VIRY.CZ

nic, stale mi instaluje ten searchprotect. Asi tak cely den nic a potom to zas zacne aj ten istartsurf asi bude treba reinstall win

Zkusíme ještě MBAM: http://www.malwarebytes.org/mbam.php . Udělejte kompletní sken a dejte log. Předem nic nemažte.

Malwarebytes Anti-Malware
www.malwarebytes.org

Datum skenování: 7. 9. 2014
Čas skenování: 12:55:52
Protokol: aaaadas.txt
Správce: Ano

Verze: 2.00.2.1012
Databáze malwaru: v2014.09.07.01
Databáze rootkitů: v2014.08.21.01
Licence: Premium
Ochrana proti malwaru: Zapnuto
Ochrana proti škodlivým webovým stránkám: Zapnuto
Self-protection: Vypnuto

OS: Windows 7 Service Pack 1
CPU: x64
Souborový systém: NTFS
Uživatel: PEPAN

Typ skenu: Sken hrozeb
Výsledek: Dokončeno
Prohledaných objektů: 317903
Uplynulý čas: 6 min, 22 sek

Paměť: Zapnuto
Po spuštění: Zapnuto
Souborový systém: Zapnuto
Archivy: Zapnuto
Rootkity: Vypnuto
Heuristics: Zapnuto
PUP: Zapnuto
PUM: Zapnuto

Procesy: 2
PUP.Optional.Amonetize, C:\Windows\SysWOW64\nethtsrv.exe, 5280, , [0ac38b5fcab1ad8952298f0c0cf5fb05]
PUP.Optional.Amonetize, C:\Windows\SysWOW64\netupdsrv.exe, 5544, , [e5e815d56a1163d3bdbf67344ab746ba]

Moduly: 2
PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfnapi.dll, , [3f8eeffbe49705312003477227dadc24],
PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfpapi.dll, , [ddf07377780346f03fe54d6c41c0a957],

Klíče registru: 18
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NetHttpService, , [0ac38b5fcab1ad8952298f0c0cf5fb05],
PUP.Optional.Amonetize, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\ServiceUpdater, , [e5e815d56a1163d3bdbf67344ab746ba],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{EAB5257A-1FB3-474C-9B42-231F52622E72}, , [c10c4aa099e2ef475a31b3f2877a619f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [c10c4aa099e2ef475a31b3f2877a619f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}, , [c10c4aa099e2ef475a31b3f2877a619f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{EAB5257A-1FB3-474C-9B42-231F52622E72}, , [c10c4aa099e2ef475a31b3f2877a619f],
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}, , [c10c4aa099e2ef475a31b3f2877a619f],
PUP.Optional.OffersWizard.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\nethfdrv, , [4b825f8b0b70e84ed8ea54a3ea18f40c],
PUP.Optional.OffersWizard.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\inethnfd, , [7c513dad93e89a9ca22a56a9c33fd927],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd, , [b815ae3cf9826accfcdb19dd47bbb050],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\CLASSES\Updater.AmiUpd.1, , [f7d62ebca3d83303b81f6690e91935cb],
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [498437b3adce3402608cd870c73d0af6],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\istartsurfSoftware, , [0dc0af3b1e5d68ce14bc0aee05fdfb05],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd, , [2aa32bbf7506d66006d1a84e0df5d828],
PUP.Optional.Amonetize.A, HKLM\SOFTWARE\WOW6432NODE\CLASSES\Updater.AmiUpd.1, , [d1fc66848eed77bfab2c12e4669c2fd1],
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [27a644a63e3dd5619e4eb890e81caf51],
PUP.Optional.Qone8, HKU\S-1-5-21-2708150872-3862926175-3264410124-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{33BB0A4E-99AF-4226-BDF6-49120163DE86}, , [c50848a285f60432915a76d21ce80ff1],
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\istartsurf uninstall, , [973637b3d9a2181e74f605e56a98dc24],

Hodnoty registru: 2
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\NETHTTPSERVICE|ImagePath, C:\Windows\SysWOW64\nethtsrv.exe, , [ddf0bf2b611a67cf4627fa62f80c837d]
PUP.Optional.NetworkUpdate.A, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\SERVICEUPDATER|ImagePath, C:\Windows\SysWOW64\netupdsrv.exe, , [933a38b2b9c2181e7bf33626d4309967]

Data registru: 10
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... XXZ1D938JB, Dobré: (Chrome.exe), Špatné: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... XXZ1D938JB),,[4a83b931700bd75f034517cf59aba45c]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB),,[cefffded413a6bcb36087f67887cf40c]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB),,[28a5ea007407bc7a2b0f19cd09fb34cc]
PUP.Optional.Qone8, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[2ca1727823584ee8b6a1767bbe46c63a]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\GOOGLE CHROME\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... XXZ1D938JB, Dobré: (Chrome.exe), Špatné: ("C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" http://www.istartsurf.com/?type=sc&ts=1 ... XXZ1D938JB),,[d0fdc7232d4e4bebc97f20c6fa0ae21e]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB),,[15b87674a3d8261053eb9254ac58ef11]
PUP.Optional.IStartSurf.A, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB),,[e4e90edc5f1c64d272c8e501f80cf40c]
PUP.Optional.Qone8, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {33BB0A4E-99AF-4226-BDF6-49120163DE86}, Dobré: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Špatné: ({33BB0A4E-99AF-4226-BDF6-49120163DE86}),,[725b0bdf3e3d85b177e05c9547bd5aa6]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2708150872-3862926175-3264410124-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB),,[903daa403645a492ab9405e1f60e3cc4]
PUP.Optional.IStartSurf.A, HKU\S-1-5-21-2708150872-3862926175-3264410124-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB, Dobré: (www.google.com), Špatné: (http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB),,[f6d77971611a62d4d962d1152dd7ad53]

Složky: 4
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config, , [7c513dad93e89a9ca22a56a9c33fd927],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code, , [973637b3d9a2181e74f605e56a98dc24],

Soubory: 45
PUP.Optional.Amonetize, C:\Windows\SysWOW64\nethtsrv.exe, , [0ac38b5fcab1ad8952298f0c0cf5fb05],
PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfnapi.dll, , [3f8eeffbe49705312003477227dadc24],
PUP.Optional.NetFilter, C:\Windows\SysWOW64\hfpapi.dll, , [ddf07377780346f03fe54d6c41c0a957],
PUP.Optional.Amonetize, C:\Windows\SysWOW64\netupdsrv.exe, , [e5e815d56a1163d3bdbf67344ab746ba],
PUP.Optional.Amonetize, C:\Users\PEPAN\AppData\Local\Temp\awh1CB4.tmp, , [2ca1b832e5961f17cc648b2a7c85659b],
PUP.Optional.Amonetize, C:\Users\PEPAN\AppData\Local\Temp\awh5DE8.tmp, , [f2db15d5c5b61f17d75930852cd5d927],
PUP.Optional.Amonetize, C:\Users\PEPAN\AppData\Local\Temp\awh6519.tmp, , [4c812bbf3b40de5831ffb9fccb36a759],
PUP.Optional.Amonetize, C:\Users\PEPAN\AppData\Local\Temp\awh73AA.tmp, , [f0dd3baf91ea47ef1a71a8fd4eb39b65],
PUP.Optional.Amonetize, C:\Users\PEPAN\AppData\Local\Temp\awhE6E7.tmp, , [a825975384f721151a167b3a0df438c8],
PUP.Optional.Amonetize, C:\Users\PEPAN\AppData\Local\Temp\Launcher.exe, , [f4d939b17407330368c851648a778779],
PUP.Optional.Amonetize, C:\Users\PEPAN\AppData\Local\2080\a27725.exe, , [c10c4aa099e2ef475a31b3f2877a619f],
PUP.Optional.OffersWizard.A, C:\Windows\System32\drivers\nethfdrv.sys, , [4b825f8b0b70e84ed8ea54a3ea18f40c],
PUP.Optional.ShowPass.A, C:\Users\PEPAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage, , [f3da81696417d660bc088d6b16ec817f],
PUP.Optional.ShowPass.A, C:\Users\PEPAN\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.showpass00.showpass.co_0.localstorage-journal, , [ceff44a62e4d89adc9fbac4c21e1b848],
PUP.Optional.InstallD.A, C:\Windows\SysWOW64\installd.exe, , [438a6d7db2c986b0fb8a98643ec4e31d],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\ver.xml, , [7c513dad93e89a9ca22a56a9c33fd927],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\data.xml, , [7c513dad93e89a9ca22a56a9c33fd927],
PUP.Optional.OffersWizard.A, C:\Program Files (x86)\Common Files\Config\uninstinethnfd.exe, , [7c513dad93e89a9ca22a56a9c33fd927],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\277.json, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\MessageBox.xml, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\uninstallDlg2.xml, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\UninstallManager.exe, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\bg.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\bg1.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\bk_shadow.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\button.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\button1.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\checkbox.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\checkbox_select.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\checked.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\close.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\loading_bg.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\loading_light.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\min.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\scrollbar.bmp, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\Thumbs.db, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\unchecked.png, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code\code1.jpg, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code\code2.jpg, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code\code3.jpg, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code\code4.jpg, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code\code5.jpg, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code\code6.jpg, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Roaming\istartsurf\images\code\Thumbs.db, , [973637b3d9a2181e74f605e56a98dc24],
PUP.Optional.IStartSurf.A, C:\Users\PEPAN\AppData\Local\Google\Chrome\User Data\Default\Preferences, Dobré: (), Špatné: ( "startup_urls": [ "http://www.google.com/", "http://www.istartsurf.com/?type=hp&ts=1 ... XXZ1D938JB" ],), ,[e8e5c5253645c86ef77f5cc612f347b9]

Fyzické sektory: 0
(No malicious items detected)


(end)

Vše nalezené smažte.

Vsetko som zmazal to som skusal aj skor ale stale sa vracia program Launcher.exe ktory mi zacne instalovat ten search protect nechapem ako to je mozne. Ale tento krat mi ho malware bytes zablokoval. Stale mi to napise ze program Launcher.exe prestal pracovat

Zkuste se podívat do msconfig (Startmenu>přík. řádek>(napsat) msconfig>Enter). Pokud bude někde na záložkách "Služby", nebo po spuštění, deaktivujte odstraněním zatržítka. Nastavení uložte a restartujte.

Tam nic podozriveho neni. Istartsurf uzz je prec ale ten search protect sa vraca

V kterém prohlížeči?

teraz je to naopak istartsurf sa vratil a search protect uz je zatial ok a istartsurf je v chrome

Chrome zazálohujte pomocí ChromeBackup: http://www.stahuj.centrum.cz/internet_a ... me-backup/ . PakChrome odinstalujte vč. jeho profilu. Znovu nainstalujte a zpět ze zálohy nakopírujte záložky, příp. hesla.

Pouzil som Spyhunter dal mi prec ten istartusurf ale stale mi spusta Launcher.exe to je zrejme instalacka na Searchprotec...Ale blokuje mi to Malware a stale sa to obnovuje aj ked to zmazem

Dejte log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware.

ComboFix 14-10-04.01 - PEPAN . 10. 2014 16:57:43.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.8120.5889 [GMT 2:00]
Running from: c:\users\PEPAN\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\program files (x86)\Common Files\Config\uninstinethnfd.exe
c:\program files (x86)\Common Files\Config\ver.xml
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NETHFDRV
-------\Legacy_NETHFDRV
.
.
((((((((((((((((((((((((( Files Created from 2014-09-07 to 2014-10-07 )))))))))))))))))))))))))))))))
.
.
2014-10-07 15:02 . 2014-10-07 15:02 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-07 14:40 . 2014-10-07 14:40 12872 ----a-w- c:\windows\system32\bootdelete.exe
2014-10-07 08:38 . 2014-10-07 08:38 -------- d-----w- c:\users\PEPAN\AppData\Roaming\AMD
2014-10-06 07:23 . 2014-10-06 07:25 -------- d-----w- c:\program files (x86)\Anvisoft
2014-10-06 07:23 . 2014-10-06 07:23 -------- d-----w- c:\users\PEPAN\AppData\Local\Anvisoft
2014-10-05 20:05 . 2014-10-05 20:06 -------- d-----w- C:\AdwCleaner
2014-10-05 18:02 . 2014-10-05 18:02 -------- d-sh--w- c:\users\PEPAN\AppData\Local\EmieUserList
2014-10-05 18:02 . 2014-10-05 18:02 -------- d-sh--w- c:\users\PEPAN\AppData\Local\EmieSiteList
2014-10-05 18:01 . 2014-10-05 18:01 -------- d-----w- c:\program files\HitmanPro
2014-10-05 17:59 . 2014-10-05 17:59 687 ----a-w- C:\awh8229.tmp
2014-10-05 17:56 . 2014-10-05 18:42 -------- d-----w- c:\programdata\HitmanPro
2014-10-05 17:49 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-10-05 17:49 . 2014-10-05 17:49 -------- d--h--w- c:\windows\msdownld.tmp
2014-10-05 17:48 . 2010-05-13 15:34 14232 ----a-w- c:\windows\SysWow64\sh4native.exe
2014-10-05 17:45 . 2014-10-05 17:45 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-10-05 17:44 . 2014-10-05 17:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-10-05 17:44 . 2014-10-05 17:44 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-10-05 17:44 . 2014-10-05 17:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-10-05 17:44 . 2014-10-05 17:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-10-05 17:44 . 2014-10-05 17:44 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-10-05 17:40 . 2014-10-05 17:40 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-10-05 17:40 . 2014-10-05 17:40 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-10-05 16:50 . 2014-10-05 16:50 687 ----a-w- C:\awhC36D.tmp
2014-10-05 16:35 . 2014-10-07 14:48 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-10-04 09:38 . 2014-10-05 19:03 -------- d-----w- c:\users\PEPAN\AppData\Local\29348
2014-10-02 00:13 . 2014-10-02 00:13 -------- d-----w- c:\users\PEPAN\AppData\Roaming\Oracle
2014-10-02 00:13 . 2014-10-02 00:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-02 00:13 . 2014-07-25 10:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-30 08:18 . 2014-09-30 08:18 -------- d-----w- c:\programdata\ATI
2014-09-30 08:18 . 2014-09-30 08:18 -------- d-----w- c:\program files (x86)\AMD AVT
2014-09-26 09:57 . 2014-09-26 09:57 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-25 00:01 . 2014-09-25 00:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-22 14:24 . 2014-09-22 14:24 110080 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-09-22 14:24 . 2014-09-22 14:24 110080 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-09-22 14:24 . 2014-09-22 14:24 110080 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-09-22 14:24 . 2014-09-22 14:24 -------- d-----w- c:\program files (x86)\Enigma Software Group
2014-09-22 14:24 . 2014-10-03 07:33 -------- d-----w- c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
2014-09-22 13:42 . 2014-09-22 13:42 -------- d-----w- c:\program files\Enigma Software Group
2014-09-22 13:42 . 2014-09-22 14:22 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-22 13:41 . 2014-09-22 14:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-09-22 13:34 . 2014-09-22 13:34 -------- d-----w- c:\users\PEPAN\AppData\Roaming\Google Chrome Backup
2014-09-22 09:00 . 2014-09-22 09:00 -------- d-----w- c:\programdata\Gyazo
2014-09-19 19:16 . 2014-10-03 20:19 -------- d-----w- c:\program files (x86)\The KMPlayer
2014-09-19 15:27 . 2014-09-19 15:27 -------- d-----w- c:\users\PEPAN\AppData\Local\27052
2014-09-18 15:17 . 2014-09-19 12:28 -------- d-----w- c:\users\PEPAN\AppData\Local\5201
2014-09-17 21:42 . 2014-09-17 21:42 -------- d-----w- c:\program files (x86)\Google Chrome Backup
2014-09-17 13:14 . 2014-09-17 14:30 -------- d-----w- c:\users\PEPAN\AppData\Local\26534
2014-09-16 13:12 . 2014-09-17 08:47 -------- d-----w- c:\users\PEPAN\AppData\Local\6297
2014-09-15 22:32 . 2014-09-15 22:32 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2014-09-15 22:32 . 2014-09-15 22:32 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2014-09-15 22:31 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-09-15 22:00 . 2014-09-15 22:00 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-09-15 21:59 . 2014-09-15 21:59 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-09-15 21:59 . 2014-09-15 21:59 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2014-09-15 21:59 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-09-15 16:21 . 2014-09-15 16:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-09-15 16:19 . 2014-09-15 16:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-07 10:04 . 2014-08-20 11:27 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 17:45 . 2014-10-05 17:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-09-26 09:57 . 2014-03-19 19:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-26 09:57 . 2014-03-19 19:40 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 22:31 . 2013-12-06 22:04 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2014-04-18 02:42 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2013-11-29 17:53 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2013-11-29 17:52 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2013-11-29 17:51 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2013-12-06 22:00 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2013-11-29 17:49 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2013-11-29 17:48 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2014-04-18 02:42 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2014-04-18 02:42 8296296 ----a-w- c:\windows\system32\atiumd64.dll
2014-09-15 22:03 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-09-15 22:00 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-09-15 21:59 . 2014-04-18 01:09 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-08-30 20:01 . 2014-08-30 20:01 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-08-30 20:01 . 2014-08-30 20:01 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-08-30 20:01 . 2014-08-30 20:01 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-08-15 06:34 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-16 12:17 . 2014-07-16 12:17 192512 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{114C48CB-65F8-4EC6-83CD-B3F936BFF795}\Icon.exe
2014-07-15 17:01 . 2014-09-03 07:39 4012632 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2014-07-15 13:30 . 2014-09-03 07:39 950488 ----a-w- c:\windows\system32\RCoInstII64.dll
2014-07-11 13:10 . 2014-09-03 07:38 2000152 ----a-w- c:\windows\system32\MBAPO264.dll
2014-07-11 13:10 . 2014-09-03 07:38 1728792 ----a-w- c:\windows\SysWow64\MBAPO232.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-09-16 3095328]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2014-07-25 256896]
.
c:\users\PEPAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Samsung Magician.lnk - c:\windows\system32\schtasks.exe /run /tn SamsungMagician [2014-3-26 285696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSIBIOSData_CC;MSIBIOSData_CC;c:\program files (x86)\MSI\CommandCenter\BIOSData\MSIBIOSDataService.exe;c:\program files (x86)\MSI\CommandCenter\BIOSData\MSIBIOSDataService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 MSICOMM_CC;MSICOMM_CC;c:\program files (x86)\MSI\CommandCenter\MSICommService.exe;c:\program files (x86)\MSI\CommandCenter\MSICommService.exe [x]
R3 MSISaveLoad_CC;MSISaveLoad_CC;c:\program files (x86)\MSI\CommandCenter\MSISaveLoadService.exe;c:\program files (x86)\MSI\CommandCenter\MSISaveLoadService.exe [x]
R3 MSISMB_CC;MSISMB_CC;c:\program files (x86)\MSI\CommandCenter\SMBus\MSISMBService.exe;c:\program files (x86)\MSI\CommandCenter\SMBus\MSISMBService.exe [x]
R3 MSIWMI_CC;MSIWMI_CC;c:\program files (x86)\MSI\CommandCenter\MSIWMIService.exe;c:\program files (x86)\MSI\CommandCenter\MSIWMIService.exe [x]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0045.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0045.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\msi\Super RAID\NTIOLib_X64.sys;c:\msi\Super RAID\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7816vC70\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7816vC70\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIClock_CC;NTIOLib_MSIClock_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys [x]
R3 NTIOLib_MSICOMM_CC;NTIOLib_MSICOMM_CC;c:\program files (x86)\MSI\CommandCenter\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIFrequency_CC;NTIOLib_MSIFrequency_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIRatio_CC;NTIOLib_MSIRatio_CC;c:\program files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;c:\program files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys [x]
R3 SaiK1703;SaiK1703;c:\windows\system32\DRIVERS\SaiK1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1703.sys [x]
R3 SaiU1703;SaiU1703;c:\windows\system32\DRIVERS\SaiU1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1703.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R4 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R4 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 MSIClock_CC;MSIClock_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\MSIClockService.exe;c:\program files (x86)\MSI\CommandCenter\ClockGen\MSIClockService.exe [x]
R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [x]
R4 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
R4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
R4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R4 SuperRAIDSvc;SuperRAIDSvc;c:\msi\Super RAID\SuperRAIDSvc.exe;c:\msi\Super RAID\SuperRAIDSvc.exe [x]
R4 TeamViewer9;TeamViewer 9;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version9\TeamViewer_Service.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
S2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe;c:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 MSICTL_CC;MSICTL_CC;c:\program files (x86)\MSI\CommandCenter\MSIControlService.exe;c:\program files (x86)\MSI\CommandCenter\MSIControlService.exe [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
S2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
S3 AcpiCtlDrv;AcpiCtlDrv;c:\windows\system32\DRIVERS\AcpiCtlDrv.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiCtlDrv.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 MSICPU_CC;MSICPU_CC;c:\program files (x86)\MSI\CommandCenter\CPU\MSICPUService.exe;c:\program files (x86)\MSI\CommandCenter\CPU\MSICPUService.exe [x]
S3 MSIDDR_CC;MSIDDR_CC;c:\program files (x86)\MSI\CommandCenter\DDR\MSIDDRService.exe;c:\program files (x86)\MSI\CommandCenter\DDR\MSIDDRService.exe [x]
S3 MSISuperIO_CC;MSISuperIO_CC;c:\program files (x86)\MSI\CommandCenter\SuperIO\MSISuperIOService.exe;c:\program files (x86)\MSI\CommandCenter\SuperIO\MSISuperIOService.exe [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]
S3 NTIOLib_MSICPU_CC;NTIOLib_MSICPU_CC;c:\program files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys [x]
S3 NTIOLib_MSIDDR_CC;NTIOLib_MSIDDR_CC;c:\program files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys [x]
S3 NTIOLib_MSISuperIO_CC;NTIOLib_MSISuperIO_CC;c:\program files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys [x]
S3 SaiK1112;SaiK1112;c:\windows\system32\DRIVERS\SaiK1112.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1112.sys [x]
S3 SaiK1713;SaiK1713;c:\windows\system32\DRIVERS\SaiK1713.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1713.sys [x]
S3 SaiU1713;SaiU1713;c:\windows\system32\DRIVERS\SaiU1713.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1713.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:49 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-07 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19 09:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-08 8146944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"S.T.R.I.K.E.3"="c:\program files\Mad Catz\S.T.R.I.K.E.3\STRIKE3_Profiler.exe" [2013-07-18 40448]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-02 10464536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 91.225.102.8:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
.
Supplementary scan did not complete!
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKU-Default-RunOnce-SPReview - c:\windows\System32\SPReview\SPReview.exe
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-GameCenterMailRu - c:\users\PEPAN\AppData\Local\Mail.Ru\GameCenter\GameCenter@Mail.Ru.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.15"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_15_0_0_167.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\system32\PrintDisp.exe
c:\program files (x86)\Samsung Magician\Samsung Magician.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-10-07 17:08:11 - machine was rebooted
.
Pre-Run: Volných bajtů: 703 908 724 736
Post-Run: Volných bajtů: 703 901 159 424
.
- - End Of File - - F70BCDF11682F96062923421CCDD8A0B

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
C:\awh8229.tmp
C:\awhC36D.tmp

Folder::
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

ComboFix 14-10-04.01 - PEPAN . 10. 2014 22:04:07.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1029.18.8120.5886 [GMT 2:00]
Running from: c:\users\PEPAN\Desktop\ComboFix.exe
Command switches used :: c:\users\PEPAN\Desktop\CFScript.txt.txt
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"C:\awh8229.tmp"
"C:\awhC36D.tmp"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\awh8229.tmp
C:\awhC36D.tmp
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP
c:\windows\AF54923662584AC6A0435B5B89C6EB61.TMP\WiseCustomCalla21.exe
.
.
((((((((((((((((((((((((( Files Created from 2014-09-13 to 2014-10-13 )))))))))))))))))))))))))))))))
.
.
2014-10-13 20:09 . 2014-10-13 20:09 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-10-13 19:46 . 2014-10-13 19:57 32512 ----a-w- c:\windows\system32\drivers\hitmanpro37.sys
2014-10-13 17:15 . 2014-10-13 19:55 -------- d-----w- c:\programdata\WindowsMangerProtect
2014-10-13 17:15 . 2014-10-13 17:15 -------- d-----w- c:\programdata\IePluginServices
2014-10-13 17:14 . 2014-10-13 17:14 -------- d-----w- c:\users\PEPAN\AppData\Roaming\mystartsearch
2014-10-12 00:37 . 2014-10-12 00:37 -------- d-----w- c:\users\PEPAN\AppData\Roaming\Steam
2014-10-07 21:20 . 2014-10-07 21:38 -------- d-----w- c:\users\PEPAN\AppData\Roaming\Bitcoin
2014-10-07 08:38 . 2014-10-07 08:38 -------- d-----w- c:\users\PEPAN\AppData\Roaming\AMD
2014-10-06 07:23 . 2014-10-06 07:25 -------- d-----w- c:\program files (x86)\Anvisoft
2014-10-06 07:23 . 2014-10-06 07:23 -------- d-----w- c:\users\PEPAN\AppData\Local\Anvisoft
2014-10-05 20:05 . 2014-10-05 20:06 -------- d-----w- C:\AdwCleaner
2014-10-05 18:02 . 2014-10-05 18:02 -------- d-sh--w- c:\users\PEPAN\AppData\Local\EmieUserList
2014-10-05 18:02 . 2014-10-05 18:02 -------- d-sh--w- c:\users\PEPAN\AppData\Local\EmieSiteList
2014-10-05 18:01 . 2014-10-05 18:01 -------- d-----w- c:\program files\HitmanPro
2014-10-05 17:56 . 2014-10-05 18:42 -------- d-----w- c:\programdata\HitmanPro
2014-10-05 17:49 . 2013-10-14 16:00 28368 ----a-w- c:\windows\system32\IEUDINIT.EXE
2014-10-05 17:49 . 2014-10-05 17:49 -------- d--h--w- c:\windows\msdownld.tmp
2014-10-05 17:48 . 2010-05-13 15:34 14232 ----a-w- c:\windows\SysWow64\sh4native.exe
2014-10-05 17:45 . 2014-10-05 17:45 878080 ----a-w- c:\windows\system32\advapi32.dll
2014-10-05 17:44 . 2014-10-05 17:44 497152 ----a-w- c:\windows\system32\drivers\afd.sys
2014-10-05 17:44 . 2014-10-05 17:44 327168 ----a-w- c:\windows\system32\mswsock.dll
2014-10-05 17:44 . 2014-10-05 17:44 231424 ----a-w- c:\windows\SysWow64\mswsock.dll
2014-10-05 17:44 . 2014-10-05 17:44 1903552 ----a-w- c:\windows\system32\drivers\tcpip.sys
2014-10-05 17:44 . 2014-10-05 17:44 68608 ----a-w- c:\windows\system32\taskhost.exe
2014-10-05 17:40 . 2014-10-05 17:40 1887232 ----a-w- c:\windows\system32\d3d11.dll
2014-10-05 17:40 . 2014-10-05 17:40 1505280 ----a-w- c:\windows\SysWow64\d3d11.dll
2014-10-05 16:35 . 2014-10-07 14:48 -------- d-----w- c:\program files (x86)\Common Files\Config
2014-10-04 09:38 . 2014-10-05 19:03 -------- d-----w- c:\users\PEPAN\AppData\Local\29348
2014-10-02 00:13 . 2014-10-02 00:13 -------- d-----w- c:\users\PEPAN\AppData\Roaming\Oracle
2014-10-02 00:13 . 2014-10-02 00:13 -------- d-----w- c:\program files (x86)\Common Files\Java
2014-10-02 00:13 . 2014-07-25 10:55 98216 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2014-09-30 08:18 . 2014-09-30 08:18 -------- d-----w- c:\programdata\ATI
2014-09-30 08:18 . 2014-09-30 08:18 -------- d-----w- c:\program files (x86)\AMD AVT
2014-09-26 09:57 . 2014-09-26 09:57 3675824 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2014-09-25 00:01 . 2014-09-25 00:01 -------- d-----w- c:\program files (x86)\Common Files\Skype
2014-09-22 14:24 . 2014-09-22 14:24 110080 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconF7A21AF7.exe
2014-09-22 14:24 . 2014-09-22 14:24 110080 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconD7F16134.exe
2014-09-22 14:24 . 2014-09-22 14:24 110080 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{AF549236-6258-4AC6-A043-5B5B89C6EB61}\IconCF33A0CE.exe
2014-09-22 14:24 . 2014-09-22 14:24 -------- d-----w- c:\program files (x86)\Enigma Software Group
2014-09-22 13:42 . 2014-09-22 13:42 -------- d-----w- c:\program files\Enigma Software Group
2014-09-22 13:42 . 2014-09-22 14:22 -------- d-----w- c:\windows\ACF5FE1B377240688B872D2A6EFD0A05.TMP
2014-09-22 13:41 . 2014-09-22 14:24 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2014-09-22 13:34 . 2014-09-22 13:34 -------- d-----w- c:\users\PEPAN\AppData\Roaming\Google Chrome Backup
2014-09-22 09:00 . 2014-09-22 09:00 -------- d-----w- c:\programdata\Gyazo
2014-09-19 19:16 . 2014-10-03 20:19 -------- d-----w- c:\program files (x86)\The KMPlayer
2014-09-19 15:27 . 2014-09-19 15:27 -------- d-----w- c:\users\PEPAN\AppData\Local\27052
2014-09-18 15:17 . 2014-09-19 12:28 -------- d-----w- c:\users\PEPAN\AppData\Local\5201
2014-09-17 13:14 . 2014-09-17 14:30 -------- d-----w- c:\users\PEPAN\AppData\Local\26534
2014-09-16 13:12 . 2014-09-17 08:47 -------- d-----w- c:\users\PEPAN\AppData\Local\6297
2014-09-15 22:32 . 2014-09-15 22:32 128384 ----a-w- c:\windows\system32\amdhcp64.dll
2014-09-15 22:32 . 2014-09-15 22:32 118096 ----a-w- c:\windows\SysWow64\amdhcp32.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\atimpc64.dll
2014-09-15 22:32 . 2014-09-15 22:32 78432 ----a-w- c:\windows\system32\amdpcom64.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\atimpc32.dll
2014-09-15 22:32 . 2014-09-15 22:32 71704 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2014-09-15 22:31 . 2014-09-15 22:31 126848 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2014-09-15 22:31 . 2014-09-15 22:31 9254184 ----a-w- c:\windows\SysWow64\atidxx32.dll
2014-09-15 22:29 . 2014-09-15 22:29 293088 ----a-w- c:\windows\system32\drivers\amdacpksd.sys
2014-09-15 22:26 . 2014-09-15 22:26 16750080 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2014-09-15 22:18 . 2014-09-15 22:18 235008 ----a-w- c:\windows\system32\clinfo.exe
2014-09-15 22:18 . 2014-09-15 22:18 98816 ----a-w- c:\windows\system32\OpenVideo64.dll
2014-09-15 22:17 . 2014-09-15 22:17 83456 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2014-09-15 22:17 . 2014-09-15 22:17 86528 ----a-w- c:\windows\system32\OVDecode64.dll
2014-09-15 22:17 . 2014-09-15 22:17 73216 ----a-w- c:\windows\SysWow64\OVDecode.dll
2014-09-15 22:17 . 2014-09-15 22:17 33867264 ----a-w- c:\windows\system32\amdocl64.dll
2014-09-15 22:17 . 2014-09-15 22:17 28770304 ----a-w- c:\windows\SysWow64\amdocl.dll
2014-09-15 22:16 . 2014-09-15 22:16 65024 ----a-w- c:\windows\system32\OpenCL.dll
2014-09-15 22:16 . 2014-09-15 22:16 58880 ----a-w- c:\windows\SysWow64\OpenCL.dll
2014-09-15 22:13 . 2014-09-15 22:13 27918336 ----a-w- c:\windows\system32\atio6axx.dll
2014-09-15 22:09 . 2014-09-15 22:09 48128 ----a-w- c:\windows\system32\amdmmcl6.dll
2014-09-15 22:09 . 2014-09-15 22:09 37888 ----a-w- c:\windows\SysWow64\amdmmcl.dll
2014-09-15 22:09 . 2014-09-15 22:09 127488 ----a-w- c:\windows\system32\mantle64.dll
2014-09-15 22:09 . 2014-09-15 22:09 113664 ----a-w- c:\windows\SysWow64\mantle32.dll
2014-09-15 22:09 . 2014-09-15 22:09 5639168 ----a-w- c:\windows\system32\amdmantle64.dll
2014-09-15 22:08 . 2014-09-15 22:08 23375360 ----a-w- c:\windows\SysWow64\atioglxx.dll
2014-09-15 22:07 . 2014-09-15 22:07 367104 ----a-w- c:\windows\system32\atiapfxx.exe
2014-09-15 22:07 . 2014-09-15 22:07 62464 ----a-w- c:\windows\system32\aticalrt64.dll
2014-09-15 22:07 . 2014-09-15 22:07 52224 ----a-w- c:\windows\SysWow64\aticalrt.dll
2014-09-15 22:07 . 2014-09-15 22:07 55808 ----a-w- c:\windows\system32\aticalcl64.dll
2014-09-15 22:07 . 2014-09-15 22:07 49152 ----a-w- c:\windows\SysWow64\aticalcl.dll
2014-09-15 22:07 . 2014-09-15 22:07 15716352 ----a-w- c:\windows\system32\aticaldd64.dll
2014-09-15 22:06 . 2014-09-15 22:06 14302208 ----a-w- c:\windows\SysWow64\aticaldd.dll
2014-09-15 22:05 . 2014-09-15 22:05 4480000 ----a-w- c:\windows\SysWow64\amdmantle32.dll
2014-09-15 22:03 . 2014-09-15 22:03 31232 ----a-w- c:\windows\system32\atimuixx.dll
2014-09-15 22:03 . 2014-09-15 22:03 619008 ----a-w- c:\windows\system32\atieclxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2014-09-15 22:03 . 2014-09-15 22:03 91648 ----a-w- c:\windows\system32\mantleaxl64.dll
2014-09-15 22:03 . 2014-09-15 22:03 85504 ----a-w- c:\windows\SysWow64\mantleaxl32.dll
2014-09-15 22:03 . 2014-09-15 22:03 190976 ----a-w- c:\windows\system32\atitmm64.dll
2014-09-15 22:00 . 2014-09-15 22:00 95744 ----a-w- c:\windows\system32\amdave64.dll
2014-09-15 21:59 . 2014-09-15 21:59 89088 ----a-w- c:\windows\system32\atisamu64.dll
2014-09-15 21:59 . 2014-09-15 21:59 80896 ----a-w- c:\windows\SysWow64\atisamu32.dll
2014-09-15 21:59 . 2014-09-15 21:59 827392 ----a-w- c:\windows\system32\coinst_14.30.dll
2014-09-15 21:59 . 2014-09-15 21:59 900608 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2014-09-15 21:59 . 2014-09-15 21:59 75264 ----a-w- c:\windows\system32\atig6pxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 69632 ----a-w- c:\windows\system32\atiglpxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 146944 ----a-w- c:\windows\system32\atig6txx.dll
2014-09-15 21:59 . 2014-09-15 21:59 133632 ----a-w- c:\windows\SysWow64\atigktxx.dll
2014-09-15 21:59 . 2014-09-15 21:59 576000 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2014-09-15 21:58 . 2014-09-15 21:58 43520 ----a-w- c:\windows\system32\drivers\ati2erec.dll
2014-09-15 16:21 . 2014-09-15 16:21 51200 ----a-w- c:\windows\system32\kdbsdk64.dll
2014-09-15 16:19 . 2014-09-15 16:19 38912 ----a-w- c:\windows\SysWow64\kdbsdk32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-10-07 10:04 . 2014-08-20 11:27 122584 ----a-w- c:\windows\system32\drivers\MBAMSwissArmy.sys
2014-10-05 17:45 . 2014-10-05 17:45 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2014-09-26 09:57 . 2014-03-19 19:40 71344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-09-26 09:57 . 2014-03-19 19:40 701104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2014-09-15 22:31 . 2013-12-06 22:04 144328 ----a-w- c:\windows\system32\atiuxp64.dll
2014-09-15 22:31 . 2014-04-18 02:42 118096 ----a-w- c:\windows\system32\atiu9p64.dll
2014-09-15 22:31 . 2013-11-29 17:53 100032 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2014-09-15 22:31 . 2013-11-29 17:52 1335544 ----a-w- c:\windows\system32\aticfx64.dll
2014-09-15 22:31 . 2013-11-29 17:51 1113576 ----a-w- c:\windows\SysWow64\aticfx32.dll
2014-09-15 22:31 . 2013-12-06 22:00 10826488 ----a-w- c:\windows\system32\atidxx64.dll
2014-09-15 22:31 . 2013-11-29 17:49 7207592 ----a-w- c:\windows\SysWow64\atiumdva.dll
2014-09-15 22:31 . 2013-11-29 17:48 7028336 ----a-w- c:\windows\SysWow64\atiumdag.dll
2014-09-15 22:31 . 2014-04-18 02:42 8044976 ----a-w- c:\windows\system32\atiumd6a.dll
2014-09-15 22:31 . 2014-04-18 02:42 8296296 ----a-w- c:\windows\system32\atiumd64.dll
2014-09-15 22:03 . 2014-04-18 01:30 442368 ----a-w- c:\windows\system32\atidemgy.dll
2014-09-15 22:00 . 2013-12-06 20:22 90112 ----a-w- c:\windows\SysWow64\amdave32.dll
2014-09-15 21:59 . 2014-04-18 01:09 1210880 ----a-w- c:\windows\system32\atiadlxx.dll
2014-08-30 20:01 . 2014-08-30 20:01 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2014-08-30 20:01 . 2014-08-30 20:01 281688 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2014-08-30 20:01 . 2014-08-30 20:01 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2014-08-15 06:34 . 2012-07-17 13:37 23256 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2014-07-16 12:17 . 2014-07-16 12:17 192512 ----a-r- c:\users\PEPAN\AppData\Roaming\Microsoft\Installer\{114C48CB-65F8-4EC6-83CD-B3F936BFF795}\Icon.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raptr"="c:\progra~2\Raptr\raptrstub.exe" [2014-08-20 55568]
"Gyazo"="c:\program files (x86)\Gyazo\GyStation.exe" [2014-09-16 3095328]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2014-08-27 22041192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2014-09-15 767200]
.
c:\users\PEPAN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2014-10-10 0]
Samsung Magician.lnk - c:\windows\system32\schtasks.exe /run /tn SamsungMagician [2014-3-26 285696]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0sh4native Sh4Removal\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
2;2 XTU3SERVICE;Intel(R) Extreme Tuning Utility Service;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe;c:\program files (x86)\Intel\Extreme Tuning Utility\XtuService.exe [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 BRDriver64;BRDriver64;c:\programdata\BitRaider\BRDriver64.sys;c:\programdata\BitRaider\BRDriver64.sys [x]
R3 BRSptSvc;BitRaider Mini-Support Service;c:\programdata\BitRaider\BRSptSvc.exe;c:\programdata\BitRaider\BRSptSvc.exe [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys;c:\windows\SYSNATIVE\drivers\EagleX64.sys [x]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 EsgScanner;EsgScanner;c:\windows\system32\DRIVERS\EsgScanner.sys;c:\windows\SYSNATIVE\DRIVERS\EsgScanner.sys [x]
R3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys;c:\windows\SYSNATIVE\drivers\hitmanpro37.sys [x]
R3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe;c:\windows\SYSNATIVE\IEEtwCollector.exe [x]
R3 Intel(R) Capability Licensing Service TCP IP Interface;Intel(R) Capability Licensing Service TCP IP Interface;c:\program files\Intel\iCLS Client\SocketHeciServer.exe;c:\program files\Intel\iCLS Client\SocketHeciServer.exe [x]
R3 KbFilter_Kb_FlexDef3x;HID Keyboard(FlexDef3x) Driver Service;c:\windows\system32\DRIVERS\KbFilter_FlexDef3x.sys;c:\windows\SYSNATIVE\DRIVERS\KbFilter_FlexDef3x.sys [x]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MBAMWebAccessControl;MBAMWebAccessControl;c:\windows\system32\drivers\mwac.sys;c:\windows\SYSNATIVE\drivers\mwac.sys [x]
R3 MSIBIOSData_CC;MSIBIOSData_CC;c:\program files (x86)\MSI\CommandCenter\BIOSData\MSIBIOSDataService.exe;c:\program files (x86)\MSI\CommandCenter\BIOSData\MSIBIOSDataService.exe [x]
R3 MSICDSetup;MSICDSetup;d:\cdriver64.sys;d:\CDriver64.sys [x]
R3 MSICOMM_CC;MSICOMM_CC;c:\program files (x86)\MSI\CommandCenter\MSICommService.exe;c:\program files (x86)\MSI\CommandCenter\MSICommService.exe [x]
R3 MSISaveLoad_CC;MSISaveLoad_CC;c:\program files (x86)\MSI\CommandCenter\MSISaveLoadService.exe;c:\program files (x86)\MSI\CommandCenter\MSISaveLoadService.exe [x]
R3 MSISMB_CC;MSISMB_CC;c:\program files (x86)\MSI\CommandCenter\SMBus\MSISMBService.exe;c:\program files (x86)\MSI\CommandCenter\SMBus\MSISMBService.exe [x]
R3 MSIWMI_CC;MSIWMI_CC;c:\program files (x86)\MSI\CommandCenter\MSIWMIService.exe;c:\program files (x86)\MSI\CommandCenter\MSIWMIService.exe [x]
R3 Neo_VPN;VPN Client Device Driver - VPN;c:\windows\system32\DRIVERS\Neo_0045.sys;c:\windows\SYSNATIVE\DRIVERS\Neo_0045.sys [x]
R3 nmwcdnsux64;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsux64.sys;c:\windows\SYSNATIVE\drivers\nmwcdnsux64.sys [x]
R3 NTIOLib_1_0_1;NTIOLib_1_0_1;c:\msi\Super RAID\NTIOLib_X64.sys;c:\msi\Super RAID\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_6;NTIOLib_1_0_6;c:\program files (x86)\Setup Files\Ms7816vC70\NTIOLib_X64.sys;c:\program files (x86)\Setup Files\Ms7816vC70\NTIOLib_X64.sys [x]
R3 NTIOLib_1_0_C;NTIOLib_1_0_C;d:\ntiolib_x64.sys;d:\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIClock_CC;NTIOLib_MSIClock_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\ClockGen\NTIOLib_X64.sys [x]
R3 NTIOLib_MSICOMM_CC;NTIOLib_MSICOMM_CC;c:\program files (x86)\MSI\CommandCenter\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIFrequency_CC;NTIOLib_MSIFrequency_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\ClockGen\CPU_Frequency\NTIOLib_X64.sys [x]
R3 NTIOLib_MSIRatio_CC;NTIOLib_MSIRatio_CC;c:\program files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\CPU\CPU_Ratio\NTIOLib_X64.sys [x]
R3 NTIOLib_MSISMB_CC;NTIOLib_MSISMB_CC;c:\program files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\SMBus\NTIOLib_X64.sys [x]
R3 SaiK1703;SaiK1703;c:\windows\system32\DRIVERS\SaiK1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1703.sys [x]
R3 SaiU1703;SaiU1703;c:\windows\system32\DRIVERS\SaiU1703.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1703.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 USBPNPA;USB PnP Sound Device Interface;c:\windows\system32\drivers\CM10864.sys;c:\windows\SYSNATIVE\drivers\CM10864.sys [x]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys;c:\windows\SYSNATIVE\drivers\WPRO_41_2001.sys [x]
R4 BEService;BattlEye Service;c:\program files (x86)\Common Files\BattlEye\BEService.exe;c:\program files (x86)\Common Files\BattlEye\BEService.exe [x]
R4 EvoSvc;Evolve Service;c:\program files\Echobit\Evolve\EvoSvc.exe;c:\program files\Echobit\Evolve\EvoSvc.exe [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [x]
R4 intelsba;Intel(R) Small Business Advantage;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe;c:\program files\Intel\Intel(R) Small Business Advantage\Service\Intel.SmallBusinessAdvantage.WindowsService.exe [x]
R4 ISCTAgent;Intel(R) Smart Connect Technology Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe ;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [x]
R4 LMIGuardianSvc;LMIGuardianSvc;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe;c:\program files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe [x]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [x]
R4 MSIClock_CC;MSIClock_CC;c:\program files (x86)\MSI\CommandCenter\ClockGen\MSIClockService.exe;c:\program files (x86)\MSI\CommandCenter\ClockGen\MSIClockService.exe [x]
R4 OpenVPNAccessClient;OpenVPN Access Client;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe;c:\program files (x86)\OpenVPN Technologies\PrivateTunnel\core\capiws.exe [x]
R4 Qualcomm Atheros Killer Service;Qualcomm Atheros Killer Service;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe;c:\program files\Qualcomm Atheros\Killer Network Manager\BFNService.exe [x]
R4 SamsungAllShareV2.0;Samsung AllShare PC;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe;c:\program files (x86)\Samsung\AllShare\AllShareDMS\AllShareDMS.exe [x]
R4 SimpleSlideShowServer;SimpleSlideShowServer;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe;c:\program files (x86)\Samsung\AllShare\AllShareSlideShowService.exe [x]
R4 SpyHunter 4 Service;SpyHunter 4 Service;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE;c:\progra~2\ENIGMA~1\SPYHUN~1\SH4SER~1.EXE [x]
R4 SuperRAIDSvc;SuperRAIDSvc;c:\msi\Super RAID\SuperRAIDSvc.exe;c:\msi\Super RAID\SuperRAIDSvc.exe [x]
S0 iusb3hcs;Ovladač přepínání hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hcs.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hcs.sys [x]
S1 BfLwf;Qualcomm Atheros Bandwidth Control;c:\windows\system32\DRIVERS\bflwfx64.sys;c:\windows\SYSNATIVE\DRIVERS\bflwfx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 IePluginServices;IePlugin Services;c:\programdata\IePluginServices\PluginService.exe;c:\programdata\IePluginServices\PluginService.exe [x]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
S2 iocbios2;iocbios2;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys;c:\program files (x86)\Intel\Extreme Tuning Utility\Drivers\IocDriver\64bit\iocbios2.sys [x]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x]
S2 MSI_FastBoot;MSI_FastBoot;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe;c:\program files (x86)\MSI\Fast Boot\FastBootService.exe [x]
S2 MSI_LiveUpdate_Service;MSI_LiveUpdate_Service;c:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe;c:\program files (x86)\MSI\Live Update\MSI_LiveUpdate_Service.exe [x]
S2 MSI_SuperCharger;MSI_SuperCharger;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe;c:\program files (x86)\MSI\Super-Charger\ChargeService.exe [x]
S2 MSI_Trigger_Service;MSI_Trigger_Service;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe;c:\program files (x86)\MSI\MSITrigger\MSI_Trigger_Service.exe [x]
S2 MSICTL_CC;MSICTL_CC;c:\program files (x86)\MSI\CommandCenter\MSIControlService.exe;c:\program files (x86)\MSI\CommandCenter\MSIControlService.exe [x]
S2 Printer Control;Printer Control;c:\windows\system32\PrintCtrl.exe;c:\windows\SYSNATIVE\PrintCtrl.exe [x]
S3 AcpiCtlDrv;AcpiCtlDrv;c:\windows\system32\DRIVERS\AcpiCtlDrv.sys;c:\windows\SYSNATIVE\DRIVERS\AcpiCtlDrv.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys;c:\windows\SYSNATIVE\DRIVERS\ICCWDT.sys [x]
S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys;c:\windows\SYSNATIVE\DRIVERS\ikbevent.sys [x]
S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys;c:\windows\SYSNATIVE\DRIVERS\imsevent.sys [x]
S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys;c:\windows\SYSNATIVE\DRIVERS\ISCTD64.sys [x]
S3 iusb3hub;Ovladač rozbočovače Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3hub.sys [x]
S3 iusb3xhc;Ovladač rozšiřitelného hostitelského řadiče Intel(R) USB 3.0;c:\windows\system32\DRIVERS\iusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\iusb3xhc.sys [x]
S3 Ke2200;NDIS Miniport Driver for the Killer e2200 PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\e22w7x64.sys;c:\windows\SYSNATIVE\DRIVERS\e22w7x64.sys [x]
S3 LADF_CaptureOnly;LADF Capture Filter Driver;c:\windows\system32\DRIVERS\ladfGSCamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSCamd64.sys [x]
S3 LADF_RenderOnly;LADF Render Filter Driver;c:\windows\system32\DRIVERS\ladfGSRamd64.sys;c:\windows\SYSNATIVE\DRIVERS\ladfGSRamd64.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys;c:\windows\SYSNATIVE\DRIVERS\lvrs64.sys [x]
S3 LVUVC64;Logitech HD Pro Webcam C920(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys;c:\windows\SYSNATIVE\DRIVERS\lvuvc64.sys [x]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys;c:\windows\SYSNATIVE\drivers\MBfilt64.sys [x]
S3 MSICPU_CC;MSICPU_CC;c:\program files (x86)\MSI\CommandCenter\CPU\MSICPUService.exe;c:\program files (x86)\MSI\CommandCenter\CPU\MSICPUService.exe [x]
S3 MSIDDR_CC;MSIDDR_CC;c:\program files (x86)\MSI\CommandCenter\DDR\MSIDDRService.exe;c:\program files (x86)\MSI\CommandCenter\DDR\MSIDDRService.exe [x]
S3 MSISuperIO_CC;MSISuperIO_CC;c:\program files (x86)\MSI\CommandCenter\SuperIO\MSISuperIOService.exe;c:\program files (x86)\MSI\CommandCenter\SuperIO\MSISuperIOService.exe [x]
S3 NTIOLib_1_0_3;NTIOLib_1_0_3;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys;c:\program files (x86)\MSI\Super-Charger\NTIOLib_X64.sys [x]
S3 NTIOLib_FastBoot;NTIOLib_FastBoot;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys;c:\program files (x86)\MSI\Fast Boot\NTIOLib_X64.sys [x]
S3 NTIOLib_MSICPU_CC;NTIOLib_MSICPU_CC;c:\program files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\CPU\NTIOLib_X64.sys [x]
S3 NTIOLib_MSIDDR_CC;NTIOLib_MSIDDR_CC;c:\program files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\DDR\NTIOLib_X64.sys [x]
S3 NTIOLib_MSISuperIO_CC;NTIOLib_MSISuperIO_CC;c:\program files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys;c:\program files (x86)\MSI\CommandCenter\SuperIO\NTIOLib_X64.sys [x]
S3 SaiK1112;SaiK1112;c:\windows\system32\DRIVERS\SaiK1112.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1112.sys [x]
S3 SaiK1713;SaiK1713;c:\windows\system32\DRIVERS\SaiK1713.sys;c:\windows\SYSNATIVE\DRIVERS\SaiK1713.sys [x]
S3 SaiU1713;SaiU1713;c:\windows\system32\DRIVERS\SaiU1713.sys;c:\windows\SYSNATIVE\DRIVERS\SaiU1713.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;c:\windows\system32\DRIVERS\tapoas.sys;c:\windows\SYSNATIVE\DRIVERS\tapoas.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - NTIOLIB_1_0_3
*NewlyCreated* - NTIOLIB_FASTBOOT
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-09-25 07:49 1096520 ----a-w- c:\program files (x86)\Google\Chrome\Application\37.0.2062.124\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2014-10-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-03-19 09:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cm108Sound"="c:\windows\Syswow64\cm108.dll" [2009-12-08 8146944]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2013-04-16 454144]
"S.T.R.I.K.E.3"="c:\program files\Mad Catz\S.T.R.I.K.E.3\STRIKE3_Profiler.exe" [2013-07-18 40448]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2014-07-02 10464536]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2014-07-15 7637208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=14132 ... SAF707454P
mStart Page = hxxp://www.mystartsearch.com/?type=hp&ts=14132 ... SAF707454P
mDefault_Page_URL = hxxp://www.mystartsearch.com/?type=hp&ts=14132 ... SAF707454P
mDefault_Search_URL = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
mLocal Page = c:\windows\SysWOW64\blank.htm
mSearch Page = hxxp://www.mystartsearch.com/web/?type=ds&ts=1 ... earchTerms}
uInternet Settings,ProxyServer = 91.225.102.8:8080
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-WindowsMangerProtect - c:\programdata\WindowsMangerProtect\ProtectWindowsManager.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_15_0_0_167_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\windows\system32\PrintDisp.exe
c:\program files (x86)\Samsung Magician\Samsung Magician.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2014-10-13 22:13:40 - machine was rebooted
ComboFix-quarantined-files.txt 2014-10-13 20:13
ComboFix2.txt 2014-10-07 15:08
.
Pre-Run: Volných bajtů: 677 426 061 312
Post-Run: Volných bajtů: 677 122 809 856
.
- - End Of File - - 7E09F9962187DD3CBC4DE0D51F288E73
A36C5E4F47E84449FF07ED3517B43A31