Bezdôvodná záťaž, neočakávané vypnutia

[BATO]

Zdravím.
Procesor je občasne vyťažovaný bez viditeľného dôvodu, čo má za následok prehrievanie a následné vypnutie počítača. Je mi jasné, že by to notebook robiť nemal, no je to Acer Extensa, takže je preň prehrievanie normálne od výroby.
Prosím o kontrolu logu a prípadné rady pri upratovaní zoo. RSIT sa odmieta spustiť pod účtom s obmedzenými právami, takže výpis súborov je pre adminovský účet, snáď to nevadí.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Root at 2012-08-05 14:30:11
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 19 GB (23%) free of 82 GB
Total RAM: 3067 MB (57% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:30:16, on 5. 8. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Launch Manager\LManager.exe
C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe
C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files (x86)\Keyboard Driver\KMConfig.exe
C:\Program Files (x86)\Keyboard Driver\KMProcess.exe
C:\Program Files\trend micro\Root.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {DDA57003-0068-4ed2-9D32-4D1EC707D94D} - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O4 - HKLM\..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe
O4 - HKLM\..\Run: [KMCONFIG] C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe KMConfig.exe
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\RunOnce: [InstallShieldSetup] C:\PROGRA~2\INSTAL~1\{EDF3E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{EDF3E~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup1] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup2] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup3] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup4] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup5] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup6] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup7] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup8] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup9] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup10] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup11] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup12] C:\PROGRA~2\INSTAL~1\{ED5EE~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{ED5EE~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup13] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup14] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup15] C:\PROGRA~2\INSTAL~1\{ED5EE~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{ED5EE~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup16] C:\PROGRA~2\INSTAL~1\{ED5EE~1\Setup.exe -rebootC:\PROGRA~2\INSTAL~1\{ED5EE~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup17] C:\PROGRA~2\INSTAL~1\{ED5EE~1\Setup.exe -rebootC:\PROGRA~2\INSTAL~1\{ED5EE~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup18] C:\PROGRA~2\INSTAL~1\{ED5EE~1\Setup.exe -rebootC:\PROGRA~2\INSTAL~1\{ED5EE~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup19] C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{DA6FA~1\reboot.ini -l0x9
O4 - HKLM\..\RunOnce: [InstallShieldSetup20] C:\PROGRA~2\INSTAL~1\{EDF3E~1\setup.exe -rebootC:\PROGRA~2\INSTAL~1\{EDF3E~1\reboot.ini -l0x9
O4 - HKCU\..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe
O4 - HKCU\..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1103841439-4170654282-1718029683-1000\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User 'Martin')
O4 - HKUS\S-1-5-21-1103841439-4170654282-1718029683-1000\..\Run: [ISUSPM Startup] c:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup (User 'Martin')
O4 - Global Startup: UltraMon.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{095DE697-E8FB-4015-B5DE-637CB5F33333}: NameServer = 147.251.197.1,147.251.4.33
O17 - HKLM\System\CS1\Services\Tcpip\..\{095DE697-E8FB-4015-B5DE-637CB5F33333}: NameServer = 147.251.197.1,147.251.4.33
O17 - HKLM\System\CS2\Services\Tcpip\..\{095DE697-E8FB-4015-B5DE-637CB5F33333}: NameServer = 147.251.197.1,147.251.4.33
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-30007 (IISADMIN) - Unknown owner - C:\Windows\system32\inetsrv\inetinfo.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Keyboard And Mouse Communication Service (KMWDSERVICE) - UASSOFT.COM - C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: O2Micro Flash Memory Card Service (o2flash) - O2Micro International - C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: @%windir%\system32\inetsrv\iisres.dll,-20001 (WMSVC) - Unknown owner - C:\Windows\system32\inetsrv\wmsvc.exe (file missing)
O23 - Service: XAudioService - Unknown owner - C:\Windows\system32\DRIVERS\xaudio64.exe (file missing)

--
End of file - 12837 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
"C:\Program Files\Microsoft Security Client\MsMpEng.exe"
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k ftpsvc
"C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
C:\Windows\system32\inetsrv\inetinfo.exe
"C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe"
"C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe" -runService:MsDepSvc
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\DRIVERS\xaudio64.exe
WLIDSvcM.exe 2504
C:\Windows\System32\alg.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-02a6602c-53af-471f-ac44-446223f523df -SystemEventPortName:HostProcess-3adde8cc-cd6e-44f8-b4e7-e4877e7434d8 -IoCancelEventPortName:HostProcess-9c3b4170-86c9-4fc6-befc-bec174c132f9 -NonStateChangingEventPortName:HostProcess-3eec4cd2-dca0-4d34-852e-aacde9cc9713 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:ba4773c8-0db5-4274-bf6c-d7bff3a59c4d
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Microsoft IntelliPoint\ipoint.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files\Rainlendar2\Rainlendar2.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\UltraMon\UltraMon.exe" /auto
"C:\Program Files\UltraMon\UltraMonTaskbar.exe"
"C:\Program Files (x86)\Launch Manager\LManager.exe"
"C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe" KMConfig.exe
"C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe" -start
KMConfig.exe
"C:\Program Files (x86)\Keyboard Driver\KMProcess.exe"
"C:\Program Files (x86)\Common Files\Realtime Soft\RTSHookInterop\x32\RTSHookInterop.exe" -Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\UltraMon\UltraMonUiAcc.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files\Microsoft Security Client\MpCmdRun.exe" SpyNetService -RestrictPrivileges -AccessKey 3B32B84F-6021-A59C-49FC-71416936DC7A -Reinvoke
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\Martin\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\n62cb0y3.default

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/wpi,version=1.4]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.268 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_268.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.4]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\n62cb0y3.default\extensions\
{51a86bb3-6602-4c85-92a5-130ee4864f13}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre6\bin\ssv.dll [2012-04-16 347424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2012-04-16 49440]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DDA57003-0068-4ed2-9D32-4D1EC707D94D}]
Microsoft Web Test Recorder 10.0 Helper - C:\Program Files (x86)\Microsoft Visual Studio 10.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2010-03-19 61360]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~2\PCTRAN~1\webie.dll [2004-05-13 319488]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-02-24 11780712]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-12-22 2538280]
"IntelliPoint"=c:\Program Files\Microsoft IntelliPoint\ipoint.exe [2011-04-13 2399632]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"=C:\Windows\SYSTEM32\WerFault.exe [2009-07-14 415232]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2010-07-11 3413504]
"ISUSPM Startup"=C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LogMeIn Hamachi Ui]
C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2012-06-27 1996200]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
C:\Program Files\Microsoft Security Client\msseces.exe [2012-03-26 1271168]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SafeQ Client]
C:\Program Files (x86)\Y Soft\SafeQ Client\Client\SafeQ Client.exe [2012-01-16 249856]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SN02IPRW]
C:\Windows\SysWOW64\SN02SELC.EXE -w []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2009-07-17 1079584]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^forteManager.lnk]
C:\Program Files (x86)\LG Soft India\forteManager\bin\Monitor.exe -startup []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^fortePivot.lnk]
C:\PROGRA~2\LGSOFT~1\FORTEP~1\bin\FORTEP~1.EXE [2009-12-17 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^ImageBooster.lnk]
C:\PROGRA~2\LGSOFT~1\IMAGEB~1\bin\IMAGEB~1.EXE [2010-09-21 491520]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-03-05 1130504]
"KMCONFIG"=C:\Program Files (x86)\Keyboard Driver\StartAutorun.exe [2008-05-30 212992]
"ISUSScheduler"=C:\Program Files (x86)\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-04-06 641664]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"=C:\PROGRA~2\INSTAL~1\{EDF3E~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup1"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup2"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup3"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup4"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup5"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup6"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup7"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup8"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup9"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup10"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup11"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup12"=C:\PROGRA~2\INSTAL~1\{ED5EE~1\setup.exe [2012-06-02 116688]
"InstallShieldSetup13"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup14"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup15"=C:\PROGRA~2\INSTAL~1\{ED5EE~1\setup.exe [2012-06-02 116688]
"InstallShieldSetup16"=C:\PROGRA~2\INSTAL~1\{ED5EE~1\Setup.exe [2012-06-02 116688]
"InstallShieldSetup17"=C:\PROGRA~2\INSTAL~1\{ED5EE~1\Setup.exe [2012-06-02 116688]
"InstallShieldSetup18"=C:\PROGRA~2\INSTAL~1\{ED5EE~1\Setup.exe [2012-06-02 116688]
"thoosjegadgets"= []
"InstallShieldSetup19"=C:\PROGRA~2\INSTAL~1\{DA6FA~1\setup.exe [2012-05-28 116688]
"InstallShieldSetup20"=C:\PROGRA~2\INSTAL~1\{EDF3E~1\setup.exe [2012-05-28 116688]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
UltraMon.lnk - C:\Windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-08-05 14:30:12 ----D---- C:\Program Files\trend micro
2012-08-05 14:30:11 ----D---- C:\rsit
2012-08-05 11:02:21 ----D---- C:\Program Files (x86)\Oracle
2012-08-05 11:01:58 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-08-05 11:01:46 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-08-05 11:01:46 ----A---- C:\Windows\SYSWOW64\java.exe
2012-07-19 20:26:40 ----D---- C:\Program Files (x86)\PC Translator
2012-07-15 08:55:12 ----D---- C:\Program Files (x86)\Webteh
2012-07-11 07:26:01 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 07:18:14 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-07-11 07:18:14 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-11 07:18:13 ----A---- C:\Windows\SYSWOW64\url.dll
2012-07-11 07:18:13 ----A---- C:\Windows\system32\url.dll
2012-07-11 07:18:12 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-07-11 07:18:12 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-07-11 07:18:12 ----A---- C:\Windows\system32\urlmon.dll
2012-07-11 07:18:12 ----A---- C:\Windows\system32\iertutil.dll
2012-07-11 07:18:11 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-07-11 07:18:11 ----A---- C:\Windows\system32\ieui.dll
2012-07-11 07:18:10 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-07-11 07:18:10 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-11 07:18:09 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-07-11 07:18:08 ----A---- C:\Windows\system32\wininet.dll
2012-07-11 07:18:08 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-11 07:18:07 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-07-11 07:18:07 ----A---- C:\Windows\system32\jscript9.dll
2012-07-11 07:18:06 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-07-11 07:18:06 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-07-11 07:18:06 ----A---- C:\Windows\system32\jscript.dll
2012-07-11 07:18:04 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-07-11 07:18:02 ----A---- C:\Windows\system32\mshtml.dll
2012-07-11 07:18:00 ----A---- C:\Windows\system32\ieframe.dll
2012-07-11 07:17:59 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-07-11 02:02:26 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 02:02:24 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 02:02:24 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 02:02:23 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 02:02:23 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 02:02:23 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 02:02:21 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 02:02:17 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 02:02:11 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 02:02:10 ----A---- C:\Windows\system32\cdosys.dll
2012-07-11 02:02:06 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 02:02:05 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 02:02:05 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 02:02:05 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 02:02:05 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 02:02:05 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 02:02:05 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 02:02:04 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 02:02:04 ----A---- C:\Windows\SYSWOW64\secur32.dll

======List of files/folders modified in the last 1 month======

2012-08-05 14:30:12 ----RD---- C:\Program Files
2012-08-05 14:29:42 ----D---- C:\Windows\Temp
2012-08-05 12:29:50 ----RD---- C:\Program Files (x86)
2012-08-05 12:11:58 ----D---- C:\Windows\system32\config
2012-08-05 12:09:22 ----D---- C:\Windows\Prefetch
2012-08-05 12:00:15 ----D---- C:\Windows\Minidump
2012-08-05 12:00:15 ----D---- C:\Windows\debug
2012-08-05 12:00:15 ----D---- C:\Windows
2012-08-05 11:30:54 ----D---- C:\Windows\system32\inetsrv
2012-08-05 11:30:35 ----RD---- C:\Users
2012-08-05 11:20:05 ----SHD---- C:\System Volume Information
2012-08-05 11:12:18 ----SHD---- C:\Windows\Installer
2012-08-05 11:12:18 ----D---- C:\Program Files (x86)\Common Files
2012-08-05 11:12:15 ----D---- C:\Windows\SysWOW64
2012-08-04 16:14:13 ----D---- C:\Windows\System32
2012-08-04 16:14:13 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-04 16:14:12 ----D---- C:\Windows\inf
2012-08-04 02:29:10 ----D---- C:\Program Files (x86)\SpeedFan
2012-08-02 20:05:07 ----D---- C:\Windows\pss
2012-07-30 18:54:23 ----D---- C:\Windows\system32\catroot2
2012-07-29 04:49:34 ----D---- C:\Windows\Tasks
2012-07-29 04:49:34 ----D---- C:\Windows\system32\Tasks
2012-07-29 04:49:29 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-25 21:27:42 ----D---- C:\ProgramData\firebird
2012-07-15 13:16:10 ----A---- C:\Windows\BRWMARK.INI
2012-07-11 17:13:26 ----D---- C:\ProgramData\Skype
2012-07-11 17:13:17 ----RD---- C:\Program Files (x86)\Skype
2012-07-11 17:08:12 ----D---- C:\Windows\winsxs
2012-07-11 08:13:13 ----D---- C:\Windows\SYSWOW64\migration
2012-07-11 08:13:13 ----D---- C:\Windows\system32\migration
2012-07-11 08:13:13 ----D---- C:\Windows\system32\drivers
2012-07-11 08:13:13 ----D---- C:\Program Files\Internet Explorer
2012-07-11 08:13:13 ----D---- C:\Program Files (x86)\Internet Explorer
2012-07-11 07:26:16 ----D---- C:\Windows\system32\catroot
2012-07-11 07:25:59 ----D---- C:\ProgramData\Microsoft Help
2012-07-11 07:25:32 ----A---- C:\Windows\win.ini
2012-07-11 07:19:38 ----A---- C:\Windows\system32\MRT.exe
2012-07-09 23:01:00 ----D---- C:\Program Files (x86)\JDownloader
2012-07-07 15:24:54 ----D---- C:\Program Files (x86)\Mozilla Firefox

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-03-20 203888]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2011-03-18 29592]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-03-05 513080]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 MpKsl5f9496b3;MpKsl5f9496b3; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{807932E0-59F6-4135-9598-3C35F5BEA2A1}\MpKsl5f9496b3.sys [2012-08-05 35664]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 228272]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 56688]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 mdmxsdk;mdmxsdk; C:\Windows\system32\DRIVERS\mdmxsdk.sys [2006-06-20 17024]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
R3 CAXHWAZL;CAXHWAZL; C:\Windows\system32\DRIVERS\CAXHWAZL.sys [2006-10-19 296448]
R3 DKbFltr;Dritek Keyboard Filter Driver (64-bit); C:\Windows\SysWOW64\Drivers\DKbFltr.sys [2011-03-05 25608]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 HSF_DPV;HSF_DPV; C:\Windows\system32\DRIVERS\CAX_DPV.sys [2006-10-19 1513472]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-02-24 2753512]
R3 KMWDFILTER;HIDUASDesc; C:\Windows\system32\DRIVERS\KMWDFILTER.sys [2008-03-22 30208]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\Windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
R3 O2MDRDR;O2MDRDR; C:\Windows\system32\DRIVERS\o2mdx64.sys [2012-04-23 62040]
R3 O2SDRDR;O2SDRDR; C:\Windows\system32\DRIVERS\o2sdx64.sys [2012-04-23 51928]
R3 Point64;Microsoft IntelliPoint Filter Driver; C:\Windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
R3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-12-22 1407024]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2009-12-12 31232]
R3 VBoxNetFlt;VBoxNetFlt Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 175664]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
R3 winachsf;winachsf; C:\Windows\system32\DRIVERS\CAX_CNXT.sys [2006-10-19 731648]
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
S3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys [2009-07-02 98344]
S3 btwavdt;Bluetooth AVDT Service; C:\Windows\system32\DRIVERS\btwavdt.sys [2009-07-02 132648]
S3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
S3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys [2009-07-02 21160]
S3 cpuz131;cpuz131; \??\C:\Users\Root\AppData\Local\Temp\cpuz131\cpuz_x64.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit; C:\Windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
S3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
S3 s116bus;Sony Ericsson Device 116 driver (WDM); C:\Windows\system32\DRIVERS\s116bus.sys [2007-04-03 108296]
S3 s116obex;Sony Ericsson Device 116 USB WMC OBEX Interface; C:\Windows\system32\DRIVERS\s116obex.sys [2007-04-03 123656]
S3 s116unic;Sony Ericsson Device 116 USB Ethernet Emulation SEMC116 (WDM); C:\Windows\system32\DRIVERS\s116unic.sys [2007-04-03 130824]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\Windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 SrvHsfHDA;SrvHsfHDA; C:\Windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
S3 SrvHsfV92;SrvHsfV92; C:\Windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
S3 SrvHsfWinac;SrvHsfWinac; C:\Windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 156080]
S3 VBoxUSB;VirtualBox USB; C:\Windows\System32\Drivers\VBoxUSB.sys [2011-02-17 45616]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 VSPerfDrv100;Performance Tools Driver 10.0; \??\C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-04-06 236544]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-17 864032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ezGOSvc;Easybits GO Services for Windows; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 ftpsvc;@%windir%\system32\inetsrv\ftpres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
R2 IISADMIN;@%windir%\system32\inetsrv\iisres.dll,-30007; C:\Windows\system32\inetsrv\inetinfo.exe [2010-11-20 15872]
R2 KMWDSERVICE;Keyboard And Mouse Communication Service; C:\Program Files (x86)\Keyboard Driver\KMWDSrv.exe [2008-06-23 208896]
R2 MsDepSvc;Web Deployment Agent Service; C:\Program Files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-03-26 12600]
R2 o2flash;O2Micro Flash Memory Card Service; C:\Program Files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe [2012-04-23 65536]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-06-06 654848]
S3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 OpenVPNService;OpenVPN Service; C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe [2009-12-12 36352]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1255736]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

[Rudy]

Také zdravím!
Poprosím o log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[BATO]

Takže, prvý krát som ComboFix pustil v bežnom účte ako administrátor. Trvalo mu to 3/4 hodiny a počas behu niekoľko krát padol proces Commandline Standard Stream Splitter. Hovoril som si že sa asi len niečo pokašľalo, tak som to pustil druhý krát priamo v účte s administrátorskými právami. Scenár sa bohužiaľ opakoval. Rezidentný štít som mal pritom vypnutý.

Prikladám logy z prvého aj druhého behu:
1. beh je tu, 2. beh bude v následujúcej odpovedi

ComboFix 12-08-05.02 - Root . 08. 2012 21:54:25.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.3067.1694 [GMT 2:00]
Running from: c:\users\Martin\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Martin\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 20:29 . 2012-08-05 20:29 -------- d-----w- c:\users\Root\AppData\Local\temp
2012-08-05 20:29 . 2012-08-05 20:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 12:30 . 2012-08-05 12:30 -------- d-----w- c:\program files\trend micro
2012-08-05 12:30 . 2012-08-05 12:30 -------- d-----w- C:\rsit
2012-08-05 09:02 . 2012-08-05 09:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-05 09:02 . 2012-08-05 09:02 -------- d-----w- c:\program files (x86)\Oracle
2012-08-05 01:17 . 2012-08-05 12:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{807932E0-59F6-4135-9598-3C35F5BEA2A1}\offreg.dll
2012-08-05 01:17 . 2012-08-05 01:17 35664 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{807932E0-59F6-4135-9598-3C35F5BEA2A1}\MpKsl5f9496b3.sys
2012-08-04 21:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{807932E0-59F6-4135-9598-3C35F5BEA2A1}\mpengine.dll
2012-08-03 14:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-19 18:26 . 2012-07-19 18:27 -------- d-----w- c:\program files (x86)\PC Translator
2012-07-15 11:16 . 2012-07-15 11:16 -------- d-----r- c:\users\Martin\AppData\Roaming\Brother
2012-07-15 06:55 . 2012-07-15 06:55 -------- d-----w- c:\program files (x86)\Webteh
2012-07-11 05:26 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 04:07 . 2012-07-09 04:07 -------- d-----w- c:\users\TEMP
2012-07-07 13:24 . 2012-06-14 22:20 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-07 13:24 . 2012-06-14 22:20 624608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-07 13:24 . 2012-06-14 22:20 43488 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-07 13:24 . 2012-06-14 22:20 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-07 13:24 . 2012-06-14 22:20 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-07 13:24 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-07 13:24 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 02:49 . 2012-03-31 09:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 02:49 . 2011-05-18 09:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 05:19 . 2011-03-05 17:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 20:06 . 2012-06-08 08:50 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2011-09-09 11:33 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 21:16 . 2012-06-09 21:16 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 21:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 21:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 21:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 00:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 00:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2010-07-11 3413504]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-05 1130504]
"KMCONFIG"="c:\program files (x86)\Keyboard Driver\StartAutorun.exe" [2008-05-30 212992]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"InstallShieldSetup"="c:\progra~2\INSTAL~1\{EDF3E~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup1"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup2"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup3"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup4"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup5"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup6"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup7"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup8"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup9"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup10"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup11"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup12"="c:\progra~2\INSTAL~1\{ED5EE~1\setup.exe" [2012-06-01 116688]
"InstallShieldSetup13"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup14"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup15"="c:\progra~2\INSTAL~1\{ED5EE~1\setup.exe" [2012-06-01 116688]
"InstallShieldSetup16"="c:\progra~2\INSTAL~1\{ED5EE~1\Setup.exe" [2012-06-01 116688]
"InstallShieldSetup17"="c:\progra~2\INSTAL~1\{ED5EE~1\Setup.exe" [2012-06-01 116688]
"InstallShieldSetup18"="c:\progra~2\INSTAL~1\{ED5EE~1\Setup.exe" [2012-06-01 116688]
"InstallShieldSetup19"="c:\progra~2\INSTAL~1\{DA6FA~1\setup.exe" [2012-05-28 116688]
"InstallShieldSetup20"="c:\progra~2\INSTAL~1\{EDF3E~1\setup.exe" [2012-05-28 116688]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2012-5-31 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
R3 cpuz131;cpuz131;c:\users\Root\AppData\Local\Temp\cpuz131\cpuz_x64.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 156080]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-02-17 45616]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 MpKsl5f9496b3;MpKsl5f9496b3;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{807932E0-59F6-4135-9598-3C35F5BEA2A1}\MpKsl5f9496b3.sys [2012-08-05 35664]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 228272]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 56688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [2008-06-23 208896]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-10-19 296448]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2012-04-23 62040]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2012-04-23 51928]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 175664]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 20:17]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 20:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"*WerKernelReporting"="c:\windows\SYSTEM32\WerFault.exe" [2009-07-14 415232]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{095DE697-E8FB-4015-B5DE-637CB5F33333}: NameServer = 147.251.197.1,147.251.4.33
TCP: Interfaces\{72762AAE-814B-4C76-87FE-C64723258E31}\77966696D2562796B6: NameServer = 147.251.197.1,147.251.4.33
FF - ProfilePath - c:\users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\n62cb0y3.default\
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{51a86bb3-6602-4c85-92a5-130ee4864f13} - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
Wow6432Node-HKLM-RunOnce-thoosjegadgets - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 22:34:48
ComboFix-quarantined-files.txt 2012-08-05 20:34
.
Pre-Run: 18 911 162 368 bytes free
Post-Run: 18 306 670 592 bytes free
.
- - End Of File - - 9EF9FC013E79532A430EFD32064B66C0

[BATO]

2. beh:

ComboFix 12-08-05.02 - Root . 08. 2012 22:49:55.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.3067.1839 [GMT 2:00]
Running from: c:\users\Root\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-05 to 2012-08-05 )))))))))))))))))))))))))))))))
.
.
2012-08-05 21:26 . 2012-08-05 21:26 -------- d-----w- c:\users\Martin\AppData\Local\temp
2012-08-05 21:26 . 2012-08-05 21:26 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-05 21:26 . 2012-08-05 21:26 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-05 20:42 . 2012-08-05 20:42 -------- d-----w- c:\users\Root\AppData\Roaming\Realtime Soft
2012-08-05 20:34 . 2012-08-05 21:26 -------- d-----w- c:\users\Root\AppData\Local\temp
2012-08-05 12:30 . 2012-08-05 12:30 -------- d-----w- c:\program files\trend micro
2012-08-05 12:30 . 2012-08-05 12:30 -------- d-----w- C:\rsit
2012-08-05 09:02 . 2012-08-05 09:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-05 09:02 . 2012-08-05 09:02 -------- d-----w- c:\program files (x86)\Oracle
2012-08-05 01:17 . 2012-08-05 12:29 69000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{807932E0-59F6-4135-9598-3C35F5BEA2A1}\offreg.dll
2012-08-04 21:42 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{807932E0-59F6-4135-9598-3C35F5BEA2A1}\mpengine.dll
2012-08-03 14:53 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-07-19 18:26 . 2012-07-19 18:27 -------- d-----w- c:\program files (x86)\PC Translator
2012-07-15 11:16 . 2012-07-15 11:16 -------- d-----r- c:\users\Martin\AppData\Roaming\Brother
2012-07-15 06:55 . 2012-07-15 06:55 -------- d-----w- c:\program files (x86)\Webteh
2012-07-11 05:26 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 04:07 . 2012-07-09 04:07 -------- d-----w- c:\users\TEMP
2012-07-07 13:24 . 2012-06-14 22:20 85472 ----a-w- c:\program files (x86)\Mozilla Firefox\components\browsercomps.dll
2012-07-07 13:24 . 2012-06-14 22:20 624608 ----a-w- c:\program files (x86)\Mozilla Firefox\gkmedias.dll
2012-07-07 13:24 . 2012-06-14 22:20 43488 ----a-w- c:\program files (x86)\Mozilla Firefox\mozglue.dll
2012-07-07 13:24 . 2012-06-14 22:20 157608 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice_installer.exe
2012-07-07 13:24 . 2012-06-14 22:20 113120 ----a-w- c:\program files (x86)\Mozilla Firefox\maintenanceservice.exe
2012-07-07 13:24 . 2012-06-14 22:19 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-07-07 13:24 . 2012-06-14 22:19 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 02:49 . 2012-03-31 09:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 02:49 . 2011-05-18 09:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 05:19 . 2011-03-05 17:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 20:06 . 2012-06-08 08:50 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2011-09-09 11:33 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 21:16 . 2012-06-09 21:16 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 21:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 21:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 21:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 00:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 00:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_20.30.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-03-07 02:26 . 2012-08-04 21:26 12120 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-07 02:26 . 2012-08-05 20:45 12120 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-08-05 20:48 46188 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2011-03-05 16:37 . 2012-07-25 06:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-05 16:37 . 2012-08-05 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-05 16:37 . 2012-08-05 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-05 16:37 . 2012-07-25 06:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-25 06:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-05 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-05 17:12 . 2012-08-05 20:48 2694 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1103841439-4170654282-1718029683-1001_UserData.bin
+ 2012-08-04 21:27 . 2012-08-05 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-08-04 21:27 . 2012-08-05 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-04 21:27 . 2012-08-05 20:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 21:27 . 2012-08-05 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2010-07-11 3413504]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-05 1130504]
"KMCONFIG"="c:\program files (x86)\Keyboard Driver\StartAutorun.exe" [2008-05-30 212992]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2012-5-31 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
R3 cpuz131;cpuz131;c:\users\Root\AppData\Local\Temp\cpuz131\cpuz_x64.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 156080]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-02-17 45616]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 228272]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 56688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [2008-06-23 208896]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-10-19 296448]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2012-04-23 62040]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2012-04-23 51928]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 175664]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 20:17]
.
2012-08-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 20:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{095DE697-E8FB-4015-B5DE-637CB5F33333}: NameServer = 147.251.197.1,147.251.4.33
TCP: Interfaces\{72762AAE-814B-4C76-87FE-C64723258E31}\77966696D2562796B6: NameServer = 147.251.197.1,147.251.4.33
FF - ProfilePath - c:\users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\n62cb0y3.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-05 23:29:28
ComboFix-quarantined-files.txt 2012-08-05 21:29
ComboFix2.txt 2012-08-05 20:34
.
Pre-Run: 18 429 165 568 bytes free
Post-Run: 18 328 731 648 bytes free
.
- - End Of File - - F484A39FF2A20E87A9A97CEDB95975DE

[Rudy]

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000UA.job

Registry::
[-HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFscript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[BATO]

Sorry že to tak trvalo, mal som veľa práce.

Takže script som pustil. Opäť to trvalo asi 3/4 hodiny. Niekoľko krát hlásilo spadnutie Commandline Standard Stream Splitter. Potom sa počítač reštartoval. Keď som sa prihlásil, tak asi 10 minút cez obrazovku rýchlo preblikávali cmd okná a ComboFix okná. Usúdil som, že to asi nie je normálne a tak som účet odhlásil. Prihlásil som sa v administrátorskom účte, kde sa zjavilo ComboFix okno s informáciou, že sa pripravuje log. To tiež trvalo pekne dlho. Keď toto skončilo, tak som nemohol spustiť ani MS Security Essentials ani Firefox. Že vraj Illegal operation attempted on a registry key that has been marked for deletion. Naštastie reštart pomohol.

Pozerám že nervy robil nejaký Wow6432Node a GoogleUpdater. Podľa toho čo som čítal a ak som to správne pochopil, tak ten Wow6432 sprístupňuje položky registrov pre 32bit programy na 64bit systémoch. Môžem aspoň v skratke vedieť prečo sa museli tie záznamy zamknúť a jeden musel ísť preč?

Tu je log:
ComboFix 12-08-07.02 - Root . 08. 2012 18:45:07.3.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1033.18.3067.1809 [GMT 2:00]
Running from: c:\users\Martin\Desktop\ComboFix.exe
Command switches used :: c:\users\Martin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-07-07 to 2012-08-07 )))))))))))))))))))))))))))))))
.
.
2012-08-07 17:04 . 2012-08-07 17:15 -------- d-----w- c:\users\Root\AppData\Local\temp
2012-08-07 17:04 . 2012-08-07 17:04 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-08-07 17:04 . 2012-08-07 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 03:12 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B70C9C51-7EFD-413C-826B-F1E65FD5008A}\mpengine.dll
2012-08-05 21:56 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-08-05 21:29 . 2012-08-07 17:15 -------- d-----w- c:\users\Martin\AppData\Local\temp
2012-08-05 20:42 . 2012-08-05 20:42 -------- d-----w- c:\users\Root\AppData\Roaming\Realtime Soft
2012-08-05 12:30 . 2012-08-05 12:30 -------- d-----w- c:\program files\trend micro
2012-08-05 12:30 . 2012-08-05 12:30 -------- d-----w- C:\rsit
2012-08-05 09:02 . 2012-08-05 09:02 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-08-05 09:02 . 2012-08-05 09:02 -------- d-----w- c:\program files (x86)\Oracle
2012-07-19 18:26 . 2012-07-19 18:27 -------- d-----w- c:\program files (x86)\PC Translator
2012-07-15 11:16 . 2012-07-15 11:16 -------- d-----r- c:\users\Martin\AppData\Roaming\Brother
2012-07-15 06:55 . 2012-07-15 06:55 -------- d-----w- c:\program files (x86)\Webteh
2012-07-11 05:26 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-09 04:07 . 2012-07-09 04:07 -------- d-----w- c:\users\TEMP
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-29 02:49 . 2012-03-31 09:27 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-29 02:49 . 2011-05-18 09:47 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 05:19 . 2011-03-05 17:43 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-07-05 20:06 . 2012-06-08 08:50 772544 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-07-05 20:06 . 2011-09-09 11:33 687544 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-06-09 21:16 . 2012-06-09 21:16 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-02 22:19 . 2012-06-21 21:47 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-21 21:47 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-21 21:47 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-21 21:47 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-21 21:47 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-21 21:47 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-21 21:47 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-21 21:47 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-21 21:47 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 00:02 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 00:02 225280 ----a-w- c:\windows\SysWow64\schannel.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-08-05_20.30.02 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-08-05 09:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-07 17:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-08-07 17:10 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-05 09:33 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-08-05 09:33 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-07 17:10 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-05 16:59 . 2012-08-07 17:07 52400 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
- 2011-03-07 02:26 . 2012-08-04 21:26 12120 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2011-03-07 02:26 . 2012-08-06 20:16 12120 c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2009-07-14 05:10 . 2012-08-07 17:07 46386 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-05 16:47 . 2012-08-07 17:07 17344 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1103841439-4170654282-1718029683-1000_UserData.bin
- 2011-03-05 16:37 . 2012-07-25 06:21 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-05 16:37 . 2012-08-05 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-03-05 16:37 . 2012-08-05 20:51 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2011-03-05 16:37 . 2012-07-25 06:21 32768 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-07-25 06:21 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-08-05 20:51 16384 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-03-05 17:12 . 2012-08-05 20:48 2694 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1103841439-4170654282-1718029683-1001_UserData.bin
- 2012-08-04 21:27 . 2012-08-05 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 17:05 . 2012-08-07 17:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-08-07 17:05 . 2012-08-07 17:05 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-08-04 21:27 . 2012-08-05 09:28 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-06 08:06 . 2012-08-06 20:15 707936 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 05:01 . 2012-08-04 21:26 387964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-08-07 17:04 387964 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-05-19 15:39 . 2012-08-07 17:04 1106312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-05-19 15:39 . 2012-08-04 21:26 1106312 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-05 18:35 . 2012-08-07 17:04 63289924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1103841439-4170654282-1718029683-1000-8192.dat
- 2011-03-05 18:35 . 2012-08-04 21:26 63289924 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1103841439-4170654282-1718029683-1000-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Rainlendar2"="c:\program files\Rainlendar2\Rainlendar2.exe" [2010-07-11 3413504]
"ISUSPM Startup"="c:\progra~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-05 1130504]
"KMCONFIG"="c:\program files (x86)\Keyboard Driver\StartAutorun.exe" [2008-05-30 212992]
"ISUSScheduler"="c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-04-05 641664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
UltraMon.lnk - c:\windows\Installer\{83CCCBDC-3A56-4F3B-89DF-69386C3B7D62}\IcoUltraMon.ico [2012-5-31 29310]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [2010-04-14 54824]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 35104]
R3 cpuz131;cpuz131;c:\users\Root\AppData\Local\Temp\cpuz131\cpuz_x64.sys [x]
R3 LGDDCDevice;LGDDCDevice;c:\program files (x86)\LG Soft India\forteManager\bin\I2CDriver.sys [x]
R3 LGII2CDevice;LGII2CDevice;c:\program files (x86)\LG Soft India\forteManager\bin\PII2CDriver.sys [x]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 98688]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 291696]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2011-02-17 156080]
R3 VBoxUSB;VirtualBox USB;c:\windows\system32\Drivers\VBoxUSB.sys [2011-02-17 45616]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-06 1255736]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 WSDPrintDevice;WSD Print Support via UMB;c:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2011-02-17 228272]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2011-02-17 56688]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-04-06 236544]
S2 ezGOSvc;Easybits GO Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 KMWDSERVICE;Keyboard And Mouse Communication Service;c:\program files (x86)\Keyboard Driver\KMWDSrv.exe [2008-06-23 208896]
S2 MsDepSvc;Web Deployment Agent Service;c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe [2011-04-01 67400]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-04-06 11174400]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-04-06 343040]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 CAXHWAZL;CAXHWAZL;c:\windows\system32\DRIVERS\CAXHWAZL.sys [2006-10-19 296448]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2009-09-15 6952960]
S3 O2MDRDR;O2MDRDR;c:\windows\system32\DRIVERS\o2mdx64.sys [2012-04-23 62040]
S3 O2SDRDR;O2SDRDR;c:\windows\system32\DRIVERS\o2sdx64.sys [2012-04-23 51928]
S3 Point64;Microsoft IntelliPoint Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2011-04-13 45432]
S3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2011-02-17 175664]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-06 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000Core.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 20:17]
.
2012-08-07 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1103841439-4170654282-1718029683-1000UA.job
- c:\users\Martin\AppData\Local\Google\Update\GoogleUpdate.exe [2012-03-02 20:17]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2010-03-21 06:55 99080 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2010-10-06 23:36 97792 ----a-w- c:\users\Martin\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-02-24 11780712]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2011-04-13 2399632]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 1271168]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
ezGOSvc
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: Interfaces\{095DE697-E8FB-4015-B5DE-637CB5F33333}: NameServer = 147.251.197.1,147.251.4.33
TCP: Interfaces\{72762AAE-814B-4C76-87FE-C64723258E31}\77966696D2562796B6: NameServer = 147.251.197.1,147.251.4.33
FF - ProfilePath - c:\users\Root\AppData\Roaming\Mozilla\Firefox\Profiles\n62cb0y3.default\
.
- - - - ORPHANS REMOVED - - - -
.
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\MsDepSvc]
"ImagePath"="\"c:\program files\IIS\Microsoft Web Deploy\MsDepSvc.exe\" -runService:MsDepSvc"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\O2Micro Flash Memory Card Driver\o2flash.exe
.
**************************************************************************
.
Completion time: 2012-08-07 19:21:39 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-07 17:21
ComboFix2.txt 2012-08-05 21:29
ComboFix3.txt 2012-08-05 20:34
.
Pre-Run: 18 353 483 776 bytes free
Post-Run: 17 743 659 008 bytes free
.
- - End Of File - - CB30A0F1AE28D4E5ADB4D5FB19D7A0CD

[Rudy]

Log vypadá OK. Smazali jsme soubory od GoogleUpdate (zbytečnost - tato aktualizace nemusí bý automatická. Smazán byl registry klíč který spouštěl toto:

InstallShieldSetup"="c:\progra~2\INSTAL~1\{EDF3E~1\setup.exe

a několik dalších podobných položek, které se lišily jen nepatrnou změnou názvu. Soubor (i spouštěcí klíč) v PC nemá co dělat, buď je to šmejd, nebo něco přinejmneším zbytečného.
Příkaz RegLock nic nezamyká, ale naopak odemyká klíče zamčené systémem. Klíče se odemykají proto, aby nebyly později problémy s některými aplikacemi.
Pokud jste se snažil během skenu něco spouštět, je to zásadní chyba (v návodu je na toto upozornění). Taktéž přerušovat běh CF se nedoporučuje, snadno tak lze systém shodit. Pokud se v budoucnu objeví nějaký systémový problém, pak vězte, že to může souviset s tímto vaším jednáním.

[BATO]

Rudy, ospravedlňujem sa, že som neposlúchol upozornenie v návode. Ale 10 minút preblikávajúcich okien mi neprišlo ako normálna vec. Ak áno, možno by to bolo dobré zahrnúť tiež do upozornení, ak by sa našlo viacero nedočkavcov ako som ja. Len som predpokladal, že ComboFix po reštarte (asi ten reboot v skripte) stratil oprávnenia správcu, nepožiadal si o ne znova a stále dookola sa snažil niečo vykonať. Nemám druhý počítač, z ktorého by som si mohol napísať o radu a pritom nezasiahnuť do behu. Akonáhle som sa prihlásil ako správca, tak ComboFix sa zase spustil a vytvoril log.

Stále mi ale vŕtajú v hlave tie pády Commandline Standard Stream Splitter-u počas behu ComboFix-u. Je to tiež normálne?

Dúfam, že som si tým prerušením behu žiadne problémy nespôsobil.

Veľmi pekne ďakujem za pomoc a prečistenie. Síce som sa predtým snažil systém počistiť (uninstall, CCleaner, msconfig), vedel som že odborník niečo ešte nájde a čistenie dotiahne do dokonalosti. Uvidím, či sa budú problémy ešte opakovať.

Ešte raz ďakujem a prajem veľa zdaru.

[Rudy]

....behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho..

Myslím, že nemám, co bych k tomu dodal, navíc je tam jasné upozernění, že rychlost skenu je přímo úměrná rychlosti stroje.

To, jestli bude nějaký problém, uvidíte časem.

Stále mi ale vŕtajú v hlave tie pády Commandline Standard Stream Splitter-u počas behu ComboFix-u. Je to tiež normálne?

Normální to určitě není, ale problém nezpůsobuje virus. PC je čistý. Pokud ještě nějaký problém bude, ozvěte se.

Nemáte zač a díky za přání!