06:55 241768 ----a-w- c:\windows\system32\DTSGFXAPONS64.dll
2014-06-16 06:54 . 2014-06-16 06:55 1486952 ----a-w- c:\windows\system32\DTSBoostDLL64.dll
2014-06-16 06:54 . 2014-06-16 06:55 110592 ----a-w- c:\windows\system32\CONEQMSAPOGUILibrary.dll
2014-06-16 06:54 . 2014-06-16 06:55 208072 ----a-w- c:\windows\system32\AERTAC64.dll
2014-06-16 06:54 . 2014-06-16 06:55 108640 ----a-w- c:\windows\system32\AERTAR64.dll
2014-06-16 06:50 . 2014-06-16 06:50 144 ----a-w- c:\windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2014-06-16 06:33 . 2014-06-16 06:33 451 ----a-w- c:\windows\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2014-06-16 06:22 . 2014-06-16 06:22 17536 ----a-w- c:\programdata\Microsoft\windowssampling\Sqm\Manifest\Sqm3.bin
2014-06-16 06:21 . 2012-07-26 08:13 23264 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-06-11 04:18 . 2014-07-09 15:53 4038144 ----a-w- c:\windows\system32\win32k.sys
2014-06-06 14:06 . 2014-07-09 15:07 596480 ----a-w- c:\windows\system32\qedit.dll
2014-06-06 10:17 . 2014-07-09 15:07 497152 ----a-w- c:\windows\SysWow64\qedit.dll
2014-06-02 22:33 . 2014-07-09 15:34 265216 ----a-w- c:\windows\system32\InkEd.dll
2014-05-29 23:31 . 2014-07-09 16:15 452608 ----a-w- c:\windows\SysWow64\SHCore.dll
2014-05-29 23:03 . 2014-07-09 16:15 588288 ----a-w- c:\windows\system32\SHCore.dll
2014-05-29 23:02 . 2014-07-09 16:15 439808 ----a-w- c:\windows\system32\lsm.dll
2014-05-29 23:02 . 2014-07-09 16:15 1281536 ----a-w- c:\windows\system32\lsasrv.dll
2014-05-29 22:24 . 2014-07-09 15:10 576512 ----a-w- c:\windows\system32\drivers\afd.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611191111}]
2014-08-19 10:39 630632 ----a-w- c:\program files (x86)\Ge-Force\Ge-Force-bho.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}]
2014-08-19 10:39 630632 ----a-w- c:\program files (x86)\Sense\Sense-bho.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-16 20:23 223432 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-16 20:23 223432 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-16 20:23 223432 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 131248 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-07-24 21650016]
"Viber"="c:\users\_Enik_\AppData\Local\Viber\Viber.exe" [2014-07-24 936656]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AvastUI.exe"="c:\program files\AVAST Software\Avast\AvastUI.exe" [2014-08-19 4085896]
"BtTray"="c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BtTray.exe" [2014-02-17 389368]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-11 256896]
.
c:\users\_Enik_\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
devenv.bat [2014-7-21 62]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"PromptOnSecureDesktop"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableCursorSuppression"= 1 (0x1)
"ConsentPromptBehaviorUser"= 3 (0x3)
.
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 cleanhlp;cleanhlp;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys;c:\program files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [x]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys;c:\windows\SYSNATIVE\DRIVERS\ssudbus.sys [x]
R3 globalUpdatem;globalUpdate Update Service (globalUpdatem);c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe;c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [x]
R3 mvusbews;USB EWS Device;c:\windows\System32\Drivers\mvusbews.sys;c:\windows\SYSNATIVE\Drivers\mvusbews.sys [x]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys;c:\windows\SYSNATIVE\DRIVERS\ssudmdm.sys [x]
R3 vmicheartbeat;Hyper-V Heartbeat Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
R3 WUDFWpdMtp;WUDFWpdMtp;c:\windows\system32\DRIVERS\WUDFRd.sys;c:\windows\SYSNATIVE\DRIVERS\WUDFRd.sys [x]
S0 aswRvrt;avast! Revert; [x]
S0 aswVmm;avast! VM Monitor; [x]
S1 aswSnx;aswSnx;c:\windows\system32\drivers\aswSnx.sys;c:\windows\SYSNATIVE\drivers\aswSnx.sys [x]
S1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys;c:\windows\SYSNATIVE\drivers\aswSP.sys [x]
S2 aswHwid;avast! HardwareID;c:\windows\system32\drivers\aswHwid.sys;c:\windows\SYSNATIVE\drivers\aswHwid.sys [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 aswStm;aswStm;c:\windows\system32\drivers\aswStm.sys;c:\windows\SYSNATIVE\drivers\aswStm.sys [x]
S2 HPSIService;HP SI Service;c:\windows\system32\HPSIsvc.exe;c:\windows\SYSNATIVE\HPSIsvc.exe [x]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
S2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;c:\windows\system32\igfxCUIService.exe;c:\windows\SYSNATIVE\igfxCUIService.exe [x]
S2 StartMenuService;StartMenu8 Service;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe;c:\program files (x86)\IObit\Start Menu 8\StartMenuServices.exe [x]
S2 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S2 YouTubeAcceleratorService;YouTubeAcceleratorService;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe;c:\progra~2\YOUTUB~1\YouTubeAcceleratorService.exe [x]
S3 BtAudioBusSrv;Ralink Bluetooth Audio Bus Service;c:\windows\System32\Drivers\BtAudioBus.sys;c:\windows\SYSNATIVE\Drivers\BtAudioBus.sys [x]
S3 BthL2caScoIfSrv;Bluetooth Profile Interface Driver Service;c:\windows\System32\Drivers\BtL2caScoIf.sys;c:\windows\SYSNATIVE\Drivers\BtL2caScoIf.sys [x]
S3 BthLEEnum;Bluetooth Low Energy Driver;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x]
S3 btUrbFilterDrv;IVT URB Bluetooth Filter Driver Service;c:\windows\System32\Drivers\IvtUrbBtFlt.sys;c:\windows\SYSNATIVE\Drivers\IvtUrbBtFlt.sys [x]
S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x]
S3 m76usb;M76USB Bluetooth Device Driver;c:\windows\System32\drivers\m76usb.sys;c:\windows\SYSNATIVE\drivers\m76usb.sys [x]
S3 netr28x;Ralink 802.11n Extensible Wireless Driver;c:\windows\system32\DRIVERS\netr28x.sys;c:\windows\SYSNATIVE\DRIVERS\netr28x.sys [x]
S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x]
S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-08-19 15:49 1104200 ----a-w- c:\program files (x86)\Google\Chrome\Application\36.0.1985.143\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-1.job
- c:\program files (x86)\Ge-Force\Ge-Force-codedownloader.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-2.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-2.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-4.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-4.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-6.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-6.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-7.job
- c:\program files (x86)\Ge-Force\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-7.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-1.job
- c:\program files (x86)\Sense\Sense-codedownloader.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-11.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-11.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-2.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-2.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-3.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-3.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-4.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-4.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-6.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-6.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-7.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-7.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\c802dce0-09df-40b7-8f4d-1ca8081da1f4.job
- c:\program files (x86)\Sense\a7774075-6ee7-4842-9cfd-e995af862dfe-4.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4194670394-735890548-744640843-1001Core.job
- c:\users\_Enik_\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-02 13:04]
.
2014-08-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4194670394-735890548-744640843-1001UA.job
- c:\users\_Enik_\AppData\Local\Facebook\Update\FacebookUpdate.exe [2014-07-02 13:04]
.
2014-08-20 c:\windows\Tasks\fc30c4c6-2610-429e-9dcc-19f037198f37.job
- c:\program files (x86)\HD-V1.9\fc30c4c6-2610-429e-9dcc-19f037198f37.exe [2014-08-19 10:36]
.
2014-08-20 c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\globalUpdateUpdateTaskMachineUA.job
- c:\program files (x86)\globalUpdate\Update\GoogleUpdate.exe [2014-08-19 10:39]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19 15:47]
.
2014-08-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-08-19 15:47]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-06-16 20:23 262344 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-06-16 20:23 262344 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-06-16 20:23 262344 ----a-w- c:\users\_Enik_\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2014-08-19 16:54 634872 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-11 02:09 164016 ----a-w- c:\users\_Enik_\AppData\Roaming\Dropbox\bin\DropboxExt64.22.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2014-06-16 13550152]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mDefault_Search_URL = hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}
mDefault_Page_URL = hxxp://www.istartsurf.com/?type=hp&ts=14084445 ... J5R2NZJ5RX
mStart Page = hxxp://www.istartsurf.com/?type=hp&ts=14084445 ... J5R2NZJ5RX
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.istartsurf.com/web/?type=ds&ts=1408 ... earchTerms}
LSP: c:\program files (x86)\YouTube Accelerator\ytalsp.dll
TCP: DhcpNameServer = 192.168.1.1
.
.
------- File Associations -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\System32\CScript.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-CleanHlp
SafeBoot-CleanHlp.sys
BHO-{11111111-1111-1111-1111-110611171192} - (no file)
BHO-{A5A51D2A-505A-4D84-AFC6-E0FA87E47B8C} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
@SACL=(02 0000)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\AVG\AVG PC Tuneup 2011\BoostSpeed.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Ralink Corporation\Ralink Bluetooth Stack\BlueSoleilCS.exe
c:\program files (x86)\Google\Update\1.3.24.15\GoogleCrashHandler.exe
c:\program files (x86)\TeamViewer\Version9\TeamViewer.exe
c:\program files (x86)\TeamViewer\Version9\tv_w32.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu8.exe
c:\program files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe
c:\program files (x86)\teamviewer\version9\TeamViewer_Desktop.exe
.
**************************************************************************
.
Completion time: 2014-08-20 20:07:42 - machine was rebooted
ComboFix-quarantined-files.txt 2014-08-20 18:07
.
Pre-Run: 205 762 887 680 bytes free
Post-Run: 205 450 018 816 bytes free
.
- - End Of File - - 1836F357B7CA0A74509F3F79287C1CD5
A36C5E4F47E84449FF07ED3517B43A31
-
Rudy
- Site Admin
- Příspěvky: 119544
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Prehliadac sa sam vypne: FF, Chrome
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
C:\awh191D.tmp
C:\awh3DF4.tmp
c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-1.job
c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-4.job
c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-2.job
c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-6.job
c:\windows\Tasks\1a9fe3e0-df0d-453c-9d1f-102b1cc3d05a-7.job
c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-1.job
c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-11.job
c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-2.job
c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-3.job
c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-4.job
c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-6.job
c:\windows\Tasks\a7774075-6ee7-4842-9cfd-e995af862dfe-7.job
c:\windows\Tasks\c802dce0-09df-40b7-8f4d-1ca8081da1f4.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4194670394-735890548-744640843-1001Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-4194670394-735890548-744640843-1001UA.job
c:\windows\Tasks\fc30c4c6-2610-429e-9dcc-19f037198f37.job
c:\windows\Tasks\globalUpdateUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Folder::
c:\program files (x86)\Ge-Force
c:\program files (x86)\Sense
c:\users\_Enik_\AppData\Local\Facebook\Update
Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611191111}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{11111111-1111-1111-1111-110611191115}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?