Logfile of random's system information tool 1.09 (written by random/random)
Run by Darken at 2012-08-06 18:28:43
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 791 GB (84%) free of 939 GB
Total RAM: 4095 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:28:48, on 6. 8. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\keyremappers\KeyRemapper CW\KeyRemapper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe
C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Darken.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Ad-Watch] C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Darken\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KeyMapperStarup] "C:\keyremappers\KeyRemapper CW\KeyRemapper.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: t4sks - Shortcut.lnk = C:\Users\Darken\Desktop\t4sks.rtf
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Lavasoft Ad-Aware Service - Lavasoft - C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 7721 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
atieclxx
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"taskhost.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
WLIDSvcM.exe 1736
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-550138d8-f789-4d8a-866f-6c9281a1ed4a -SystemEventPortName:HostProcess-45197e5b-e9a3-4cca-88a1-54f3d143cd08 -IoCancelEventPortName:HostProcess-c725ac47-63fd-4fd8-baee-4d939a146023 -NonStateChangingEventPortName:HostProcess-6cd16096-5408-48a0-88ee-ab5ae5ffa449 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:345f090f-72e0-4786-8501-bf6ea9631e0a
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\keyremappers\KeyRemapper CW\KeyRemapper.exe" /background
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Darken\Desktop\t4sks.rtf"
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
"C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminator.exe" /SCHEDULESCAN
"C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndDynamic/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="2252.1.1939893606\725310500" /prefetch:3
taskeng.exe {98E88BBC-9AAB-4FCA-B4D9-283E2B4FCE4E}
"C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2252.2.1173511291\798379365" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2252.3.1840347279\549679707" --reduce-gpu-sandbox --disable-image-transport-surface --gpu-vendor-id=0x1002 --gpu-device-id=0x683f --gpu-driver-version=8.950.0.0 --ignored=" --type=renderer " /prefetch:12
"C:\Users\Darken\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/12/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SpdyCwnd/cwndDynamic/SpdyImpact/spdy3/UMA-Uniformity-Trial-1-Percent/group_79/UMA-Uniformity-Trial-10-Percent/group_03/UMA-Uniformity-Trial-20-Percent/group_03/UMA-Uniformity-Trial-5-Percent/group_09/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --channel="2252.4.1763245055\1592612448" /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Darken\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 4081008]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-06-22 2786512]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-06-22 3669712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Darken\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-19 116648]
"KeyMapperStarup"=C:\keyremappers\KeyRemapper CW\KeyRemapper.exe [2008-04-11 155864]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Ad-Watch"=C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe [2009-01-18 506712]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
C:\Users\Darken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
t4sks - Shortcut.lnk - C:\Users\Darken\Desktop\t4sks.rtf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Lavasoft Ad-Aware Service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-08-06 18:28:44 ----D---- C:\Program Files\trend micro
2012-08-06 18:28:43 ----D---- C:\rsit
2012-08-06 18:24:48 ----D---- C:\Program Files\CCleaner
2012-07-19 19:31:04 ----SHD---- C:\Config.Msi
2012-07-19 19:30:50 ----D---- C:\11dc357a5132eccbaf13
2012-07-19 13:54:41 ----D---- C:\Users\Darken\AppData\Roaming\Spyware Terminator
2012-07-19 13:54:41 ----D---- C:\ProgramData\Spyware Terminator
2012-07-19 13:54:41 ----A---- C:\Windows\system32\drivers\stflt.sys
2012-07-19 13:54:03 ----D---- C:\Program Files (x86)\Spyware Terminator
2012-07-19 13:49:48 ----D---- C:\Users\Darken\AppData\Roaming\Malwarebytes
2012-07-19 13:49:25 ----D---- C:\ProgramData\Malwarebytes
2012-07-19 13:49:24 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 13:49:24 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-07-17 22:10:38 ----A---- C:\Windows\system32\lsdelete.exe
2012-07-17 19:26:50 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-07-17 19:26:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-17 19:22:19 ----HDC---- C:\ProgramData\{83C91755-2546-441D-AC40-9A6B4B860800}
2012-07-17 19:22:18 ----D---- C:\ProgramData\Lavasoft
2012-07-17 19:22:18 ----D---- C:\Program Files (x86)\Lavasoft
2012-07-13 22:22:56 ----D---- C:\Program Files (x86)\Shutter
2012-07-11 22:23:46 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\url.dll
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-07-11 22:21:45 ----A---- C:\Windows\system32\url.dll
2012-07-11 22:21:45 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\urlmon.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-11 22:21:44 ----A---- C:\Windows\system32\ieui.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\iertutil.dll
2012-07-11 22:21:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-07-11 22:21:43 ----A---- C:\Windows\system32\wininet.dll
2012-07-11 22:21:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-07-11 22:21:42 ----A---- C:\Windows\system32\jscript9.dll
2012-07-11 22:21:42 ----A---- C:\Windows\system32\jscript.dll
2012-07-11 22:21:41 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-07-11 22:21:40 ----A---- C:\Windows\system32\mshtml.dll
2012-07-11 22:21:39 ----A---- C:\Windows\system32\ieframe.dll
2012-07-11 22:21:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-07-11 19:59:44 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 19:59:44 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 19:59:44 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 19:59:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 19:59:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 19:59:43 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 19:59:41 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 19:59:37 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 19:59:34 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 19:59:34 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 19:59:34 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 19:59:33 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 19:59:33 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 19:59:33 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 19:59:31 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 19:59:30 ----A---- C:\Windows\system32\cdosys.dll
======List of files/folders modified in the last 1 month======
2012-08-06 18:28:48 ----D---- C:\Windows\Prefetch
2012-08-06 18:28:44 ----RD---- C:\Program Files
2012-08-06 18:28:40 ----D---- C:\Windows\Temp
2012-08-06 18:26:29 ----D---- C:\Windows\Panther
2012-08-06 18:26:29 ----D---- C:\Windows\Logs
2012-08-06 18:26:29 ----D---- C:\Windows\inf
2012-08-06 18:26:29 ----D---- C:\Windows\debug
2012-08-06 18:26:29 ----D---- C:\Windows
2012-08-06 18:24:49 ----D---- C:\Windows\system32\Tasks
2012-08-06 18:23:02 ----D---- C:\Windows\System32
2012-08-06 18:23:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-06 18:19:21 ----D---- C:\Windows\system32\config
2012-07-20 16:13:53 ----D---- C:\Windows\winsxs
2012-07-20 15:22:00 ----D---- C:\Windows\system32\drivers
2012-07-19 19:31:25 ----SHD---- C:\Windows\Installer
2012-07-19 19:30:48 ----SHD---- C:\System Volume Information
2012-07-19 13:54:41 ----HD---- C:\ProgramData
2012-07-19 13:54:03 ----RD---- C:\Program Files (x86)
2012-07-17 19:22:59 ----D---- C:\Windows\Tasks
2012-07-16 20:07:03 ----D---- C:\NTTGame
2012-07-16 20:05:57 ----D---- C:\Windows\system32\catroot2
2012-07-15 10:01:27 ----RSD---- C:\Windows\Fonts
2012-07-12 12:29:15 ----D---- C:\Windows\SysWOW64
2012-07-12 12:29:14 ----D---- C:\Windows\SYSWOW64\migration
2012-07-12 12:29:14 ----D---- C:\Program Files (x86)\Internet Explorer
2012-07-12 12:29:13 ----D---- C:\Windows\system32\migration
2012-07-12 12:29:13 ----D---- C:\Program Files\Internet Explorer
2012-07-11 22:23:54 ----D---- C:\Windows\system32\catroot
2012-07-11 22:22:25 ----A---- C:\Windows\system32\MRT.exe
2012-07-07 11:34:40 ----D---- C:\Windows\system32\wdi
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2012-07-19 51496]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-08-04 1973792]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2008-07-22 60416]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 cpuz132;cpuz132; \??\C:\Users\Darken\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-02-15 235520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service; C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe [2009-01-18 921936]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-06-22 1148664]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-19 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
preventivna kontrola logu RSIT
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: preventivna kontrola logu RSIT
Zdravim 
Mate tam nejak moc bezpecnostnich programu
V pc ma byt jeden Antivir a jeden Antispyware.
Vam tam bezi Eset a MBAM, a pak Terminator, AdAware a Spyboot.
AdAware a Spyboota doporucuji odinstalovat, jsou to zastarale programy. MBAM bud taky odinstalujte, nebo aspon vypnete jeho zapinani po startu.
Az to udelate, dejte sem novy log z RSIT a docistime to
Mate tam nejak moc bezpecnostnich programu
V pc ma byt jeden Antivir a jeden Antispyware.
Vam tam bezi Eset a MBAM, a pak Terminator, AdAware a Spyboot.
AdAware a Spyboota doporucuji odinstalovat, jsou to zastarale programy. MBAM bud taky odinstalujte, nebo aspon vypnete jeho zapinani po startu.
Az to udelate, dejte sem novy log z RSIT a docistime to
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivna kontrola logu RSIT
Logfile of random's system information tool 1.09 (written by random/random)
Run by Darken at 2012-08-07 12:54:03
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 792 GB (84%) free of 939 GB
Total RAM: 4095 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:06, on 7. 8. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\keyremappers\KeyRemapper CW\KeyRemapper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\trend micro\Darken.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Darken\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KeyMapperStarup] "C:\keyremappers\KeyRemapper CW\KeyRemapper.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: t4sks - Shortcut.lnk = C:\Users\Darken\Desktop\t4sks.rtf
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6324 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\keyremappers\KeyRemapper CW\KeyRemapper.exe" /background
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Darken\Desktop\t4sks.rtf"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 1864
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9e2f1cd0-a077-4c0a-9fb8-7c5fea568b93 -SystemEventPortName:HostProcess-60e26624-a331-4716-8879-314407a38b21 -IoCancelEventPortName:HostProcess-2d3ea807-1c2e-4ff6-aaa7-9ce453d26b48 -NonStateChangingEventPortName:HostProcess-ef675d36-4f75-4cff-a15f-9c9167f63fa5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e830f2c1-027c-49dc-98be-deaca9391897
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3377480134-622928347-3400585505-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3377480134-622928347-3400585505-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Darken\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 4081008]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-06-22 2786512]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-06-22 3669712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Darken\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-19 116648]
"KeyMapperStarup"=C:\keyremappers\KeyRemapper CW\KeyRemapper.exe [2008-04-11 155864]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
C:\Users\Darken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
t4sks - Shortcut.lnk - C:\Users\Darken\Desktop\t4sks.rtf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-08-06 18:38:30 ----D---- C:\rsit
2012-08-06 18:28:44 ----D---- C:\Program Files\trend micro
2012-08-06 18:24:48 ----D---- C:\Program Files\CCleaner
2012-07-19 19:30:50 ----D---- C:\11dc357a5132eccbaf13
2012-07-19 13:54:41 ----D---- C:\Users\Darken\AppData\Roaming\Spyware Terminator
2012-07-19 13:54:41 ----D---- C:\ProgramData\Spyware Terminator
2012-07-19 13:54:41 ----A---- C:\Windows\system32\drivers\stflt.sys
2012-07-19 13:54:03 ----D---- C:\Program Files (x86)\Spyware Terminator
2012-07-19 13:49:48 ----D---- C:\Users\Darken\AppData\Roaming\Malwarebytes
2012-07-19 13:49:25 ----D---- C:\ProgramData\Malwarebytes
2012-07-19 13:49:24 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 13:49:24 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-07-17 19:26:50 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-07-17 19:26:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-17 19:22:18 ----D---- C:\ProgramData\Lavasoft
2012-07-17 19:22:18 ----D---- C:\Program Files (x86)\Lavasoft
2012-07-13 22:22:56 ----D---- C:\Program Files (x86)\Shutter
2012-07-11 22:23:46 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\url.dll
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-07-11 22:21:45 ----A---- C:\Windows\system32\url.dll
2012-07-11 22:21:45 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\urlmon.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-11 22:21:44 ----A---- C:\Windows\system32\ieui.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\iertutil.dll
2012-07-11 22:21:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-07-11 22:21:43 ----A---- C:\Windows\system32\wininet.dll
2012-07-11 22:21:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-07-11 22:21:42 ----A---- C:\Windows\system32\jscript9.dll
2012-07-11 22:21:42 ----A---- C:\Windows\system32\jscript.dll
2012-07-11 22:21:41 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-07-11 22:21:40 ----A---- C:\Windows\system32\mshtml.dll
2012-07-11 22:21:39 ----A---- C:\Windows\system32\ieframe.dll
2012-07-11 22:21:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-07-11 19:59:44 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 19:59:44 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 19:59:44 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 19:59:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 19:59:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 19:59:43 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 19:59:41 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 19:59:37 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 19:59:34 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 19:59:34 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 19:59:34 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 19:59:33 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 19:59:33 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 19:59:33 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 19:59:31 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 19:59:30 ----A---- C:\Windows\system32\cdosys.dll
======List of files/folders modified in the last 1 month======
2012-08-07 12:39:32 ----D---- C:\Windows\System32
2012-08-07 12:39:32 ----D---- C:\Windows\inf
2012-08-07 12:39:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-07 12:38:28 ----D---- C:\Windows\Temp
2012-08-07 12:38:09 ----D---- C:\Windows\system32\config
2012-08-07 12:34:51 ----HD---- C:\ProgramData
2012-08-07 12:34:06 ----SHD---- C:\Windows\Installer
2012-08-07 12:33:48 ----D---- C:\Windows\Prefetch
2012-08-07 11:31:28 ----D---- C:\Windows
2012-08-06 20:37:31 ----SHD---- C:\System Volume Information
2012-08-06 19:14:38 ----D---- C:\Windows\system32\drivers
2012-08-06 18:28:44 ----RD---- C:\Program Files
2012-08-06 18:26:29 ----D---- C:\Windows\Panther
2012-08-06 18:26:29 ----D---- C:\Windows\Logs
2012-08-06 18:26:29 ----D---- C:\Windows\debug
2012-08-06 18:24:49 ----D---- C:\Windows\system32\Tasks
2012-07-20 16:13:53 ----D---- C:\Windows\winsxs
2012-07-19 13:54:03 ----RD---- C:\Program Files (x86)
2012-07-17 19:22:59 ----D---- C:\Windows\Tasks
2012-07-16 20:07:03 ----D---- C:\NTTGame
2012-07-16 20:05:57 ----D---- C:\Windows\system32\catroot2
2012-07-15 10:01:27 ----RSD---- C:\Windows\Fonts
2012-07-12 12:29:15 ----D---- C:\Windows\SysWOW64
2012-07-12 12:29:14 ----D---- C:\Windows\SYSWOW64\migration
2012-07-12 12:29:14 ----D---- C:\Program Files (x86)\Internet Explorer
2012-07-12 12:29:13 ----D---- C:\Windows\system32\migration
2012-07-12 12:29:13 ----D---- C:\Program Files\Internet Explorer
2012-07-11 22:23:54 ----D---- C:\Windows\system32\catroot
2012-07-11 22:22:25 ----A---- C:\Windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2012-07-19 51496]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-08-04 1973792]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2008-07-22 60416]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 cpuz132;cpuz132; \??\C:\Users\Darken\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-02-15 235520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-06-22 1148664]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-19 1255736]
-----------------EOF-----------------
Run by Darken at 2012-08-07 12:54:03
Microsoft Windows 7 Enterprise Service Pack 1
System drive C: has 792 GB (84%) free of 939 GB
Total RAM: 4095 MB (75% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 12:54:06, on 7. 8. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16447)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe
C:\keyremappers\KeyRemapper CW\KeyRemapper.exe
C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
C:\Program Files\trend micro\Darken.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Google Update] "C:\Users\Darken\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [KeyMapperStarup] "C:\keyremappers\KeyRemapper CW\KeyRemapper.exe" /background
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: t4sks - Shortcut.lnk = C:\Users\Darken\Desktop\t4sks.rtf
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 6324 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"taskhost.exe"
"C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe"
"C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe"
"C:\keyremappers\KeyRemapper CW\KeyRemapper.exe" /background
"C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe" /background
"C:\Program Files\Windows NT\Accessories\WORDPAD.EXE" "C:\Users\Darken\Desktop\t4sks.rtf"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 1864
C:\Windows\sysWOW64\wbem\wmiprvse.exe -secured -Embedding
"C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe" -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9e2f1cd0-a077-4c0a-9fb8-7c5fea568b93 -SystemEventPortName:HostProcess-60e26624-a331-4716-8879-314407a38b21 -IoCancelEventPortName:HostProcess-2d3ea807-1c2e-4ff6-aaa7-9ce453d26b48 -NonStateChangingEventPortName:HostProcess-ef675d36-4f75-4cff-a15f-9c9167f63fa5 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:e830f2c1-027c-49dc-98be-deaca9391897
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe_S-1-5-21-3377480134-622928347-3400585505-10001_ Global\UsGthrCtrlFltPipeMssGthrPipe_S-1-5-21-3377480134-622928347-3400585505-10001 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon" "1"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\Darken\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2012-03-07 4081008]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-04 186904]
"SpywareTerminatorShield"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe [2012-06-22 2786512]
"SpywareTerminatorUpdater"=C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe [2012-06-22 3669712]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\Darken\AppData\Local\Google\Update\GoogleUpdate.exe [2012-06-19 116648]
"KeyMapperStarup"=C:\keyremappers\KeyRemapper CW\KeyRemapper.exe [2008-04-11 155864]
"msnmsgr"=C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe [2012-03-08 4280184]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"=C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]
C:\Users\Darken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
t4sks - Shortcut.lnk - C:\Users\Darken\Desktop\t4sks.rtf
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-08-06 18:38:30 ----D---- C:\rsit
2012-08-06 18:28:44 ----D---- C:\Program Files\trend micro
2012-08-06 18:24:48 ----D---- C:\Program Files\CCleaner
2012-07-19 19:30:50 ----D---- C:\11dc357a5132eccbaf13
2012-07-19 13:54:41 ----D---- C:\Users\Darken\AppData\Roaming\Spyware Terminator
2012-07-19 13:54:41 ----D---- C:\ProgramData\Spyware Terminator
2012-07-19 13:54:41 ----A---- C:\Windows\system32\drivers\stflt.sys
2012-07-19 13:54:03 ----D---- C:\Program Files (x86)\Spyware Terminator
2012-07-19 13:49:48 ----D---- C:\Users\Darken\AppData\Roaming\Malwarebytes
2012-07-19 13:49:25 ----D---- C:\ProgramData\Malwarebytes
2012-07-19 13:49:24 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-07-19 13:49:24 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-07-17 19:26:50 ----D---- C:\ProgramData\Spybot - Search & Destroy
2012-07-17 19:26:50 ----D---- C:\Program Files (x86)\Spybot - Search & Destroy
2012-07-17 19:22:18 ----D---- C:\ProgramData\Lavasoft
2012-07-17 19:22:18 ----D---- C:\Program Files (x86)\Lavasoft
2012-07-13 22:22:56 ----D---- C:\Program Files (x86)\Shutter
2012-07-11 22:23:46 ----A---- C:\Windows\system32\win32k.sys
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\url.dll
2012-07-11 22:21:45 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2012-07-11 22:21:45 ----A---- C:\Windows\system32\url.dll
2012-07-11 22:21:45 ----A---- C:\Windows\system32\mshtmled.dll
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\ieui.dll
2012-07-11 22:21:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\urlmon.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\ieUnatt.exe
2012-07-11 22:21:44 ----A---- C:\Windows\system32\ieui.dll
2012-07-11 22:21:44 ----A---- C:\Windows\system32\iertutil.dll
2012-07-11 22:21:43 ----A---- C:\Windows\SYSWOW64\wininet.dll
2012-07-11 22:21:43 ----A---- C:\Windows\system32\wininet.dll
2012-07-11 22:21:43 ----A---- C:\Windows\system32\jsproxy.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2012-07-11 22:21:42 ----A---- C:\Windows\SYSWOW64\jscript.dll
2012-07-11 22:21:42 ----A---- C:\Windows\system32\jscript9.dll
2012-07-11 22:21:42 ----A---- C:\Windows\system32\jscript.dll
2012-07-11 22:21:41 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2012-07-11 22:21:40 ----A---- C:\Windows\system32\mshtml.dll
2012-07-11 22:21:39 ----A---- C:\Windows\system32\ieframe.dll
2012-07-11 22:21:38 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2012-07-11 19:59:44 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2012-07-11 19:59:44 ----A---- C:\Windows\system32\msxml6.dll
2012-07-11 19:59:44 ----A---- C:\Windows\system32\msxml3.dll
2012-07-11 19:59:43 ----A---- C:\Windows\SYSWOW64\msxml3r.dll
2012-07-11 19:59:43 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2012-07-11 19:59:43 ----A---- C:\Windows\system32\msxml3r.dll
2012-07-11 19:59:41 ----A---- C:\Windows\system32\shell32.dll
2012-07-11 19:59:37 ----A---- C:\Windows\SYSWOW64\shell32.dll
2012-07-11 19:59:34 ----A---- C:\Windows\SYSWOW64\schannel.dll
2012-07-11 19:59:34 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\schannel.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\ncrypt.dll
2012-07-11 19:59:34 ----A---- C:\Windows\system32\drivers\ksecpkg.sys
2012-07-11 19:59:34 ----A---- C:\Windows\system32\drivers\cng.sys
2012-07-11 19:59:33 ----A---- C:\Windows\SYSWOW64\sspicli.dll
2012-07-11 19:59:33 ----A---- C:\Windows\SYSWOW64\secur32.dll
2012-07-11 19:59:33 ----A---- C:\Windows\system32\drivers\ksecdd.sys
2012-07-11 19:59:31 ----A---- C:\Windows\SYSWOW64\cdosys.dll
2012-07-11 19:59:30 ----A---- C:\Windows\system32\cdosys.dll
======List of files/folders modified in the last 1 month======
2012-08-07 12:39:32 ----D---- C:\Windows\System32
2012-08-07 12:39:32 ----D---- C:\Windows\inf
2012-08-07 12:39:32 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-07 12:38:28 ----D---- C:\Windows\Temp
2012-08-07 12:38:09 ----D---- C:\Windows\system32\config
2012-08-07 12:34:51 ----HD---- C:\ProgramData
2012-08-07 12:34:06 ----SHD---- C:\Windows\Installer
2012-08-07 12:33:48 ----D---- C:\Windows\Prefetch
2012-08-07 11:31:28 ----D---- C:\Windows
2012-08-06 20:37:31 ----SHD---- C:\System Volume Information
2012-08-06 19:14:38 ----D---- C:\Windows\system32\drivers
2012-08-06 18:28:44 ----RD---- C:\Program Files
2012-08-06 18:26:29 ----D---- C:\Windows\Panther
2012-08-06 18:26:29 ----D---- C:\Windows\Logs
2012-08-06 18:26:29 ----D---- C:\Windows\debug
2012-08-06 18:24:49 ----D---- C:\Windows\system32\Tasks
2012-07-20 16:13:53 ----D---- C:\Windows\winsxs
2012-07-19 13:54:03 ----RD---- C:\Program Files (x86)
2012-07-17 19:22:59 ----D---- C:\Windows\Tasks
2012-07-16 20:07:03 ----D---- C:\NTTGame
2012-07-16 20:05:57 ----D---- C:\Windows\system32\catroot2
2012-07-15 10:01:27 ----RSD---- C:\Windows\Fonts
2012-07-12 12:29:15 ----D---- C:\Windows\SysWOW64
2012-07-12 12:29:14 ----D---- C:\Windows\SYSWOW64\migration
2012-07-12 12:29:14 ----D---- C:\Program Files (x86)\Internet Explorer
2012-07-12 12:29:13 ----D---- C:\Windows\system32\migration
2012-07-12 12:29:13 ----D---- C:\Program Files\Internet Explorer
2012-07-11 22:23:54 ----D---- C:\Windows\system32\catroot
2012-07-11 22:22:25 ----A---- C:\Windows\system32\MRT.exe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel RAID Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-04 408600]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R2 sp_rsdrv2;Spyware Terminator Driver Filter; C:\Windows\system32\DRIVERS\stflt.sys [2012-07-19 51496]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-08-04 1973792]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys [2008-07-22 60416]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 cpuz132;cpuz132; \??\C:\Users\Darken\AppData\Local\Temp\cpuz132\cpuz132_x64.sys []
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-02-15 235520]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-04 354840]
R2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service; C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe [2012-06-22 1148664]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 2292096]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-06-19 1255736]
-----------------EOF-----------------
Re: preventivna kontrola logu RSIT
Toto znate? C:\Users\Darken\Desktop\t4sks.rtf
Stahnete OTM http://oldtimer.geekstogo.com/OTM.exe a ulozte nejlepe na plochu.Kliknete na nej pravym mysidlem a levym na Spustit jako spravce.
Do leveho okna zkopirujte tento skript (vcetne te dvojtecky pred slovem commands)
Kód: Vybrat vše
:commands
[EMPTYTEMP]
[EMPTYFLASH]
[RESETHOSTS]
[Purity]
:services
MBAMService
:files
%windir%\system32\*.tmp.dll /s
%windir%\system32\SET*.tmp /s
%windir%\*.tmp
C:\Windows\tasks\Ad-Aware Update (Weekly).job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000UA.job
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files (x86)\Spybot - Search & Destroy
C:\ProgramData\Lavasoft
C:\Program Files (x86)\Lavasoft
:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=-
"msnmsgr"=-
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Malwarebytes' Anti-Malware"=-
Po restartu sem dejte log, ktery na vas vyskoci, nebo bude zde C:\_OTM\MovedFiles\xxxxxxxx_xxxxxx (misto tech x budou cisla, predstavujici datum a cas spusteni)
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivna kontrola logu RSIT
Dobry den, ten subor poznam.
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Darken
->Temp folder emptied: 976938 bytes
->Temporary Internet Files folder emptied: 3195066 bytes
->Google Chrome cache emptied: 25315936 bytes
->Flash cache emptied: 5863 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14225934 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36110828 bytes
RecycleBin emptied: 12480130 bytes
Total Files Cleaned = 88,00 mb
[EMPTYFLASH]
User: All Users
User: Darken
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Error: Unable to stop service MBAMService!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000UA.job moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
C:\ProgramData\Lavasoft\License folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
C:\Program Files (x86)\Lavasoft folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 08072012_192025
Files moved on Reboot...
C:\Users\Darken\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
All processes killed
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Darken
->Temp folder emptied: 976938 bytes
->Temporary Internet Files folder emptied: 3195066 bytes
->Google Chrome cache emptied: 25315936 bytes
->Flash cache emptied: 5863 bytes
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 14225934 bytes
%systemroot%\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36110828 bytes
RecycleBin emptied: 12480130 bytes
Total Files Cleaned = 88,00 mb
[EMPTYFLASH]
User: All Users
User: Darken
->Flash cache emptied: 0 bytes
User: Default
User: Default User
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
========== SERVICES/DRIVERS ==========
Error: Unable to stop service MBAMService!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MBAMService deleted successfully.
========== FILES ==========
File/Folder C:\Windows\system32\*.tmp.dll not found.
File/Folder C:\Windows\system32\SET*.tmp not found.
File/Folder C:\Windows\*.tmp not found.
C:\Windows\tasks\Ad-Aware Update (Weekly).job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000Core.job moved successfully.
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3377480134-622928347-3400585505-1000UA.job moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Recovery folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy\Logs folder moved successfully.
C:\ProgramData\Spybot - Search & Destroy folder moved successfully.
C:\Program Files (x86)\Spybot - Search & Destroy folder moved successfully.
C:\ProgramData\Lavasoft\License folder moved successfully.
C:\ProgramData\Lavasoft folder moved successfully.
C:\Program Files (x86)\Lavasoft folder moved successfully.
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9030D464-4C02-4ABF-8ECC-5164760863C6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Google Update deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\msnmsgr deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run\\Malwarebytes' Anti-Malware deleted successfully.
OTM by OldTimer - Version 3.1.21.0 log created on 08072012_192025
Files moved on Reboot...
C:\Users\Darken\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
Registry entries deleted on Reboot...
Re: preventivna kontrola logu RSIT
OTM provedlo co melo, jinak vypada log v poradku.
Slo ciste o preventivku, nebo je s pc nejaky problem?
Slo ciste o preventivku, nebo je s pc nejaky problem?Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivna kontrola logu RSIT
Praveze neslo o preventivku. Zverili mi dve PC ktore Vam mam dat skontrolovat. (druhe bude nasledovat coskoro) Majitel mal podozrenie na keylogery.
- Mozem si byt ista ze PC je 100% ciste?
- A este otazka, ako by mal byt nastaveny windows 7 firewall, v nastaveniach public a private? Dakujem.
- Mozem si byt ista ze PC je 100% ciste?
- A este otazka, ako by mal byt nastaveny windows 7 firewall, v nastaveniach public a private? Dakujem.
Re: preventivna kontrola logu RSIT
Ale log je v preventivkach 
A majitel je kdo? To delate v servisu?
Havet tam samozrejme byt muze. RSIT zdaleka neukaze vse. MBAM neco nasel? Predpokladam, ze kdyz byl/je v pc, nekdo ho i pouzil a udelal uplnou kontrolu, nebo ne?
A majitel je kdo? To delate v servisu?
Havet tam samozrejme byt muze. RSIT zdaleka neukaze vse. MBAM neco nasel? Predpokladam, ze kdyz byl/je v pc, nekdo ho i pouzil a udelal uplnou kontrolu, nebo ne?
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivna kontrola logu RSIT
Kamarat ma poprosil. Predpokladate spravne full kontrola od Mbam bola robena, nasli sa tam dva ze vraj trojany v starsich zalohovanych suboroch, ktore sme zmazali aj ked zrejme slo o false positive. inak nic, tak neviem...
Re: preventivna kontrola logu RSIT
Doufam, ze ten windows je legalni. Neni to zrovna bezna domaci verze 
Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe , ulozte ho na plochu, kliknete na nej pravym mysidlem a levym na Spustit jako spravce.Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne delsi test.
Po dokonceni kliknete na napis Zprava a objevi se log. Ten mi sem vlozte
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivna kontrola logu RSIT
Vsetok software je legalny. A windowsy ma z firmy.
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Darken [Admin rights]
Mode: Scan -- Date: 08/07/2012 21:14:53
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] t4sks - Shortcut.lnk @Darken : C:\Users\Darken\Desktop\t4sks.rtf -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EACS-65D6B0 +++++
--- User ---
[MBR] e4d5853cc90b2ce38155426c2131b10c
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939167 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923414255 | Size: 14700 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Darken [Admin rights]
Mode: Scan -- Date: 08/07/2012 21:14:53
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] t4sks - Shortcut.lnk @Darken : C:\Users\Darken\Desktop\t4sks.rtf -> FOUND
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> FOUND
[HJ] HKLM\[...]\System : EnableLUA (0) -> FOUND
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EACS-65D6B0 +++++
--- User ---
[MBR] e4d5853cc90b2ce38155426c2131b10c
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939167 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923414255 | Size: 14700 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[1].txt >>
RKreport[1].txt
Re: preventivna kontrola logu RSIT
No dobra tedy, budu verit Ale i kdyz ma windows z firmy, jedna se o domaci pc, je to tak? 
Programku se taky nelibi to, na co jsem se ptal
[SUSP PATH] t4sks - Shortcut.lnk @Darken : C:\Users\Darken\Desktop\t4sks.rtf -> FOUND
Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrela, rovnou kliknete na napis Smazat)
Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Nejsem si jisty, jestli pujde ten zmineny radek ignorovat. Kdyz ne, budete to muset pak nainstalovat znova. Nevim co to je
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Ale i kdyz ma windows z firmy, jedna se o domaci pc, je to tak? Programku se taky nelibi to, na co jsem se ptal
[SUSP PATH] t4sks - Shortcut.lnk @Darken : C:\Users\Darken\Desktop\t4sks.rtf -> FOUND
Znovu spustte RogueKiller jako spravce (pokud jste ho jeste nezavrela, rovnou kliknete na napis Smazat)Probehne kratoucky testik a pak se zpristupni vpravo nahore tlacitko Prohledat. Na to kliknete a probehne dalsi test.
Nejsem si jisty, jestli pujde ten zmineny radek ignorovat. Kdyz ne, budete to muset pak nainstalovat znova. Nevim co to je
Po dokonceni kliknete na napis Smazat.
Pak kliknete na napis Zprava a objevi se log. Ten mi sem vlozte.
Pak kliknete na napis Oprava Host a Zprava.
Objevi se dalsi log. I ten mi sem vlozte.
Pokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivna kontrola logu RSIT
Ano Pc ma doma ale vyuziva ho hlavne na pracu, tak neviem..
t4sks.rtf - (tasks - ulohy) (rtf - rich text document) - Textovy subor ktory sa tu spusta automaticky po starte pc, a kam sa zadavaju denne ulohy. Subor sa dal odskrtnut takze nebol zmazany.
Log1:
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Darken [Admin rights]
Mode: Remove -- Date: 08/08/2012 14:25:31
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] t4sks - Shortcut.lnk @Darken : C:\Users\Darken\Desktop\t4sks.rtf -> NOT SELECTED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EACS-65D6B0 +++++
--- User ---
[MBR] e4d5853cc90b2ce38155426c2131b10c
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939167 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923414255 | Size: 14700 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Log2:
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Darken [Admin rights]
Mode: HOSTSFix -- Date: 08/08/2012 14:29:35
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
ÿþ1
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
t4sks.rtf - (tasks - ulohy) (rtf - rich text document) - Textovy subor ktory sa tu spusta automaticky po starte pc, a kam sa zadavaju denne ulohy. Subor sa dal odskrtnut takze nebol zmazany.
Log1:
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Darken [Admin rights]
Mode: Remove -- Date: 08/08/2012 14:25:31
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Registry Entries: 6 ¤¤¤
[SUSP PATH] t4sks - Shortcut.lnk @Darken : C:\Users\Darken\Desktop\t4sks.rtf -> NOT SELECTED
[HJ] HKLM\[...]\System : ConsentPromptBehaviorAdmin (0) -> REPLACED (2)
[HJ] HKLM\[...]\System : EnableLUA (0) -> REPLACED (1)
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)
¤¤¤ Particular Files / Folders: ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ Infection : ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
ÿþ1
¤¤¤ MBR Check: ¤¤¤
+++++ PhysicalDrive0: WDC WD10EACS-65D6B0 +++++
--- User ---
[MBR] e4d5853cc90b2ce38155426c2131b10c
[BSP] ceb84c3e7b096f62a58a22cb4210973b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 63 | Size: 939167 Mo
3 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 1923414255 | Size: 14700 Mo
User = LL1 ... OK!
User = LL2 ... OK!
Finished : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt
Log2:
RogueKiller V7.6.5 [08/03/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com
Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: Darken [Admin rights]
Mode: HOSTSFix -- Date: 08/08/2012 14:29:35
¤¤¤ Bad processes: 0 ¤¤¤
¤¤¤ Driver: [NOT LOADED] ¤¤¤
¤¤¤ HOSTS File: ¤¤¤
ÿþ1
¤¤¤ Resetted HOSTS: ¤¤¤
127.0.0.1 localhost
Finished : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt
Re: preventivna kontrola logu RSIT
No, pokud je to soukrome pc, neni to proti pravidlum. Ale ted tam pustime poradny nastroj, tak opatrne.
A dik za vysvetleni
Co je tasks samozrejme vim, ale nikdy jsem to nevidel takhle v registrech upravene, proto jsem se radeji ptal a i ten program byl z toho zmateny
Pokud nemate, zazalohujte si dulezita data
Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc!
Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.
Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfigurace
A dik za vysvetleni
Co je tasks samozrejme vim, ale nikdy jsem to nevidel takhle v registrech upravene, proto jsem se radeji ptal a i ten program byl z toho zmateny Pokud nemate, zazalohujte si dulezita data Nepouzivejte ComboFix bez predchozi domluvy! Je to poruseni pravidel fora a ztratite tim narok na pomoc! Stahnete ComboFix http://download.bleepingcomputer.com/sUBs/ComboFix.exe a ulozte ho na plochu.Vypnete antivir i dalsi pripadne zabezpeceni.
Kliknete na ComboFix pravym mysidlem a levym na Spustit jako spravce
Odsouhlaste licencni podminky a nechte program pracovat. Jestli vam nabidne instalaci Konzoly pro zotaveni, souhlaste.
Po dobu skenu nic nespoustejte, nikam neklikejte.
Po dokonceni skenovani (muze dojit i k restartu pc) by se mel vytvorit log, ktery bude umisteny zde C:\ComboFix.txt
Jeho obsah sem zkopirujte
Kdyby po restartu nenabehl windows, restartujte znovu, mackejte klavesu F8 a zvolte - Posledni znama funkcni konfiguracePokud máte dotaz, který není určen pro veřejnost, můžete mi napsat na mail marty84zavináčforum.viry.cz
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Možnost podpořit naše fórum https://platba.viry.cz/payment/
Z časových důvodů teď budu na fóru méně často. V případě delšího čekání na odpověď kontaktujte prosím některého z kolegů (většina má mailovou adresu ve svém podpisu).
Re: preventivna kontrola logu RSIT
ComboFix 12-08-07.05 - Darken . 08. 2012 15:08:16.1.4 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.4095.2890 [GMT 2:00]
Running from: c:\users\Darken\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\keyremappers\KeyRemapper CW\KeyRemapper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 13:11 . 2012-08-08 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 17:20 . 2012-08-07 17:20 -------- d-----w- C:\_OTM
2012-08-07 17:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCCEF8D4-38EF-416A-8970-537BC6B192F6}\mpengine.dll
2012-08-06 16:38 . 2012-08-06 16:38 -------- d-----w- C:\rsit
2012-08-06 16:28 . 2012-08-07 10:54 -------- d-----w- c:\program files\trend micro
2012-08-06 16:24 . 2012-08-06 16:24 -------- d-----w- c:\program files\CCleaner
2012-07-19 17:30 . 2012-07-19 17:30 -------- d-----w- C:\11dc357a5132eccbaf13
2012-07-19 11:54 . 2012-08-08 12:12 -------- d-----w- c:\programdata\Spyware Terminator
2012-07-19 11:54 . 2012-07-19 11:54 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-07-19 11:54 . 2012-07-19 11:54 -------- d-----w- c:\users\Darken\AppData\Roaming\Spyware Terminator
2012-07-19 11:54 . 2012-07-19 11:54 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-07-19 11:51 . 2012-07-19 11:51 -------- d-----w- c:\users\Darken\AppData\Local\ESET
2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\users\Darken\AppData\Roaming\Malwarebytes
2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 11:49 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 20:22 . 2012-07-14 00:33 -------- d-----w- c:\program files (x86)\Shutter
2012-07-11 20:23 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 20:22 . 2012-06-19 15:24 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 16:08 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-19 17:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-19 17:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-19 15:59 . 2012-06-19 15:59 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-19 15:59 . 2012-06-19 15:59 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-19 15:59 . 2012-06-19 15:59 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-19 15:59 . 2012-06-19 15:59 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-19 15:59 . 2012-06-19 15:59 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-19 15:59 . 2012-06-19 15:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-19 15:59 . 2012-06-19 15:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-19 15:59 . 2012-06-19 15:59 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-19 15:59 . 2012-06-19 15:59 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-19 15:59 . 2012-06-19 15:59 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-19 15:59 . 2012-06-19 15:59 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-19 15:59 . 2012-06-19 15:59 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-19 15:59 . 2012-06-19 15:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-19 15:59 . 2012-06-19 15:59 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-19 15:59 . 2012-06-19 15:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-19 15:59 . 2012-06-19 15:59 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-19 15:59 . 2012-06-19 15:59 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-19 15:59 . 2012-06-19 15:59 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-19 15:59 . 2012-06-19 15:59 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-19 15:59 . 2012-06-19 15:59 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-19 15:59 . 2012-06-19 15:59 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-19 15:59 . 2012-06-19 15:59 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-19 15:59 . 2012-06-19 15:59 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-19 15:59 . 2012-06-19 15:59 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-19 15:59 . 2012-06-19 15:59 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-19 15:59 . 2012-06-19 15:59 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-19 15:59 . 2012-06-19 15:59 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-19 15:59 . 2012-06-19 15:59 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-19 15:59 . 2012-06-19 15:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-19 15:59 . 2012-06-19 15:59 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-19 15:59 . 2012-06-19 15:59 448512 ----a-w- c:\windows\system32\html.iec
2012-06-19 15:59 . 2012-06-19 15:59 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-19 15:59 . 2012-06-19 15:59 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-19 15:59 . 2012-06-19 15:59 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-19 15:59 . 2012-06-19 15:59 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-19 15:59 . 2012-06-19 15:59 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-19 15:59 . 2012-06-19 15:59 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-19 15:59 . 2012-06-19 15:59 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-19 15:59 . 2012-06-19 15:59 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-19 15:59 . 2012-06-19 15:59 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-19 15:59 . 2012-06-19 15:59 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-19 15:59 . 2012-06-19 15:59 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-19 15:59 . 2012-06-19 15:59 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-19 15:59 . 2012-06-19 15:59 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-19 15:59 . 2012-06-19 15:59 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-19 15:59 . 2012-06-19 15:59 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-19 15:59 . 2012-06-19 15:59 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-19 15:59 . 2012-06-19 15:59 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-19 15:59 . 2012-06-19 15:59 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-19 15:59 . 2012-06-19 15:59 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-19 15:59 . 2012-06-19 15:59 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-19 15:59 . 2012-06-19 15:59 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-02 22:19 . 2012-06-24 20:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 20:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 20:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 20:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 20:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 20:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 20:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-24 20:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-24 20:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 17:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 17:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2012-06-19 15:18 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Darken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
t4sks - Shortcut.lnk - c:\users\Darken\Desktop\t4sks.rtf [2012-6-19 50145]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-19 1255736]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-07-19 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-06-21 1148664]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2008-07-22 60416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-06-21 2786512]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-06-21 3669712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 176.107.17.1 176.107.20.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KeyMapperStarup - c:\keyremappers\KeyRemapper CW\KeyRemapper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-08-08 15:15:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 13:15
.
Pre-Run: 829 794 816 000 bytes free
Post-Run: 829 294 043 136 bytes free
.
- - End Of File - - A7DDE7174A9A277238231DCCA229D630
Microsoft Windows 7 Enterprise 6.1.7601.1.1250.421.1033.18.4095.2890 [GMT 2:00]
Running from: c:\users\Darken\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\keyremappers\KeyRemapper CW\KeyRemapper.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-08 to 2012-08-08 )))))))))))))))))))))))))))))))
.
.
2012-08-08 13:11 . 2012-08-08 13:11 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-07 17:20 . 2012-08-07 17:20 -------- d-----w- C:\_OTM
2012-08-07 17:05 . 2012-06-29 10:04 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{DCCEF8D4-38EF-416A-8970-537BC6B192F6}\mpengine.dll
2012-08-06 16:38 . 2012-08-06 16:38 -------- d-----w- C:\rsit
2012-08-06 16:28 . 2012-08-07 10:54 -------- d-----w- c:\program files\trend micro
2012-08-06 16:24 . 2012-08-06 16:24 -------- d-----w- c:\program files\CCleaner
2012-07-19 17:30 . 2012-07-19 17:30 -------- d-----w- C:\11dc357a5132eccbaf13
2012-07-19 11:54 . 2012-08-08 12:12 -------- d-----w- c:\programdata\Spyware Terminator
2012-07-19 11:54 . 2012-07-19 11:54 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2012-07-19 11:54 . 2012-07-19 11:54 -------- d-----w- c:\users\Darken\AppData\Roaming\Spyware Terminator
2012-07-19 11:54 . 2012-07-19 11:54 -------- d-----w- c:\program files (x86)\Spyware Terminator
2012-07-19 11:51 . 2012-07-19 11:51 -------- d-----w- c:\users\Darken\AppData\Local\ESET
2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\users\Darken\AppData\Roaming\Malwarebytes
2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\programdata\Malwarebytes
2012-07-19 11:49 . 2012-07-19 11:49 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-19 11:49 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-13 20:22 . 2012-07-14 00:33 -------- d-----w- c:\program files (x86)\Shutter
2012-07-11 20:23 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 17:59 . 2012-06-06 06:06 2004480 ----a-w- c:\windows\system32\msxml6.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-11 20:22 . 2012-06-19 15:24 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-20 16:08 . 2011-03-28 16:36 19736 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-06-19 17:14 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-06-19 17:14 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-06-19 15:59 . 2012-06-19 15:59 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-06-19 15:59 . 2012-06-19 15:59 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-06-19 15:59 . 2012-06-19 15:59 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-06-19 15:59 . 2012-06-19 15:59 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-06-19 15:59 . 2012-06-19 15:59 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-06-19 15:59 . 2012-06-19 15:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-06-19 15:59 . 2012-06-19 15:59 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-06-19 15:59 . 2012-06-19 15:59 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-06-19 15:59 . 2012-06-19 15:59 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-06-19 15:59 . 2012-06-19 15:59 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-06-19 15:59 . 2012-06-19 15:59 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-06-19 15:59 . 2012-06-19 15:59 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-06-19 15:59 . 2012-06-19 15:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-06-19 15:59 . 2012-06-19 15:59 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-06-19 15:59 . 2012-06-19 15:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-06-19 15:59 . 2012-06-19 15:59 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-06-19 15:59 . 2012-06-19 15:59 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-06-19 15:59 . 2012-06-19 15:59 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-06-19 15:59 . 2012-06-19 15:59 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-06-19 15:59 . 2012-06-19 15:59 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-06-19 15:59 . 2012-06-19 15:59 82432 ----a-w- c:\windows\system32\icardie.dll
2012-06-19 15:59 . 2012-06-19 15:59 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-06-19 15:59 . 2012-06-19 15:59 697344 ----a-w- c:\windows\system32\msfeeds.dll
2012-06-19 15:59 . 2012-06-19 15:59 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-06-19 15:59 . 2012-06-19 15:59 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-06-19 15:59 . 2012-06-19 15:59 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-06-19 15:59 . 2012-06-19 15:59 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-06-19 15:59 . 2012-06-19 15:59 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-06-19 15:59 . 2012-06-19 15:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-06-19 15:59 . 2012-06-19 15:59 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-06-19 15:59 . 2012-06-19 15:59 448512 ----a-w- c:\windows\system32\html.iec
2012-06-19 15:59 . 2012-06-19 15:59 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-06-19 15:59 . 2012-06-19 15:59 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-06-19 15:59 . 2012-06-19 15:59 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-06-19 15:59 . 2012-06-19 15:59 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-06-19 15:59 . 2012-06-19 15:59 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-06-19 15:59 . 2012-06-19 15:59 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-06-19 15:59 . 2012-06-19 15:59 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-06-19 15:59 . 2012-06-19 15:59 222208 ----a-w- c:\windows\system32\msls31.dll
2012-06-19 15:59 . 2012-06-19 15:59 197120 ----a-w- c:\windows\system32\msrating.dll
2012-06-19 15:59 . 2012-06-19 15:59 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-06-19 15:59 . 2012-06-19 15:59 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-06-19 15:59 . 2012-06-19 15:59 160256 ----a-w- c:\windows\system32\wextract.exe
2012-06-19 15:59 . 2012-06-19 15:59 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-06-19 15:59 . 2012-06-19 15:59 149504 ----a-w- c:\windows\system32\occache.dll
2012-06-19 15:59 . 2012-06-19 15:59 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-06-19 15:59 . 2012-06-19 15:59 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-06-19 15:59 . 2012-06-19 15:59 12288 ----a-w- c:\windows\system32\mshta.exe
2012-06-19 15:59 . 2012-06-19 15:59 114176 ----a-w- c:\windows\system32\admparse.dll
2012-06-19 15:59 . 2012-06-19 15:59 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-06-19 15:59 . 2012-06-19 15:59 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-06-19 15:59 . 2012-06-19 15:59 103936 ----a-w- c:\windows\system32\inseng.dll
2012-06-02 22:19 . 2012-06-24 20:30 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-24 20:30 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-24 20:30 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-24 20:30 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-24 20:30 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-24 20:30 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-24 20:30 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-24 20:30 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-24 20:30 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-02 05:45 . 2012-07-11 17:59 340992 ----a-w- c:\windows\system32\schannel.dll
2012-06-02 04:40 . 2012-07-11 17:59 225280 ----a-w- c:\windows\SysWow64\schannel.dll
2012-05-31 10:25 . 2012-06-19 15:18 279656 ------w- c:\windows\system32\MpSigStub.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
c:\users\Darken\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
t4sks - Shortcut.lnk - c:\users\Darken\Desktop\t4sks.rtf [2012-6-19 50145]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-06-19 1255736]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-02-15 235520]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-07-19 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-06-21 1148664]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-02-15 10856960]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-02-15 327680]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys [2008-07-22 60416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2012-03-07 4081008]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-06-21 2786512]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-06-21 3669712]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 176.107.17.1 176.107.20.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-KeyMapperStarup - c:\keyremappers\KeyRemapper CW\KeyRemapper.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
.
**************************************************************************
.
Completion time: 2012-08-08 15:15:33 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-08 13:15
.
Pre-Run: 829 794 816 000 bytes free
Post-Run: 829 294 043 136 bytes free
.
- - End Of File - - A7DDE7174A9A277238231DCCA229D630
Přispějete na provoz fóra?