Prosím o pomoc s vírusom

Zpráva

yurij666 · #1 Příspěvek od **yurij666** » 07 lis 2012 22:32

Dobrý deň,
žiadam o pomoc s pravdepodobne vírusom. Pri bežnom surfovaní na nete (FB, gmail. google obrázky, 9gag) mi zrazu preblikol display a vyhodilo mi veľa okien ktoré hlásili chybu na disku. Okrem toho sa aj zmenila spodná lista so Štartom (môj OS je Win 7 home premium 64bit na notebooku) - zmenili sa ikony, zvláštne sa zväčšili a objavila sa tam ikonka "tento počítač", okrem toho mi zmizli aj ikonky z plochy. Pri prvom reštarte ostal len tento počítač a kôš a pri druhom už ani tie nie, ale objavila sa tam ikonka File Recovery, ktorý sa automaticky zapol a začal robiť kontrolu HDD. Hneď som predpokladal, že ide o vírus, tak som rýchlo vypol pc, keďže samotný program vypnúť nešlo a snažil som na druhom pc nájsť riešenie. Skúšal som ho podľa jedného návodu vyhľadať cez SAFE MODE ale tento pokus bol neúspešný. Za ním nasledovalo ešte veľa ďalších pokusov s antivirusom (avast) aj malwarebytes. Po niekoľkých pokusoch som už ani nemohol zapnúť notebook tak som dal do mechaniky recovery disk a vrátil sa o pár dni dozadu. Notebook išiel ako pred tým a všetko bolo ok. Odkazy sa vrátili na plochu, cez malwarebytes som našiel 4 škodlivé veci a okamžite ich vymazal.
Na druhy deň cca o rovnakom čase a ešte aj pri rovnakej činnosti (FB, mail) sa mi to stalo zas. Presne to isté, prebliknutie, zmena lišty, zmiznutie ikoniek, veľa okien s hlásením chyby. Viete mi prosím vás poradiť v čom by mohol byť problém a ako ho riešiť? Dopredu veľmi pekne ďakujem za pomoc.
Log:

Logfile of random's system information tool 1.09 (written by random/random)
Run by Toshiba at 2012-11-07 20:30:24
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 253 GB (43%) free of 594 GB
Total RAM: 8099 MB (71% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:30:34, on 7. 11. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16450)
Boot mode: Safe mode with network support

Running processes:
C:\Program Files\Alwil Software\Avast5\AvastUI.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\trend micro\Toshiba.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://toshiba.msn.com
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT1750559
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=ironpu ... =632806193
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: TOSHIBA Media Controller Plug-in - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [NBAgent] "C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" /WinStart
O4 - HKLM\..\Run: [SVPWUTIL] C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe SVPwUTIL
O4 - HKLM\..\Run: [HWSetup] C:\Program Files\TOSHIBA\Utilities\HWSetup.exe hwSetUP
O4 - HKLM\..\Run: [KeNotify] "C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe" LPCM
O4 - HKLM\..\Run: [TSleepSrv] %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
O4 - HKLM\..\Run: [TRCMan] C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe
O4 - HKLM\..\Run: [PWRISOVM.EXE] C:\Program Files (x86)\PowerISO\PWRISOVM.EXE
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe
O4 - HKLM\..\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
O4 - HKLM\..\Run: [avast] "C:\Program Files\Alwil Software\Avast5\avastUI.exe" /nogui
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [uTorrent] "C:\Program Files (x86)\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Google Update] "C:\Users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [TOPI.EXE] C:\Program Files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe /STARTUP (User 'Default user')
O4 - .DEFAULT User Startup: TRDCReminder.lnk = C:\Program Files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe (User 'Default user')
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Adobe Acrobat Synchronizer.lnk = C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
O4 - Global Startup: Toshiba Places Icon Utility.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Pridať do TOSHIBA Bulletin Board - res://C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-229 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\TOSHIBA\BulletinBoard\TosNcUi.dll,-228 - {97F922BD-8563-4184-87EE-8C4ACA438823} - C:\Program Files\TOSHIBA\BulletinBoard\TosBBCom.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} (System Requirements Lab) - http://www.nvidia.com/content/DriverDow ... ab_nvd.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files (x86)\Bonjour\mDNSResponder.exe
O23 - Service: ConfigFree WiMAX Service (cfWiMAXService) - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe
O23 - Service: ConfigFree Service - TOSHIBA CORPORATION - C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Hi-Rez Studios Authenticate and Update Service (HiPatchService) - Hi-Rez Studios - C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: RaySat_3dsmax8 Server (mi-raysat_3dsmax8) - Unknown owner - C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @C:\Program Files (x86)\Nero\Update\NASvc.exe,-200 (NAUpdate) - Nero AG - C:\Program Files (x86)\Nero\Update\NASvc.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TabletServiceWacom - Wacom Technology, Corp. - C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe
O23 - Service: Notebook Performance Tuning Service (TEMPRO) (TemproMonitoringService) - Toshiba Europe GmbH - C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe
O23 - Service: TOSHIBA HDD Protection (Thpsrv) - Unknown owner - C:\windows\system32\ThpSrv.exe (file missing)
O23 - Service: TMachInfo - TOSHIBA Corporation - C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
O23 - Service: TOSHIBA Optical Disc Drive Service (TODDSrv) - Unknown owner - C:\windows\system32\TODDSrv.exe (file missing)
O23 - Service: TOSHIBA Power Saver (TosCoSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
O23 - Service: TOSHIBA Bluetooth Service - TOSHIBA CORPORATION - C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
O23 - Service: TOSHIBA eco Utility Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TECO\TecoService.exe
O23 - Service: TOSHIBA HDD SSD Alert Service - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
O23 - Service: TPCH Service (TPCHSrv) - TOSHIBA Corporation - C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management and Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: WTService - Unknown owner - C:\windows\system32\atwtusb.exe (file missing)

--
End of file - 17791 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
winlogon.exe
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
/QuitInfo:00000000000004B8;00000000000004BC; /AddRef;
/QuitInfo:0000000000000504;0000000000000508; /AddRef;
/QuitInfo:00000000000004EC;0000000000000510;
C:\windows\Explorer.EXE
ctfmon.exe
"C:\Program Files\Alwil Software\Avast5\AvastUI.exe"
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe"
"C:\Program Files (x86)\Opera\opera.exe"
"C:\Users\Toshiba\AppData\Local\Opera\Opera\temporary_downloads\RSITx64.exe"
C:\windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-152509178-208103365-4157059487-1001Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-152509178-208103365-4157059487-1001UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2012-08-21 1501776]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2011-09-05 63912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4}]
DivX Plus Web Player HTML5 <video> - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll [2011-05-23 115072]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Plug-In - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2010-09-27 1250696]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-04-17 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F3C88694-EFFA-4d78-B409-54B7B2535B14}]
TOSHIBA Media Controller Plug-in - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2010-12-05 529784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE64.dll [2012-08-21 1501776]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-03-01 1089288]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2006-10-22 321120]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\Alwil Software\Avast5\aswWebRepIE.dll [2012-08-21 1227224]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
""= []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2011-04-08 167256]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2011-04-08 391000]
"Persistence"=C:\windows\system32\igfxpers.exe [2011-04-08 418136]
"TPwrMain"=C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [2011-03-02 566696]
"HSON"=C:\Program Files\TOSHIBA\TBS\HSON.exe [2010-09-25 296824]
"TCrdMain"=C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2010-12-15 973176]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-01-26 11775592]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-01-18 2188904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-02-04 2679592]
"ThpSrv"=C:\windows\system32\thpsrv /logon []
"Teco"=C:\Program Files\TOSHIBA\TECO\Teco.exe [2011-01-28 1519016]
"TosSENotify"=C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [2010-12-08 710040]
"TosWaitSrv"=C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [2010-12-21 711576]
"TosVolRegulator"=C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [2009-11-11 24376]
"TosNC"=C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [2011-03-03 597928]
"TosReelTimeMonitor"=C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [2010-12-14 38304]
"Toshiba TEMPRO"=C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe [2011-02-10 1546720]
"Toshiba Registration"=C:\Program Files\TOSHIBA\Registration\ToshibaReminder.exe [2011-04-17 150992]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"MacrokeyManager"=C:\windows\system32\WTMKM.exe [2010-12-24 7319784]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"uTorrent"=C:\Program Files (x86)\uTorrent\uTorrent.exe [2012-10-07 895376]
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2012-08-04 1353080]
"Google Update"=C:\Users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 136176]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TWebCamera]
C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe [2011-03-19 4311416]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [2011-09-05 35736]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-03-30 937920]
"NBAgent"=C:\Program Files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe [2011-01-07 1406248]
"SVPWUTIL"=C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [2010-11-09 532480]
"HWSetup"=C:\Program Files\TOSHIBA\Utilities\HWSetup.exe [2010-03-05 423936]
"KeNotify"=C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [2010-08-16 34160]
"TSleepSrv"=C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [2010-06-05 252792]
"TRCMan"=C:\Program Files (x86)\TOSHIBA\TRCMan\TRCMan.exe [2010-11-02 714104]
"PWRISOVM.EXE"=C:\Program Files (x86)\PowerISO\PWRISOVM.EXE [2008-11-02 167936]
"Acrobat Assistant 8.0"=C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2006-10-22 620152]
""= []
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2010-03-17 421888]
"amd_dc_opt"=C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe [2008-07-22 77824]
"DivXUpdate"=C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [2011-07-29 1259376]
"avast"=C:\Program Files\Alwil Software\Avast5\avastUI.exe [2012-08-21 4282728]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Adobe Acrobat Speed Launcher.lnk - C:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe
Adobe Acrobat Synchronizer.lnk - C:\Program Files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe
Toshiba Places Icon Utility.lnk - C:\Program Files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2011-04-05 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"vidc.CDV5"=cdv5codc.dll
"vidc.CLLC"=cllccodc.dll
"vidc.CUVC"=cuvccodc.dll
"vidc.CDVC"=cdvccodc.dll
"vidc.CDVH"=cdvhcodc.dll
"vidc.CMIC"=cmiccodc.dll
"vidc.CHQX"=chqxcodc.dll
"vidc.C210"=c210codc.dll
"VIDC.FPS1"=frapsv64.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-11-07 20:30:27 ----D---- C:\Program Files\trend micro
2012-11-07 20:30:24 ----D---- C:\rsit
2012-11-07 19:49:53 ----A---- C:\windows\ntbtlog.txt
2012-11-05 20:13:35 ----D---- C:\Program Files (x86)\NokiaFREE Unlock Codes Calculator
2012-11-02 03:20:27 ----SHD---- C:\found.002
2012-10-23 09:25:37 ----D---- C:\Program Files (x86)\Activision
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvwgf2um.dll
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvopencl.dll
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvoglv32.dll
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvd3dum.dll
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvcuvid.dll
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvcuvenc.dll
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvcuda.dll
2012-10-17 19:26:11 ----A---- C:\windows\SYSWOW64\nvcompiler.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvwgf2umx.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvopencl.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvoglv64.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvdispgenco64.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvd3dumx.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvcuvid.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvcuvenc.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvcuda.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\nvcompiler.dll
2012-10-17 19:26:11 ----A---- C:\windows\system32\drivers\nvpciflt.sys
2012-10-17 19:26:11 ----A---- C:\windows\system32\drivers\nvlddmkm.sys
2012-10-10 22:41:48 ----D---- C:\Users\Toshiba\AppData\Roaming\Malwarebytes
2012-10-10 22:37:19 ----D---- C:\ProgramData\Malwarebytes
2012-10-10 22:37:17 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-10-10 22:37:17 ----A---- C:\windows\system32\drivers\mbam.sys
2012-10-10 21:43:04 ----A---- C:\Users\Toshiba\AppData\Roaming\msconfig.ini
2012-10-10 10:08:54 ----A---- C:\windows\system32\drivers\ntfs.sys
2012-10-10 10:08:52 ----A---- C:\windows\system32\ntoskrnl.exe
2012-10-10 10:08:50 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-10-10 10:08:50 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-10-10 10:08:40 ----A---- C:\windows\system32\KernelBase.dll
2012-10-10 10:08:40 ----A---- C:\windows\system32\kernel32.dll
2012-10-10 10:08:39 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2012-10-10 10:08:39 ----A---- C:\windows\SYSWOW64\kernel32.dll
2012-10-10 10:08:39 ----A---- C:\windows\system32\winsrv.dll
2012-10-10 10:08:39 ----A---- C:\windows\system32\conhost.exe
2012-10-10 10:08:38 ----A---- C:\windows\system32\wow64.dll
2012-10-10 10:08:37 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 10:08:37 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 10:08:37 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 10:08:37 ----A---- C:\windows\SYSWOW64\wow32.dll
2012-10-10 10:08:37 ----A---- C:\windows\SYSWOW64\setup16.exe
2012-10-10 10:08:37 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2012-10-10 10:08:37 ----A---- C:\windows\system32\wow64win.dll
2012-10-10 10:08:37 ----A---- C:\windows\system32\wow64cpu.dll
2012-10-10 10:08:37 ----A---- C:\windows\system32\ntvdm64.dll
2012-10-10 10:08:36 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 10:08:36 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 10:08:36 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2012-10-10 10:08:36 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 10:08:36 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 10:08:36 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-10-10 10:08:36 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-10-10 10:08:36 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 10:08:35 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2012-10-10 10:08:35 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 10:08:35 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-10-10 10:08:35 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-10-10 10:08:35 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-10-10 10:08:35 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-10-10 10:08:35 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 10:08:35 ----A---- C:\windows\SYSWOW64\instnm.exe
2012-10-10 10:08:34 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 10:08:34 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 10:08:34 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 10:08:34 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-10-10 10:08:34 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2012-10-10 10:08:34 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-10-10 10:08:34 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-10-10 10:08:34 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-10-10 10:08:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 10:08:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2012-10-10 10:08:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 10:08:33 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2012-10-10 10:08:33 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-10-10 10:08:33 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-10-10 10:08:33 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-10-10 10:08:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 10:08:32 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2012-10-10 10:08:32 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-10-10 10:08:31 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 10:08:31 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 10:08:31 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-10-10 10:08:31 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-10-10 10:08:30 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 10:08:30 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 10:08:30 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-10-10 10:08:30 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-10-10 10:08:30 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-10-10 10:08:30 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 10:08:29 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-10 10:08:29 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2012-10-10 10:08:29 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2012-10-10 10:08:29 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-10-10 10:08:28 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2012-10-10 10:08:28 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-10 10:08:28 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 10:08:28 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2012-10-10 10:08:28 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-10-10 10:08:27 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-10-10 10:08:27 ----A---- C:\windows\SYSWOW64\user.exe
2012-10-10 10:08:15 ----A---- C:\windows\SYSWOW64\wintrust.dll
2012-10-10 10:08:15 ----A---- C:\windows\system32\wintrust.dll
2012-10-10 10:07:57 ----A---- C:\windows\system32\tzres.dll
2012-10-10 10:07:56 ----A---- C:\windows\SYSWOW64\tzres.dll
2012-10-10 10:07:47 ----A---- C:\windows\system32\kerberos.dll
2012-10-10 10:07:46 ----A---- C:\windows\SYSWOW64\kerberos.dll
2012-10-10 10:07:38 ----A---- C:\windows\system32\crypt32.dll
2012-10-10 10:07:37 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2012-10-10 10:07:37 ----A---- C:\windows\SYSWOW64\crypt32.dll
2012-10-10 10:07:37 ----A---- C:\windows\system32\cryptsvc.dll
2012-10-10 10:07:37 ----A---- C:\windows\system32\cryptnet.dll
2012-10-10 10:07:36 ----A---- C:\windows\SYSWOW64\cryptnet.dll

======List of files/folders modified in the last 1 month======

2012-11-08 04:47:27 ----D---- C:\windows\Tasks
2012-11-08 04:47:27 ----D---- C:\windows\SysWOW64
2012-11-08 04:47:27 ----D---- C:\windows\system32\wfp
2012-11-08 04:47:27 ----D---- C:\windows\system32\DriverStore
2012-11-08 04:47:27 ----D---- C:\windows\system32\drivers
2012-11-08 04:47:27 ----D---- C:\windows\system32\catroot2
2012-11-08 04:47:26 ----D---- C:\windows\system32\wbem
2012-11-08 04:47:26 ----D---- C:\windows\system32\NDF
2012-11-08 04:47:26 ----D---- C:\windows\system32\CodeIntegrity
2012-11-08 04:47:24 ----D---- C:\Users\Toshiba\AppData\Roaming\vlc
2012-11-08 04:47:24 ----D---- C:\Users\Toshiba\AppData\Roaming\Ubisoft
2012-11-08 04:47:24 ----D---- C:\Users\Toshiba\AppData\Roaming\Sony Setup
2012-11-08 04:47:24 ----D---- C:\Users\Toshiba\AppData\Roaming\Skype
2012-11-08 04:47:23 ----D---- C:\Users\Toshiba\AppData\Roaming\dvdcss
2012-11-08 04:47:23 ----D---- C:\Users\Toshiba\AppData\Roaming\DarknessII
2012-11-08 04:47:23 ----D---- C:\Users\Toshiba\AppData\Roaming\DAEMON Tools
2012-11-08 04:47:22 ----D---- C:\Users\Toshiba\AppData\Roaming\Bioshock2
2012-11-08 04:47:22 ----D---- C:\Users\Toshiba\AppData\Roaming\Bioshock
2012-11-08 04:47:15 ----D---- C:\ProgramData\Tablet
2012-11-08 04:47:11 ----D---- C:\Program Files\CCleaner
2012-11-08 04:47:09 ----D---- C:\Fraps
2012-11-08 04:46:45 ----D---- C:\windows\registration
2012-11-08 04:46:18 ----D---- C:\Users\Toshiba\AppData\Roaming\Opera
2012-11-08 04:46:18 ----D---- C:\Users\Toshiba\AppData\Roaming\Nero
2012-11-08 04:46:18 ----D---- C:\Users\Toshiba\AppData\Roaming\Mozilla
2012-11-08 04:46:17 ----D---- C:\Users\Toshiba\AppData\Roaming\Milestone
2012-11-08 04:46:11 ----SD---- C:\Users\Toshiba\AppData\Roaming\Microsoft
2012-11-08 04:46:08 ----D---- C:\Users\Toshiba\AppData\Roaming\Macromedia
2012-11-08 04:46:08 ----D---- C:\Users\Toshiba\AppData\Roaming\BSplayer
2012-11-08 04:46:03 ----D---- C:\Users\Toshiba\AppData\Roaming\Adobe
2012-11-08 04:45:11 ----HD---- C:\ProgramData
2012-11-08 04:43:43 ----D---- C:\EDDIE
2012-11-07 20:30:27 ----RD---- C:\Program Files
2012-11-07 20:30:23 ----D---- C:\windows\Temp
2012-11-07 20:28:09 ----RD---- C:\Program Files (x86)
2012-11-07 20:04:45 ----D---- C:\windows\inf
2012-11-07 20:04:45 ----AD---- C:\windows\System32
2012-11-07 20:04:45 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-11-07 19:55:05 ----D---- C:\Users\Toshiba\AppData\Roaming\uTorrent
2012-11-07 19:54:57 ----D---- C:\Program Files (x86)\Steam
2012-11-07 19:54:53 ----D---- C:\windows\system32\Tasks
2012-11-07 19:53:36 ----D---- C:\windows\Prefetch
2012-11-07 19:53:19 ----D---- C:\windows\system32\config
2012-11-07 19:52:54 ----A---- C:\windows\win.ini
2012-11-07 19:50:40 ----SHD---- C:\System Volume Information
2012-11-07 19:49:53 ----AD---- C:\Windows
2012-11-07 10:07:19 ----D---- C:\windows\Logs
2012-11-04 22:58:17 ----A---- C:\windows\SYSWOW64\log.txt
2012-11-01 04:44:13 ----SHD---- C:\windows\Installer
2012-10-29 19:49:53 ----RSD---- C:\windows\assembly
2012-10-24 14:47:47 ----HD---- C:\windows\msdownld.tmp
2012-10-24 14:47:46 ----D---- C:\windows\SYSWOW64\directx
2012-10-23 09:15:22 ----D---- C:\windows\debug
2012-10-17 19:38:19 ----D---- C:\windows\SYSWOW64\NV
2012-10-17 19:38:17 ----D---- C:\windows\system32\NV
2012-10-17 19:38:15 ----D---- C:\ProgramData\NVIDIA
2012-10-17 19:30:19 ----D---- C:\windows\system32\catroot
2012-10-17 19:30:07 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-10-17 19:27:50 ----D---- C:\Program Files\NVIDIA Corporation
2012-10-13 17:54:53 ----D---- C:\windows\rescache
2012-10-11 10:32:37 ----D---- C:\windows\winsxs
2012-10-11 10:31:01 ----D---- C:\windows\SYSWOW64\sk-SK
2012-10-11 10:31:01 ----D---- C:\windows\system32\sk-SK
2012-10-11 10:31:00 ----D---- C:\windows\AppPatch
2012-10-11 02:09:11 ----A---- C:\windows\system32\MRT.exe
2012-10-11 02:09:00 ----D---- C:\ProgramData\Microsoft Help
2012-10-10 23:02:59 ----D---- C:\Program Files (x86)\Funmoods
2012-10-10 21:43:07 ----HD---- C:\Users\Toshiba\AppData\Roaming\DivX
2012-10-09 14:23:34 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2012-10-08 10:47:43 ----HD---- C:\Users\Toshiba\AppData\Roaming\Adobe Mini Bridge CS5
2012-10-08 10:39:33 ----RSD---- C:\windows\Fonts

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2011-01-13 439320]
R0 LPCFilter;LPC Lower Filter Driver; C:\windows\system32\DRIVERS\LPCFilter.sys [2010-03-22 46192]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
R0 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 Thpdrv;TOSHIBA HDD Protection Driver; C:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
R0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver; C:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-30 14784]
R0 tos_sps64;TOSHIBA tos_sps64 Service; C:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
R0 TVALZ;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Driver; C:\windows\system32\DRIVERS\TVALZ_O.SYS [2009-07-15 26840]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-08-21 54072]
R1 cdrblock;cdrblock; C:\windows\system32\DRIVERS\cdrblock.sys [2008-05-30 34360]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver; C:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athrx.sys [2010-12-18 2675712]
R3 CeKbFilter;CeKbFilter; C:\windows\system32\DRIVERS\CeKbFilter.sys [2011-06-02 20592]
R3 enecir;ENE CIR Receiver; C:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
R3 enecirhid;ENE CIR HID Receiver; C:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 14848]
R3 enecirhidma;ENE CIR HIDmini Filter; C:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 6656]
R3 MEIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
R3 moufiltr;Tablet Mouse Filter Driver; C:\windows\system32\DRIVERS\moufiltr.sys [2009-03-08 7680]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
R3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-02-04 1413680]
R3 tdcmdpst;TOSHIBA Writing Engine Filter Driver; C:\windows\system32\DRIVERS\tdcmdpst.sys [2009-07-31 27784]
R3 tosrfec;Bluetooth ACPI; C:\windows\system32\DRIVERS\tosrfec.sys [2010-06-19 18872]
R3 vhidmini;Generic Virtual HID Driver; C:\windows\system32\DRIVERS\walvhid.sys [2009-08-26 7552]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R3 wacommousefilter;Wacom Mouse Filter Driver; C:\windows\system32\DRIVERS\wacommousefilter.sys [2011-03-17 12848]
R3 wacomvhid;Wacom Virtual Hid Driver; C:\windows\system32\DRIVERS\wacomvhid.sys [2011-03-17 16168]
S0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-09-02 868848]
S1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-08-21 969200]
S1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-08-21 359464]
S1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-08-21 59728]
S1 HWiNFO32;HWiNFO32/64 Kernel Driver; \??\C:\EDDIE\software\HWinfo\HWiNFO64A.SYS [2012-05-10 30592]
S1 SCDEmu;SCDEmu; C:\windows\system32\drivers\SCDEmu.sys [2008-10-31 85936]
S2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-08-21 25232]
S2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S3 BrSerIf;Brother MFC Serial Port Interface WDM Driver; C:\windows\system32\DRIVERS\BrSerIf.sys [2006-12-12 97280]
S3 BtFilter;Bluetooth LowerFilter Class Filter Driver; C:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd64.sys [2011-04-05 12262624]
S3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHD64.sys [2011-02-10 2738536]
S3 IntcDAud;Intel(R) Display Audio; C:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
S3 JMCR;JMCR; C:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]
S3 PGEffect;Pangu effect driver; C:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 Tosrfcom;Tosrfcom; C:\windows\system32\drivers\Tosrfcom.sys []
S3 Tosrfusb;Bluetooth USB Controller; C:\windows\system32\DRIVERS\tosrfusb.sys [2011-01-27 67384]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 wacmoumonitor;Wacom Mode Helper; C:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-03-17 13312]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S3 WSDPrintDevice;WSD Print Support via UMB; C:\windows\system32\DRIVERS\WSDPrint.sys [2009-07-14 23040]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-09-05 64952]
S2 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2012-01-08 72704]
S2 avast! Antivirus;avast! Antivirus; C:\Program Files\Alwil Software\Avast5\AvastSvc.exe [2012-08-21 44808]
S2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files (x86)\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S2 cfWiMAXService;ConfigFree WiMAX Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-29 249200]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ConfigFree Service;ConfigFree Service; C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
S2 HiPatchService;Hi-Rez Studios Authenticate and Update Service; C:\Program Files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]
S2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
S2 mi-raysat_3dsmax8;RaySat_3dsmax8 Server; C:\Program Files (x86)\Autodesk\3dsMax8\mentalray\satellite\raysat_3dsmax8server.exe [2005-09-21 65536]
S2 NAUpdate;@C:\Program Files (x86)\Nero\Update\NASvc.exe,-200; C:\Program Files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
S2 NVSvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2012-10-02 891240]
S2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
S2 PnkBstrA;PnkBstrA; C:\windows\syswow64\PnkBstrA.exe [2012-05-14 75136]
S2 PnkBstrB;PnkBstrB; C:\windows\syswow64\PnkBstrB.exe [2012-07-28 215128]
S2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S2 TabletServiceWacom;TabletServiceWacom; C:\Program Files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
S2 Thpsrv;TOSHIBA HDD Protection; C:\windows\system32\ThpSrv.exe [2010-12-25 526848]
S2 TODDSrv;TOSHIBA Optical Disc Drive Service; C:\windows\system32\TODDSrv.exe [2010-10-20 138656]
S2 TosCoSrv;TOSHIBA Power Saver; C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe [2010-12-10 489384]
S2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service; C:\Program Files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
S2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-09 250808]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-09-04 654848]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [2005-11-14 69632]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-10-26 529744]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO); C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
S3 TMachInfo;TMachInfo; C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
S3 TOSHIBA Bluetooth Service;TOSHIBA Bluetooth Service; C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe [2010-04-12 196976]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service; C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
S3 TPCHSrv;TPCH Service; C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-09-02 1255736]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]

-----------------EOF-----------------

#2 Příspěvek od **vyosek** » 08 lis 2012 14:18

Zdravim

Aplikujte exeHelper by Raktor

Linky ke stazeni
- COM soubor http://vyosek.ic.cz/BE/exeHelper.com
- SCR soubor http://vyosek.ic.cz/BE/exeHelper.scr
Utilitu staci spustit jako Spravce (klik pravym mysidlem), probehne oprava a vznikne log exehelperlog.txt

Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com

Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe

Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe

Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe

Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe
Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
Na plose vznikne log Rkill.txt ten mi sem vlozte
Ted nerestartujte PC - prisli byste o ucinek RKillu

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

yurij666 · #3 Příspěvek od **yurij666** » 10 lis 2012 10:11

exehelperlog.txt

exeHelper by Raktor
Build 20100414
Run at 09:56:01 on 11/10/12
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

yurij666 · #4 Příspěvek od **yurij666** » 10 lis 2012 10:12

Rkill 2.4.5 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2012 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 11/10/2012 09:56:50 AM in x64 mode.
Windows Version: Windows 7 Home Premium Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* No malware processes found to kill.

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* SMTMP folder detected. Please see this link for more information: http://www.bleepingcomputer.com/forums/topic405109.html

Checking Windows Service Integrity:

* COM+ Event System (EventSystem) is not Running.
Startup Type set to: Automatic

* Security Center (wscsvc) is not Running.
Startup Type set to: Automatic (Delayed Start)

* Windows Update (wuauserv) is not Running.
Startup Type set to: Automatic (Delayed Start)

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* No issues found.

Program finished at: 11/10/2012 09:57:11 AM
Execution time: 0 hours(s), 0 minute(s), and 20 seconds(s)

#5 Příspěvek od **vyosek** » 10 lis 2012 10:44

Fajn, pustte tam ComboFix

yurij666 · #6 Příspěvek od **yurij666** » 10 lis 2012 13:26

ComboFix 12-11-09.02 - Toshiba . 11. 2012 10:23:29.1.8 - x64 NETWORK
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8099.6915 [GMT 1:00]
Running from: c:\users\Toshiba\Desktop\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\programdata\Microsoft\Windows\Start Menu\Programs\3D.lnk
c:\programdata\XXAUXaMH8jnbcQ
c:\users\Toshiba\AppData\Roaming\msconfig.ini
c:\windows\SysWow64\cseDVH.dll
c:\windows\SysWow64\ijl11.dll
c:\windows\SysWow64\vbpng1.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-10-10 to 2012-11-10 )))))))))))))))))))))))))))))))
.
.
2012-11-10 09:31 . 2012-11-10 09:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-11-10 09:31 . 2012-11-10 09:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-10 09:06 . 2012-11-10 09:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22A0FF20-277C-4687-8E99-2B7C274A6BE8}\offreg.dll
2012-11-09 09:24 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{22A0FF20-277C-4687-8E99-2B7C274A6BE8}\mpengine.dll
2012-11-07 19:30 . 2012-11-07 19:30 -------- d-----w- c:\program files\trend micro
2012-11-07 19:30 . 2012-11-07 19:30 -------- d-----w- C:\rsit
2012-11-05 19:13 . 2012-11-07 07:01 -------- d-----w- c:\program files (x86)\NokiaFREE Unlock Codes Calculator
2012-11-02 02:20 . 2012-11-02 02:20 -------- d-----w- C:\found.002
2012-10-29 14:08 . 2012-10-29 14:08 -------- d--h--w- c:\users\Toshiba\AppData\Local\Programs
2012-10-23 08:25 . 2012-10-23 08:25 -------- d-----w- c:\program files (x86)\Activision
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-30 22:51 . 2011-09-02 14:12 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2012-04-24 07:07 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-09-02 14:12 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-09-02 14:12 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-09-02 14:12 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-09-02 14:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-09-02 14:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2012-04-24 07:07 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-10-15 16:59 . 2012-04-24 07:08 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-10-11 01:09 . 2011-09-02 08:55 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-10-09 13:23 . 2012-06-02 14:16 696760 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-10-09 13:23 . 2011-09-04 08:22 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-02 22:21 . 2012-05-01 09:44 1760104 ----a-w- c:\windows\system32\nvdispco64.dll
2012-10-02 22:21 . 2011-06-02 14:01 973672 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-10-02 22:21 . 2011-06-02 14:01 831848 ----a-w- c:\windows\SysWow64\nvumdshim.dll
2012-10-02 22:21 . 2011-06-02 14:01 2731880 ----a-w- c:\windows\system32\nvapi64.dll
2012-10-02 22:21 . 2011-06-02 14:01 247144 ----a-w- c:\windows\system32\nvinitx.dll
2012-10-02 22:21 . 2011-06-02 14:01 2428776 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-10-02 22:21 . 2011-06-02 14:01 202600 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-10-02 19:51 . 2011-03-01 19:09 3536817 ----a-w- c:\windows\system32\nvcoproc.bin
2012-10-02 19:51 . 2011-03-01 19:09 3293544 ----a-w- c:\windows\system32\nvsvc64.dll
2012-10-02 19:51 . 2011-03-01 19:10 6200680 ----a-w- c:\windows\system32\nvcpl.dll
2012-10-02 19:50 . 2011-03-01 19:09 891240 ----a-w- c:\windows\system32\nvvsvc.exe
2012-10-02 19:50 . 2011-03-01 19:09 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-10-02 19:50 . 2011-03-01 19:09 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-10-02 19:50 . 2011-03-01 19:09 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-10-02 19:50 . 2011-03-01 19:09 866664 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-10-02 19:50 . 2011-03-01 19:09 55144 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-09-14 19:19 . 2012-10-10 09:07 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 09:07 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-07 15:04 . 2012-10-10 21:37 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-31 18:19 . 2012-10-10 09:08 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 09:08 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 09:08 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 09:08 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-08-24 18:05 . 2012-10-10 09:08 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-08-24 16:57 . 2012-10-10 09:08 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-08-24 11:15 . 2012-09-24 01:00 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-24 01:00 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-24 01:01 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-24 01:01 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-24 01:01 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-24 01:01 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-24 01:01 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-24 01:01 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-24 01:01 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-24 01:01 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-24 01:01 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-24 01:01 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-24 01:01 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-24 01:01 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-24 01:01 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-24 01:01 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-24 01:01 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-24 01:01 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-24 01:01 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-24 01:01 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-24 01:01 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-24 01:01 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-16 16:22 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-16 16:22 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-16 16:22 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-16 16:22 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-21 21:01 . 2012-09-26 08:50 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-08-20 18:48 . 2012-10-10 09:08 243200 ----a-w- c:\windows\system32\wow64.dll
2012-08-20 18:48 . 2012-10-10 09:08 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-08-20 18:48 . 2012-10-10 09:08 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-08-20 18:48 . 2012-10-10 09:08 215040 ----a-w- c:\windows\system32\winsrv.dll
2012-08-20 18:48 . 2012-10-10 09:08 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-08-20 18:48 . 2012-10-10 09:08 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-08-20 18:48 . 2012-10-10 09:08 1162240 ----a-w- c:\windows\system32\kernel32.dll
2012-08-20 18:46 . 2012-10-10 09:08 338432 ----a-w- c:\windows\system32\conhost.exe
2012-08-20 18:38 . 2012-10-10 09:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-08-20 18:38 . 2012-10-10 09:08 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"uTorrent"="c:\program files (x86)\uTorrent\uTorrent.exe" [2012-10-07 895376]
"Steam"="c:\program files (x86)\Steam\steam.exe" [2012-08-04 1353080]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2011-09-05 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"NBAgent"="c:\program files (x86)\Nero\Nero 10\Nero BackItUp\NBAgent.exe" [2011-01-07 1406248]
"SVPWUTIL"="c:\program files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe" [2010-11-09 532480]
"HWSetup"="c:\program files\TOSHIBA\Utilities\HWSetup.exe" [2010-03-04 423936]
"KeNotify"="c:\program files (x86)\TOSHIBA\Utilities\KeNotify.exe" [2010-08-16 34160]
"TRCMan"="c:\program files (x86)\TOSHIBA\TRCMan\TRCMan.exe" [2010-11-02 714104]
"PWRISOVM.EXE"="c:\program files (x86)\PowerISO\PWRISOVM.EXE" [2008-11-02 167936]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2006-10-22 620152]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2010-03-17 421888]
"amd_dc_opt"="c:\program files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe" [2008-07-22 77824]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"avast"="c:\program files\Alwil Software\Avast5\avastUI.exe" [2012-10-30 4297136]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOPI.EXE"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2011-02-18 845176]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-F400-7760-000000000003}\_SC_Acrobat.exe [2011-9-4 295606]
Adobe Acrobat Synchronizer.lnk - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AdobeCollabSync.exe [2006-10-22 734872]
Toshiba Places Icon Utility.lnk - c:\program files\TOSHIBA\TOSHIBA Places Icon Utility\TosDIMonitor.exe [2011-4-17 1470328]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-09-02 868848]
R1 aswSnx;aswSnx; [x]
R1 aswSP;aswSP; [x]
R1 HWiNFO32;HWiNFO32/64 Kernel Driver;c:\eddie\software\HWinfo\HWiNFO64A.SYS [2012-05-10 30592]
R2 aswFsBlk;aswFsBlk; [x]
R2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-11 46448]
R2 HiPatchService;Hi-Rez Studios Authenticate and Update Service;c:\program files (x86)\Hi-Rez Studios\HiPatchService.exe [2012-02-07 8704]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-01-14 572712]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 TabletServiceWacom;TabletServiceWacom;c:\program files\Tablet\Wacom\Wacom_Tablet.exe [2011-06-06 6438264]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-12-08 267192]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R2 WTService;WTService;c:\windows\system32\atwtusb.exe [2011-01-26 914664]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 BtFilter;Bluetooth LowerFilter Class Filter Driver;c:\windows\system32\DRIVERS\btfilter.sys [2010-10-18 42096]
R3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-15 317440]
R3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2011-05-26 174680]
R3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2011-02-09 38096]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2011-02-10 112080]
R3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-11-29 54136]
R3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-12-08 137632]
R3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-12-21 822704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 wacmoumonitor;Wacom Mode Helper;c:\windows\system32\DRIVERS\wacmoumonitor.sys [2011-03-17 13312]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-09-02 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-10-02 30056]
S0 Thpdrv;TOSHIBA HDD Protection Driver;c:\windows\system32\DRIVERS\thpdrv.sys [2009-06-29 34880]
S0 Thpevm;TOSHIBA HDD Protection - Shock Sensor Driver;c:\windows\system32\DRIVERS\Thpevm.SYS [2009-06-29 14784]
S0 tos_sps64;TOSHIBA tos_sps64 Service;c:\windows\system32\DRIVERS\tos_sps64.sys [2011-03-04 482384]
S1 cdrblock;cdrblock;c:\windows\system32\DRIVERS\cdrblock.sys [2008-05-30 34360]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-20 14472]
S3 CeKbFilter;CeKbFilter;c:\windows\system32\DRIVERS\CeKbFilter.sys [2011-06-02 20592]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 enecirhid;ENE CIR HID Receiver;c:\windows\system32\DRIVERS\enecirhid.sys [2009-05-20 14848]
S3 enecirhidma;ENE CIR HIDmini Filter;c:\windows\system32\DRIVERS\enecirhidma.sys [2008-04-25 6656]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2011-02-10 82432]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2011-02-10 181760]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-14 413800]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-02 13:23]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152509178-208103365-4157059487-1001Core.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 17:40]
.
2012-11-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152509178-208103365-4157059487-1001UA.job
- c:\users\Toshiba\AppData\Local\Google\Update\GoogleUpdate.exe [2011-09-03 17:40]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\Alwil Software\Avast5\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ThpSrv"="c:\windows\system32\thpsrv" [X]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-08 167256]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-08 391000]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-08 418136]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-01-26 11775592]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-01-18 2188904]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-12-08 710040]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2011-02-10 1546720]
"Toshiba Registration"="c:\program files\TOSHIBA\Registration\ToshibaReminder.exe" [2011-04-17 150992]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"MacrokeyManager"="WTMKM.exe" [2010-12-24 7319784]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT1750559
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpub&chnl=ironpub&cd=2XzuyEtN2Y1L1Qzu0DyCyByEzy0F0FtCtCyCyE0CzytBtCzytN0D0Tzu0StByEzytN1L2XzutBtFtCtFtCtFtAtCtB&cr=632806193
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Append to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files (x86)\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Pridať do TOSHIBA Bulletin Board - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll/1000
IE: {{97F922BD-8563-4184-87EE-8C4ACA438823} - {5D29E593-73A5-400A-B3BD-6B7A1AF05A31} - c:\program files\TOSHIBA\BulletinBoard\TosBBCom.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.0.1
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{fed66dc5-1b74-4a04-8f5c-15c5ace2b9a5} - (no file)
Toolbar-Locked - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKLM-Run-TSleepSrv - %ProgramFiles(x86)%\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-Locked - (no file)
WebBrowser-{FED66DC5-1B74-4A04-8F5C-15C5ACE2B9A5} - (no file)
HKLM-Run-TPwrMain - c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE
HKLM-Run-HSON - c:\program files (x86)\TOSHIBA\TBS\HSON.exe
HKLM-Run-TCrdMain - c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-Teco - c:\program files (x86)\TOSHIBA\TECO\Teco.exe
HKLM-Run-TosWaitSrv - c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe
HKLM-Run-TosNC - c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe
HKLM-Run-TosReelTimeMonitor - c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-152509178-208103365-4157059487-1001\Software\SecuROM\License information*]
"datasecu"=hex:ad,b6,a6,ae,b8,38,31,56,a7,09,92,3d,a3,d0,33,13,8c,89,6c,b1,34,
76,2e,7c,fc,67,e6,6a,7f,71,12,a7,e5,d7,7d,18,64,58,94,43,7e,9e,fa,7c,96,d8,\
"rkeysecu"=hex:16,cf,04,f8,53,c8,46,e6,aa,a3,5d,ed,f9,cf,ca,13
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_287_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_287.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\software\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-11-10 10:34:47
ComboFix-quarantined-files.txt 2012-11-10 09:34
.
Pre-Run: 270 306 881 536 bytes free
Post-Run: 269 865 263 104 bytes free
.
- - End Of File - - FAAD1C128C1A8CA1008FC1864952F07C

#7 Příspěvek od **vyosek** » 11 lis 2012 20:03

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
C:\found.002

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"uTorrent"=-
"Steam"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"=-
"Adobe ARM"=-
"NBAgent"=-
"PWRISOVM.EXE"=-
"Acrobat Assistant 8.0"=-
"SwitchBoard"=-
"AdobeCS5ServiceManager"=-
"QuickTime Task"=-
"DivXUpdate"=-

File::
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152509178-208103365-4157059487-1001Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-152509178-208103365-4157059487-1001UA.job

DD::
uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT1750559
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://start.funmoods.com/?f=1&a=ironpu ... =632806193
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

RegNull::
[HKEY_USERS\S-1-5-21-152509178-208103365-4157059487-1001\Software\SecuROM\License information*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\McAfee]
[HKEY_LOCAL_MACHINE\system\ControlSet002\Control\PCW\Security]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*]
[HKEY_LOCAL_MACHINE\software\Classes\VideoLAN.VLCPlugin.*2*\CLSID]

ClearJavaCache::

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

VIRY.CZ

Prosím o pomoc s vírusom

Prosím o pomoc s vírusom

Re: Prosím o pomoc s vírusom

Re: Prosím o pomoc s vírusom

Re: Prosím o pomoc s vírusom

Re: Prosím o pomoc s vírusom

Re: Prosím o pomoc s vírusom

Re: Prosím o pomoc s vírusom