HiJackThis & Mbam - DFL11
Last Updated: Mar 18 2012 20:32, Started by
DFL11
, Mar 08 2012 21:15
·
0
#1
Posted 08 March 2012 - 21:15
Mi s-a recomandat sa fac o scanare cu cele 2 programe apoi sa postez in aceasta sectiune. Multumesc pentru ajutor.
Logfile of Trend Micro HiJackThis v2.0.4 Scan saved at 8:20:23 PM, on 3/8/2012 Platform: Windows 7 (WinNT 6.00.3504) MSIE: Internet Explorer v8.00 (8.00.7600.16385) Boot mode: Normal Running processes: C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe C:\Program Files\My Lockbox\mylbx.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe C:\Windows\AsScrPro.exe C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe C:\ExpressGateUtil\VAWinAgent.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Yahoo!\Messenger\ymsgr_tray.exe C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexStoreSvr.exe C:\Program Files (x86)\Winamp\winamp.exe C:\Program Files (x86)\Mozilla Firefox\firefox.exe C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe C:\Users\Alex\Downloads\HijackThis.exe C:\Windows\SysWOW64\DllHost.exe R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896 R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896 R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157 R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = R3 - URLSearchHook: (no name) - {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) R3 - URLSearchHook: (no name) - {81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) F2 - REG:system.ini: UserInit=userinit.exe O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll O2 - BHO: Java Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll O2 - BHO: IESpeakDoc - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O2 - BHO: Java Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll O4 - HKLM\..\Run: [FLxHCIm] "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe O4 - HKLM\..\Run: [USBChargerPlusTray] C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe O4 - HKLM\..\Run: [THX TruStudio NB Settings] "C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" /r O4 - HKLM\..\Run: [CPMonitor] "C:\Program Files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" O4 - HKLM\..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msiymt32.dll,FzKhHqn O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE') O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE') O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE') O4 - Startup: Broadband Connection - Shortcut.lnk = ? O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll O9 - Extra button: (no name) - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra 'Tools' menuitem: Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL O17 - HKLM\System\CCS\Services\Tcpip\..\{23E95AFC-134D-4650-9EEB-CE2D9C6E872D}: NameServer = 193.231.252.1 213.154.124.1 O17 - HKLM\System\CS1\Services\Tcpip\..\{23E95AFC-134D-4650-9EEB-CE2D9C6E872D}: NameServer = 193.231.252.1 213.154.124.1 O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing) O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe O23 - Service: Asus process privilege adjust service (AsusUacSvc) - Unknown owner - C:\Program Files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe O23 - Service: Atheros Bt&Wlan Coex Agent - Atheros - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe O23 - Service: AtherosSvc - Atheros Commnucations - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe O23 - Service: Creative ALchemy AL6 Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing) O23 - Service: Serviciul Bitdefender Antivirus Free Edition (gzserv) - Unknown owner - C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe (file missing) O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing) O23 - Service: NBService - Nero AG - C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Ahead\Lib\NMIndexingService.exe O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing) O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing) O23 - Service: PLFlash DeviceIoControl Service - Prolific Technology Inc. - C:\Windows\SysWOW64\IoctlSvc.exe O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing) O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing) O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing) O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing) O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe O23 - Service: Intel® Turbo Boost Technology Monitor 2.0 (TurboBoost) - Intel® Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing) O23 - Service: Intel® Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing) O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing) O23 - Service: VideAceWindowsService - Unknown owner - C:\ExpressGateUtil\VAWinService.exe O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing) O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing) O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing) O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing) -- End of file - 12040 bytes Malwarebytes Anti-Malware (Trial) 1.60.1.1000 www.malwarebytes.org Database version: v2012.03.08.06 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 Alex :: ALEX-PC [administrator] Protection: Enabled 3/8/2012 8:24:51 PM mbam-log-2012-03-08 (20-24-51).txt Scan type: Full scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 282589 Time elapsed: 35 minute(s), 12 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 2 C:\Users\Alex\Downloads\soft\coretemp_1236.exe (PUP.BundleOffers.IIQ) -> Quarantined and deleted successfully. C:\Users\Alex\Downloads\soft\SoftonicDownloader_for_youtube-downloader-hd.exe (PUP.BundleOffer.Downloader.S) -> Quarantined and deleted successfully. (end) |
#2
Posted 08 March 2012 - 22:34
Uploadeaza pe VirusTotal.com fisierul:
O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msiymt32.dll,FzKhHqn |
#3
Posted 08 March 2012 - 22:50
Am gasit in C doar fisierul rundll32.exe . Scanarea : https://www.virustot...sis/1331239494/ . Chiar de acel fisier vreau sa scap "msiymt32.dll" dar nu dau de el. Am scris aici care este problema : http://forum.softped...howtopic=849049 .
|
#4
Posted 09 March 2012 - 18:50
Rundll32 e un proces din Windows, care lasa fisierele DLL sa ruleze ca exetutabile (EXE). Deci ala e virusul, problema e ca e ascuns. Asa ca du-te intr-o fereastra de Windows Explorer, apasa tasta ALT si o sa-ti apara sus un meniu. Te duci la Tools->Folder Options..->View si schimba setarile:
Show hidden files, folders, and drives - SELECTAT Hide extension for known file types - DEBIFAT Hide protected operatins system files (Recommended) - DEBIFAT Acum ar trebui sa-ti apara. Si scaneaza cu asta si pune aici logul. EDIT: Daca dupa toate astea nu mai gaseste nimic, fixeaza asta: O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msiymt32.dll,FzKhHqn Edited by BlueStrut, 09 March 2012 - 18:56. |
#5
Posted 09 March 2012 - 19:58
Scanarea a fost curata..am bifat/debifat cele 3 optiuni propuse de tine. Problema e ca eu as sterge fisieru respectiv msiymt32.dll dar nu-l gasesc pe nicaieri... am dat si search prin C si tot degeaba..nu pot localiza acel fisier..nu stiu cum pot scapa de el. Totusi sper sa nu fie nici un virus ( HiJackThis, mbam si Avira nu gasesc nimic suspect )..ma gandesc ca e doar o eroare de la un fost program instalat.. Daca ai vreo idee cum sa localizez acel fisier si sa-l sterg ascult...daca nu-s solutii asta e.. nu cred ca are rost sa fac o formatare pentru asta. Merci!
Edited by DFL11, 09 March 2012 - 19:59. |
#6
Posted 09 March 2012 - 20:26
OK, fixeaza asta:
O4 - HKCU\..\Run: [MSIDLL] C:\Windows\SysWOW64\rundll32.exe msiymt32.dll,FzKhHqn Si ai terminat. Nu trebuie sa formatezi din atata. |
#7
Posted 09 March 2012 - 21:15
Ok! Merci pentru ajutor...se pare ca am terminat in aceasta sectiune .
|
#9
Posted 12 March 2012 - 17:57
Trebuie sa ruleze si ComboFix sa scape de toate ramasitele:
Descarca: ComboFix si salveaza-l pe Desktop. Apoi asigura-te ca ai inchis toate programele care ruleaza (Yahoo Messenger, MozilaFirefox, etc) si ruleaza ComboFix. Te va intreba daca sa inceapa sa curete sistemul. Confirma cu Yes de fiecare data. Nu-l opri in timp ce scaneaza si dezinfecteaza sistemul. E posibil ca in timpul rularii lui desktop-ul sa dispara, dar nu te ingrijora. La sfarsit va afisa rezultatele scanarii. Salveaza acel fisier si posteaza continutul AICI. |
#10
Posted 16 March 2012 - 23:23
Mii de multumiri crysty2k5! Scuze de acest reply intarziat dar cam renuntasem la idea ca pot scapa de acea eroare. Nemaipomenit progamelu si lucreaza si repede...in 5 minute am scapat dpa nu stiu cate aplicatii pt fix dll si antivirusi. Logul nu stiu daca mai are rost sa-l postez...banuiesc ca am sistemul curat acum. Merci inca o data!
Totusi : ComboFix 12-03-16.04 - Alex 03/16/2012 23:06:16.1.8 - x64 Microsoft Windows 7 Ultimate 6.1.7600.0.1252.1.1033.18.8169.6434 [GMT 2:00] Running from: c:\users\Alex\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\100 c:\users\Alex\AppData\Local\Temp\72DF.tmp c:\windows\AsPatch10430001.exe c:\windows\SysWow64\tmpA3CD.tmp c:\windows\SysWow64\tmpA4B8.tmp . . ((((((((((((((((((((((((( Files Created from 2012-02-16 to 2012-03-16 ))))))))))))))))))))))))))))))) . . 2012-03-16 21:09 . 2012-03-16 21:09 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-03-16 16:21 . 2012-03-16 16:27 -------- d-----w- c:\users\Alex\CTI 2012-03-12 11:41 . 2012-03-12 11:41 -------- d-----w- c:\users\Alex\AppData\Local\Downloaded Installations 2012-03-12 09:22 . 2012-03-12 09:22 -------- d-----w- c:\program files (x86)\DLLSuite 2012-03-10 15:24 . 2003-06-12 21:25 7062 ----a-w- c:\windows\SysWow64\audiopid.vxd 2012-03-08 18:22 . 2012-03-08 18:22 -------- d-----w- c:\users\Alex\AppData\Roaming\Malwarebytes 2012-03-08 18:22 . 2012-03-08 18:22 -------- d-----w- c:\programdata\Malwarebytes 2012-03-03 15:58 . 2012-03-03 15:58 -------- d-----w- c:\users\Alex\AppData\Roaming\WallpaperSS 2012-03-03 12:09 . 2012-03-03 12:09 -------- d-----w- c:\program files (x86)\Backgammon Classic 7 2012-03-03 01:49 . 2012-03-03 01:49 -------- d-----w- c:\program files (x86)\Common Files\Adobe 2012-03-03 01:48 . 2012-03-03 01:48 -------- d-----w- C:\MSCache 2012-03-03 01:48 . 2012-03-03 01:48 -------- d-----w- c:\program files (x86)\Common Files\Windows Driver Foundation 2012-03-03 01:48 . 2012-03-03 01:48 -------- d-----w- c:\program files (x86)\Media Center Programs 2012-03-03 01:48 . 2012-03-03 01:48 -------- d-----w- c:\program files (x86)\Macromedia 2012-03-03 01:48 . 2012-03-03 01:48 -------- d-----w- c:\program files (x86)\Intel Corporation 2012-03-02 16:28 . 2011-10-07 08:49 2770944 ----a-w- c:\windows\system32\drivers\athrx.sys 2012-02-24 16:21 . 2012-02-24 16:22 -------- d-----w- c:\program files (x86)\Microsoft Works 2012-02-24 16:20 . 2012-02-24 16:20 -------- d-----w- c:\windows\PCHEALTH 2012-02-24 16:19 . 2012-02-24 16:19 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-02-24 16:19 . 2012-02-24 16:19 -------- d-----w- c:\users\Alex\AppData\Local\Microsoft Help 2012-02-24 16:19 . 2012-02-24 16:23 -------- d-----w- c:\programdata\Microsoft Help 2012-02-24 16:18 . 2012-02-24 16:18 -------- d-----r- C:\MSOCache 2012-02-24 16:08 . 2012-02-24 16:08 -------- d-----w- c:\users\Alex\AppData\Local\Ahead 2012-02-24 16:07 . 2012-02-24 16:07 -------- d-----w- c:\users\Alex\AppData\Roaming\Ahead 2012-02-24 16:07 . 2012-02-24 16:07 -------- d-----w- c:\programdata\Ahead 2012-02-24 16:07 . 2012-02-24 16:07 -------- d-----w- c:\program files (x86)\Common Files\Ahead 2012-02-24 16:07 . 2012-02-24 16:07 -------- d-----w- c:\programdata\Nero 2012-02-24 16:07 . 2012-02-24 16:07 -------- d-----w- c:\program files (x86)\Nero 2012-02-24 16:00 . 2012-02-24 16:00 -------- d-----w- c:\users\Alex\AppData\Roaming\Yahoo! 2012-02-24 04:52 . 2009-07-14 01:39 2868224 ----a-w- c:\windows\explorer_backup_w7sbc.exe 2012-02-24 04:45 . 2012-02-24 04:44 925184 ----a-w- c:\windows\expstart.exe 2012-02-24 04:40 . 2012-02-24 04:45 -------- d-----w- c:\windows\W7SOC 2012-02-24 04:40 . 2009-07-14 01:39 2868224 ----a-w- c:\windows\explorer.backup.exe 2012-02-24 00:54 . 2012-02-24 00:54 237 ----a-w- C:\user.js 2012-02-24 00:54 . 2012-03-03 12:40 -------- d-----w- c:\programdata\TheBflix 2012-02-24 00:54 . 2012-02-24 00:54 -------- d-----w- c:\users\Alex\AppData\Local\Babylon 2012-02-24 00:53 . 2012-02-24 00:53 -------- d-----w- c:\users\Alex\AppData\Roaming\Babylon 2012-02-24 00:53 . 2012-02-24 00:53 -------- d-----w- c:\programdata\Babylon 2012-02-24 00:52 . 2012-02-24 00:54 -------- d-----w- c:\programdata\InstallMate 2012-02-24 00:30 . 2009-07-14 01:41 332288 ----a-w- c:\windows\system32\uxtheme.dll.backup 2012-02-24 00:30 . 2009-07-14 01:41 2851328 ----a-w- c:\windows\system32\themeui.dll.backup 2012-02-24 00:30 . 2009-07-14 01:41 44544 ----a-w- c:\windows\system32\themeservice.dll.backup 2012-02-23 22:44 . 2009-07-14 01:28 20268032 ----a-w- c:\windows\system32\imageres.dll 2012-02-23 22:43 . 2010-06-17 15:40 53904 ----a-w- c:\windows\system32\wbload.dll 2012-02-23 22:43 . 2012-02-23 22:43 -------- d-----w- c:\program files (x86)\Stardock 2012-02-23 22:42 . 2012-02-23 22:42 -------- d-----w- c:\users\Alex\AppData\Local\PackageAware 2012-02-23 22:42 . 2012-02-23 22:42 -------- d-----w- C:\dell 2012-02-21 01:02 . 2012-02-21 01:14 -------- d-----w- c:\program files (x86)\TeamViewer 2012-02-19 21:53 . 2012-02-19 21:53 -------- d-----w- c:\windows\system32\Macromed . . . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-03-16 20:59 . 2012-01-15 12:27 45056 ----a-w- c:\windows\system32\acovcnt.exe 2012-02-19 21:53 . 2012-01-15 15:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2012-02-15 16:12 . 2012-01-23 21:28 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-02-14 20:41 . 2012-02-14 20:42 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll 2012-01-23 21:30 . 2012-01-23 21:26 61819 ----a-w- c:\programdata\1327354001.bdinstall.bin 2012-01-17 18:14 . 2012-01-17 18:14 279616 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys 2012-01-15 13:56 . 2012-01-15 13:56 110474 ----a-w- c:\programdata\1326635720.bdinstall.bin 2012-01-15 12:32 . 2012-01-15 12:32 466520 ----a-w- c:\windows\system32\wrap_oal.dll 2012-01-15 12:32 . 2012-01-15 12:32 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll 2012-01-15 12:32 . 2012-01-15 12:32 123480 ----a-w- c:\windows\system32\OpenAL32.dll 2012-01-15 12:32 . 2012-01-15 12:32 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll 2012-01-15 12:31 . 2012-01-15 12:31 80512 ----a-w- c:\windows\AsusScr_G74 Series_ENG Uninstaller.exe 2012-01-15 12:29 . 2012-01-15 12:29 3058304 ----a-w- c:\windows\AsScrPro.exe 2011-12-29 18:00 . 2012-01-15 14:02 79360 ----a-w- c:\windows\SysWow64\ff_vfw.dll 2011-12-21 18:14 . 2012-01-15 14:02 151552 ----a-w- c:\windows\SysWow64\ac3acm.acm . . ------- Sigcheck ------- Note: Unsigned files aren't necessarily malware. . [-] 2009-07-14 . 916005C9A4DF2B270F57ED2428C742C3 . 2868224 . . [6.1.7600.16385] .. c:\windows\explorer.exe [7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\W7SOC\explorer.exe [7] 2009-07-14 . C235A51CB740E45FFA0EBFB9BAFCDA64 . 2868224 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592] "BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe" [2008-01-22 152872] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2011-04-08 43008] "ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992] "ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624] "HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016] "Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536] "USBChargerPlusTray"="c:\program files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe" [2011-04-18 496560] "ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2012-01-15 3058304] "THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-03-16 909312] "CPMonitor"="c:\program files (x86)\Roxio\CinePlayer\5.0\CPMonitor.exe" [2011-04-01 84464] "VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2011-04-07 45448] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-09-23 258512] "GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] . c:\users\Alex\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Broadband Connection - Shortcut.lnk - [N/A] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 0 (0x0) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableLUA"= 0 (0x0) "EnableUIADesktopToggle"= 0 (0x0) "PromptOnSecureDesktop"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "midi5"=wdmaud.drv . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-] "UpdReg"=c:\windows\UpdReg.EXE "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 gzserv;Serviciul Bitdefender Antivirus Free Edition;c:\program files\Bitdefender\Antivirus Free Edition\gzserv.exe [x] R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x] R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-01-15 79360] R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-01-15 79360] R3 dump_wmimmc;dump_wmimmc;d:\l2\system\GameGuard\dump_wmimmc.sys [x] R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RTSUVSTOR.sys [x] R3 TurboBoost;Intel® Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504] S0 FSProFilter;FSPro File Filter;c:\windows\System32\Drivers\FSPFltd.sys [x] S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928] S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-09-23 86224] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416] S2 AsusUacSvc;Asus process privilege adjust service;c:\program files\Asus\Rotation Desktop for G Series\AsusUacSvc.exe [2010-07-27 113840] S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400] S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-04-27 378472] S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2010-10-27 1974080] S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x] S2 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [2010-10-05 2655768] S2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2011-03-25 91464] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys [x] S3 ALSysIO;ALSysIO;c:\users\Alex\AppData\Local\Temp\ALSysIO64.sys [x] S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x] S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [x] S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [x] S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [x] S3 MEIx64;Intel® Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x] S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x] S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2010-10-07 11856] . . Contents of the 'Scheduled Tasks' folder . 2012-03-16 c:\windows\Tasks\Windows Driver Foundation.job - c:\program files (x86)\Common Files\Windows Driver Foundation\WUDFHost.exe [2012-03-03 01:48] . . --------- x86-64 ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-04-07 11788392] "AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120] "AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552] "IntelTBRunOnce"="wscript.exe" [2009-07-14 168960] "THXCfg64"="c:\windows\system32\RunDLL32.exe" [2009-07-14 45568] "mylbx"="c:\program files\My Lockbox\mylbx.exe" [2011-06-21 1984832] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows] "LoadAppInit_DLLs"=0x0 . HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs UxTuneUp . ------- Supplementary Scan ------- . uLocal Page = c:\windows\system32\blank.htm mLocal Page = c:\windows\SysWOW64\blank.htm IE: E&xport to Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000 TCP: Interfaces\{23E95AFC-134D-4650-9EEB-CE2D9C6E872D}: NameServer = 193.231.252.1 213.154.124.1 FF - ProfilePath - c:\users\Alex\AppData\Roaming\Mozilla\Firefox\Profiles\c6b00gfc.default\ FF - prefs.js: browser.startup.homepage - www.google.ro FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=100996 FF - user.js: extensions.BabylonToolbar_i.babExt - FF - user.js: extensions.BabylonToolbar_i.srcExt - ss FF - user.js: extensions.BabylonToolbar_i.id - 22735b74000000000000000000000000 FF - user.js: extensions.BabylonToolbar_i.hardId - 22735b74000000000000000000000000 FF - user.js: extensions.BabylonToolbar_i.instlDay - 15394 FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17 FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.172:54 FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar FF - user.js: extensions.BabylonToolbar_i.aflt - babsst FF - user.js: extensions.BabylonToolbar_i.smplGrp - none FF - user.js: extensions.BabylonToolbar_i.tlbrId - base FF - user.js: extensions.BabylonToolbar_i.instlRef - sst . - - - - ORPHANS REMOVED - - - - . URLSearchHooks-{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - (no file) URLSearchHooks-{81017EA9-9AA8-4A6A-9734-7AF40E7D593F} - (no file) Wow6432Node-HKCU-Run-MSIDLL - msiymt32.dll WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file) HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe . . . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc] "ImagePath"="c:\windows\system32\GameMon.des -service" . --------------------- LOCKED REGISTRY KEYS --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.10" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @Denied: (A 2) (Everyone) @="IFlashBroker4" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Completion time: 2012-03-16 23:13:09 ComboFix-quarantined-files.txt 2012-03-16 21:13 . Pre-Run: 66,152,312,832 bytes free Post-Run: 65,806,757,888 bytes free . - - End Of File - - 75261389DECE03331EE0EFF29A815C29 |
|
#11
Posted 18 March 2012 - 12:37
Urca fisierul asta pe VirusTotal.com:
c:\windows\W7SOC\explorer.exe Daca e curat nu mai ai probleme. Doar iti recomand sa dezinstalezi toolbarurile. |
#13
Posted 18 March 2012 - 20:24
DA folosesc orb changer . Merci pentru recomandare, am dezinstalat si toolbars ... merge brici acum !
|
Anunturi
Bun venit pe Forumul Softpedia!
▶ 0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users