Prosím o kontrolu logu z HiJackThis Vyřešeno

[cobr4in]

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:44:37, on 14. 4. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
C:\Windows\SysWOW64\HsMgr.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
D:\Programy\Fraps\fraps.exe
D:\Programy\ASUS\GPU Tweak\GPUTweak.exe
D:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe
C:\Users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Programy\ASUS\GPU Tweak\Monitor.exe
D:\Programy\Origin\Origin.exe
C:\Users\CoBain_SK\Desktop\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb119?a=6OyxZzvWg5&i=26
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [BCSSync] "D:\Programy\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Google Update] "C:\Users\CoBain_SK\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - D:\Programy\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: PnkBstrB - Unknown owner - C:\Windows\system32\PnkBstrB.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9317 bytes

[Reklama]

[Žbeky]

Problémy? Nevidím antivir

Jestli nepoužíváš Akamai, odinstaluj jej

Fixni:

Kód: Vybrat vše

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb119?a=6OyxZzvWg5&i=26
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "D:\Programy\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\CoBain_SK\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab

Stáhni si ATF Cleaner
Poklepej na ATF Cleaner.exe, klikni na select all found, poté:
- Pokud používáš Firefox, klikni na Firefox nahoře a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Operu, klikni nahoře na Operu a vyber: Select All, poté klikni na Empty Selected.
- Pokud používáš Chrome, nic dalšího nevybírej a dej Empty Selected.
Po vyčištění klikni na Exit k zavření programu.
ATF-Cleaner je jednoduchý nástroj na odstranění historie z webového prohlížeče. Program dokáže odstranit cache, cookies, historii a další stopy po surfování na Internetu. Mezi podporované prohlížeče patří Internet Explorer, Firefox a Opera. Aplikace navíc umí odstranit dočasné soubory Windows, vysypat koš atd.

Stáhni si Malwarebytes' Anti-Malware
Nainstaluj a spusť ho
- na konci instalace se ujisti že máš zvoleny/zatrhnuty obě možnosti:
Update Malwarebytes' Anti-Malware (Aktualizace Malwarebytes' Anti-Malware) a Launch Malwarebytes' Anti-Malware (Spustit aplikaci Malwarebytes' Anti-Malware), pokud jo tak klikni na tlačítko Finish
- pokud bude nalezena aktualizace, tak se stáhne a nainstaluje
- program se po té spustí a nech vybranou možnost Perform Quick Scan (Provést rychlý sken) a klikni na tlačítko Scan (Skenovat)
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- pak zvol možnost Save Logfile a ulož si log na plochu
- po té klikni na tlačítko Exit, objeví se ti hláška tak zvol Ano
(ZATÍM SÁM NIC NEMAŽ!).
Vlož sem pak obsah toho logu.

[cobr4in]

Tak trochu. Niekedy mám pocit, že systém by mal byť trochu svižnejší a mám taký blbý pocit, že možno nie je všetko ok.
Antivír používam Microsoft Security Essential.
To Akamai som si tiež všimol, ale tuším sa to nainštalovalo spolu s ovládačmi zvukovej karty, tak som to tam nechal. Čo to vlastne je?


Malwarebytes Anti-Malware (Skúšobná verzia) 1.61.0.1400
http://www.malwarebytes.org

Verzia databázy: v2012.04.14.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
CoBain_SK :: COBAIN_SK-PC [administrátor]

Ochrana: Zapnuté

14. 4. 2012 21:04:26
mbam-log-2012-04-14 (21-05-08).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 198249
Uplynutý čas: 31 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 1
C:\$Recycle.Bin\S-1-5-21-2893241145-3422668299-3968456154-1000\$RCCA7DX.exe (Affiliate.Downloader) -> Žiadna úloha nevykonaná.

(koniec)

[Žbeky]

Znovu spusť MbAM a dej Scan
- po proběhnutí programu se ti objeví hláška tak klikni na OK a pak na tlačítko Show Results
- ujistit se že máš zatrhnuté všechny vypsané nálezy a klikni na tlačítko Remove Selected
- když skončí odstraňování tak se ti zobrazí log, tak ho sem dej.
- pak zvol v programu OK a pak program ukonči přes Exit

Vypni rezidentní štít antiviru a antispywaru
Stáhni si ComboFix (by sUBs)
a ulož si ho na plochu.
Ukonči všechna aktivní okna a spusť ho.
- Po spuštění se zobrazí podmínky užití, potvrď je stiskem tlačítka Ano
- Dále postupuj dle pokynů, během aplikování ComboFixu neklikej do zobrazujícího se okna
- Po dokončení skenování by měl program vytvořit log - C:\ComboFix.txt - zkopíruj sem prosím celý jeho obsah
Pokud bude po kontrole problém spustit aplikace nebo bude vyskakovat hláška o pokusu použít neplatnou operaci na klíč registru, který je označen pro odstranění, stačí restartovat počítač.

[cobr4in]

ComboFix 12-04-14.03 - CoBain_SK . 04. 2012 21:20:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8167.6798 [GMT 2:00]
Running from: c:\users\CoBain_SK\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\CoBain_SK\AppData\Roaming\Microsoft\Windows\Recent\Counter-Strike.url
.
.
((((((((((((((((((((((((( Files Created from 2012-03-14 to 2012-04-14 )))))))))))))))))))))))))))))))
.
.
2012-04-14 19:21 . 2012-04-14 19:21 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 18:58 . 2012-04-14 18:58 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\Malwarebytes
2012-04-14 18:58 . 2012-04-14 18:58 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 18:58 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-04-14 11:45 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B053B4B2-521B-48E6-8374-7548D32F509D}\mpengine.dll
2012-04-12 15:27 . 2012-04-12 15:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-12 05:00 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 05:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 05:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 05:00 . 2012-04-12 05:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 04:59 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 04:59 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 04:59 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 04:59 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 04:59 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 04:59 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 04:59 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:11 . 2011-03-10 13:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2012-04-11 13:47 . 2007-04-19 07:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2012-04-11 13:47 . 2004-04-14 03:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll
2012-04-11 13:47 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2012-04-11 13:47 . 2009-08-19 14:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-04-11 13:46 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll
2012-04-09 21:16 . 2012-03-10 07:58 15168 ----a-w- c:\windows\system32\drivers\nvflash.sys
2012-04-09 21:07 . 2010-02-23 05:46 23680 ----a-w- c:\windows\system32\drivers\IOMap64.sys
2012-04-09 21:06 . 2012-04-09 21:06 -------- d-----w- c:\windows\Downloaded Installations
2012-04-09 21:04 . 2012-04-09 21:04 -------- d-----w- c:\users\CoBain_SK\AppData\Local\Akamai
2012-04-09 12:00 . 2012-04-09 12:00 -------- d-----w- c:\users\CoBain_SK\AppData\Local\SKIDROW
2012-04-05 23:49 . 2012-04-05 23:49 -------- d-----w- c:\programdata\Premium
2012-04-05 23:48 . 2012-04-05 23:49 -------- d-----w- c:\programdata\InstallMate
2012-04-05 23:07 . 2012-04-12 20:04 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\Audacity
2012-03-31 17:36 . 2012-03-31 17:36 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-03-31 17:36 . 2012-03-31 17:36 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-03-31 17:36 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-03-31 17:36 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-03-31 17:36 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-03-31 17:36 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-03-31 17:36 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-03-31 17:30 . 2012-03-31 17:30 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\PowerUp Software
2012-03-31 17:30 . 2012-03-31 17:30 -------- d-----w- c:\programdata\PowerUp Software
2012-03-31 11:35 . 2004-01-23 02:43 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-31 11:24 . 2012-03-31 11:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-29 15:58 . 2012-04-10 00:29 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-29 15:58 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-19 12:58 . 2012-03-19 12:58 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-18 16:00 . 2012-03-18 16:02 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-18 16:00 . 2012-03-18 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-18 16:00 . 2012-03-18 16:00 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-03-18 10:51 . 2010-05-08 10:56 911800 ----a-w- c:\windows\system32\amtlib.dll
2012-03-18 08:57 . 2012-03-18 08:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-03-16 23:48 . 2012-03-16 23:48 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\The Creative Assembly
2012-03-15 21:31 . 2012-03-15 21:31 -------- d-----r- C:\MSOCache
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 13:22 . 2011-12-16 09:22 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-14 13:22 . 2011-12-15 19:42 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-14 00:42 . 2011-12-15 19:42 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-31 17:34 . 2011-12-15 18:55 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-14 03:27 . 2011-12-16 09:19 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-12 05:41 . 2012-01-15 21:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 19:10 . 2012-03-09 19:10 48640 ----a-w- c:\windows\mmfs.dll
2012-03-09 19:10 . 2012-03-09 19:10 249856 ----a-w- c:\windows\lcmmfu.cpl
2012-03-09 19:10 . 2012-03-09 19:10 16384 ----a-w- c:\windows\runservice.exe
2012-03-09 19:10 . 2012-03-09 19:10 348160 ----a-w- c:\windows\msvcr71.dll
2012-03-08 17:14 . 2011-12-17 17:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-28 17:14 . 2012-02-28 17:14 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-14 17:45 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:45 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:45 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:45 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:23 . 2011-12-15 19:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-14 16:55 . 2012-02-14 16:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 16:55 . 2012-02-14 16:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 16:55 . 2012-02-14 16:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 16:55 . 2012-02-14 16:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 16:55 . 2012-02-14 16:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 16:55 . 2012-02-14 16:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 16:55 . 2012-02-14 16:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 16:55 . 2012-02-14 16:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 16:53 . 2012-02-14 16:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 16:47 . 2012-02-14 16:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 16:47 . 2012-02-14 16:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 16:47 . 2012-02-14 16:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 16:47 . 2012-02-14 16:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 16:47 . 2012-02-14 16:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 16:47 . 2012-02-14 16:47 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2012-02-14 16:44 . 2012-02-14 16:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 16:44 . 2012-02-14 16:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 16:42 . 2012-02-14 16:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 16:35 . 2012-02-14 16:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 16:07 . 2012-02-14 16:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 15:59 . 2012-02-14 15:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 15:57 . 2012-02-14 15:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 15:57 . 2012-02-14 15:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 15:57 . 2012-02-14 15:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 15:57 . 2012-02-14 15:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 15:57 . 2012-02-14 15:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 15:57 . 2012-02-14 15:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 15:57 . 2012-02-14 15:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 15:57 . 2012-02-14 15:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 15:57 . 2012-02-14 15:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 15:57 . 2012-02-14 15:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 15:57 . 2012-02-14 15:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 15:57 . 2012-02-14 15:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 15:57 . 2012-02-14 15:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 15:57 . 2012-02-14 15:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 15:57 . 2012-02-14 15:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 15:57 . 2012-02-14 15:57 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 15:56 . 2012-02-14 15:56 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 15:56 . 2012-02-14 15:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 15:56 . 2012-02-14 15:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 15:56 . 2012-02-14 15:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 15:56 . 2012-02-14 15:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 15:56 . 2012-02-14 15:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 15:56 . 2012-02-14 15:56 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 15:55 . 2012-02-14 15:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 15:54 . 2012-02-14 15:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 15:53 . 2012-02-14 15:53 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-02-14 15:53 . 2012-02-14 15:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 15:53 . 2012-02-14 15:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 15:53 . 2012-02-14 15:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 15:53 . 2012-02-14 15:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 15:53 . 2012-02-14 15:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 15:53 . 2012-02-14 15:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 15:53 . 2012-02-14 15:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 15:53 . 2012-02-14 15:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 19:31 . 2012-02-10 19:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{935371FE-0E53-4A88-8761-48EC7828CEB1}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 17:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:47 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-05 13:43 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-02-05 13:43 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-05 13:03 . 2012-02-05 13:03 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-03 04:34 . 2012-03-14 17:47 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-14 17:45 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 17:45 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Akamai NetSession Interface"="c:\users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="d:\programy\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
"Malwarebytes' Anti-Malware"="d:\programy\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-04-04 462408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2012-03-09 16384]
R2 MBAMService;MBAMService;d:\programy\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 136176]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\programy\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S3 ALSysIO;ALSysIO;c:\users\COBAIN~1\AppData\Local\Temp\ALSysIO64.sys [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c960daf-7b57-11e1-aad1-14dae91535e9}]
\shell\AutoRun\command - g:\setup\rsrc\Autorun.exe
\shell\dinstall\command - g:\directx\dxsetup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 22:51]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-01-31 22:51]
.
2012-04-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893241145-3422668299-3968456154-1000Core.job
- c:\users\CoBain_SK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15 16:02]
.
2012-04-14 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893241145-3422668299-3968456154-1000UA.job
- c:\users\CoBain_SK\AppData\Local\Google\Update\GoogleUpdate.exe [2011-12-15 16:02]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="d:\programy\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovať do programu Microsoft Excel - d:\programy\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.4.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:c3,6e,bb,a2,c5,9e,59,6f,a2,cd,49,1f,fd,00,ae,43,d3,82,7c,99,67,5f,2e,
44,48,42,af,41,f5,b2,3d,3c,f5,13,cf,5c,4c,10,69,4a,c9,00,16,14,26,79,06,12,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\programy\Fraps\fraps.exe
c:\program files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-14 21:23:23 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-14 19:23
.
Pre-Run: 20 665 683 968 bytes free
Post-Run: 20 278 833 152 bytes free
.
- - End Of File - - 990EDD864B9986BC1F97EA88A9BB6710

[jaro3]

To Akamai som si tiež všimol, ale tuším sa to nainštalovalo spolu s ovládačmi zvukovej karty, tak som to tam nechal. Čo to vlastne je?

Co je Akamai NetSession Interface?
V Akamai NetSession Interface je distribuován sítí software, který výrazně zlepšuje kvalitu a rychlost stahování a video proudů se dostanete z internetových stránek, které podporují technologii Akamai. V Akamai NetSession rozhraní zvládá caching, což odráží i posílání souborů dodaných na vás prostřednictvím sítě Akamai.
http://en.wikipedia.org/wiki/Akamai_Technologies


Otevři si Poznámkový blok (Start -> Spustit... a napiš do okna Notepad a dej Ok.
Zkopíruj do něj následující celý text označený zeleně:

Kód: Vybrat vše

KillAll::
File::
c:\program files (x86)\Google\Update\GoogleUpdate.exe
g:\setup\rsrc\Autorun.exe
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893241145-3422668299-3968456154-1000Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893241145-3422668299-3968456154-1000UA.job
c:\users\CoBain_SK\AppData\Local\Google\Update\GoogleUpdate.exe

Driver::
gupdate
gupdatem

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2c960daf-7b57-11e1-aad1-14dae91535e9}]

DDS::
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SYSTEM32\blank.htm
uInternet Settings,ProxyOverride = <local>

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-
BF93-872502E8144E}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]


Zvol možnost Soubor -> Uložit jako... a nastav tyto parametry:
Název souboru: zde napiš: CFScript.txt
Uložit jako typ: tak tam vyber Všechny soubory
Ulož soubor na plochu.
Ukonči všechna aktivní okna.

Uchop myší vytvořený skript CFScript.txt, přemísti ho nad stažený program ComboFix.exe a když se oba soubory překryjí, skript upusť.
- Automaticky se spustí ComboFix
- Vlož sem log, který vyběhne v závěru čistícího procesu + nový log z HJT

Upozornění : Může se stát, že po aplikaci Combofixu a restartu počítače, Windows nenaběhnou , nebo nenajede plocha , budou problémy s připojením, pak znovu restartuj počítač, pokud to nepomůže , po restartu mačkej klávesu F8 a pak zvol poslední známou funkční konfiguraci. , či použij bod obnovy.

V možnostech složky si povol zobrazování skrytých souborů a složek+ odškrtni zatržítko skrýt chráněné soubory operačního systému

Toto otestuj na Virustotal
c:\windows\msvcr71.dll
Klikni vpravo od okénka na Vybrat a v Exploreru najdi požadovaný soubor v Tvém PC. Označ ho myší a klikni na Otevřít , poté klikni na Send File. Pokud už byl soubor testován , objeví se okno ve kterém klikni na Reanalyze. Soubor se začne postupně testovat více antivirovými programy. Až skončí test posledního antiviru , objeví se nahoře result a červeně počet nákaz , např. 0/43 , nebo 1/43. Pak zkopíruj myší odkaz na tuto stránku a vlož ji do svého příspěvku.

Stáhni si aswMBR
na svojí plochu. Uzavři všechna okna , programy a prohlížeče. Poklepej na aswMBR.exe. Pokud se objeví hláška o možnosti stáhnutí databáze Avastu , klikni na NE. Poté klikni na „Scan“ . Po skenu klikni na „Save Log“ a ulož si log na plochu .Zkopíruj sem celý obsah toho logu. Pak klikni na „Exit“ k zavření programu.

[cobr4in]

ComboFix 12-04-14.03 - CoBain_SK . 04. 2012 13:44:51.3.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.8167.6953 [GMT 2:00]
Running from: c:\users\CoBain_SK\Desktop\ComboFix.exe
Command switches used :: c:\users\CoBain_SK\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\program files (x86)\Google\Update\GoogleUpdate.exe"
"c:\users\CoBain_SK\AppData\Local\Google\Update\GoogleUpdate.exe"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893241145-3422668299-3968456154-1000Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2893241145-3422668299-3968456154-1000UA.job"
"g:\setup\rsrc\Autorun.exe"
.
.
((((((((((((((((((((((((( Files Created from 2012-03-15 to 2012-04-15 )))))))))))))))))))))))))))))))
.
.
2012-04-15 11:46 . 2012-04-15 11:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-04-14 18:58 . 2012-04-14 18:58 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\Malwarebytes
2012-04-14 18:58 . 2012-04-14 18:58 -------- d-----w- c:\programdata\Malwarebytes
2012-04-14 11:45 . 2012-03-14 03:27 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B053B4B2-521B-48E6-8374-7548D32F509D}\mpengine.dll
2012-04-12 15:27 . 2012-04-12 15:27 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2012-04-12 05:00 . 2012-03-06 06:53 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-04-12 05:00 . 2012-03-06 05:59 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-04-12 05:00 . 2012-03-06 05:59 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-04-12 05:00 . 2012-04-12 05:00 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help
2012-04-12 04:59 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-04-12 04:59 . 2012-03-01 06:38 220672 ----a-w- c:\windows\system32\wintrust.dll
2012-04-12 04:59 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-04-12 04:59 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-04-12 04:59 . 2012-03-01 05:37 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-04-12 04:59 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-04-12 04:59 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-04-11 14:11 . 2011-03-10 13:44 2725376 ----a-w- c:\windows\system32\drivers\cmudaxp.sys
2012-04-11 13:47 . 2007-04-19 07:12 32768 ----a-w- c:\windows\system32\cmudaxp.dll
2012-04-11 13:47 . 2004-04-14 03:28 315392 ----a-w- c:\windows\SysWow64\CmiFltr.dll
2012-04-11 13:47 . 2004-04-14 03:28 315392 ----a-w- c:\windows\system\CmiFltr.dll
2012-04-11 13:47 . 2009-08-19 14:00 359424 ------w- c:\windows\system32\CmiInstallResAll64.dll
2012-04-11 13:46 . 2006-10-05 21:45 524768 ----a-r- c:\windows\difxapi.dll
2012-04-09 21:16 . 2012-03-10 07:58 15168 ----a-w- c:\windows\system32\drivers\nvflash.sys
2012-04-09 21:07 . 2010-02-23 05:46 23680 ----a-w- c:\windows\system32\drivers\IOMap64.sys
2012-04-09 21:06 . 2012-04-09 21:06 -------- d-----w- c:\windows\Downloaded Installations
2012-04-09 21:04 . 2012-04-09 21:04 -------- d-----w- c:\users\CoBain_SK\AppData\Local\Akamai
2012-04-09 12:00 . 2012-04-09 12:00 -------- d-----w- c:\users\CoBain_SK\AppData\Local\SKIDROW
2012-04-05 23:49 . 2012-04-05 23:49 -------- d-----w- c:\programdata\Premium
2012-04-05 23:48 . 2012-04-05 23:49 -------- d-----w- c:\programdata\InstallMate
2012-04-05 23:07 . 2012-04-12 20:04 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\Audacity
2012-03-31 17:36 . 2012-03-31 17:36 311428 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-03-31 17:36 . 2012-03-31 17:36 184452 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-03-31 17:36 . 2003-09-03 00:28 724992 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-03-31 17:36 . 2003-09-03 00:27 69715 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-03-31 17:36 . 2003-09-03 00:26 266240 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-03-31 17:36 . 2003-09-03 00:26 192512 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-03-31 17:36 . 2003-09-03 00:25 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-03-31 17:30 . 2012-03-31 17:30 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\PowerUp Software
2012-03-31 17:30 . 2012-03-31 17:30 -------- d-----w- c:\programdata\PowerUp Software
2012-03-31 11:35 . 2004-01-23 02:43 1060864 ----a-w- c:\windows\system32\mfc71.dll
2012-03-31 11:24 . 2012-03-31 11:24 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-03-29 15:58 . 2012-04-10 00:29 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-03-29 15:58 . 2011-10-15 08:53 3074368 ----a-w- c:\windows\system32\nvsvcr.dll
2012-03-19 12:58 . 2012-03-19 12:58 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-03-18 16:00 . 2012-03-18 16:02 -------- d-----w- c:\programdata\regid.1986-12.com.adobe
2012-03-18 16:00 . 2012-03-18 16:00 -------- d-----w- c:\program files\Common Files\Adobe
2012-03-18 16:00 . 2012-03-18 16:00 -------- d-----w- c:\program files (x86)\Adobe Media Player
2012-03-18 10:51 . 2010-05-08 10:56 911800 ----a-w- c:\windows\system32\amtlib.dll
2012-03-18 08:57 . 2012-03-18 08:57 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-03-16 23:48 . 2012-03-16 23:48 -------- d-----w- c:\users\CoBain_SK\AppData\Roaming\The Creative Assembly
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-04-14 23:59 . 2011-12-16 09:22 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-04-14 23:59 . 2011-12-15 19:42 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-04-14 23:18 . 2011-12-15 19:42 283304 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-03-31 17:34 . 2011-12-15 18:55 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-03-14 03:27 . 2011-12-16 09:19 8669240 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-03-12 05:41 . 2012-01-15 21:38 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-03-09 19:10 . 2012-03-09 19:10 48640 ----a-w- c:\windows\mmfs.dll
2012-03-09 19:10 . 2012-03-09 19:10 249856 ----a-w- c:\windows\lcmmfu.cpl
2012-03-09 19:10 . 2012-03-09 19:10 16384 ----a-w- c:\windows\runservice.exe
2012-03-09 19:10 . 2012-03-09 19:10 348160 ----a-w- c:\windows\msvcr71.dll
2012-03-08 17:14 . 2011-12-17 17:26 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-02-28 17:14 . 2012-02-28 17:14 162664 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10140.bin
2012-02-17 06:38 . 2012-03-14 17:45 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-02-17 05:34 . 2012-03-14 17:45 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-02-17 04:58 . 2012-03-14 17:45 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-02-17 04:57 . 2012-03-14 17:45 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-02-15 18:23 . 2011-12-15 19:42 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-02-14 16:55 . 2012-02-14 16:55 276248 ----a-w- c:\windows\SysWow64\IntelCpHeciSvc.exe
2012-02-14 16:55 . 2012-02-14 16:55 5886232 ----a-w- c:\windows\system32\GfxUI.exe
2012-02-14 16:55 . 2012-02-14 16:55 511768 ----a-w- c:\windows\system32\igfxsrvc.exe
2012-02-14 16:55 . 2012-02-14 16:55 440600 ----a-w- c:\windows\system32\igfxpers.exe
2012-02-14 16:55 . 2012-02-14 16:55 398616 ----a-w- c:\windows\system32\hkcmd.exe
2012-02-14 16:55 . 2012-02-14 16:55 250136 ----a-w- c:\windows\system32\igfxext.exe
2012-02-14 16:55 . 2012-02-14 16:55 184600 ----a-w- c:\windows\system32\difx64.exe
2012-02-14 16:55 . 2012-02-14 16:55 170264 ----a-w- c:\windows\system32\igfxtray.exe
2012-02-14 16:53 . 2012-02-14 16:53 90112 ----a-w- c:\windows\system32\igfxCoIn_v2653.dll
2012-02-14 16:47 . 2012-02-14 16:47 8086528 ----a-w- c:\windows\system32\igdumd64.dll
2012-02-14 16:47 . 2012-02-14 16:47 14692224 ----a-w- c:\windows\system32\drivers\igdkmd64.sys
2012-02-14 16:47 . 2012-02-14 16:47 963912 ----a-w- c:\windows\system32\igkrng600.bin
2012-02-14 16:47 . 2012-02-14 16:47 79360 ----a-w- c:\windows\system32\igdde64.dll
2012-02-14 16:47 . 2012-02-14 16:47 261208 ----a-w- c:\windows\system32\igfcg600m.bin
2012-02-14 16:47 . 2012-02-14 16:47 145804 ----a-w- c:\windows\system32\igcompkrng600.bin
2012-02-14 16:44 . 2012-02-14 16:44 6120960 ----a-w- c:\windows\SysWow64\igdumd32.dll
2012-02-14 16:44 . 2012-02-14 16:44 58880 ----a-w- c:\windows\SysWow64\igdde32.dll
2012-02-14 16:42 . 2012-02-14 16:42 9605632 ----a-w- c:\windows\system32\igd10umd64.dll
2012-02-14 16:35 . 2012-02-14 16:35 7794688 ----a-w- c:\windows\SysWow64\igd10umd32.dll
2012-02-14 16:07 . 2012-02-14 16:07 18125312 ----a-w- c:\windows\system32\ig4icd64.dll
2012-02-14 15:59 . 2012-02-14 15:59 13209600 ----a-w- c:\windows\SysWow64\ig4icd32.dll
2012-02-14 15:57 . 2012-02-14 15:57 439808 ----a-w- c:\windows\system32\igfxresn.lrc
2012-02-14 15:57 . 2012-02-14 15:57 439296 ----a-w- c:\windows\system32\igfxrrom.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrhrv.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrsky.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrtrk.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrsve.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrslv.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437248 ----a-w- c:\windows\system32\igfxrtha.lrc
2012-02-14 15:57 . 2012-02-14 15:57 439296 ----a-w- c:\windows\system32\igfxrrus.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrptg.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrplk.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrita.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrptb.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437760 ----a-w- c:\windows\system32\igfxrnor.lrc
2012-02-14 15:57 . 2012-02-14 15:57 432128 ----a-w- c:\windows\system32\igfxrjpn.lrc
2012-02-14 15:57 . 2012-02-14 15:57 430592 ----a-w- c:\windows\system32\igfxrkor.lrc
2012-02-14 15:57 . 2012-02-14 15:57 440320 ----a-w- c:\windows\system32\igfxrell.lrc
2012-02-14 15:57 . 2012-02-14 15:57 439808 ----a-w- c:\windows\system32\igfxrfra.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrdeu.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrhun.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrfin.lrc
2012-02-14 15:57 . 2012-02-14 15:57 435712 ----a-w- c:\windows\system32\igfxrheb.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438784 ----a-w- c:\windows\system32\igfxrnld.lrc
2012-02-14 15:57 . 2012-02-14 15:57 438272 ----a-w- c:\windows\system32\igfxrcsy.lrc
2012-02-14 15:57 . 2012-02-14 15:57 437248 ----a-w- c:\windows\system32\igfxrdan.lrc
2012-02-14 15:57 . 2012-02-14 15:57 429056 ----a-w- c:\windows\system32\igfxrcht.lrc
2012-02-14 15:57 . 2012-02-14 15:57 428544 ----a-w- c:\windows\system32\igfxrchs.lrc
2012-02-14 15:57 . 2012-02-14 15:57 435712 ----a-w- c:\windows\system32\igfxrara.lrc
2012-02-14 15:57 . 2012-02-14 15:57 126976 ----a-w- c:\windows\system32\igfxcpl.cpl
2012-02-14 15:57 . 2012-02-14 15:57 386048 ----a-w- c:\windows\system32\igfxpph.dll
2012-02-14 15:57 . 2012-02-14 15:57 410624 ----a-w- c:\windows\system32\igfxTMM.dll
2012-02-14 15:57 . 2012-02-14 15:57 28672 ----a-w- c:\windows\system32\igfxexps.dll
2012-02-14 15:57 . 2012-02-14 15:57 63488 ----a-w- c:\windows\system32\igfxsrvc.dll
2012-02-14 15:56 . 2012-02-14 15:56 110592 ----a-w- c:\windows\system32\hccutils.dll
2012-02-14 15:56 . 2012-02-14 15:56 9216 ----a-w- c:\windows\system32\IGFXDEVLib.dll
2012-02-14 15:56 . 2012-02-14 15:56 430080 ----a-w- c:\windows\system32\igfxdev.dll
2012-02-14 15:56 . 2012-02-14 15:56 172032 ----a-w- c:\windows\system32\gfxSrvc.dll
2012-02-14 15:56 . 2012-02-14 15:56 286208 ----a-w- c:\windows\system32\igfxrenu.lrc
2012-02-14 15:56 . 2012-02-14 15:56 142336 ----a-w- c:\windows\system32\igfxdo.dll
2012-02-14 15:56 . 2012-02-14 15:56 9007616 ----a-w- c:\windows\system32\igfxress.dll
2012-02-14 15:55 . 2012-02-14 15:55 25088 ----a-w- c:\windows\SysWow64\igfxexps32.dll
2012-02-14 15:54 . 2012-02-14 15:54 321024 ----a-w- c:\windows\SysWow64\igfxdv32.dll
2012-02-14 15:53 . 2012-02-14 15:53 94208 ----a-w- c:\windows\system32\IccLibDll_x64.dll
2012-02-14 15:53 . 2012-02-14 15:53 524800 ----a-w- c:\windows\system32\iglhsip64.dll
2012-02-14 15:53 . 2012-02-14 15:53 519680 ----a-w- c:\windows\SysWow64\iglhsip32.dll
2012-02-14 15:53 . 2012-02-14 15:53 2967040 ----a-w- c:\windows\system32\igfxcmjit64.dll
2012-02-14 15:53 . 2012-02-14 15:53 237056 ----a-w- c:\windows\SysWow64\igfxcmrt32.dll
2012-02-14 15:53 . 2012-02-14 15:53 2321408 ----a-w- c:\windows\SysWow64\igfxcmjit32.dll
2012-02-14 15:53 . 2012-02-14 15:53 213504 ----a-w- c:\windows\system32\iglhcp64.dll
2012-02-14 15:53 . 2012-02-14 15:53 193024 ----a-w- c:\windows\system32\igfxcmrt64.dll
2012-02-14 15:53 . 2012-02-14 15:53 177152 ----a-w- c:\windows\SysWow64\iglhcp32.dll
2012-02-14 10:09 . 2012-02-14 10:09 1070352 ----a-w- c:\windows\SysWow64\MSCOMCTL.OCX
2012-02-10 19:31 . 2012-02-10 19:31 927800 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{935371FE-0E53-4A88-8761-48EC7828CEB1}\gapaengine.dll
2012-02-10 06:36 . 2012-03-14 17:47 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-02-10 05:38 . 2012-03-14 17:47 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-02-05 13:43 . 2009-08-18 11:49 564632 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2012-02-05 13:43 . 2009-08-18 10:24 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-05 13:03 . 2012-02-05 13:03 178800 ----a-w- c:\windows\SysWow64\CmdLineExt_x64.dll
2012-02-03 04:34 . 2012-03-14 17:47 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-01-31 12:44 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-01-25 06:38 . 2012-03-14 17:45 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-01-25 06:38 . 2012-03-14 17:45 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-04-14_19.22.25 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-11-21 03:09 . 2012-04-15 10:56 43452 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-04-15 11:19 32914 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-12-15 15:57 . 2012-04-15 11:19 7444 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-2893241145-3422668299-3968456154-1000_UserData.bin
- 2012-04-14 19:22 . 2012-04-14 19:22 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-04-15 11:46 . 2012-04-15 11:46 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-03-31 17:27 . 2012-04-14 11:35 119296 c:\windows\SysWOW64\zlib.dll
+ 2012-03-31 17:27 . 2012-04-15 10:54 119296 c:\windows\SysWOW64\zlib.dll
+ 2009-07-14 02:36 . 2012-04-15 11:24 617910 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-04-14 11:41 617910 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-04-15 11:24 107190 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-04-14 11:41 107190 c:\windows\system32\perfc009.dat
- 2009-07-14 05:01 . 2012-04-14 19:21 416996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-04-15 11:46 416996 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-12-15 18:54 . 2012-04-15 11:46 2031236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2893241145-3422668299-3968456154-1000-12288.dat
- 2011-12-15 18:54 . 2012-04-14 19:21 2031236 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-2893241145-3422668299-3968456154-1000-12288.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="d:\programy\DAEMON Tools Lite\DTLite.exe" [2012-02-13 3481408]
"Akamai NetSession Interface"="c:\users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe" [2012-03-13 3331872]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="d:\programy\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-07-22 402432]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
2;2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [x]
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cphs;Intel(R) Content Protection HECI Service;c:\windows\SysWow64\IntelCpHeciSvc.exe [2012-02-14 276248]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;d:\programy\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2011-04-27 288272]
R3 NVFLASH;NVFLASH;c:\windows\system32\drivers\nvflash.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 ALSysIO;ALSysIO;c:\users\COBAIN~1\AppData\Local\Temp\ALSysIO64.sys [2012-04-15 25064]
R4 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [x]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [x]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [x]
S3 cmudaxp;ASUS Xonar DX Audio Interface;c:\windows\system32\drivers\cmudaxp.sys [x]
S3 e1cexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver C;c:\windows\system32\DRIVERS\e1c62x64.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EvtMgr6"="d:\programy\SetPointP\SetPoint.exe" [2011-10-07 1744152]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2011-06-15 1436736]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-02-14 170264]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-02-14 398616]
"Persistence"="c:\windows\system32\igfxpers.exe" [2012-02-14 440600]
"Cmaudio8788"="c:\windows\Syswow64\cmicnfgp.dll" [2011-05-12 8769536]
"Cmaudio8788GX"="c:\windows\syswow64\HsMgr.exe" [2008-07-11 200704]
"Cmaudio8788GX64"="c:\windows\system\HsMgr64.exe" [2008-07-11 282112]
.
------- Supplementary Scan -------
.
uLocal Page = %SystemRoot%\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: E&xportovať do programu Microsoft Excel - d:\programy\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.4.1
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347]
"1"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,60,bf,2f,c2,35,91,ae,
25
"2"=hex:fb,e6,50,7f,41,f4,51,a7,7f,ec,2d,f9,42,45,3a,02,3a,b7,45,15,3f,9d,8b,
c3
"3"=hex:6a,0b,56,13,c1,93,dc,9c,fb,61,a2,a0,e4,ff,91,20,5d,f5,58,d1,21,e0,48,
8b,38,57,44,9c,4e,8d,78,88,fd,f1,01,9d,86,d8,b5,cb,d9,bf,23,55,4a,bb,31,1f
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \D25BC253F035D347\0BB4AB33ED50D261F5C8A2C244CF5435]
"1"=hex:df,c7,3a,96,ab,66,13,d2,36,78,6c,b8,10,1c,c4,b0,41,14,92,53,8b,f4,9f,
53,ff,8f,6c,08,d5,ab,f1,06
"2"=hex:7d,73,4a,d4,1d,ee,c7,5a
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:97,e4,84,cd,95,83,bf,82,bd,04,75,27,c9,a8,72,b1,55,38,49,8a,a6,16,a2,
28,28,eb,ee,eb,0f,d6,d6,b8,f4,df,4a,8d,b5,18,4f,2a,0d,c4,ee,cf,81,df,fe,df,\
"8"=hex:c3,6e,bb,a2,c5,9e,59,6f,a2,cd,49,1f,fd,00,ae,43,d3,82,7c,99,67,5f,2e,
44,48,42,af,41,f5,b2,3d,3c,f5,13,cf,5c,4c,10,69,4a,c9,00,16,14,26,79,06,12,\
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"27"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
d:\programy\Fraps\fraps.exe
c:\program files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
c:\windows\SysWOW64\PnkBstrA.exe
.
**************************************************************************
.
Completion time: 2012-04-15 13:47:43 - machine was rebooted
ComboFix-quarantined-files.txt 2012-04-15 11:47
ComboFix2.txt 2012-04-15 11:18
ComboFix3.txt 2012-04-14 19:23
.
Pre-Run: 19 367 485 440 bytes free
Post-Run: 19 324 923 904 bytes free
.
- - End Of File - - 5A9ED59A097B0DC6C7AEB49F39D8FFE4





Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:33:14, on 15. 4. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal

Running processes:
D:\Programy\Fraps\fraps.exe
C:\Program Files\ASUS Xonar DX Audio\Customapp\ASUSAUDIOCENTER.EXE
D:\Programy\DAEMON Tools Lite\DTLite.exe
C:\Users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe
C:\Users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe
C:\Users\CoBain_SK\Desktop\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Programy\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Programy\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O4 - HKLM\..\Run: [BCSSync] "D:\Programy\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Programy\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Akamai NetSession Interface] "C:\Users\CoBain_SK\AppData\Local\Akamai\netsession_win.exe"
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\Programy\MICROS~1\Office14\EXCEL.EXE/3000
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASGT - Unknown owner - C:\Windows\SysWOW64\ASGT.exe
O23 - Service: Intel(R) Content Protection HECI Service (cphs) - Intel Corporation - C:\Windows\SysWow64\IntelCpHeciSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Futuremark SystemInfo Service - Futuremark Corporation - C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Intel(R) PROSet Monitoring Service - Unknown owner - C:\Windows\system32\IProsetMonitor.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\Windows\runservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PinnacleUpdate Service (PinnacleUpdateSvc) - PowerUp Software, LLC - D:\Programy\PowerUp Software\Pinnacle Game Profiler\pinnacle_updater.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 6943 bytes


Odkaz na stránku --> https://www.virustotal.com/file/8094af5 ... 334489429/




aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-04-15 13:36:22
-----------------------------
13:36:22.373 OS Version: Windows x64 6.1.7601 Service Pack 1
13:36:22.373 Number of processors: 4 586 0x2A07
13:36:22.373 ComputerName: COBAIN_SK-PC UserName: CoBain_SK
13:36:22.460 Initialize success
13:36:29.947 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP5T0L0-7
13:36:29.949 Disk 0 Vendor: OCZ-AGILITY3 2.15 Size: 57241MB BusType: 11
13:36:29.952 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP4T0L0-6
13:36:29.953 Disk 1 Vendor: WDC_WD1002FAEX-00Y9A0 05.01D05 Size: 953869MB BusType: 11
13:36:29.957 Disk 0 MBR read successfully
13:36:29.959 Disk 0 MBR scan
13:36:29.962 Disk 0 Windows 7 default MBR code
13:36:29.964 Disk 0 Partition 1 00 07 HPFS/NTFS NTFS 57239 MB offset 2048
13:36:29.968 Disk 0 scanning C:\Windows\system32\drivers
13:36:30.696 Service scanning
13:36:31.691 Service MpNWMon C:\Windows\system32\DRIVERS\MpNWMon.sys **LOCKED** 32
13:36:33.116 Modules scanning
13:36:33.123 Disk 0 trace - called modules:
13:36:33.129 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
13:36:33.458 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8006f7b060]
13:36:33.463 3 CLASSPNP.SYS[fffff8800165143f] -> nt!IofCallDriver -> [0xfffffa8006d8c520]
13:36:33.467 5 ACPI.sys[fffff88000f567a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP5T0L0-7[0xfffffa8006d7c060]
13:36:33.472 Scan finished successfully
13:36:40.257 Disk 0 MBR has been saved successfully to "C:\Users\CoBain_SK\Desktop\MBR.dat"
13:36:40.262 The log file has been saved successfully to "C:\Users\CoBain_SK\Desktop\aswMBR.txt"

[jaro3]

ComboFix se odinstaluje takto:
Start-Spustit a zadej ComboFix /Uninstall

Vyčisti systém CCleanerem
a použij i T-Cleaner
smaže vše po Combu,MWAVu atd.-stáhneš>spustíš

pozn. před stažením T-Cleaneru a po dobu čištění deaktivuj antivir a antispyware ,následně T-Cleaner smaž a zapni si znovu antivir a antispyware.


Jak to vypadá nyní?

[cobr4in]

Systém ide o niečo rýchlejšie veľká vďaka. Ešte spravím tú odinštaláciu no ešte sa spýtam na dve veci:
Mám odinštalovať aj ten Akamai? Vôbec neviem, či to nejak využívam.
Mal som vírus, alebo o čo išlo?
Môže to súvisieť s týmto? --> viewtopic.php?f=95&t=84923

[jaro3]

Těžko říct , zda to s tím souvisí , tady radíme odinstalovat Akamai , tak to udělej .Není to bezpečný program.

[cobr4in]

Dobre, odinštalujem. A teda mal som vírus, či niečo podobné? To je snáď prvý krát, MS Security Essential mi zatiaľ všetko zachytil.

[jaro3]

Měl si tam nákazy. Ani jeden antivir nemůže pracovat na 100% , to ani nejde .