Vyuzitie CPU sa zvysilo z 0-5% na 10-15% ,a teraz sa mi prehrieva PC .Mohol by som Vas poprosit o kontrolu logu? Vopred dakujem
PS: mal som dlhy log ,tak som ho uploadol
http://www.upnito.sk/subor/7f0cd345c748 ... f8007.html
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Poprosím o log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Dakujem za odpoved. Prave sa ukoncilo skenovanie programu ComboFix a po ukonceni vypisal log.Budete potrebovat ten log?
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Samozřejmě.Budete potrebovat ten log?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
ComboFix 12-11-26.02 - user . 11. 2012 18:24:55.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.5947 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bt.log
C:\Install.exe
c:\programdata\Download and Sa
c:\programdata\Download and Sa\50aa58182ed86.html
c:\programdata\Download and Sa\gdnkdjcdpnipgpjnmcgaplhgekdacdnj.crx
c:\users\user\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\winsvchost.exe
c:\users\user\Documents\Windows\winsvcs.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\tmp5928.tmp
c:\windows\SysWow64\tmp5929.tmp
c:\windows\SysWow64\tmp7B81.tmp
c:\windows\SysWow64\tmp7B82.tmp
c:\windows\SysWow64\tmp7E65.tmp
c:\windows\SysWow64\tmp7E76.tmp
c:\windows\SysWow64\tmp8EFE.tmp
c:\windows\SysWow64\tmp8EFF.tmp
c:\windows\SysWow64\tmpE6BB.tmp
c:\windows\SysWow64\tmpE6BC.tmp
c:\windows\SysWow64\tmpF53.tmp
c:\windows\SysWow64\tmpF54.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 17:16 . 2012-11-26 17:16 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-26 17:14 . 2012-11-26 17:14 -------- d-----w- c:\programdata\ATI
2012-11-26 16:11 . 2012-11-26 16:11 -------- d-----w- c:\program files\ATI
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-26 17:02 -------- d-----w- c:\programdata\AMD
2012-11-24 15:55 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB34A7C2-580B-43FE-92E7-61E79875368B}\mpengine.dll
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-25 17:33 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-21 16:46 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-11-15 12:01 . 2012-11-15 12:01 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-15 12:01 . 2012-11-15 12:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-11-13 12:03 . 2012-11-13 12:03 -------- d-----w- c:\program files (x86)\PC Tools
2012-11-13 12:01 . 2012-11-13 12:04 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-11-13 11:57 . 2012-11-13 12:08 -------- d-----w- c:\programdata\PC Tools
2012-11-13 11:57 . 2012-11-13 11:57 -------- d-----w- c:\users\user\AppData\Roaming\TestApp
2012-11-12 21:50 . 2012-11-19 16:48 -------- d-----w- c:\program files (x86)\Medal of Honor Warfighter
2012-11-12 19:45 . 2012-11-13 22:06 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-11-12 19:45 . 2012-11-13 22:06 -------- d-----w- c:\programdata\Malwarebytes
2012-11-12 19:45 . 2012-11-13 22:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-12 19:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 15:33 . 2012-11-12 15:33 -------- d-----w- c:\users\user\AppData\Roaming\InstallShield
2012-11-12 03:16 . 2012-11-12 03:16 -------- d-----w- c:\users\user\AppData\Local\ESET
2012-11-12 03:12 . 2012-11-22 00:42 -------- d-----w- c:\program files\ESET
2012-11-10 23:31 . 2012-11-10 23:31 -------- d-----w- c:\windows\PCHEALTH
2012-11-10 19:03 . 2012-11-13 22:09 -------- d-----w- c:\program files\Common Files\DESIGNER
2012-11-10 19:03 . 2012-11-13 22:09 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-11-10 19:02 . 2012-11-13 22:06 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-11-10 19:02 . 2012-11-13 22:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-10 18:59 . 2012-11-13 22:10 -------- d-----w- c:\windows\SHELLNEW
2012-11-09 21:25 . 2012-11-09 21:25 -------- d-----w- c:\users\user\AppData\Roaming\bizarre creations
2012-11-09 21:16 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-11-09 21:09 . 2012-11-09 21:09 -------- d-----w- c:\program files (x86)\Activision
2012-11-08 15:21 . 2012-11-08 15:21 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-11-08 15:20 . 2012-11-08 15:20 331264 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-11-08 15:20 . 2012-11-08 15:20 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-11-08 15:20 . 2012-11-08 15:20 43832 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2012-11-08 15:19 . 2011-02-17 01:11 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-11-08 15:19 . 2012-11-08 15:19 19264 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2012-11-08 15:18 . 2012-11-08 15:18 647736 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2012-11-08 15:18 . 2012-11-08 15:18 28216 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2012-11-08 15:18 . 2012-11-08 15:18 10368 ----a-w- c:\windows\system32\drivers\whfltr2k.sys
2012-11-08 15:17 . 2012-11-08 15:17 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-11-08 15:17 . 2012-11-08 15:17 401456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-11-08 15:17 . 2012-11-08 15:17 277800 ----a-w- c:\windows\system32\SynCtrl.dll
2012-11-08 15:17 . 2012-11-08 15:17 227624 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-11-08 15:17 . 2012-11-08 15:17 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-11-08 15:17 . 2012-11-08 15:17 148776 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-11-08 15:17 . 2012-11-08 15:17 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-11-08 15:17 . 2012-11-08 15:17 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\SETA99B.tmp
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\SET7953.tmp
2012-11-15 17:10 . 2011-11-25 13:15 6780416 ----a-w- c:\windows\system32\SET543B.tmp
2012-11-15 16:58 . 2012-07-28 01:15 618496 ----a-w- c:\windows\system32\SET59DD.tmp
2012-11-15 16:56 . 2011-11-25 13:15 130048 ----a-w- c:\windows\system32\SET727C.tmp
2012-11-15 16:55 . 2011-11-25 13:15 104448 ----a-w- c:\windows\system32\SET721C.tmp
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 20:36 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 20:36 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 20:36 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmp3B4B.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-26 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKCU-Run-winsvchost - c:\users\user\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\winsvchost.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmp3B4B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-11-26 18:43:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-26 17:43
.
Pre-Run: 516 619 345 920 bytes free
Post-Run: 516 479 508 480 bytes free
.
- - End Of File - - 36E7D4918B2D1DC0D0E9372ACB939854
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.5947 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\bt.log
C:\Install.exe
c:\programdata\Download and Sa
c:\programdata\Download and Sa\50aa58182ed86.html
c:\programdata\Download and Sa\gdnkdjcdpnipgpjnmcgaplhgekdacdnj.crx
c:\users\user\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\winsvchost.exe
c:\users\user\Documents\Windows\winsvcs.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\tmp5928.tmp
c:\windows\SysWow64\tmp5929.tmp
c:\windows\SysWow64\tmp7B81.tmp
c:\windows\SysWow64\tmp7B82.tmp
c:\windows\SysWow64\tmp7E65.tmp
c:\windows\SysWow64\tmp7E76.tmp
c:\windows\SysWow64\tmp8EFE.tmp
c:\windows\SysWow64\tmp8EFF.tmp
c:\windows\SysWow64\tmpE6BB.tmp
c:\windows\SysWow64\tmpE6BC.tmp
c:\windows\SysWow64\tmpF53.tmp
c:\windows\SysWow64\tmpF54.tmp
.
.
((((((((((((((((((((((((( Files Created from 2012-10-26 to 2012-11-26 )))))))))))))))))))))))))))))))
.
.
2012-11-26 17:16 . 2012-11-26 17:16 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-26 17:14 . 2012-11-26 17:14 -------- d-----w- c:\programdata\ATI
2012-11-26 16:11 . 2012-11-26 16:11 -------- d-----w- c:\program files\ATI
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-26 17:02 -------- d-----w- c:\programdata\AMD
2012-11-24 15:55 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{AB34A7C2-580B-43FE-92E7-61E79875368B}\mpengine.dll
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-25 17:33 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-21 16:46 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-11-15 12:01 . 2012-11-15 12:01 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-11-15 12:01 . 2012-11-15 12:01 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-11-13 12:03 . 2012-11-13 12:03 -------- d-----w- c:\program files (x86)\PC Tools
2012-11-13 12:01 . 2012-11-13 12:04 -------- d-----w- c:\program files (x86)\Common Files\PC Tools
2012-11-13 11:57 . 2012-11-13 12:08 -------- d-----w- c:\programdata\PC Tools
2012-11-13 11:57 . 2012-11-13 11:57 -------- d-----w- c:\users\user\AppData\Roaming\TestApp
2012-11-12 21:50 . 2012-11-19 16:48 -------- d-----w- c:\program files (x86)\Medal of Honor Warfighter
2012-11-12 19:45 . 2012-11-13 22:06 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-11-12 19:45 . 2012-11-13 22:06 -------- d-----w- c:\programdata\Malwarebytes
2012-11-12 19:45 . 2012-11-13 22:09 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-11-12 19:45 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-11-12 15:33 . 2012-11-12 15:33 -------- d-----w- c:\users\user\AppData\Roaming\InstallShield
2012-11-12 03:16 . 2012-11-12 03:16 -------- d-----w- c:\users\user\AppData\Local\ESET
2012-11-12 03:12 . 2012-11-22 00:42 -------- d-----w- c:\program files\ESET
2012-11-10 23:31 . 2012-11-10 23:31 -------- d-----w- c:\windows\PCHEALTH
2012-11-10 19:03 . 2012-11-13 22:09 -------- d-----w- c:\program files\Common Files\DESIGNER
2012-11-10 19:03 . 2012-11-13 22:09 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-11-10 19:02 . 2012-11-13 22:06 -------- d-----w- c:\program files\Microsoft Sync Framework
2012-11-10 19:02 . 2012-11-13 22:06 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-11-10 18:59 . 2012-11-13 22:10 -------- d-----w- c:\windows\SHELLNEW
2012-11-09 21:25 . 2012-11-09 21:25 -------- d-----w- c:\users\user\AppData\Roaming\bizarre creations
2012-11-09 21:16 . 2009-09-04 16:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-11-09 21:09 . 2012-11-09 21:09 -------- d-----w- c:\program files (x86)\Activision
2012-11-08 15:21 . 2012-11-08 15:21 9888360 ----a-w- c:\windows\SysWow64\RtsPStorIcon.dll
2012-11-08 15:20 . 2012-11-08 15:20 331264 ----a-w- c:\windows\system32\drivers\IntcDAud.sys
2012-11-08 15:20 . 2012-11-08 15:20 14848 ----a-w- c:\windows\system32\IntcDAuC.dll
2012-11-08 15:20 . 2012-11-08 15:20 43832 ----a-w- c:\windows\system32\drivers\Smb_driver_Intel.sys
2012-11-08 15:19 . 2011-02-17 01:11 107552 ----a-w- c:\windows\system32\RTNUninst64.dll
2012-11-08 15:19 . 2012-11-08 15:19 19264 ----a-w- c:\windows\system32\drivers\iusb3hcs.sys
2012-11-08 15:18 . 2012-11-08 15:18 647736 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2012-11-08 15:18 . 2012-11-08 15:18 28216 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2012-11-08 15:18 . 2012-11-08 15:18 10368 ----a-w- c:\windows\system32\drivers\whfltr2k.sys
2012-11-08 15:17 . 2012-11-08 15:17 66856 ----a-w- c:\windows\SysWow64\SynTPEnhPS.dll
2012-11-08 15:17 . 2012-11-08 15:17 401456 ----a-w- c:\windows\system32\drivers\SynTP.sys
2012-11-08 15:17 . 2012-11-08 15:17 277800 ----a-w- c:\windows\system32\SynCtrl.dll
2012-11-08 15:17 . 2012-11-08 15:17 227624 ----a-w- c:\windows\system32\SynTPAPI.dll
2012-11-08 15:17 . 2012-11-08 15:17 222504 ----a-w- c:\windows\SysWow64\SynCtrl.dll
2012-11-08 15:17 . 2012-11-08 15:17 148776 ----a-w- c:\windows\system32\SynTPCo9.dll
2012-11-08 15:17 . 2012-11-08 15:17 107816 ----a-w- c:\windows\SysWow64\SynTPCOM.dll
2012-11-08 15:17 . 2012-11-08 15:17 177448 ----a-w- c:\windows\SysWow64\SynCOM.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\SETA99B.tmp
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\SET7953.tmp
2012-11-15 17:10 . 2011-11-25 13:15 6780416 ----a-w- c:\windows\system32\SET543B.tmp
2012-11-15 16:58 . 2012-07-28 01:15 618496 ----a-w- c:\windows\system32\SET59DD.tmp
2012-11-15 16:56 . 2011-11-25 13:15 130048 ----a-w- c:\windows\system32\SET727C.tmp
2012-11-15 16:55 . 2011-11-25 13:15 104448 ----a-w- c:\windows\system32\SET721C.tmp
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-08-30 18:03 . 2012-10-10 20:36 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-08-30 17:12 . 2012-10-10 20:36 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-08-30 17:12 . 2012-10-10 20:36 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-10-01 343168]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-09-30 204288]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-08-09 12289472]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmp3B4B.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-26 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-26 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-08-09 167704]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-08-09 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-08-09 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKCU-Run-winsvchost - c:\users\user\AppData\Roaming\Identities\{E7927442-8v23-436B-8409-951D004DCD3B}\winsvchost.exe
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmp3B4B.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-11-26 18:43:49 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-26 17:43
.
Pre-Run: 516 619 345 920 bytes free
Post-Run: 516 479 508 480 bytes free
.
- - End Of File - - 36E7D4918B2D1DC0D0E9372ACB939854
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Zdravim, dlho ste mi neodpisali,tak ci ste na mna nezabudli 
, ked mate vela prace,tak sa vopred ospravedlnujem.
, ked mate vela prace,tak sa vopred ospravedlnujem.-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Omlouvám se, občas se stane, že něco "uteče". 
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:
Uloížte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
Collect::
c:\windows\system32\SETA99B.tmp
c:\windows\system32\SET7953.tmp
c:\windows\system32\SET543B.tmp
c:\windows\system32\SET59DD.tmp
c:\windows\system32\SET727C.tmp
c:\windows\system32\SET721C.tmp
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
Regnull::
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
ComboFix 12-11-26.02 - user . 11. 2012 19:25:23.2.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.6268 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 18:45 . 2012-11-28 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 03:34 . 2012-11-28 03:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-28 02:45 . 2012-11-28 02:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-28 02:38 . 2012-11-28 02:38 -------- d-----w- c:\programdata\ATI
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-27 23:15 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114F753D-34FD-45FD-A091-1CE60A3C944E}\mpengine.dll
2012-11-27 05:52 . 2012-11-27 05:52 -------- d-----w- c:\program files (x86)\sp59755
2012-11-27 00:44 . 2012-11-27 00:44 -------- d-----w- c:\program files\ATI
2012-11-26 18:57 . 2012-11-26 18:57 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-28 02:45 -------- d-----w- c:\programdata\AMD
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-26 22:30 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-26 22:26 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 18:13 . 2012-11-15 18:13 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-11-15 17:57 . 2012-11-15 17:57 23464448 ----a-w- c:\windows\system32\atio6axx.dll
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:44 . 2012-11-15 17:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-11-15 17:43 . 2012-11-15 17:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-11-15 17:43 . 2012-11-15 17:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-11-15 17:43 . 2012-11-15 17:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-11-15 17:43 . 2012-11-15 17:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-11-15 17:43 . 2012-11-15 17:43 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-11-15 17:40 . 2012-11-15 17:40 18987008 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-11-15 17:38 . 2012-11-15 17:38 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-11-15 17:37 . 2012-11-15 17:37 6678528 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 17:22 . 2012-11-15 17:22 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-11-15 17:22 . 2012-11-15 17:22 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-11-15 17:21 . 2012-11-15 17:21 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-11-15 17:20 . 2012-11-15 17:20 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-11-15 17:20 . 2012-11-15 17:20 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-11-15 17:20 . 2012-11-15 17:20 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-11-15 17:20 . 2012-11-15 17:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-11-15 16:58 . 2012-11-15 16:58 618496 ----a-w- c:\windows\system32\atiadlxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-11-15 16:58 . 2012-11-15 16:58 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-11-15 16:58 . 2012-11-15 16:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-11-15 16:57 . 2012-11-15 16:57 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-11-15 16:57 . 2012-11-15 16:57 546304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-11-15 16:56 . 2012-11-15 16:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-11-15 16:56 . 2012-11-15 16:56 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-11-15 16:56 . 2012-11-15 16:56 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-11-15 16:55 . 2012-11-15 16:55 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 18:15 . 2012-07-28 04:09 5625000 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-11-15 17:41 . 2012-07-28 02:15 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\SETA99B.tmp
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\SET7953.tmp
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-11-15 17:10 . 2012-07-28 01:32 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-11-15 17:10 . 2011-12-06 02:24 6780416 ----a-w- c:\windows\system32\atiumd64.dll
2012-11-15 17:10 . 2011-11-25 13:15 6780416 ----a-w- c:\windows\system32\SET543B.tmp
2012-11-15 16:58 . 2012-07-28 01:15 618496 ----a-w- c:\windows\system32\SET59DD.tmp
2012-11-15 16:56 . 2011-11-25 13:15 130048 ----a-w- c:\windows\system32\SET727C.tmp
2012-11-15 16:55 . 2011-11-25 13:15 104448 ----a-w- c:\windows\system32\SET721C.tmp
2012-11-15 16:55 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-15 240640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmp38AC.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmp38AC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-11-28 19:52:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-28 18:52
ComboFix2.txt 2012-11-26 17:43
.
Pre-Run: 522 147 852 288 bytes free
Post-Run: 522 348 134 400 bytes free
.
- - End Of File - - 664ADA635EEBC86B3A42F86CA6E0F02D
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.6268 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 18:45 . 2012-11-28 18:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 03:34 . 2012-11-28 03:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-28 02:45 . 2012-11-28 02:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-28 02:38 . 2012-11-28 02:38 -------- d-----w- c:\programdata\ATI
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-27 23:15 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114F753D-34FD-45FD-A091-1CE60A3C944E}\mpengine.dll
2012-11-27 05:52 . 2012-11-27 05:52 -------- d-----w- c:\program files (x86)\sp59755
2012-11-27 00:44 . 2012-11-27 00:44 -------- d-----w- c:\program files\ATI
2012-11-26 18:57 . 2012-11-26 18:57 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-28 02:45 -------- d-----w- c:\programdata\AMD
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-26 22:30 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-26 22:26 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 18:13 . 2012-11-15 18:13 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-11-15 17:57 . 2012-11-15 17:57 23464448 ----a-w- c:\windows\system32\atio6axx.dll
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:44 . 2012-11-15 17:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-11-15 17:43 . 2012-11-15 17:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-11-15 17:43 . 2012-11-15 17:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-11-15 17:43 . 2012-11-15 17:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-11-15 17:43 . 2012-11-15 17:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-11-15 17:43 . 2012-11-15 17:43 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-11-15 17:40 . 2012-11-15 17:40 18987008 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-11-15 17:38 . 2012-11-15 17:38 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-11-15 17:37 . 2012-11-15 17:37 6678528 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 17:22 . 2012-11-15 17:22 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-11-15 17:22 . 2012-11-15 17:22 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-11-15 17:21 . 2012-11-15 17:21 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-11-15 17:20 . 2012-11-15 17:20 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-11-15 17:20 . 2012-11-15 17:20 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-11-15 17:20 . 2012-11-15 17:20 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-11-15 17:20 . 2012-11-15 17:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-11-15 16:58 . 2012-11-15 16:58 618496 ----a-w- c:\windows\system32\atiadlxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-11-15 16:58 . 2012-11-15 16:58 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-11-15 16:58 . 2012-11-15 16:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-11-15 16:57 . 2012-11-15 16:57 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-11-15 16:57 . 2012-11-15 16:57 546304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-11-15 16:56 . 2012-11-15 16:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-11-15 16:56 . 2012-11-15 16:56 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-11-15 16:56 . 2012-11-15 16:56 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-11-15 16:55 . 2012-11-15 16:55 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 18:15 . 2012-07-28 04:09 5625000 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-11-15 17:41 . 2012-07-28 02:15 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\SETA99B.tmp
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\SET7953.tmp
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-11-15 17:10 . 2012-07-28 01:32 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-11-15 17:10 . 2011-12-06 02:24 6780416 ----a-w- c:\windows\system32\atiumd64.dll
2012-11-15 17:10 . 2011-11-25 13:15 6780416 ----a-w- c:\windows\system32\SET543B.tmp
2012-11-15 16:58 . 2012-07-28 01:15 618496 ----a-w- c:\windows\system32\SET59DD.tmp
2012-11-15 16:56 . 2011-11-25 13:15 130048 ----a-w- c:\windows\system32\SET727C.tmp
2012-11-15 16:55 . 2011-11-25 13:15 104448 ----a-w- c:\windows\system32\SET721C.tmp
2012-11-15 16:55 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-15 240640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmp38AC.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-11 15:53]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmp38AC.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10n_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10n.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
.
**************************************************************************
.
Completion time: 2012-11-28 19:52:29 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-28 18:52
ComboFix2.txt 2012-11-26 17:43
.
Pre-Run: 522 147 852 288 bytes free
Post-Run: 522 348 134 400 bytes free
.
- - End Of File - - 664ADA635EEBC86B3A42F86CA6E0F02D
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Skript byl chybně uložen (CFScript.txt.txt). Uložte jako CFScript.txt a proveďte nový sken. CF nemazal.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
no ja som to ulozil predtym ako "CFScript.txt",takze teraz som to ulozil takto "CFScript"
ComboFix 12-11-28.02 - user . 11. 2012 20:08:21.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.6220 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET543B.tmp
c:\windows\system32\SET59DD.tmp
c:\windows\system32\SET721C.tmp
c:\windows\system32\SET727C.tmp
c:\windows\system32\SET7953.tmp
c:\windows\system32\SETA99B.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 19:14 . 2012-11-28 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 03:34 . 2012-11-28 03:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-28 02:45 . 2012-11-28 02:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-28 02:38 . 2012-11-28 02:38 -------- d-----w- c:\programdata\ATI
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-27 23:15 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114F753D-34FD-45FD-A091-1CE60A3C944E}\mpengine.dll
2012-11-27 05:52 . 2012-11-27 05:52 -------- d-----w- c:\program files (x86)\sp59755
2012-11-27 00:44 . 2012-11-27 00:44 -------- d-----w- c:\program files\ATI
2012-11-26 18:57 . 2012-11-26 18:57 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-28 02:45 -------- d-----w- c:\programdata\AMD
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-26 22:30 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-26 22:26 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 18:13 . 2012-11-15 18:13 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-11-15 17:57 . 2012-11-15 17:57 23464448 ----a-w- c:\windows\system32\atio6axx.dll
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:44 . 2012-11-15 17:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-11-15 17:43 . 2012-11-15 17:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-11-15 17:43 . 2012-11-15 17:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-11-15 17:43 . 2012-11-15 17:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-11-15 17:43 . 2012-11-15 17:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-11-15 17:43 . 2012-11-15 17:43 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-11-15 17:40 . 2012-11-15 17:40 18987008 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-11-15 17:38 . 2012-11-15 17:38 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-11-15 17:37 . 2012-11-15 17:37 6678528 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 17:22 . 2012-11-15 17:22 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-11-15 17:22 . 2012-11-15 17:22 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-11-15 17:21 . 2012-11-15 17:21 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-11-15 17:20 . 2012-11-15 17:20 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-11-15 17:20 . 2012-11-15 17:20 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-11-15 17:20 . 2012-11-15 17:20 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-11-15 17:20 . 2012-11-15 17:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-11-15 16:58 . 2012-11-15 16:58 618496 ----a-w- c:\windows\system32\atiadlxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-11-15 16:58 . 2012-11-15 16:58 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-11-15 16:58 . 2012-11-15 16:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-11-15 16:57 . 2012-11-15 16:57 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-11-15 16:57 . 2012-11-15 16:57 546304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-11-15 16:56 . 2012-11-15 16:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-11-15 16:56 . 2012-11-15 16:56 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-11-15 16:56 . 2012-11-15 16:56 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-11-15 16:55 . 2012-11-15 16:55 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 18:15 . 2012-07-28 04:09 5625000 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-11-15 17:41 . 2012-07-28 02:15 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-11-15 17:10 . 2012-07-28 01:32 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-11-15 17:10 . 2011-12-06 02:24 6780416 ----a-w- c:\windows\system32\atiumd64.dll
2012-11-15 16:55 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-15 240640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmpE32.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmpE32.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-11-28 20:24:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-28 19:24
ComboFix2.txt 2012-11-28 18:52
ComboFix3.txt 2012-11-26 17:43
.
Pre-Run: 522 371 903 488 bytes free
Post-Run: 522 063 941 632 bytes free
.
- - End Of File - - 65F7B0981A41B268FE8DF5F0813BD584
ComboFix 12-11-28.02 - user . 11. 2012 20:08:21.3.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.6220 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\system32\SET543B.tmp
c:\windows\system32\SET59DD.tmp
c:\windows\system32\SET721C.tmp
c:\windows\system32\SET727C.tmp
c:\windows\system32\SET7953.tmp
c:\windows\system32\SETA99B.tmp
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 19:14 . 2012-11-28 19:14 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 03:34 . 2012-11-28 03:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-28 02:45 . 2012-11-28 02:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-28 02:38 . 2012-11-28 02:38 -------- d-----w- c:\programdata\ATI
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-27 23:15 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114F753D-34FD-45FD-A091-1CE60A3C944E}\mpengine.dll
2012-11-27 05:52 . 2012-11-27 05:52 -------- d-----w- c:\program files (x86)\sp59755
2012-11-27 00:44 . 2012-11-27 00:44 -------- d-----w- c:\program files\ATI
2012-11-26 18:57 . 2012-11-26 18:57 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-28 02:45 -------- d-----w- c:\programdata\AMD
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-26 22:30 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-26 22:26 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 18:13 . 2012-11-15 18:13 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-11-15 17:57 . 2012-11-15 17:57 23464448 ----a-w- c:\windows\system32\atio6axx.dll
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:44 . 2012-11-15 17:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-11-15 17:43 . 2012-11-15 17:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-11-15 17:43 . 2012-11-15 17:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-11-15 17:43 . 2012-11-15 17:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-11-15 17:43 . 2012-11-15 17:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-11-15 17:43 . 2012-11-15 17:43 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-11-15 17:40 . 2012-11-15 17:40 18987008 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-11-15 17:38 . 2012-11-15 17:38 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-11-15 17:37 . 2012-11-15 17:37 6678528 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 17:22 . 2012-11-15 17:22 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-11-15 17:22 . 2012-11-15 17:22 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-11-15 17:21 . 2012-11-15 17:21 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-11-15 17:20 . 2012-11-15 17:20 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-11-15 17:20 . 2012-11-15 17:20 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-11-15 17:20 . 2012-11-15 17:20 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-11-15 17:20 . 2012-11-15 17:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-11-15 16:58 . 2012-11-15 16:58 618496 ----a-w- c:\windows\system32\atiadlxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-11-15 16:58 . 2012-11-15 16:58 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-11-15 16:58 . 2012-11-15 16:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-11-15 16:57 . 2012-11-15 16:57 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-11-15 16:57 . 2012-11-15 16:57 546304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-11-15 16:56 . 2012-11-15 16:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-11-15 16:56 . 2012-11-15 16:56 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-11-15 16:56 . 2012-11-15 16:56 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-11-15 16:55 . 2012-11-15 16:55 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 18:15 . 2012-07-28 04:09 5625000 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-11-15 17:41 . 2012-07-28 02:15 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-11-15 17:10 . 2012-07-28 01:32 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-11-15 17:10 . 2011-12-06 02:24 6780416 ----a-w- c:\windows\system32\atiumd64.dll
2012-11-15 16:55 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-15 240640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmpE32.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmpE32.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-11-28 20:24:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-28 19:24
ComboFix2.txt 2012-11-28 18:52
ComboFix3.txt 2012-11-26 17:43
.
Pre-Run: 522 371 903 488 bytes free
Post-Run: 522 063 941 632 bytes free
.
- - End Of File - - 65F7B0981A41B268FE8DF5F0813BD584
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Ještě jednou spusťte CF tímto skriptem:
Stejným způsobem, jako v předchozím případě.KillAll::
Collect::
c:\users\user\AppData\Local\Temp\tmpE32.tmp
Driver::
WinRing0_1_2_0
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
ComboFix 12-11-28.02 - user . 11. 2012 21:04:14.4.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.6126 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_2_0
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 20:09 . 2012-11-28 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 03:34 . 2012-11-28 03:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-28 02:45 . 2012-11-28 02:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-28 02:38 . 2012-11-28 02:38 -------- d-----w- c:\programdata\ATI
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-27 23:15 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114F753D-34FD-45FD-A091-1CE60A3C944E}\mpengine.dll
2012-11-27 05:52 . 2012-11-27 05:52 -------- d-----w- c:\program files (x86)\sp59755
2012-11-27 00:44 . 2012-11-27 00:44 -------- d-----w- c:\program files\ATI
2012-11-26 18:57 . 2012-11-26 18:57 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-28 02:45 -------- d-----w- c:\programdata\AMD
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-26 22:30 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-26 22:26 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 18:13 . 2012-11-15 18:13 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-11-15 17:57 . 2012-11-15 17:57 23464448 ----a-w- c:\windows\system32\atio6axx.dll
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:44 . 2012-11-15 17:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-11-15 17:43 . 2012-11-15 17:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-11-15 17:43 . 2012-11-15 17:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-11-15 17:43 . 2012-11-15 17:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-11-15 17:43 . 2012-11-15 17:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-11-15 17:43 . 2012-11-15 17:43 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-11-15 17:40 . 2012-11-15 17:40 18987008 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-11-15 17:38 . 2012-11-15 17:38 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-11-15 17:37 . 2012-11-15 17:37 6678528 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 17:22 . 2012-11-15 17:22 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-11-15 17:22 . 2012-11-15 17:22 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-11-15 17:21 . 2012-11-15 17:21 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-11-15 17:20 . 2012-11-15 17:20 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-11-15 17:20 . 2012-11-15 17:20 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-11-15 17:20 . 2012-11-15 17:20 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-11-15 17:20 . 2012-11-15 17:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-11-15 16:58 . 2012-11-15 16:58 618496 ----a-w- c:\windows\system32\atiadlxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-11-15 16:58 . 2012-11-15 16:58 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-11-15 16:58 . 2012-11-15 16:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-11-15 16:57 . 2012-11-15 16:57 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-11-15 16:57 . 2012-11-15 16:57 546304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-11-15 16:56 . 2012-11-15 16:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-11-15 16:56 . 2012-11-15 16:56 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-11-15 16:56 . 2012-11-15 16:56 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-11-15 16:55 . 2012-11-15 16:55 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 18:15 . 2012-07-28 04:09 5625000 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-11-15 17:41 . 2012-07-28 02:15 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-11-15 17:10 . 2012-07-28 01:32 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-11-15 17:10 . 2011-12-06 02:24 6780416 ----a-w- c:\windows\system32\atiumd64.dll
2012-11-15 16:55 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-15 240640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmpFAE1.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmpFAE1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-11-28 21:19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-28 20:19
ComboFix2.txt 2012-11-28 19:24
ComboFix3.txt 2012-11-28 18:52
ComboFix4.txt 2012-11-26 17:43
.
Pre-Run: 522 174 337 024 bytes free
Post-Run: 521 890 836 480 bytes free
.
- - End Of File - - 46447CDA4D9A129489CF5EBA3D34B8B6
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8140.6126 [GMT 1:00]
Running from: c:\users\user\Desktop\ComboFix.exe
Command switches used :: c:\users\user\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET Personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_WINRING0_1_2_0
-------\Service_WinRing0_1_2_0
.
.
((((((((((((((((((((((((( Files Created from 2012-10-28 to 2012-11-28 )))))))))))))))))))))))))))))))
.
.
2012-11-28 20:09 . 2012-11-28 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-11-28 03:34 . 2012-11-28 03:34 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-11-28 02:45 . 2012-11-28 02:45 -------- d-----w- c:\program files (x86)\AMD APP
2012-11-28 02:38 . 2012-11-28 02:38 -------- d-----w- c:\programdata\ATI
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files\Common Files\ATI Technologies
2012-11-28 02:34 . 2012-11-28 02:34 -------- d-----w- c:\program files (x86)\Common Files\ATI Technologies
2012-11-27 23:15 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{114F753D-34FD-45FD-A091-1CE60A3C944E}\mpengine.dll
2012-11-27 05:52 . 2012-11-27 05:52 -------- d-----w- c:\program files (x86)\sp59755
2012-11-27 00:44 . 2012-11-27 00:44 -------- d-----w- c:\program files\ATI
2012-11-26 18:57 . 2012-11-26 18:57 -------- d-----w- c:\users\user\AppData\Local\CrashRpt
2012-11-26 07:03 . 2012-11-26 07:03 -------- d-----w- c:\program files (x86)\AMD AVT
2012-11-26 06:41 . 2012-11-26 07:02 -------- d-----w- c:\program files\ATI Technologies
2012-11-25 22:01 . 2012-11-25 22:02 -------- d-----w- C:\rsit
2012-11-25 19:03 . 2012-11-25 19:03 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-11-25 15:03 . 2012-11-28 02:45 -------- d-----w- c:\programdata\AMD
2012-11-23 18:53 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Steam
2012-11-23 18:53 . 2012-11-26 22:30 -------- d-----w- c:\program files (x86)\Steam
2012-11-23 03:01 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\SQUARE ENIX
2012-11-23 00:33 . 2012-11-24 15:52 -------- d-----w- c:\program files (x86)\Hitman Absolution
2012-11-22 18:40 . 2012-11-22 18:41 -------- d-----w- c:\users\user\.borland
2012-11-22 18:37 . 2012-11-24 15:51 -------- d-----w- c:\program files (x86)\Common Files\Borland Shared
2012-11-22 18:37 . 2012-11-24 15:47 -------- d-----w- c:\program files (x86)\Borland
2012-11-22 03:39 . 2012-11-25 22:02 -------- d-----w- c:\program files\trend micro
2012-11-22 01:16 . 2012-11-22 01:16 614400 ----a-w- c:\windows\AutoKMS.exe
2012-11-21 14:20 . 2011-02-17 01:11 74272 ----a-w- c:\windows\system32\RtNicProp64.dll
2012-11-21 14:20 . 2011-02-17 01:11 428136 ----a-w- c:\windows\system32\drivers\Rt64win7.sys
2012-11-21 14:16 . 2012-11-21 14:16 -------- d-----w- c:\windows\SysWow64\sda
2012-11-21 14:14 . 2011-05-30 15:03 338536 ----a-w- c:\windows\system32\drivers\RtsPStor.sys
2012-11-21 00:33 . 2012-11-21 00:33 -------- d-----w- c:\users\user\AppData\Roaming\Theta
2012-11-21 00:20 . 2012-11-22 23:13 -------- d-----w- c:\program files (x86)\Assassins Creed III
2012-11-20 03:15 . 2012-11-26 22:26 -------- d-sh--w- c:\users\user\Drivers
2012-11-20 01:25 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-11-20 01:25 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-11-20 01:25 . 2010-06-02 03:55 176984 ----a-w- c:\windows\system32\xactengine3_7.dll
2012-11-20 01:25 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 1907552 ----a-w- c:\windows\system32\d3dcsx_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 511328 ----a-w- c:\windows\system32\d3dx10_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-11-20 01:25 . 2010-05-26 10:41 2401112 ----a-w- c:\windows\system32\D3DX9_43.dll
2012-11-19 23:44 . 2012-11-19 23:44 -------- d-----w- c:\programdata\Origin
2012-11-19 21:57 . 2012-11-19 21:57 -------- d-----w- c:\program files\7-Zip
2012-11-19 19:38 . 2012-11-19 19:38 -------- d-----w- c:\program files (x86)\Common Files\Intel Corporation
2012-11-19 19:31 . 2011-05-20 08:53 557848 ----a-w- c:\windows\system32\drivers\iaStor.sys
2012-11-19 19:31 . 2012-11-19 19:31 -------- d-----w- c:\program files (x86)\Common Files\Telespree
2012-11-19 19:15 . 2011-03-11 10:23 652288 ------w- c:\windows\system32\stapi64.dll
2012-11-19 19:14 . 2012-11-19 19:15 -------- d-----w- c:\program files\IDT
2012-11-19 15:47 . 2012-11-19 16:36 -------- d-----w- c:\programdata\wxDownload
2012-11-19 15:47 . 2012-11-19 16:38 -------- d-----w- c:\programdata\Premium
2012-11-19 15:45 . 2012-11-19 16:00 -------- d-----w- c:\programdata\InstallMate
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\programdata\RICOH
2012-11-19 00:36 . 2012-11-19 00:36 -------- d-----w- c:\program files (x86)\Y Soft
2012-11-16 10:27 . 2012-11-19 16:48 -------- d-----w- C:\da593b772af76360e22a5d
2012-11-15 20:00 . 2010-03-02 22:37 39464 ----a-w- c:\windows\system32\drivers\btwl2cap.sys
2012-11-15 20:00 . 2010-07-20 21:26 102952 ----a-w- c:\windows\system32\drivers\btwaudio.sys
2012-11-15 20:00 . 2010-07-20 21:26 135720 ----a-w- c:\windows\system32\drivers\btwavdt.sys
2012-11-15 20:00 . 2010-07-20 21:26 21544 ----a-w- c:\windows\system32\drivers\btwrchid.sys
2012-11-15 18:20 . 2011-03-11 10:23 221184 ----a-w- c:\windows\system32\HPToneCtrls64.dll
2012-11-15 18:20 . 2010-04-01 22:11 162304 ----a-w- c:\windows\system32\AESTAC64.dll
2012-11-15 18:20 . 2009-10-10 08:45 442368 ----a-w- c:\windows\system32\AESTEC64.dll
2012-11-15 18:20 . 2009-03-03 09:58 68608 ----a-w- c:\windows\system32\AESTAR64.dll
2012-11-15 18:20 . 2011-03-11 10:23 4642816 ----a-w- c:\windows\system32\stlang64.dll
2012-11-15 18:20 . 2011-03-11 10:23 1523712 ----a-w- c:\windows\system32\IDTNC64.cpl
2012-11-15 18:20 . 2011-03-11 10:23 1128448 ----a-w- c:\windows\sttray64.exe
2012-11-15 18:19 . 2011-03-11 10:23 220160 ----a-w- c:\windows\system32\staco64.dll
2012-11-15 18:19 . 2011-03-11 10:23 521728 ----a-w- c:\windows\system32\drivers\stwrt64.sys
2012-11-15 18:19 . 2011-03-11 10:23 431616 ----a-w- c:\windows\system32\stcplx64.dll
2012-11-15 18:19 . 2011-03-11 10:23 1500672 ----a-w- c:\windows\system32\stapo64.dll
2012-11-15 18:19 . 2012-11-15 18:19 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-11-15 18:13 . 2012-11-15 18:13 11270656 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-11-15 17:57 . 2012-11-15 17:57 23464448 ----a-w- c:\windows\system32\atio6axx.dll
2012-11-15 17:47 . 2012-11-15 17:47 70144 ----a-w- c:\windows\system32\coinst_9.01.8.dll
2012-11-15 17:44 . 2012-11-15 17:44 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-11-15 17:43 . 2012-11-15 17:43 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-11-15 17:43 . 2012-11-15 17:43 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-11-15 17:43 . 2012-11-15 17:43 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-11-15 17:43 . 2012-11-15 17:43 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-11-15 17:43 . 2012-11-15 17:43 16082944 ----a-w- c:\windows\system32\aticaldd64.dll
2012-11-15 17:40 . 2012-11-15 17:40 18987008 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-11-15 17:38 . 2012-11-15 17:38 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-11-15 17:37 . 2012-11-15 17:37 6678528 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-11-15 17:22 . 2012-11-15 17:22 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-11-15 17:22 . 2012-11-15 17:22 548864 ----a-w- c:\windows\system32\atieclxx.exe
2012-11-15 17:22 . 2012-11-15 17:22 240640 ----a-w- c:\windows\system32\atiesrxx.exe
2012-11-15 17:21 . 2012-11-15 17:21 4674048 ----a-w- c:\windows\system32\atiumd6a.dll
2012-11-15 17:20 . 2012-11-15 17:20 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-11-15 17:20 . 2012-11-15 17:20 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-11-15 17:20 . 2012-11-15 17:20 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-11-15 17:20 . 2012-11-15 17:20 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-11-15 16:58 . 2012-11-15 16:58 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-11-15 16:58 . 2012-11-15 16:58 618496 ----a-w- c:\windows\system32\atiadlxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-11-15 16:58 . 2012-11-15 16:58 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-11-15 16:58 . 2012-11-15 16:58 421888 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-11-15 16:58 . 2012-11-15 16:58 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-11-15 16:58 . 2012-11-15 16:58 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-11-15 16:57 . 2012-11-15 16:57 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-11-15 16:57 . 2012-11-15 16:57 546304 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-11-15 16:56 . 2012-11-15 16:56 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2012-11-15 16:56 . 2012-11-15 16:56 130048 ----a-w- c:\windows\system32\atiuxp64.dll
2012-11-15 16:56 . 2012-11-15 16:56 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-11-15 16:55 . 2012-11-15 16:55 104448 ----a-w- c:\windows\system32\atiu9p64.dll
2012-11-15 16:22 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-11-15 16:22 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-11-15 16:22 . 2012-07-26 04:47 2560 ----a-w- c:\windows\system32\drivers\en-US\wdf01000.sys.mui
2012-11-15 16:22 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-11-15 16:17 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-11-15 16:17 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-11-15 16:17 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-11-15 16:17 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-11-15 16:17 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-11-15 16:17 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-11-15 16:17 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-11-15 16:01 . 2012-09-25 22:46 95744 ----a-w- c:\windows\system32\synceng.dll
2012-11-15 16:01 . 2012-09-25 22:47 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-11-15 14:22 . 2012-11-15 14:26 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-11-15 12:10 . 2012-11-15 12:10 222720 ----a-w- c:\windows\system32\clinfo.exe
2012-11-15 12:10 . 2012-11-15 12:10 76288 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-11-15 12:10 . 2012-11-15 12:10 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-11-15 12:10 . 2012-11-15 12:10 64512 ----a-w- c:\windows\system32\OVDecode64.dll
2012-11-15 12:10 . 2012-11-15 12:10 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-11-15 12:09 . 2012-11-15 12:09 34523136 ----a-w- c:\windows\system32\amdocl64.dll
2012-11-15 12:05 . 2012-11-15 12:05 28737536 ----a-w- c:\windows\SysWow64\amdocl.dll
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-21 19:49 . 2012-10-06 14:09 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-11-21 19:49 . 2012-10-06 14:09 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-19 19:13 . 2011-11-25 13:21 6656 ----a-w- c:\windows\system32\bcmwlrc.dll
2012-11-19 18:48 . 2011-11-25 13:21 95544 ----a-w- c:\windows\system32\bcmwlcoi.dll
2012-11-19 18:48 . 2011-11-25 13:21 3065408 ----a-w- c:\windows\system32\drivers\BCMWL664.SYS
2012-11-19 18:48 . 2011-11-25 13:21 3896832 ----a-w- c:\windows\system32\bcmihvsrv64.dll
2012-11-19 18:48 . 2011-11-25 13:21 3561472 ----a-w- c:\windows\system32\bcmihvui64.dll
2012-11-15 18:15 . 2012-07-28 04:09 5625000 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-11-15 17:41 . 2012-07-28 02:15 949248 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-11-15 17:39 . 2011-11-25 13:15 1137664 ----a-w- c:\windows\system32\aticfx64.dll
2012-11-15 17:18 . 2011-11-25 13:15 7370752 ----a-w- c:\windows\system32\atidxx64.dll
2012-11-15 17:10 . 2012-07-28 01:32 3862528 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-11-15 17:10 . 2011-12-06 02:24 6780416 ----a-w- c:\windows\system32\atiumd64.dll
2012-11-15 16:55 . 2012-07-28 01:13 83968 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-11-15 16:18 . 2012-09-13 08:08 66395536 ----a-w- c:\windows\system32\MRT.exe
2012-11-12 17:39 . 2012-09-15 13:37 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-11-11 12:41 . 2012-09-17 11:52 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2012-11-08 15:17 . 2010-12-17 02:26 416040 ----a-w- c:\windows\system32\SynCOM.dll
2012-11-08 13:03 . 2012-09-18 16:50 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-11-07 12:24 . 2012-09-15 13:36 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-10-28 00:27 . 2012-10-04 21:50 466520 ----a-w- c:\windows\system32\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 445016 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-10-28 00:27 . 2012-10-04 21:50 122968 ----a-w- c:\windows\system32\OpenAL32.dll
2012-10-28 00:27 . 2012-10-04 21:50 109144 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-10-16 08:38 . 2012-11-27 23:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-27 23:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-27 23:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-09-24 21:16 . 2012-10-17 12:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-17 23:19 . 2012-09-13 08:40 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-17 23:19 . 2011-09-07 08:18 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-14 19:19 . 2012-10-10 20:36 2048 ----a-w- c:\windows\system32\tzres.dll
2012-09-14 18:28 . 2012-10-10 20:36 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-09-13 08:26 . 2010-06-24 09:33 19720 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-09-06 16:05 . 2012-09-06 16:05 3953152 ----a-w- c:\windows\system32\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 2839552 ----a-w- c:\windows\SysWow64\SlotMaximizerBe.dll
2012-09-06 16:05 . 2012-09-06 16:05 198144 ----a-w- c:\windows\system32\SlotMaximizerAg.dll
2012-09-06 16:05 . 2012-09-06 16:05 161792 ----a-w- c:\windows\SysWow64\SlotMaximizerAg.dll
2012-08-31 18:19 . 2012-10-10 20:36 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"HP Quick Launch"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe" [2010-11-09 586296]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-08-06 642216]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-7-29 1132320]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Services for Windows; [x]
R3 AVerAF35;HP USB DVB-T TV Tuner;c:\windows\system32\Drivers\HPAF35.sys [2009-10-19 511104]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-07-14 344616]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-03-02 39464]
R3 HPAuto;HP Auto;c:\program files\Hewlett-Packard\HP Auto\HPAuto.exe [2011-02-16 682040]
R3 HPIR;HP TV Tuner Infrared Receiver;c:\windows\system32\DRIVERS\HPIR.sys [2009-11-16 93184]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-13 1255736]
R4 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
R4 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-02-17 265544]
R4 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R4 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-03-25 490280]
R4 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R4 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-06-14 62536]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-08 647736]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-08 28216]
S0 iusb3hcs;Ovládač prepínača hostiteľského radiča Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-11-08 19264]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-18 868848]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-06-14 211344]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-06-14 149592]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-06-14 38328]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-11-15 240640]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-06-14 1288104]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-05-21 103992]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2011-06-28 2413056]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
S3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [2012-11-08 331264]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [2011-04-15 12228128]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-12-10 181248]
S3 pmkbdfltr;PenMount Keyboard Device Filter Driver;c:\windows\system32\DRIVERS\pmkbdfltr.sys [2012-11-08 18832]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [2011-05-30 338536]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-02-17 428136]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys [2012-11-08 43832]
S3 whfltr2k;WheelMouse USB Lower Filter Driver;c:\windows\system32\DRIVERS\whfltr2k.sys [2012-11-08 10368]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\users\user\AppData\Local\Temp\tmpFAE1.tmp [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
Contents of the 'Scheduled Tasks' folder
.
2012-11-28 c:\windows\Tasks\AutoKMS.job
- c:\windows\AutoKMS.exe [2012-11-22 01:16]
.
2012-11-19 c:\windows\Tasks\HPCeeScheduleForuser.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-06-14 5634800]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-04-15 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-04-15 392472]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-04-15 416024]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uDefault_Search_URL = hxxp://www.google.com/ie
mDefault_Page_URL = hxxp://www.bing.com?pc=HPNTDF
mStart Page = hxxp://www.bing.com?pc=HPNTDF
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
uInternet Settings,ProxyServer = cache.fi.muni.cz:3128
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office14\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: Se&nd to OneNote - c:\progra~1\MICROS~2\Office14\ONBttnIE.dll/105
TCP: DhcpNameServer = 147.251.209.1 147.251.197.2
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{11111111-1111-1111-1111-110111491187} - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - c:\program files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\WinRing0_1_2_0]
"ImagePath"="\??\c:\users\user\AppData\Local\Temp\tmpFAE1.tmp"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ +n**+n*]
@="?n?n"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\ <m**<m*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\Ad*ؽi*]
@="?d?i"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\đH<**]
@="?<\1b"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\řQm*ŘQm*]
@="?m?m"
.
[HKEY_LOCAL_MACHINE\software\Policies\Hewlett-Packard\HP Software Framework\{F7A31DE6-534B-4564-808A-7D170A9F74A1}\DeviceDbcc\[žH®2*]
@="???2"
.
------------------------ Other Running Processes ------------------------
.
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\RunDll32.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
.
**************************************************************************
.
Completion time: 2012-11-28 21:19:45 - machine was rebooted
ComboFix-quarantined-files.txt 2012-11-28 20:19
ComboFix2.txt 2012-11-28 19:24
ComboFix3.txt 2012-11-28 18:52
ComboFix4.txt 2012-11-26 17:43
.
Pre-Run: 522 174 337 024 bytes free
Post-Run: 521 890 836 480 bytes free
.
- - End Of File - - 46447CDA4D9A129489CF5EBA3D34B8B6
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Log již vypadá OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
Dakujem pekne, neide to sice ako predtym,ze padalo to aj na 0%,ale drzi sa to do 5%
-
Rudy
- Site Admin
- Příspěvky: 119521
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: Vyuzitie CPU sa zvysilo z 0-5% na 10-15%
PC je pomalejší?jossi9432 píše:Dakujem pekne, neide to sice ako predtym,ze padalo to aj na 0%,ale drzi sa to do 5%
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?