Dobry den, vcera sa mi cez facebokk stiahol velmi neprijemny virus co vypisoval akde komu kade co...
Neveim ako postupovat viete mi tu niekto poradit ? Mam tu WIN 7 64 bit tu je vystup cez RSiT
info.txt logfile of random's system information tool 1.09 2011-07-20 17:51:46
======Uninstall list======
Update for Microsoft Office 2007 (KB2508958)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0C5823AA-7B6F-44E1-8D5B-8FD1FF0E6438}
Acrobat.com-->MsiExec.exe /X{287ECFA4-719A-2143-A09B-D6A12DE54E40}
Adobe AIR-->C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}
Adobe Flash Player 10 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10s_ActiveX.exe -maintain activex
Adobe Flash Player 10 Plugin-->C:\Windows\SysWOW64\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 9.4.4 MUI-->MsiExec.exe /I{AC76BA86-7AD7-FFFF-7B44-A91000000001}
Aktualizácia Microsoft Office Excel 2007 Help (KB963678)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {9A8C39B0-D27F-4F81-BE74-2FECF164707E}
Aktualizácia Microsoft Office Powerpoint 2007 Help (KB963669)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {CE23B3DC-18CC-46FC-A309-81D6670F8D3D}
Aktualizácia Microsoft Office Word 2007 Help (KB963665)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {D6DBF512-87C0-4F6A-8FB9-AC3A389D9DE5}
Alcor Micro USB Card Reader-->C:\Program Files (x86)\InstallShield Installation Information\{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}\Setup.exe -runfromtemp -l0x0409
Asistent pri prihlasovaní v sieti Windows Live-->MsiExec.exe /I{97A58F57-5F50-4B0E-92BA-D41AF806E1B3}
ASUS FancyStart-->MsiExec.exe /I{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}
ASUS Splendid Video Enhancement Technology-->MsiExec.exe /I{0969AF05-4FF6-4C00-9406-43599238DE0D}
ASUS Video Magic-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
ASUS Video Magic-->"C:\Program Files (x86)\InstallShield Installation Information\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}\Setup.exe" /z-uninstall
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
ATK Generic Function Service-->C:\Program Files (x86)\InstallShield Installation Information\{D3D54F3E-C5C3-443D-978F-87A72E5616E8}\setup.exe -runfromtemp -l0x0009 -removeonly
ATK Hotkey-->MsiExec.exe /I{7C05592D-424B-46CB-B505-E0013E8E75C9}
ATK Media-->MsiExec.exe /I{D1E5870E-E3E5-4475-98A6-ADD614524ADF}
ATKOSD2-->MsiExec.exe /I{3B05F2FB-745B-4012-ADF2-439F36B2E70B}
Catalyst Control Center - Branding-->MsiExec.exe /I{AB3C268A-E54B-4F6D-BF97-2DFCEEFA94F5}
ControlDeck-->MsiExec.exe /I{5B65EF64-1DFA-414A-8C94-7BB726158E21}
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink LabelPrint-->"C:\Program Files (x86)\InstallShield Installation Information\{C59C179C-668D-49A9-B6EA-0121CCFC1243}\Setup.exe" /z-uninstall
CyberLink MediaShow Espresso-->"C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe" /z-uninstall
CyberLink MediaShow Espresso-->"C:\Program Files (x86)\InstallShield Installation Information\{E3739848-5329-48E3-8D28-5BBD6E8BE384}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink Power2Go-->"C:\Program Files (x86)\InstallShield Installation Information\{40BF1E83-20EB-11D8-97C5-0009C5020658}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
CyberLink PowerDVD 9-->"C:\Program Files (x86)\InstallShield Installation Information\{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}\Setup.exe" /z-uninstall
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Express Gate-->MsiExec.exe /X{B5A5627C-0173-4DB2-ADA8-740479370F67}
Free Image Converter-->MsiExec.exe /I{27BB12C3-1292-4204-8997-427CF78B5A92}
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
Google Earth-->MsiExec.exe /X{B3FED300-806C-11E0-A0D0-B8AC6F97B88E}
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Java(TM) 6 Update 24-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83216024FF}
Kernel EML Viewer ver 10.09.01-->"C:\Program Files (x86)\Kernel EML Viewer\unins000.exe"
K-Lite Codec Pack 7.1.0 (Full)-->"C:\Program Files (x86)\K-Lite Codec Pack\unins000.exe"
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0015-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0016-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0018-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0019-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001A-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001B-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {E64BA721-2310-4B55-BE5A-2925F9706192}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-002A-041B-1000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-0044-041B-0000-0000000FF1CE} /uninstall {F69A7281-8297-47E2-B583-36EAA37C89EE}
Microsoft Office 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-006E-041B-0000-0000000FF1CE} /uninstall {8AF3A9EB-FBB9-449F-AC11-94CE39930037}
Microsoft Office Access MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0016-041B-0000-0000000FF1CE}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0044-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2007-->"C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\Office Setup Controller\setup.exe" /uninstall PROPLUS /dll OSETUP.DLL
Microsoft Office Professional Plus 2007-->MsiExec.exe /X{90120000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2007-->MsiExec.exe /X{90120000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2007-->MsiExec.exe /X{90120000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2007-->MsiExec.exe /X{90120000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2007-->MsiExec.exe /X{90120000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2007-->MsiExec.exe /X{90120000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2007-->MsiExec.exe /X{90120000-002C-041B-0000-0000000FF1CE}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0405-0000-0000000FF1CE} /uninstall {294B4278-CF7B-40B9-86A1-2D3FF0C2C524}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0407-0000-0000000FF1CE} /uninstall {A0516415-ED61-419A-981D-93596DA74165}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-0409-0000-0000000FF1CE} /uninstall {ABDDE972-355B-4AF1-89A8-DA50B7B5C045}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-040E-0000-0000000FF1CE} /uninstall {573CA1BB-C8A3-46C4-993E-DB4043D9BFCD}
Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)-->msiexec /package {90120000-001F-041B-0000-0000000FF1CE} /uninstall {10EC59E5-9BCE-4884-BB1A-E28627220232}
Microsoft Office Publisher MUI (Slovak) 2007-->MsiExec.exe /X{90120000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2007-->MsiExec.exe /X{90120000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2007-->MsiExec.exe /X{90120000-001B-041B-0000-0000000FF1CE}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053-->MsiExec.exe /X{770657D0-A123-3C07-8E44-1C83EC895118}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148-->MsiExec.exe /X{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570-->MsiExec.exe /X{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
MSXML 4.0 SP3 Parser (KB973685)-->MsiExec.exe /I{859DFA95-E4A6-48CD-B88E-A3E483E89B44}
NEC Electronics USB 3.0 Host Controller Driver-->"C:\Program Files (x86)\InstallShield Installation Information\{D7BF9739-8A68-4335-BBEE-37752AD9E86B}\setup.exe" -runfromtemp -l0x0409 -removeonly
NEC Electronics USB 3.0 Host Controller Driver-->MsiExec.exe /I{D7BF9739-8A68-4335-BBEE-37752AD9E86B}
NetWorkingWizard_ICM-->"C:\Program Files (x86)\InstallShield Installation Information\{4CFFAEC0-1F2A-4D38-8D95-3995A936ADD9}\setup.exe" -runfromtemp -l0x0009 -removeonly
Odovzdávací nástroj lokality Windows Live-->MsiExec.exe /I{205C6BDD-7B73-42DE-8505-9A093F35A238}
PDFCreator-->C:\Program Files (x86)\PDFCreator\unins000.exe
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
Pro/ENGINEER Release Wildfire 4.0 Datecode F000-->"C:\Program Files (x86)\proeWildfire 4.0\uninstall\i486_nt\obj\psuninst.exe" "C:\Program Files (x86)\proeWildfire 4.0\uninstall\instlog.txt"
Realtek High Definition Audio Driver-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\50\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}\setup.exe" -removeonly
Revo Uninstaller 1.91-->C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\uninst.exe
Security Update for 2007 Microsoft Office System (KB2288621)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5C497F0B-2061-4CC9-A61C-6B45B867354D}
Security Update for 2007 Microsoft Office System (KB2288931)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD769337-C8AC-46DB-A7DC-643E50089263}
Security Update for 2007 Microsoft Office System (KB2345043)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {536FB502-775F-4494-BACE-C02CC90B7A5B}
Security Update for 2007 Microsoft Office System (KB2509488)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {AD0DE453-0804-4495-9C91-33D0F9AA5463}
Security Update for 2007 Microsoft Office System (KB969559)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {69F52148-9BF6-4CDC-BF76-103DEAF3DD08}
Security Update for 2007 Microsoft Office System (KB976321)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7F207DCA-3399-40CB-A968-6E5991B1421A}
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FD8D7C9A-E56A-3E7B-BA6D-FE68F13296E3} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F66C3466-1FDB-347C-B3AE-FB6C50627B10} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {B5BD3CA1-11AB-35A6-B22A-6A219DC0668E} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Extended (KB2416472)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\setup.exe /uninstallpatch {3162617C-537F-3BB6-8D0C-C6021F442391} /parameterfolder Extended
Security Update for Microsoft Office 2007 System (KB2541012)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {CD907315-705A-4475-A1A0-2A1245803E4D}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1142CCEC-ACA9-484B-BA90-C3A5CA1988C5}
Security Update for Microsoft Office Access 2007 (KB979440)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5A4E43D5-858F-49BD-BA72-8F30E1793060}
Security Update for Microsoft Office Excel 2007 (KB2541007)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {A0173254-F442-4D04-9154-43FA157B83D0}
Security Update for Microsoft Office InfoPath 2007 (KB2510061)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {5D930261-AA5B-48D1-931F-425C9D767490}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1109D0B3-EFA3-4553-AAED-4C3E9AD130E8}
Security Update for Microsoft Office InfoPath 2007 (KB979441)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8CCB781A-CF6B-4FCB-B6D8-59C64DF5C6DB}
Security Update for Microsoft Office PowerPoint 2007 (KB2535818)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {8588DD11-6BD7-4400-B55C-DD5AB74B43E1}
Security Update for Microsoft Office PowerPoint Viewer 2007 (KB2464623)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {D75E6D0C-BADF-4F41-98B2-0C0F02C15062}
Security Update for Microsoft Office Publisher 2007 (KB2284697)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3A4CDE54-2403-483D-8D9A-15E3264410DF}
Security Update for Microsoft Office system 2007 (972581)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {3D019598-7B59-447A-80AE-815B703B84FF}
Security Update for Microsoft Office system 2007 (KB974234)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {FCD742B9-7A55-44BC-A776-F795F21FEDDC}
Security Update for Microsoft Office Visio Viewer 2007 (KB973709)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {71127777-8B2C-4F97-AF7A-6CF8CAC8224D}
Security Update for Microsoft Office Word 2007 (KB2344993)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {7A5B74FA-7A92-4FC9-821A-2DD5D4E73E48}
SimpleOCR 3.1-->C:\PROGRA~2\SIMPLE~1\UNWISE.EXE C:\PROGRA~2\SIMPLE~1\INSTALL.LOG
Skype™ 5.1-->MsiExec.exe /X{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}
Update for 2007 Microsoft Office System (KB2284654)-->msiexec /package {90120000-002A-0000-1000-0000000FF1CE} /uninstall {FB166E7C-8AA6-48C8-B726-1F25BEE7825A}
Update for 2007 Microsoft Office System (KB967642)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {C444285D-5E4F-48A4-91DD-47AAAA68E92D}
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {A45DD0BE-3CD9-3F1E-B233-B90C6983AE77} /parameterfolder Client
Update for Microsoft Office 2007 System (KB2539530)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {0B4CEEAE-AA88-490C-BCB2-AAC3421981A4}
Update for Microsoft Office Outlook 2007 (KB2509470)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {1365864D-4C58-489D-9982-844D75691CCC}
Update for Outlook 2007 Junk Email Filter (KB2553975)-->msiexec /package {90120000-0011-0000-0000-0000000FF1CE} /uninstall {59D8F1FE-7B08-4F0E-840C-D1BF93D22A6C}
VLC media player 1.1.6-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
Windows Media Player Firefox Plugin-->MsiExec.exe /I{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}
WinFlash-->MsiExec.exe /X{8F21291E-0444-4B1D-B9F9-4370A73E346D}
WinRAR-->C:\Program Files (x86)\WinRAR\uninstall.exe
Wireless Console 3-->MsiExec.exe /I{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}
======Hosts File======
127.0.0.1 vkontakte.ru
127.0.0.1 www.vkontakte.ru
127.0.0.1 login.vk.com
127.0.0.1 vk.com
127.0.0.1 www.vk.com
127.0.0.1 odnoklassniki.ru
127.0.0.1 www.odnoklassniki.ru
127.0.0.1 facebook.com
127.0.0.1 www.facebook.com
127.0.0.1 af-za.facebook.com
======System event log======
Computer Name: Aksteiner
Event Code: 37
Message: The speed of processor 4 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 26675
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20110402120221.975736-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Aksteiner
Event Code: 37
Message: The speed of processor 6 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 26674
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20110402120221.975736-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Aksteiner
Event Code: 37
Message: The speed of processor 3 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 26673
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20110402120221.975736-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Aksteiner
Event Code: 37
Message: The speed of processor 7 in group 0 is being limited by system firmware. The processor has been in this reduced performance state for 71 seconds since the last report.
Record Number: 26672
Source Name: Microsoft-Windows-Kernel-Processor-Power
Time Written: 20110402120221.975736-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Aksteiner
Event Code: 1014
Message: Name resolution for the name www.sportsdirect.com timed out after none of the configured DNS servers responded.
Record Number: 26668
Source Name: Microsoft-Windows-DNS-Client
Time Written: 20110402114049.124789-000
Event Type: Warning
User: NT AUTHORITY\NETWORK SERVICE
=====Application event log=====
Computer Name: Aksteiner
Event Code: 20
Message:
Record Number: 1434
Source Name: Google Update
Time Written: 20110126165009.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: Aksteiner
Event Code: 20
Message:
Record Number: 1425
Source Name: Google Update
Time Written: 20110126164837.000000-000
Event Type: Error
User: NT AUTHORITY\SYSTEM
Computer Name: Aksteiner
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 1421
Source Name: LMS
Time Written: 20110126164821.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
Computer Name: Aksteiner
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.
Record Number: 1409
Source Name: Microsoft-Windows-Search
Time Written: 20110126164627.000000-000
Event Type: Warning
User:
Computer Name: Aksteiner
Event Code: 1
Message: LMS Service cannot connect to Intel(R) MEI driver
Record Number: 1399
Source Name: LMS
Time Written: 20110127014501.000000-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM
=====Security event log=====
Computer Name: WIN-NV24U7B7TI4
Event Code: 4672
Message: Special privileges assigned to new logon.
Subject:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Privileges: SeAssignPrimaryTokenPrivilege
SeTcbPrivilege
SeSecurityPrivilege
SeTakeOwnershipPrivilege
SeLoadDriverPrivilege
SeBackupPrivilege
SeRestorePrivilege
SeDebugPrivilege
SeAuditPrivilege
SeSystemEnvironmentPrivilege
SeImpersonatePrivilege
Record Number: 417
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100426144118.888501-000
Event Type: Audit Success
User:
Computer Name: WIN-NV24U7B7TI4
Event Code: 4624
Message: An account was successfully logged on.
Subject:
Security ID: S-1-5-18
Account Name: WIN-NV24U7B7TI4$
Account Domain: WORKGROUP
Logon ID: 0x3e7
Logon Type: 5
New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}
Process Information:
Process ID: 0x254
Process Name: C:\Windows\System32\services.exe
Network Information:
Workstation Name:
Source Network Address: -
Source Port: -
Detailed Authentication Information:
Logon Process: Advapi
Authentication Package: Negotiate
Transited Services: -
Package Name (NTLM only): -
Key Length: 0
This event is generated when a logon session is created. It is generated on the computer that was accessed.
The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 416
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100426144118.888501-000
Event Type: Audit Success
User:
Computer Name: WIN-NV24U7B7TI4
Event Code: 4738
Message: A user account was changed.
Subject:
Security ID: S-1-5-21-560642338-514596663-314569253-500
Account Name: Administrator
Account Domain: WIN-NV24U7B7TI4
Logon ID: 0x52bb4
Target Account:
Security ID: S-1-5-21-560642338-514596663-314569253-500
Account Name: Administrator
Account Domain: WIN-NV24U7B7TI4
Changed Attributes:
SAM Account Name: -
Display Name: -
User Principal Name: -
Home Directory: -
Home Drive: -
Script Path: -
Profile Path: -
User Workstations: -
Password Last Set: -
Account Expires: -
Primary Group ID: -
AllowedToDelegateTo: -
Old UAC Value: 0x210
New UAC Value: 0x211
User Account Control:
Account Disabled
User Parameters: -
SID History: -
Logon Hours: -
Additional Information:
Privileges: -
Record Number: 415
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100426144104.084075-000
Event Type: Audit Success
User:
Computer Name: WIN-NV24U7B7TI4
Event Code: 4725
Message: A user account was disabled.
Subject:
Security ID: S-1-5-21-560642338-514596663-314569253-500
Account Name: Administrator
Account Domain: WIN-NV24U7B7TI4
Logon ID: 0x52bb4
Target Account:
Security ID: S-1-5-21-560642338-514596663-314569253-500
Account Name: Administrator
Account Domain: WIN-NV24U7B7TI4
Record Number: 414
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20100426144104.084075-000
Event Type: Audit Success
User:
Computer Name: WIN-NV24U7B7TI4
Event Code: 1102
Message: The audit log was cleared.
Subject:
Security ID: S-1-5-21-560642338-514596663-314569253-500
Account Name: Administrator
Domain Name: WIN-NV24U7B7TI4
Logon ID: 0x52bb4
Record Number: 413
Source Name: Microsoft-Windows-Eventlog
Time Written: 20100426144050.668052-000
Event Type: Audit Success
User:
======Environment variables======
"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static;C:\Program Files\WIDCOMM\Bluetooth Software\;C:\Program Files\WIDCOMM\Bluetooth Software\syswow64;C:\Program Files\MATLAB\R2009b\runtime\win64;C:\Program Files\MATLAB\R2009b\bin;C:\Program Files (x86)\proeWildfire 4.0\bin
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1e05
"configsetroot"=%SystemRoot%\ConfigSetRoot
"AWP_LOCALE121"=en-us
"ANSYS_SYSDIR"=winx64
"AWP_ROOT121"=C:\Program Files\ANSYS Inc\v121
"ANSYS121_DIR"=C:\Program Files\ANSYS Inc\v121\ANSYS
"P_SCHEMA"=C:\Program Files\ANSYS Inc\v121\AISOL\CAD Integration\Parasolid\PSchema
"CADOE_DOCDIR121"=C:\Program Files\ANSYS Inc\v121\CommonFiles\help\en-us\solviewer
"CADOE_LIBDIR121"=C:\Program Files\ANSYS Inc\v121\CommonFiles\Language\en-us
"KMP_DUPLICATE_LIB_OK"=TRUE
"ANSYS_SYSDIR32"=win32
"LSTC_LICENSE"=ANSYS
"ICEMCFD_ROOT121"=C:\Program Files\ANSYS Inc\v121\icemcfd
"ANSYSLIC_DIR"=C:\Program Files\ANSYS Inc\Shared Files\Licensing
-----------------EOF-----------------
LOG :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Vitko_Aksteiner at 2011-07-20 17:51:32
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 91 GB (60%) free of 153 GB
Total RAM: 6069 MB (73% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:51:40, on 20. 7. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
C:\Program Files (x86)\CyberLink\Shared files\brs.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\update.tray-3-0\svchost.exe
C:\Windows\update.tray-2-0\svchost.exe
C:\Windows\l1rezerv.exe
C:\Windows\systemup.exe
C:\Program Files (x86)\Skype\Plugin Manager\skypePM.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\WinRAR\WinRAR.exe
C:\Users\VITKO_~1\AppData\Local\Temp\Rar$EX00.904\procexp.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitko_Aksteiner\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Vitko_Aksteiner\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\Vitko_Aksteiner.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: Pomocník pri prihlasovaní v sieti Windows Live - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O4 - HKLM\..\Run: [MDS_Menu] "C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\MediaShowEspresso" UpdateWithCreateOnce "Software\CyberLink\MediaShow Espresso\5.0"
O4 - HKLM\..\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe"
O4 - HKLM\..\Run: [PDVD9LanguageShortcut] "C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe"
O4 - HKLM\..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe
O4 - HKLM\..\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter"
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [wxpdrv] C:\Windows\services32.exe
O4 - HKLM\..\Run: [tray_ico0] C:\Windows\update.tray-3-0\svchost.exe
O4 - HKLM\..\Run: [tray_ico1] C:\Windows\update.tray-2-0\svchost.exe
O4 - HKLM\..\Run: [6630914.exe] "C:\Users\Vitko_Aksteiner\AppData\Local\Temp\6630914.exe"
O4 - HKLM\..\Run: [sysdriver32.exe] "C:\Windows\sysdriver32.exe" rezerv
O4 - HKLM\..\Run: [sysdriver32_.exe] "C:\Windows\sysdriver32_.exe" rezerv
O4 - HKLM\..\Run: [4120203.exe] "C:\Users\Vitko_Aksteiner\AppData\Local\Temp\4120203.exe"
O4 - HKLM\..\Run: [1072193.exe] "C:\Windows\Temp\1072193.exe"
O4 - HKLM\..\Run: [3761629.exe] "C:\Windows\Temp\3761629.exe"
O4 - HKLM\..\Run: [l1rezerv.exe] "C:\Windows\l1rezerv.exe"
O4 - HKLM\..\Run: [systemup] "C:\Windows\systemup.exe" stand
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Google Update] "C:\Users\Vitko_Aksteiner\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: ANSYS, Inc. License Manager - ANSYS, Inc. - C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - Unknown owner - C:\Program Files\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Backbone Service (BBDemon) - Dassault Systemes - C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe (file missing)
O23 - Service: ESET Service (ekrn) - Unknown owner - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: FLEXnet Licensing Service 64 - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\Windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\Windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\Windows\sysdriver32.exe
O23 - Service: TurboBoost - Intel(R) Corporation - C:\Program Files\Intel\TurboBoost\TurboBoost.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Unknown owner - C:\Windows\update.1\svchost.exe
--
End of file - 14305 bytes
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-560642338-514596663-314569253-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-560642338-514596663-314569253-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-23 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2011-06-04 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v sieti Windows Live - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-02-17 408440]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-03-29 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{D4027C7F-154A-4066-A1AD-4243D8127440}
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2011-06-04 503808]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"=C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe [2009-02-25 218408]
"RemoteControl9"=C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe [2009-07-06 87336]
"PDVD9LanguageShortcut"=C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe [2009-04-28 50472]
"BDRegion"=C:\Program Files (x86)\Cyberlink\Shared Files\brs.exe [2009-09-01 75048]
"UpdatePSTShortCut"=C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe [2009-11-16 210216]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-11-18 98304]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-11-21 106496]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe [2009-10-27 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe [2009-08-20 170624]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-21 932288]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2011-01-31 35760]
"wxpdrv"=C:\Windows\services32.exe [2011-07-18 1150976]
"tray_ico"= []
"tray_ico0"=C:\Windows\update.tray-3-0\svchost.exe [2011-07-18 1150976]
"tray_ico1"=C:\Windows\update.tray-2-0\svchost.exe [2011-07-18 1150976]
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"6630914.exe"=C:\Users\Vitko_Aksteiner\AppData\Local\Temp\6630914.exe [2011-07-18 232960]
"sysdriver32.exe"=C:\Windows\sysdriver32.exe [2011-07-18 232960]
"sysdriver32_.exe"=C:\Windows\sysdriver32_.exe [2011-07-18 232960]
"4120203.exe"=C:\Users\Vitko_Aksteiner\AppData\Local\Temp\4120203.exe [2011-07-18 232960]
"1072193.exe"=C:\Windows\Temp\1072193.exe [2011-07-18 232960]
"3761629.exe"=C:\Windows\Temp\3761629.exe [2011-07-18 483328]
"l1rezerv.exe"=C:\Windows\l1rezerv.exe [2011-07-18 110592]
"systemup"=C:\Windows\systemup.exe [2011-07-18 114176]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2011-01-03 15028104]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"Google Update"=C:\Users\Vitko_Aksteiner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-03-13 136176]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-20 1305408]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
FancyStart daemon.lnk - C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.divxa32"=msaud32_divx.acm
"VIDC.XVID"=xvidvfw.dll
"VIDC.YV12"=yv12vfw.dll
"msacm.ac3acm"=ac3acm.acm
"msacm.lameacm"=lameACM.acm
"VIDC.FFDS"=ff_vfw.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.reg - edit -
.reg - open -
.scr - open - C:\Windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -
======List of files/folders created in the last 1 month======
2011-07-20 17:51:33 ----D---- C:\Program Files (x86)\trend micro
2011-07-20 17:51:32 ----D---- C:\rsit
2011-07-20 17:29:45 ----D---- C:\Windows\ufa
2011-07-20 17:29:45 ----D---- C:\Windows\rpcminer
2011-07-20 17:29:45 ----D---- C:\Windows\phoenix
2011-07-20 17:29:44 ----A---- C:\Windows\unrar.exe
2011-07-20 17:29:24 ----A---- C:\Windows\ddh_iplist.txt
2011-07-20 17:29:15 ----A---- C:\Windows\btc_client_iplist.txt
2011-07-20 17:29:13 ----A---- C:\Windows\iecheck_iplist.txt
2011-07-19 06:33:11 ----HD---- C:\Windows\update.5.0
2011-07-18 22:54:39 ----A---- C:\Windows\systemup.exe
2011-07-18 22:54:38 ----A---- C:\Windows\l1rezerv.exe
2011-07-18 22:54:22 ----HD---- C:\Windows\update.2
2011-07-18 22:46:38 ----A---- C:\Windows\sysdriver32_.exe
2011-07-18 22:46:24 ----A---- C:\Windows\sysdriver32.exe
2011-07-18 22:46:06 ----D---- C:\Windows\av_ico
2011-07-18 22:45:45 ----A---- C:\Windows\front_ip_list.txt
2011-07-18 22:44:34 ----HD---- C:\Windows\update.1
2011-07-18 22:44:33 ----HD---- C:\Windows\update.tray-3-0-lnk
2011-07-18 22:44:33 ----HD---- C:\Windows\update.tray-3-0
2011-07-18 22:44:33 ----HD---- C:\Windows\update.tray-2-0-lnk
2011-07-18 22:44:33 ----HD---- C:\Windows\update.tray-2-0
2011-07-18 22:33:19 ----A---- C:\Windows\winlog-ids.txt
2011-07-18 22:33:19 ----A---- C:\Windows\winlog-dirs.txt
2011-07-18 22:33:15 ----A---- C:\Windows\services32.exe
2011-07-13 06:21:37 ----A---- C:\Windows\SysWOW64\wow32.dll
2011-07-13 06:21:37 ----A---- C:\Windows\SysWOW64\setup16.exe
2011-07-13 06:21:37 ----A---- C:\Windows\SysWOW64\ntvdm64.dll
2011-07-13 06:21:37 ----A---- C:\Windows\SysWOW64\kernel32.dll
2011-07-13 06:21:37 ----A---- C:\Windows\SysWOW64\instnm.exe
2011-07-13 06:21:36 ----A---- C:\Windows\SysWOW64\user.exe
2011-07-13 06:21:23 ----A---- C:\Windows\SysWOW64\KernelBase.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2011-07-13 06:21:22 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2011-07-13 06:21:21 ----AH---- C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2011-06-29 10:11:16 ----A---- C:\Windows\SysWOW64\drvinst.exe
2011-06-29 10:11:15 ----A---- C:\Windows\SysWOW64\devrtl.dll
2011-06-29 10:11:15 ----A---- C:\Windows\SysWOW64\devobj.dll
2011-06-29 10:11:15 ----A---- C:\Windows\SysWOW64\cfgmgr32.dll
2011-06-29 10:11:13 ----A---- C:\Windows\SysWOW64\tquery.dll
2011-06-29 10:11:13 ----A---- C:\Windows\SysWOW64\mssrch.dll
2011-06-29 10:11:12 ----A---- C:\Windows\SysWOW64\SearchProtocolHost.exe
2011-06-29 10:11:12 ----A---- C:\Windows\SysWOW64\SearchIndexer.exe
2011-06-29 10:11:12 ----A---- C:\Windows\SysWOW64\mssph.dll
2011-06-29 10:11:11 ----A---- C:\Windows\SysWOW64\SearchFilterHost.exe
2011-06-29 10:11:11 ----A---- C:\Windows\SysWOW64\mssvp.dll
2011-06-29 10:11:11 ----A---- C:\Windows\SysWOW64\mssphtb.dll
2011-06-29 10:11:11 ----A---- C:\Windows\SysWOW64\msscntrs.dll
2011-06-27 19:34:16 ----D---- C:\Users\Vitko_Aksteiner\AppData\Roaming\PTC
2011-06-27 19:19:36 ----D---- C:\Program Files (x86)\proeWildfire 4.0
======List of files/folders modified in the last 1 month======
2011-07-20 17:51:38 ----D---- C:\Windows\Temp
2011-07-20 17:51:33 ----RD---- C:\Program Files (x86)
2011-07-20 17:41:48 ----D---- C:\Windows
2011-07-20 17:29:13 ----D---- C:\Users\Vitko_Aksteiner\AppData\Roaming\Skype
2011-07-20 17:27:40 ----D---- C:\Windows\System32
2011-07-20 17:27:40 ----D---- C:\Windows\inf
2011-07-20 17:25:59 ----D---- C:\Users\Vitko_Aksteiner\AppData\Roaming\skypePM
2011-07-19 22:35:53 ----A---- C:\Windows\SysWOW64\log.txt
2011-07-19 22:16:13 ----D---- C:\Windows\debug
2011-07-19 18:01:55 ----SHD---- C:\System Volume Information
2011-07-18 22:44:34 ----RD---- C:\Program Files
2011-07-14 18:02:05 ----D---- C:\Windows\winsxs
2011-07-14 18:00:29 ----D---- C:\Windows\SysWOW64
2011-07-14 18:00:28 ----D---- C:\Windows\AppPatch
2011-07-14 17:29:49 ----SHD---- C:\Windows\Installer
2011-07-14 17:29:45 ----D---- C:\ProgramData\Microsoft Help
2011-06-30 11:01:52 ----D---- C:\Program Files (x86)\Microsoft Office
2011-06-30 08:07:20 ----RSD---- C:\Windows\Fonts
2011-06-27 19:03:50 ----D---- C:\ProgramData\DAEMON Tools Lite
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys []
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys []
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys []
R1 LUMDriver;LUMDriver; \??\C:\Windows\system32\drivers\LUMDriver.sys []
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys []
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
R2 cpuz135;cpuz135; \??\C:\Windows\system32\drivers\cpuz135_x64.sys []
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys []
R2 TurboB;Turbo Boost UI Monitor driver; C:\Windows\system32\DRIVERS\TurboB.sys []
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS []
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys []
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys []
R3 btusbflt;Bluetooth USB Filter; C:\Windows\system32\drivers\btusbflt.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\Windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT; C:\Windows\system32\drivers\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\Windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\Windows\system32\DRIVERS\btwrchid.sys []
R3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys []
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys []
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys []
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys []
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys []
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys []
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys []
R3 RTHDMIAzAudService;Service for HDMI; C:\Windows\system32\drivers\RtHDMIVX.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys []
S3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\AtiHdmi.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys []
S3 NuidFltr;NUID filter driver; C:\Windows\system32\DRIVERS\NuidFltr.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys []
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys []
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe []
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe []
R2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager; C:\Program Files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2009-10-02 4065280]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files\ATKGFNEX\GFNEXSrv.exe [2007-08-08 94208]
R2 BBDemon;Backbone Service; C:\Program Files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-09-26 36864]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-08-03 864032]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-10-01 262144]
R2 srvbtcclient;srvbtcclient; C:\Windows\update.5.0\svchost.exe [2011-07-19 340480]
R2 srviecheck;srviecheck; C:\Windows\update.2\svchost.exe [2011-07-18 483328]
R2 srvsysdriver32;srvsysdriver32; C:\Windows\sysdriver32.exe [2011-07-18 232960]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
R3 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-05-27 244904]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files (x86)\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2011-05-20 85096]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe []
S3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-26 1030600]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-02-08 136120]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 TurboBoost;TurboBoost; C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S3 WMZuneComm;Zune Windows Mobile Connectivity Service; C:\Program Files\Zune\WMZuneComm.exe [2010-11-11 306416]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S4 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 20992]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
zavireny facebook, odstavenie antiviru nod
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavireny facebook, odstavenie antiviru nod
Zdravím!
Dejte ještě log z ComboFix.
Dejte ještě log z ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavireny facebook, odstavenie antiviru nod
Posielam ten dalsi LOG z combofixu
ComboFix 11-07-20.04 - Vitko_Aksteiner . 07. 2011 22:06:08.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.6069.4313 [GMT 2:00]
Running from: c:\users\Vitko_Aksteiner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Vitko_Aksteiner\AppData\Roaming\Microsoft\Windows\Recent\premenne rýchlosti.mat
c:\users\Vitko_Aksteiner\AppData\Roaming\Microsoft\Windows\Recent\premenne vychiliek.mat
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\Temp\1072193.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 20:13 . 2011-07-20 20:13 0 ---ha-w- c:\users\Vitko_Aksteiner\AppData\Local\BIT5CB.tmp
2011-07-20 20:11 . 2011-07-20 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-20 15:51 . 2011-07-20 18:05 -------- d-----w- c:\program files (x86)\trend micro
2011-07-20 15:51 . 2011-07-20 15:51 -------- d-----w- C:\rsit
2011-07-20 15:29 . 2011-07-20 18:08 -------- d-----w- c:\windows\phoenix
2011-07-18 20:54 . 2011-07-20 18:08 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 20:46 . 2011-07-20 18:05 -------- d-----w- c:\windows\av_ico
2011-07-18 20:44 . 2011-07-20 20:11 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:44 . 2011-07-20 20:11 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:44 . 2011-07-20 18:05 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:44 . 2011-07-20 18:05 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-06-29 08:11 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-27 17:34 . 2011-06-27 17:34 -------- d-----w- c:\users\Vitko_Aksteiner\AppData\Roaming\PTC
2011-06-27 17:19 . 2011-06-27 17:29 -------- d-----w- c:\program files (x86)\proeWildfire 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 20:15 . 2011-07-20 20:15 0 ---ha-w- c:\users\Vitko_Aksteiner\AppData\Local\BIT53AF.tmp
2011-06-07 16:40 . 2011-05-16 12:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 04:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 06:25 . 2011-05-21 17:10 737280 ----a-w- c:\windows\iun6002.exe
2011-05-24 17:14 . 2011-01-28 09:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-05 19:54 . 2011-05-05 19:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-05 19:54 . 2011-05-05 19:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-05 19:54 . 2011-05-05 19:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-05 19:54 . 2011-05-05 19:54 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-05 19:54 . 2011-05-05 19:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-05 19:54 . 2011-05-05 19:54 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-05 19:54 . 2011-05-05 19:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-05 19:54 . 2011-05-05 19:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-05 19:54 . 2011-05-05 19:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-05 19:54 . 2011-05-05 19:54 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-05 19:54 . 2011-05-05 19:54 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-05 19:54 . 2011-05-05 19:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-05 19:54 . 2011-05-05 19:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-05 19:54 . 2011-05-05 19:54 448512 ----a-w- c:\windows\system32\html.iec
2011-05-05 19:54 . 2011-05-05 19:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-05 19:54 . 2011-05-05 19:54 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-05 19:54 . 2011-05-05 19:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-05 19:54 . 2011-05-05 19:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-05 19:54 . 2011-05-05 19:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-05 19:54 . 2011-05-05 19:54 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-05 19:54 . 2011-05-05 19:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-05 19:54 . 2011-05-05 19:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-05 19:54 . 2011-05-05 19:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-05 19:54 . 2011-05-05 19:54 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-05 19:54 . 2011-05-05 19:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-05 19:54 . 2011-05-05 19:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-05 19:54 . 2011-05-05 19:54 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-05 19:54 . 2011-05-05 19:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-05 19:54 . 2011-05-05 19:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-05 19:54 . 2011-05-05 19:54 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-05 19:54 . 2011-05-05 19:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-05 19:54 . 2011-05-05 19:54 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-05 19:54 . 2011-05-05 19:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-05 19:54 . 2011-05-05 19:54 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-05 19:54 . 2011-05-05 19:54 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-05 19:54 . 2011-05-05 19:54 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-05 19:54 . 2011-05-05 19:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-05 19:54 . 2011-05-05 19:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-03 05:29 . 2011-06-15 09:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 09:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-15 10:05 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-15 10:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-15 10:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-15 10:05 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-15 10:05 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-15 10:05 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-15 10:06 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-15 10:06 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-23 01:29 . 2011-06-16 05:56 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 01:19 . 2011-06-16 05:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 23:35 . 2011-06-16 05:56 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-22 23:25 . 2011-06-16 05:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-22 22:15 . 2011-05-24 23:01 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-16 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-4-27 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-4-27 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-26 1030600]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/26 21:31];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2009-10-02 4065280]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-09-26 36864]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 04:45]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 04:45]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560642338-514596663-314569253-1000Core.job
- c:\users\Vitko_Aksteiner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-06 09:58]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560642338-514596663-314569253-1000UA.job
- c:\users\Vitko_Aksteiner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-06 09:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF7769.cfxxe" [X]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 192.168.2.1
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-nodenable - c:\program files\eset\nodenable.exe
Wow6432Node-HKLM-Run-Windows Phone Device Manager - c:\windows\WPDeviceManager\WPDeviceManager.exe
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico0 - c:\windows\update.tray-3-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico1 - c:\windows\update.tray-2-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
Wow6432Node-HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
Wow6432Node-HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
Wow6432Node-HKLM-Run-systemup - c:\windows\systemup.exe
Toolbar-Locked - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-07-20 22:18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-20 20:18
.
Pre-Run: 93 126 737 920 bytes free
Post-Run: 92 866 633 728 bytes free
.
- - End Of File - - 8CFF479462DEBCEE51517D2C2FBC2AA1
ComboFix 11-07-20.04 - Vitko_Aksteiner . 07. 2011 22:06:08.1.8 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.6069.4313 [GMT 2:00]
Running from: c:\users\Vitko_Aksteiner\Downloads\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\users\Vitko_Aksteiner\AppData\Roaming\Microsoft\Windows\Recent\premenne rýchlosti.mat
c:\users\Vitko_Aksteiner\AppData\Roaming\Microsoft\Windows\Recent\premenne vychiliek.mat
c:\windows\btc_client_iplist.txt
c:\windows\ddh_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\l1rezerv.exe
c:\windows\loader2.exe_ok
c:\windows\phoenix.rar
c:\windows\proc_list1.log
c:\windows\rpcminer.rar
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\systemup.exe
c:\windows\Temp\1072193.exe
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.tray-2-0\svchost.exe
c:\windows\update.tray-3-0\svchost.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
-------\Service_srvbtcclient
-------\Service_srvbtcclient
.
.
((((((((((((((((((((((((( Files Created from 2011-06-20 to 2011-07-20 )))))))))))))))))))))))))))))))
.
.
2011-07-20 20:13 . 2011-07-20 20:13 0 ---ha-w- c:\users\Vitko_Aksteiner\AppData\Local\BIT5CB.tmp
2011-07-20 20:11 . 2011-07-20 20:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-07-20 15:51 . 2011-07-20 18:05 -------- d-----w- c:\program files (x86)\trend micro
2011-07-20 15:51 . 2011-07-20 15:51 -------- d-----w- C:\rsit
2011-07-20 15:29 . 2011-07-20 18:08 -------- d-----w- c:\windows\phoenix
2011-07-18 20:54 . 2011-07-20 18:08 246272 ----a-w- c:\windows\unrar.exe
2011-07-18 20:46 . 2011-07-20 18:05 -------- d-----w- c:\windows\av_ico
2011-07-18 20:44 . 2011-07-20 20:11 -------- d--h--w- c:\windows\update.tray-3-0
2011-07-18 20:44 . 2011-07-20 20:11 -------- d--h--w- c:\windows\update.tray-2-0
2011-07-18 20:44 . 2011-07-20 18:05 -------- d--h--w- c:\windows\update.tray-3-0-lnk
2011-07-18 20:44 . 2011-07-20 18:05 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2011-06-29 08:11 . 2011-05-24 11:42 404480 ----a-w- c:\windows\system32\umpnpmgr.dll
2011-06-27 17:34 . 2011-06-27 17:34 -------- d-----w- c:\users\Vitko_Aksteiner\AppData\Roaming\PTC
2011-06-27 17:19 . 2011-06-27 17:29 -------- d-----w- c:\program files (x86)\proeWildfire 4.0
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-07-20 20:15 . 2011-07-20 20:15 0 ---ha-w- c:\users\Vitko_Aksteiner\AppData\Local\BIT53AF.tmp
2011-06-07 16:40 . 2011-05-16 12:56 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-06-03 05:57 . 2011-07-13 04:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2011-05-28 06:25 . 2011-05-21 17:10 737280 ----a-w- c:\windows\iun6002.exe
2011-05-24 17:14 . 2011-01-28 09:14 270720 ------w- c:\windows\system32\MpSigStub.exe
2011-05-05 19:54 . 2011-05-05 19:54 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2011-05-05 19:54 . 2011-05-05 19:54 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2011-05-05 19:54 . 2011-05-05 19:54 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2011-05-05 19:54 . 2011-05-05 19:54 85504 ----a-w- c:\windows\system32\iesetup.dll
2011-05-05 19:54 . 2011-05-05 19:54 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2011-05-05 19:54 . 2011-05-05 19:54 76800 ----a-w- c:\windows\system32\tdc.ocx
2011-05-05 19:54 . 2011-05-05 19:54 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2011-05-05 19:54 . 2011-05-05 19:54 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2011-05-05 19:54 . 2011-05-05 19:54 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2011-05-05 19:54 . 2011-05-05 19:54 603648 ----a-w- c:\windows\system32\vbscript.dll
2011-05-05 19:54 . 2011-05-05 19:54 49664 ----a-w- c:\windows\system32\imgutil.dll
2011-05-05 19:54 . 2011-05-05 19:54 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2011-05-05 19:54 . 2011-05-05 19:54 48640 ----a-w- c:\windows\system32\mshtmler.dll
2011-05-05 19:54 . 2011-05-05 19:54 448512 ----a-w- c:\windows\system32\html.iec
2011-05-05 19:54 . 2011-05-05 19:54 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2011-05-05 19:54 . 2011-05-05 19:54 367104 ----a-w- c:\windows\SysWow64\html.iec
2011-05-05 19:54 . 2011-05-05 19:54 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2011-05-05 19:54 . 2011-05-05 19:54 30720 ----a-w- c:\windows\system32\licmgr10.dll
2011-05-05 19:54 . 2011-05-05 19:54 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2011-05-05 19:54 . 2011-05-05 19:54 222208 ----a-w- c:\windows\system32\msls31.dll
2011-05-05 19:54 . 2011-05-05 19:54 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2011-05-05 19:54 . 2011-05-05 19:54 165888 ----a-w- c:\windows\system32\iexpress.exe
2011-05-05 19:54 . 2011-05-05 19:54 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2011-05-05 19:54 . 2011-05-05 19:54 160256 ----a-w- c:\windows\system32\wextract.exe
2011-05-05 19:54 . 2011-05-05 19:54 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2011-05-05 19:54 . 2011-05-05 19:54 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2011-05-05 19:54 . 2011-05-05 19:54 1492992 ----a-w- c:\windows\system32\inetcpl.cpl
2011-05-05 19:54 . 2011-05-05 19:54 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2011-05-05 19:54 . 2011-05-05 19:54 1427456 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2011-05-05 19:54 . 2011-05-05 19:54 1389056 ----a-w- c:\windows\system32\wininet.dll
2011-05-05 19:54 . 2011-05-05 19:54 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2011-05-05 19:54 . 2011-05-05 19:54 12288 ----a-w- c:\windows\system32\mshta.exe
2011-05-05 19:54 . 2011-05-05 19:54 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2011-05-05 19:54 . 2011-05-05 19:54 114176 ----a-w- c:\windows\system32\admparse.dll
2011-05-05 19:54 . 2011-05-05 19:54 1126912 ----a-w- c:\windows\SysWow64\wininet.dll
2011-05-05 19:54 . 2011-05-05 19:54 111616 ----a-w- c:\windows\system32\iesysprep.dll
2011-05-05 19:54 . 2011-05-05 19:54 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2011-05-05 19:54 . 2011-05-05 19:54 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2011-05-03 05:29 . 2011-06-15 09:59 976896 ----a-w- c:\windows\system32\inetcomm.dll
2011-05-03 04:30 . 2011-06-15 09:59 741376 ----a-w- c:\windows\SysWow64\inetcomm.dll
2011-04-29 03:06 . 2011-06-15 10:05 467456 ----a-w- c:\windows\system32\drivers\srv.sys
2011-04-29 03:05 . 2011-06-15 10:05 410112 ----a-w- c:\windows\system32\drivers\srv2.sys
2011-04-29 03:05 . 2011-06-15 10:05 168448 ----a-w- c:\windows\system32\drivers\srvnet.sys
2011-04-27 02:40 . 2011-06-15 10:05 158208 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-04-27 02:39 . 2011-06-15 10:05 289280 ----a-w- c:\windows\system32\drivers\mrxsmb10.sys
2011-04-27 02:39 . 2011-06-15 10:05 128000 ----a-w- c:\windows\system32\drivers\mrxsmb20.sys
2011-04-25 05:33 . 2011-06-15 10:06 1923968 ----a-w- c:\windows\system32\drivers\tcpip.sys
2011-04-25 02:34 . 2011-06-15 10:06 499200 ----a-w- c:\windows\system32\drivers\afd.sys
2011-04-23 01:29 . 2011-06-16 05:56 2303488 ----a-w- c:\windows\system32\jscript9.dll
2011-04-23 01:19 . 2011-06-16 05:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2011-04-22 23:35 . 2011-06-16 05:56 1797632 ----a-w- c:\windows\SysWow64\jscript9.dll
2011-04-22 23:25 . 2011-06-16 05:56 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2011-04-22 22:15 . 2011-05-24 23:01 27520 ----a-w- c:\windows\system32\drivers\Diskdump.sys
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-01-03 15028104]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"MDS_Menu"="c:\program files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe" [2009-02-25 218408]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"PDVD9LanguageShortcut"="c:\program files (x86)\Cyberlink\PowerDVD9\Language\Language.exe" [2009-04-28 50472]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared Files\brs.exe" [2009-09-01 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2009-11-16 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-11-18 98304]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-11-21 106496]
"HControlUser"="c:\program files (x86)\ASUS\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"ATKOSD2"="c:\program files (x86)\ASUS\ATKOSD2\ATKOSD2.exe" [2009-10-27 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Media\DMedia.exe" [2009-08-20 170624]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-4-27 12862]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-4-27 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
R3 btusbflt;Bluetooth USB Filter;c:\windows\system32\drivers\btusbflt.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-03-26 1030600]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-04-27 135664]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WMZuneComm;Zune Windows Mobile Connectivity Service;c:\program files\Zune\WMZuneComm.exe [2010-11-11 306416]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 LUMDriver;LUMDriver;c:\windows\system32\drivers\LUMDriver.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/04/26 21:31];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [2009-09-01 23:59 146928]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 ANSYS, Inc. License Manager;ANSYS, Inc. License Manager;c:\program files\ANSYS Inc\Shared Files\Licensing\winx64\ansysli_server.exe [2009-10-02 4065280]
S2 ASMMAP64;ASMMAP64;c:\program files\ATKGFNEX\ASMMAP64.sys [2007-07-24 14904]
S2 BBDemon;Backbone Service;c:\program files (x86)\Dassault Systemes\B20\intel_a\code\bin\CATSysDemon.exe [2009-09-26 36864]
S2 cpuz135;cpuz135;c:\windows\system32\drivers\cpuz135_x64.sys [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 04:45]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-22 04:45]
.
2011-07-19 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560642338-514596663-314569253-1000Core.job
- c:\users\Vitko_Aksteiner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-06 09:58]
.
2011-07-20 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-560642338-514596663-314569253-1000UA.job
- c:\users\Vitko_Aksteiner\AppData\Local\Google\Update\GoogleUpdate.exe [2011-04-06 09:58]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"combofix"="c:\combofix\CF7769.cfxxe" [X]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2010-11-11 163568]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://asus.msn.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 192.168.2.1
.
.
------- File Associations -------
.
.reg=Regedit.Document
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
Wow6432Node-HKCU-Run-nodenable - c:\program files\eset\nodenable.exe
Wow6432Node-HKLM-Run-Windows Phone Device Manager - c:\windows\WPDeviceManager\WPDeviceManager.exe
Wow6432Node-HKLM-Run-wxpdrv - c:\windows\services32.exe
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico0 - c:\windows\update.tray-3-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico1 - c:\windows\update.tray-2-0\svchost.exe
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-sysdriver32.exe - c:\windows\sysdriver32.exe
Wow6432Node-HKLM-Run-sysdriver32_.exe - c:\windows\sysdriver32_.exe
Wow6432Node-HKLM-Run-l1rezerv.exe - c:\windows\l1rezerv.exe
Wow6432Node-HKLM-Run-systemup - c:\windows\systemup.exe
Toolbar-Locked - (no file)
HKLM-Run-egui - c:\program files\ESET\ESET NOD32 Antivirus\egui.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10s_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10s.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
c:\program files\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Hotkey\WDC.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Skype\Plugin Manager\skypePM.exe
.
**************************************************************************
.
Completion time: 2011-07-20 22:18:37 - machine was rebooted
ComboFix-quarantined-files.txt 2011-07-20 20:18
.
Pre-Run: 93 126 737 920 bytes free
Post-Run: 92 866 633 728 bytes free
.
- - End Of File - - 8CFF479462DEBCEE51517D2C2FBC2AA1
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavireny facebook, odstavenie antiviru nod
Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.Folder::
c:\windows\av_ico
c:\windows\update.tray-3-0
c:\windows\update.tray-2-0
c:\windows\update.tray-3-0-lnk
c:\windows\update.tray-2-0-lnk
Collect::
c:\windows\unrar.exe
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: zavireny facebook, odstavenie antiviru nod
Velka vdaka za pomoc, uz je to v poriadku...
Myslis ze by sa dalo este nieco vylepsit v tych spustenych programoch pre lepsi chod systemu ?
Myslis ze by sa dalo este nieco vylepsit v tych spustenych programoch pre lepsi chod systemu ?
-
Rudy
- Site Admin
- Příspěvky: 119506
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: zavireny facebook, odstavenie antiviru nod
Jistěže dá. Startmenu>přík. řádek>(napsat) msconfig>OK. V okně zrušte zaškrtnutí všech procesů, které nemusí automaticky startovat. Tj. takové, které lze v případě potřeby spustit ručně. PC se trochu zrychlí. Nemáte zač!
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?