variant infiltrácie MSIL/Packed.Confuser.B

Zpráva

Duklando · #1 Příspěvek od **Duklando** » 08 led 2013 17:54

Dobry den, chcel by som Vas poprosit o pomoc s touto infiltraciou:
Dakujem dopredu za Vas cas.

info.txt logfile of random's system information tool 1.09 2013-01-08 17:41:34

======Uninstall list======

-->MsiExec /X{9530AE42-DAE1-4619-9594-B23487285D17}
AC3Filter 2.5b-->"C:\Program Files (x86)\AC3Filter\unins000.exe"
Adobe Flash Player 11 ActiveX-->C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_135_ActiveX.exe -maintain activex
Adobe Reader XI - Slovak-->MsiExec.exe /I{AC76BA86-7AD7-1051-7B44-AB0000000001}
Any Video Converter 2.7.7-->"C:\Program Files (x86)\Any Video Converter\unins000.exe"
Assassin's Creed (R) III-->"C:\Program Files (x86)\InstallShield Installation Information\{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}\setup.exe" -runfromtemp -l0x0005 -removeonly
Assassin's Creed Brotherhood-->"C:\Program Files (x86)\InstallShield Installation Information\{BE4BA698-8533-4F77-9559-C7F3F78C0B05}\setup.exe" -runfromtemp -l0x0005 -removeonly
Assassin's Creed II-->"C:\Program Files (x86)\InstallShield Installation Information\{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}\setup.exe" -runfromtemp -l0x0009 -removeonly
ASUS Gamer OSD-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\11\00\Intel32\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{7F88C9E5-12BD-404F-AC6A-108BAAC9B708}\setup.exe" -l0x9 -removeonly
AVerMedia H830 USB Hybrid TV 10.0.64.24-->C:\Program Files (x86)\AVerMedia\AVerMedia H830 USB Hybrid TV\uninst.exe
AVerMedia Media Center Plug-ins 2.0.8.0-->C:\Program Files (x86)\AVerMedia\AVerMedia Media Center Plug-ins\uninst.exe
AVerTV-->C:\Program Files (x86)\InstallShield Installation Information\{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}\setup.exe -runfromtemp -l0x041b
AVI ReComp 1.5.1-->C:\Program Files (x86)\AVI ReComp\Uninstall.exe
AviSynth 2.5-->"C:\Program Files (x86)\AviSynth 2.5\Uninstall.exe"
Battlefield 3-->"C:\Games\Battlefield 3\unins000.exe"
Battlefield: Bad Company™ 2-->MsiExec.exe /X{3AC8457C-0385-4BEA-A959-E095F05D6D67}
BS.Player FREE-->"C:\Program Files (x86)\Webteh\BSplayer\uninstall.exe"
Canon Easy-PhotoPrint EX-->C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\uninst.exe Uninst.ini uinstrsc.dll
Canon Easy-WebPrint EX-->"C:\Program Files (x86)\Canon\Easy-WebPrint EX\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\Easy-WebPrint EX\uninst.ini
Canon Inkjet Printer/Scanner/Fax Extended Survey Program-->C:\Program Files (x86)\Canon\IJPLM\SETUP.EXE -R
Canon MG5100 series MP Drivers-->"C:\Windows\system32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series\DelDrv64.exe" /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series /L0x0009
Canon MG5100 series User Registration-->C:\Program Files (x86)\Canon\IJEREG\MG5100 series\UNINST.EXE
Canon MP Navigator EX 4.0-->"C:\Program Files (x86)\Canon\MP Navigator EX 4.0\Maint.exe" /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator EX 4.0\uninst.ini
Canon My Printer-->C:\Program Files\Canon\MyPrinter\uninst.exe uninst.ini uinstrsc.dll
Canon Solution Menu EX-->"C:\Program Files (x86)\Canon\Solution Menu EX\uninst.exe" /UninstallRemove C:\Program Files (x86)\Canon\Solution Menu EX\uninst.ini
ConvertXtoDVD 4.0.6.316-->"C:\Program Files (x86)\VSO\ConvertX\4\unins000.exe"
Cool & Quiet-->RunDll32 C:\PROGRA~2\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files (x86)\InstallShield Installation Information\{1ADE1AA0-7F82-4BB1-B1BD-727DE438057B}\setup.exe" -l0x9
Crysis® 2-->MsiExec.exe /X{6033673D-2530-4587-8AD0-EB059FC263F9}
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
CyberLink PowerDirector-->"C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\Setup.exe" /z-uninstall
DAEMON Tools Lite-->C:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
DesignPro 5-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\9\INTEL3~1\IDriver.exe /M{F82C6574-AD88-4B40-A432-970BC77F1BD2}
DownTango-->C:\Program Files (x86)\Red Sky\DownTango\Uninstaller.exe
E.M. Total Video Player 1.31-->"C:\Program Files (x86)\Total Video Player\unins000.exe"
EasyBCD 1.7.2-->C:\Program Files (x86)\NeoSmart Technologies\EasyBCD\uninstall.exe
Free DVD Decrypter version 1.5-->"C:\Program Files (x86)\DVDVideoSoft\Free DVD Decrypter\unins000.exe"
GOM Player-->"C:\Program Files (x86)\GRETECH\GomPlayer\Uninstall.exe"
GotClip Downloader-->"C:\Program Files (x86)\GotClip\uninstall.exe"
iLivid-->"C:\Users\Juraj Cordas\AppData\Local\iLivid\uninstall.exe"
Intel(R) Management Engine Components-->C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\Uninstall\setup.exe -uninstall
Internet Download Manager-->C:\Program Files (x86)\Internet Download Manager\Uninstall.exe
Java 7 Update 9-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217009FF}
Mafia 2 version 1.0-->"C:\Program Files (x86)\Mafia 2\unins000.exe"
Mass Effect 2-->C:\Program Files (x86)\Common Files\BioWare\Uninstall Mass Effect 2.exe
Mass Effect™ 3-->"C:\Program Files (x86)\Common Files\EAInstaller\Mass Effect 3\Cleanup.exe" uninstall_game -autologging
Microsoft .NET Framework 4 Client Profile-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft Office File Validation Add-In-->MsiExec.exe /I{90140000-2005-0000-0000-0000000FF1CE}
Microsoft Office Professional Edition 2003-->MsiExec.exe /I{90110409-6000-11D3-8CFE-0150048383C9}
Microsoft Silverlight-->MsiExec.exe /X{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
MPEG2 Codec(libmpeg2/mad)-->"C:\Program Files (x86)\GNU\MPEG2\Uninstall.exe"
MSVC90_x64-->MsiExec.exe /I{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}
MSVC90_x86-->MsiExec.exe /I{AF111648-99A1-453E-81DD-80DBBF6DAD0D}
MSXML 4.0 SP2 (KB954430)-->MsiExec.exe /I{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}
MSXML 4.0 SP2 (KB973688)-->MsiExec.exe /I{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}
Nokia Connectivity Cable Driver-->MsiExec.exe /I{4AA68A73-DB9C-439D-9481-981C82BD008B}
Nokia PC Suite-->C:\ProgramData\Installations\{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}\Nokia_PC_Suite_slk.exe
Nokia PC Suite-->MsiExec.exe /I{A97F28B2-3BA1-49B7-AEF6-CC8956ED8CAA}
NVIDIA 3D Vision Driver 306.97-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Drivers-->C:\Program Files\NVIDIA Corporation\Uninstall\nvuninst.exe UninstallGUI
NVIDIA Graphics Driver 306.97-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA PhysX-->MsiExec.exe /X{9530AE42-DAE1-4619-9594-B23487285D17}
NVIDIA Stereoscopic 3D Driver-->"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Update 1.10.8-->"C:\Windows\SysWOW64\RunDll32.EXE" "C:\Program Files\NVIDIA Corporation\Installer2\installer.0\NVI2.DLL",UninstallPackage Display.Update
PC Connectivity Solution-->MsiExec.exe /I{A2AA4204-C05A-4013-888A-AD153139297F}
Picasa 3-->"C:\Program Files (x86)\Google\Picasa3\Uninstall.exe"
PlayReady PC Runtime amd64-->MsiExec.exe /X{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}
Popisovač CD/DVD 4.2-->"C:\Program Files (x86)\Popisovač CD-DVD 4\unins000.exe"
PunkBuster Services-->C:\Windows\system32\pbsvc.exe -u
Realtek Ethernet Controller Driver For Windows Vista and Later-->C:\Program Files (x86)\InstallShield Installation Information\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}\Setup.exe -runfromtemp -removeonly
Revo Uninstaller Pro 2.2.0-->"C:\Program Files\VS Revo Group\Revo Uninstaller Pro\unins000.exe"
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E720AD01-93D5-3E8E-BB8D-E4EF5AF4E5DD} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {BCD37DCB-F479-3D4D-A90E-A0F7575549C4} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FF811680-AECE-3F35-A98C-1B84B6E09168} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {6AF6C62E-4E3D-33BF-A591-9E4D53BDF22F} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {5D45782A-1099-317E-ABCC-FF63D5B21386} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E59B2174-E924-311F-8549-AD714C14664D} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {FDD13F1E-9C6B-311E-A0D9-D6E172FC28FF} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {DA36C2E5-6B34-3A6A-9C0A-7D1CC1C5A768} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7B82A51A-768B-3A7B-ADFA-F777097A8079} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {E40184A4-4A61-3D2E-9035-CB6E1E610E07} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4736E989-32D9-3B91-90D7-C68848E118CA} /parameterfolder Client
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {F1696E2F-4803-362F-A756-65B363483FE6} /parameterfolder Client
SnugTV Station-->MsiExec.exe /I{E633417D-E796-45E1-8DE1-CB5954DA4896}
Subtitle Workshop 2.51-->"C:\Program Files (x86)\URUSoft\Subtitle Workshop\uninstall.exe"
SureThing CD Labeler Deluxe-->"C:\Program Files (x86)\SureThing CD Labeler 5\unins000.exe"
Ubisoft Game Launcher-->"C:\Program Files (x86)\InstallShield Installation Information\{888F1505-C2B3-4FDE-835D-36353EBD4754}\setup.exe" -runfromtemp -l0x0409 -removeonly
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {29C7BE97-DE59-37A2-A687-2ADD5321948A} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {7D799A81-5661-3159-BF92-754161CED6E6} /parameterfolder Client
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)-->C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\setup.exe /uninstallpatch {4DFA8287-EA36-3469-99FE-F568FEC81653} /parameterfolder Client
Uplay-->C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\Uninstall.exe
VIA Platform Device Manager-->C:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
VLC media player 1.1.11-->C:\Program Files (x86)\VideoLAN\VLC\uninstall.exe
VobSub 2.23-->C:\Program Files (x86)\Gabest\VobSub\uninstall.exe
Vuze-->C:\Program Files\Vuze\uninstall.exe
Windows Driver Package - Nokia Modem (02/25/2011 4.7)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokia_bluetooth.inf_amd64_neutral_73c28da64803cefc\nokia_bluetooth.inf
Windows Driver Package - Nokia Modem (02/25/2011 7.01.0.9)-->C:\PROGRA~1\DIFX\0169CE3A95F06636\dpinst.exe /u C:\Windows\System32\DriverStore\FileRepository\nokbtmdm.inf_amd64_neutral_13826104cd8e800f\nokbtmdm.inf
Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)-->C:\PROGRA~1\DIFX\F4092DA208C2C970\dpinst.exe /u C:\Windows\system32\DRVSTORE\pccsmcfdx6_8A3BAB842294F8D9255C3CF2A3B1CECAEEB8EA7E\pccsmcfdx64.inf
Windows Movie Maker 2.6-->MsiExec.exe /X{B3DAF54F-DB25-4586-9EF1-96D24BB14088}
WinRAR archivátor-->C:\Program Files (x86)\WinRAR\uninstall.exe
Wise Disk Cleaner 6.31-->"C:\Program Files (x86)\Wise Disk Cleaner\unins000.exe"
Wise Registry Cleaner 6.21-->"C:\Program Files (x86)\Wise Registry Cleaner\unins000.exe"
Xvid 1.2.2-->C:\Program Files (x86)\Xvid\unins000.exe
XviD MPEG-4 Video Codec-->C:\Windows\system32\rundll32.exe setupapi,InstallHinfSection Remove_XviD 132 C:\Windows\INF\xvid.inf
Zoner Photo Studio 14-->"C:\Program Files\Zoner\Photo Studio 14\unins000.exe" /SILENT

======System event log======

Computer Name: mojpocitac
Event Code: 51
Message: An error was detected on device \Device\Harddisk6\DR6 during a paging operation.
Record Number: 144419
Source Name: Disk
Time Written: 20121010142619.717745-000
Event Type: Warning
User:

Computer Name: mojpocitac
Event Code: 51
Message: An error was detected on device \Device\Harddisk6\DR6 during a paging operation.
Record Number: 144418
Source Name: Disk
Time Written: 20121010142619.717745-000
Event Type: Warning
User:

Computer Name: mojpocitac
Event Code: 51
Message: An error was detected on device \Device\Harddisk6\DR6 during a paging operation.
Record Number: 144417
Source Name: Disk
Time Written: 20121010142619.717745-000
Event Type: Warning
User:

Computer Name: mojpocitac
Event Code: 51
Message: An error was detected on device \Device\Harddisk6\DR6 during a paging operation.
Record Number: 144416
Source Name: Disk
Time Written: 20121010142619.717745-000
Event Type: Warning
User:

Computer Name: mojpocitac
Event Code: 51
Message: An error was detected on device \Device\Harddisk6\DR6 during a paging operation.
Record Number: 144415
Source Name: Disk
Time Written: 20121010142619.717745-000
Event Type: Warning
User:

=====Application event log=====

Computer Name: mojpocitac
Event Code: 63
Message: A provider, IntelMEProv, has been registered in the Windows Management Instrumentation namespace root\Intel_ME to use the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests.
Record Number: 404
Source Name: Microsoft-Windows-WMI
Time Written: 20120117150205.000000-000
Event Type: Warning
User: mojpocitac\Juraj Cordas

Computer Name: mojpocitac
Event Code: 1530
Message: Windows detected your registry file is still in use by other applications or services. The file will be unloaded now. The applications or services that hold your registry file may not function properly afterwards.

DETAIL -
1 user registry handles leaked from \Registry\User\S-1-5-21-2897896145-2411329342-784474909-1000:
Process 516 (\Device\HarddiskVolume2\Windows\System32\winlogon.exe) has opened key \REGISTRY\USER\S-1-5-21-2897896145-2411329342-784474909-1000

Record Number: 369
Source Name: Microsoft-Windows-User Profiles Service
Time Written: 20120117121258.632818-000
Event Type: Warning
User: NT AUTHORITY\SYSTEM

Computer Name: mojpocitac
Event Code: 6001
Message: Odberateľ upozornení prihlásenia do systému Windows <GPClient> zlyhal pri udalosti upozornenia.
Record Number: 211
Source Name: Microsoft-Windows-Winlogon
Time Written: 20120117110022.000000-000
Event Type: Warning
User:

Computer Name: mojpocitac
Event Code: 1015
Message: Detailed HRESULT. Returned hr=0xC004F022, Original hr=0x80049E00
Record Number: 205
Source Name: Microsoft-Windows-Security-SPP
Time Written: 20120117105941.000000-000
Event Type: Warning
User:

Computer Name: mojpocitac
Event Code: 1008
Message: Služba Windows Search sa spúšťa a pokúša sa odstrániť starý index hľadania. {Dôvod: Full Index Reset}.

Record Number: 97
Source Name: Microsoft-Windows-Search
Time Written: 20120117105426.000000-000
Event Type: Warning
User:

=====Security event log=====

Computer Name: mojpocitac
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: MOJPOCITAC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\SysWOW64\en-US\ieunatt.exe.mui
Handle ID: 0x14

Process Information:
Process ID: 0x7e4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3381
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120117163446.028106-000
Event Type: Audit Success
User:

Computer Name: mojpocitac
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: MOJPOCITAC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\SysWOW64\en-US\iesetup.dll.mui
Handle ID: 0x14

Process Information:
Process ID: 0x7e4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3380
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120117163445.872106-000
Event Type: Audit Success
User:

Computer Name: mojpocitac
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: MOJPOCITAC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\SysWOW64\en-US\ie4uinit.exe.mui
Handle ID: 0x14

Process Information:
Process ID: 0x7e4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3379
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120117163445.872106-000
Event Type: Audit Success
User:

Computer Name: mojpocitac
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: MOJPOCITAC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\SysWOW64\en-US\wextract.exe.mui
Handle ID: 0x14

Process Information:
Process ID: 0x7e4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3378
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120117163445.872106-000
Event Type: Audit Success
User:

Computer Name: mojpocitac
Event Code: 4907
Message: Auditing settings on object were changed.

Subject:
Security ID: S-1-5-18
Account Name: MOJPOCITAC$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Object:
Object Server: Security
Object Type: File
Object Name: C:\Windows\SysWOW64\en-US\mshtml.dll.mui
Handle ID: 0x14

Process Information:
Process ID: 0x7e4
Process Name: C:\Windows\System32\poqexec.exe

Auditing Settings:
Original Security Descriptor:
New Security Descriptor: S:ARAI(AU;SAFA;DCLCRPCRSDWDWO;;;WD)
Record Number: 3377
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20120117163445.856506-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=C:\Program Files (x86)\PC Connectivity Solution\;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=4
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 30 Stepping 5, GenuineIntel
"PROCESSOR_REVISION"=1e05

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 08 led 2013 19:12

Zdravím!
Log info.txt je k ničemu. RSIT dělá 2 logy. Potřebuji vidět ten druhý.

Duklando · #3 Příspěvek od **Duklando** » 12 led 2013 21:21

Zdravím.Dúfam,ze toto je spravne.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Juraj Cordas at 2013-01-12 20:56:35
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 761 GB (80%) free of 954 GB
Total RAM: 4055 MB (61% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:56:36, on 12. 1. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Internet Download Manager\IDMan.exe
C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\AVG Secure Search\vprot.exe
C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Juraj Cordas.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IDM Helper - {0055C089-8582-441B-A0BF-17B458C2A3A8} - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Canon Easy-WebPrint EX BHO - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: AVG Security Toolbar - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe"
O4 - HKCU\..\Run: [IDMan] C:\Program Files (x86)\Internet Download Manager\IDMan.exe /onboot
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2897896145-2411329342-784474909-1003\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2897896145-2411329342-784474909-1003\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Global Startup: AVerQuick.lnk = C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe
O8 - Extra context menu item: Stiahnuť s IDM - C:\Program Files (x86)\Internet Download Manager\IEExt.htm
O8 - Extra context menu item: Stiahnuť s IDM všetky prepojenia - C:\Program Files (x86)\Internet Download Manager\IEGetAll.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ATK Fast User Switch Service (ATKFUSService) - Unknown owner - C:\Windows\system32\ATKFUSService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 9942 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\ATKFUSService.exe
C:\Windows\system32\nvvsvc.exe
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"taskhost.exe"
"C:\Program Files\ASUS\GamerOSD\ATKFastUserSwitching.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files (x86)\Internet Download Manager\IDMan.exe" /onboot
"C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\AVG Secure Search\vprot.exe"
"C:\Program Files (x86)\Internet Download Manager\IEMonitor.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\SysWOW64\DllHost.exe /Processid:{B366DEBE-645B-43A5-B865-DDD82C345492}
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-57590602-dc2c-4c72-9395-360d3fb8bf9b -SystemEventPortName:HostProcess-b6e9af0a-c4d9-4501-9bbd-ffbeb56b6890 -IoCancelEventPortName:HostProcess-cfc44899-799a-4ef0-a1bb-381b112b1798 -NonStateChangingEventPortName:HostProcess-0bb65cda-7ca1-4d4f-932a-0adaf188297c -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:44d4ab2e-0a7e-4219-b8c5-92789206fb3b -DeviceGroupId:WpdFsGroup
"C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE"
C:\Windows\splwow64.exe 8192
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://forum.viry.cz/"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/thread/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/15/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwndMin10/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_33/UMA-Uniformity-Trial-10-Percent/group_07/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_08/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warmest_socket/ --renderer-print-preview --enable-threaded-compositing --channel="2224.0.192413653\452214598" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2224.1.1843083531\1070953804" --supports-dual-gpus=false --skip-gpu-full-info-collection --gpu-vendor-id=0x10de --gpu-device-id=0x0e22 --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.697 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2224.2.469202989\816348468" --lang=sk --ignored=" --type=renderer " /prefetch:13
"taskhost.exe"
C:\Windows\system32\AUDIODG.EXE 0x614
"C:\Users\Juraj Cordas\Desktop\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe53_ Global\UsGthrCtrlFltPipeMssGthrPipe53 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC64.dll [2012-11-21 391048]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0055C089-8582-441B-A0BF-17B458C2A3A8}]
IDM integration (IDMIEHlprObj Class) - C:\Program Files (x86)\Internet Download Manager\IDMIECC.dll [2012-11-21 359304]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}]
Canon Easy-WebPrint EX BHO - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08 202144]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-11-12 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll [2013-01-10 1796552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-11-12 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{95B7759C-8C7F-4BF1-B163-73684A933233} - AVG Security Toolbar - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll [2013-01-10 1796552]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2009-03-19 2692008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IDMan"=C:\Program Files (x86)\Internet Download Manager\IDMan.exe [2012-11-27 3487128]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-19 3477312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonMyPrinter]
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2010-03-25 2726728]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CanonSolutionMenuEx]
C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE [2010-04-02 1185112]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-03-26 1516600]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"=C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2008-12-03 218408]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]
"vProt"=C:\Program Files (x86)\AVG Secure Search\vprot.exe [2013-01-10 997320]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AVerQuick.lnk - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave5"=wdmaud.drv
"wave6"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave7"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave8"=wdmaud.drv
"msacm.ac3filter"=ac3filter64.acm
"wave9"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-01-11 16:29:57 ----D---- C:\Program Files (x86)\Wise PC Engineer
2013-01-11 15:58:20 ----A---- C:\Windows\SYSWOW64\vbscript.dll
2013-01-11 15:58:20 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2013-01-11 15:58:20 ----A---- C:\Windows\system32\mshtmled.dll
2013-01-11 15:58:19 ----A---- C:\Windows\SYSWOW64\url.dll
2013-01-11 15:58:19 ----A---- C:\Windows\SYSWOW64\ieUnatt.exe
2013-01-11 15:58:19 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-01-11 15:58:19 ----A---- C:\Windows\system32\url.dll
2013-01-11 15:58:19 ----A---- C:\Windows\system32\ieUnatt.exe
2013-01-11 15:58:19 ----A---- C:\Windows\system32\ieui.dll
2013-01-11 15:58:18 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-01-11 15:58:18 ----A---- C:\Windows\system32\urlmon.dll
2013-01-11 15:58:17 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-01-11 15:58:17 ----A---- C:\Windows\system32\msfeeds.dll
2013-01-11 15:58:17 ----A---- C:\Windows\system32\jscript9.dll
2013-01-11 15:58:16 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-01-11 15:58:16 ----A---- C:\Windows\system32\wininet.dll
2013-01-11 15:58:16 ----A---- C:\Windows\system32\jsproxy.dll
2013-01-11 15:58:15 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-01-11 15:58:15 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-01-11 15:58:15 ----A---- C:\Windows\system32\vbscript.dll
2013-01-11 15:58:15 ----A---- C:\Windows\system32\jscript.dll
2013-01-11 15:58:15 ----A---- C:\Windows\system32\iertutil.dll
2013-01-11 15:58:14 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-01-11 15:58:14 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-01-11 15:58:09 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-01-11 15:58:07 ----A---- C:\Windows\system32\mshtml.dll
2013-01-11 15:58:06 ----A---- C:\Windows\system32\ieframe.dll
2013-01-11 15:58:05 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\wextract.exe
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\webcheck.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\SetIEInstalledDate.exe
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\pngfilt.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\occache.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\msrating.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\msls31.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\mshtmler.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\mshta.exe
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\msfeedssync.exe
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\msfeedsbs.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\licmgr10.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\inseng.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\imgutil.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\iexpress.exe
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\iedkcs32.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\ieapfltr.dat
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\ieakui.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\ieaksie.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\ieakeng.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\IEAdvpack.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\ie4uinit.exe
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\icardie.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\dxtrans.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\dxtmsft.dll
2013-01-11 15:51:08 ----A---- C:\Windows\SYSWOW64\admparse.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\wextract.exe
2013-01-11 15:51:07 ----A---- C:\Windows\system32\webcheck.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\SetIEInstalledDate.exe
2013-01-11 15:51:07 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-01-11 15:51:07 ----A---- C:\Windows\system32\pngfilt.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\occache.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\msrating.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\msls31.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\mshtmler.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\mshta.exe
2013-01-11 15:51:07 ----A---- C:\Windows\system32\msfeedssync.exe
2013-01-11 15:51:07 ----A---- C:\Windows\system32\msfeedsbs.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\licmgr10.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\inseng.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\imgutil.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\iexpress.exe
2013-01-11 15:51:07 ----A---- C:\Windows\system32\iesysprep.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\iesetup.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\iernonce.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\iepeers.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\iedkcs32.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\ieapfltr.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\ieapfltr.dat
2013-01-11 15:51:07 ----A---- C:\Windows\system32\ieakui.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\ieaksie.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\ieakeng.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\IEAdvpack.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\ie4uinit.exe
2013-01-11 15:51:07 ----A---- C:\Windows\system32\icardie.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\dxtrans.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\dxtmsft.dll
2013-01-11 15:51:07 ----A---- C:\Windows\system32\admparse.dll
2013-01-09 17:40:40 ----RASH---- C:\SdHeuristic.txt
2013-01-09 17:31:44 ----D---- C:\Program Files\CCleaner
2013-01-09 16:23:52 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\TeamViewer
2013-01-08 23:33:29 ----A---- C:\Windows\system32\drivers\stflt.sys
2013-01-08 22:50:20 ----D---- C:\Program Files\Max Registry Cleaner
2013-01-08 22:37:48 ----D---- C:\ProgramData\Max Secure
2013-01-08 22:16:05 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-08 22:16:05 ----A---- C:\Windows\system32\win32spl.dll
2013-01-08 22:15:55 ----A---- C:\Windows\system32\msxml6.dll
2013-01-08 22:15:55 ----A---- C:\Windows\system32\msxml3.dll
2013-01-08 22:15:54 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-08 22:15:54 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-08 22:15:52 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-08 22:15:52 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-08 22:15:49 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-08 22:15:49 ----A---- C:\Windows\system32\usp10.dll
2013-01-08 22:15:39 ----A---- C:\Windows\system32\Wpc.dll
2013-01-08 22:15:39 ----A---- C:\Windows\system32\gameux.dll
2013-01-08 22:15:38 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-08 22:15:38 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-08 22:15:11 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-08 22:15:11 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-08 22:15:10 ----A---- C:\Windows\system32\kernel32.dll
2013-01-08 22:15:09 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-08 22:15:09 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-08 22:15:09 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-08 22:15:09 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-08 22:15:09 ----A---- C:\Windows\system32\wow64win.dll
2013-01-08 22:15:09 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-08 22:15:09 ----A---- C:\Windows\system32\wow64.dll
2013-01-08 22:15:09 ----A---- C:\Windows\system32\winsrv.dll
2013-01-08 22:15:09 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-08 22:15:09 ----A---- C:\Windows\system32\conhost.exe
2013-01-08 22:15:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-08 22:15:08 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 22:15:08 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-08 22:15:07 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-08 22:15:06 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-08 22:15:06 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-08 22:15:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 22:15:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-08 22:15:05 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-08 22:15:05 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-08 22:15:05 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-08 22:15:05 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-08 22:14:57 ----A---- C:\Windows\system32\taskhost.exe
2013-01-08 22:14:56 ----A---- C:\Windows\system32\win32k.sys
2013-01-08 17:41:12 ----D---- C:\rsit
2013-01-08 17:41:12 ----D---- C:\Program Files\trend micro
2013-01-04 16:05:30 ----D---- C:\Program Files (x86)\Total Video Player
2013-01-04 15:50:17 ----D---- C:\ProgramData\CanonIJ
2013-01-03 20:40:21 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Theta
2013-01-03 20:15:54 ----N---- C:\Windows\SYSWOW64\pbsvc.exe
2013-01-02 16:12:00 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Avery
2013-01-02 16:09:11 ----D---- C:\ProgramData\Avery
2013-01-02 16:09:10 ----D---- C:\Program Files (x86)\Avery Dennison
2013-01-02 16:03:41 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Popisovac
2013-01-02 16:03:33 ----D---- C:\Program Files (x86)\Popisovač CD-DVD 4
2012-12-29 13:30:46 ----HD---- C:\ProgramData\CanonIJEPPEX
2012-12-29 13:27:54 ----HD---- C:\ProgramData\CanonIJMyPrinter
2012-12-29 13:22:41 ----D---- C:\Program Files\Canon
2012-12-29 13:22:38 ----D---- C:\ProgramData\CanonIJPLM
2012-12-26 14:48:07 ----A---- C:\Windows\SYSWOW64\msvcr70.dll
2012-12-26 14:48:07 ----A---- C:\Windows\SYSWOW64\msvcp70.dll
2012-12-26 14:48:01 ----D---- C:\Program Files (x86)\SureThing CD Labeler 5
2012-12-26 14:10:53 ----D---- C:\Program Files (x86)\Red Sky
2012-12-26 13:31:48 ----D---- C:\Program Files (x86)\AVG Secure Search
2012-12-26 12:46:36 ----D---- C:\Windows\MVUNINST
2012-12-25 18:05:11 ----D---- C:\Program Files (x86)\DVDVideoSoft
2012-12-24 19:02:58 ----D---- C:\Program Files (x86)\GotClip
2012-12-22 20:12:31 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Vtools
2012-12-22 20:12:30 ----D---- C:\Program Files (x86)\Vtools
2012-12-22 20:12:29 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Mozilla
2012-12-22 20:10:12 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\IObit
2012-12-22 15:54:50 ----D---- C:\Games
2012-12-22 09:20:20 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-22 09:20:20 ----A---- C:\Windows\system32\atmlib.dll
2012-12-22 09:20:18 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-22 09:20:18 ----A---- C:\Windows\system32\atmfd.dll

======List of files/folders modified in the last 1 month======

2013-01-12 20:56:35 ----D---- C:\Windows\Temp
2013-01-12 20:18:20 ----D---- C:\Download
2013-01-12 18:45:33 ----D---- C:\Windows\System32
2013-01-12 18:45:33 ----D---- C:\Windows\inf
2013-01-12 18:45:33 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-12 13:47:09 ----D---- C:\Windows\SYSWOW64\config
2013-01-12 12:45:38 ----D---- C:\Filmy
2013-01-12 12:36:48 ----D---- C:\Windows\system32\config
2013-01-12 12:34:20 ----D---- C:\Prebraté programy
2013-01-12 12:25:07 ----A---- C:\Windows\SYSWOW64\log.txt
2013-01-12 12:25:06 ----D---- C:\ProgramData\NVIDIA
2013-01-12 09:56:41 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\DMCache
2013-01-11 23:12:53 ----D---- C:\Windows\Prefetch
2013-01-11 23:12:47 ----D---- C:\Windows\system32\catroot2
2013-01-11 19:54:31 ----D---- C:\Windows\rescache
2013-01-11 19:50:09 ----SHD---- C:\System Volume Information
2013-01-11 16:29:57 ----RD---- C:\Program Files (x86)
2013-01-11 16:18:02 ----SHD---- C:\Windows\Installer
2013-01-11 16:14:03 ----D---- C:\Program Files (x86)\Google
2013-01-11 16:13:14 ----D---- C:\Windows\Tasks
2013-01-11 16:13:14 ----D---- C:\Windows\system32\Tasks
2013-01-11 16:01:57 ----D---- C:\Windows\winsxs
2013-01-11 15:59:27 ----D---- C:\Program Files (x86)\Internet Explorer
2013-01-11 15:59:26 ----D---- C:\Windows\SYSWOW64\migration
2013-01-11 15:59:26 ----D---- C:\Windows\SysWOW64
2013-01-11 15:59:25 ----D---- C:\Windows\system32\migration
2013-01-11 15:59:23 ----D---- C:\Program Files\Internet Explorer
2013-01-11 15:58:36 ----D---- C:\Windows\system32\catroot
2013-01-11 15:55:05 ----D---- C:\Windows\Panther
2013-01-11 15:52:28 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-01-11 15:52:28 ----D---- C:\Windows\system32\sk-SK
2013-01-11 15:52:27 ----D---- C:\Windows\SYSWOW64\en-US
2013-01-11 15:52:24 ----D---- C:\Windows\PolicyDefinitions
2013-01-11 15:52:23 ----D---- C:\Windows\system32\en-US
2013-01-11 15:52:02 ----D---- C:\Windows\servicing
2013-01-11 15:52:02 ----D---- C:\Windows\Logs
2013-01-11 15:39:58 ----RD---- C:\Program Files
2013-01-11 15:39:08 ----D---- C:\Windows\system32\drivers\etc
2013-01-11 15:34:28 ----D---- C:\Windows\system32\drivers
2013-01-11 07:41:19 ----D---- C:\Windows\debug
2013-01-11 07:40:20 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Wise Disk Cleaner
2013-01-11 00:15:03 ----D---- C:\Windows\system32\NDF
2013-01-10 20:19:32 ----RSD---- C:\Windows\assembly
2013-01-10 20:19:32 ----D---- C:\Windows\Microsoft.NET
2013-01-10 17:02:15 ----D---- C:\Windows
2013-01-10 17:01:51 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\IDM
2013-01-10 16:49:29 ----HD---- C:\ProgramData
2013-01-09 19:51:19 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Azureus
2013-01-09 17:33:50 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Vso
2013-01-09 17:33:50 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\DAEMON Tools Lite
2013-01-09 17:10:42 ----D---- C:\ProgramData\AVG Secure Search
2013-01-09 00:12:11 ----D---- C:\Windows\AppPatch
2013-01-08 22:50:34 ----D---- C:\Windows\system
2013-01-08 22:50:02 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\GetRightToGo
2013-01-08 22:43:49 ----A---- C:\Windows\win.ini
2013-01-08 22:38:04 ----RSD---- C:\Windows\Fonts
2013-01-08 22:35:49 ----A---- C:\Windows\system32\MRT.exe
2013-01-08 21:31:26 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-01-05 21:06:37 ----D---- C:\Program Files (x86)\1C Company
2013-01-05 21:02:15 ----D---- C:\ProgramData\Media Center Programs
2013-01-05 18:27:35 ----D---- C:\Program Files (x86)\Ubisoft
2013-01-05 18:27:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-01-05 18:27:21 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2013-01-05 18:27:20 ----A---- C:\Windows\SYSWOW64\PnkBstrA.exe
2013-01-04 15:48:14 ----D---- C:\Windows\system32\FxsTmp
2013-01-03 20:16:01 ----D---- C:\Windows\SoftwareDistribution
2012-12-29 13:37:17 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\Canon
2012-12-29 13:30:07 ----D---- C:\Program Files (x86)\Canon
2012-12-27 08:24:22 ----D---- C:\ProgramData\Ubisoft
2012-12-26 12:46:36 ----D---- C:\Program Files (x86)\Common Files
2012-12-25 15:44:22 ----SD---- C:\ProgramData\Microsoft
2012-12-22 20:25:09 ----D---- C:\Program Files (x86)\Electronic Arts
2012-12-22 19:41:18 ----D---- C:\Windows\system32\wfp
2012-12-22 19:41:17 ----D---- C:\Windows\system32\wbem
2012-12-22 19:40:32 ----D---- C:\Windows\registration
2012-12-16 11:37:17 ----D---- C:\ProgramData\CyberLink
2012-12-15 17:18:40 ----D---- C:\Users\Juraj Cordas\AppData\Roaming\dvdcss

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-01-29 564792]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 AsIO;AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [2012-01-17 13368]
R1 avgtp;avgtp; \??\C:\Windows\system32\drivers\avgtpx64.sys [2012-12-10 30568]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2009-03-19 134024]
R2 eamon;eamon; C:\Windows\system32\DRIVERS\eamon.sys [2009-03-19 142776]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 121152]
R2 IDMWFP;IDMWFP; C:\Windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
R3 asusgsb;ASUS Virtual Video Capture Device Driver; C:\Windows\system32\drivers\asusgsb.sys [2009-02-17 17792]
R3 atkdisplf;ASUS Kernel Mode Enhanced Driver; C:\Windows\system32\drivers\ATKDispLowFilter.sys [2009-02-17 39424]
R3 AVerPola;AVerMedia USB Polaris Series Capture Service; C:\Windows\system32\DRIVERS\AVerPola.sys [2010-10-07 532864]
R3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service; C:\Windows\system32\DRIVERS\AVPolCIR.sys [2010-10-07 50688]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-29 283200]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2009-07-16 15416]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
R3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2012-01-20 82816]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
R3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; C:\Windows\system32\drivers\viahduaa.sys [2010-01-11 1290752]
R3 WDC_SAM;WD SCSI Pass Thru driver; C:\Windows\system32\DRIVERS\wdcsam64.sys [2008-05-06 14464]
S1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys []
S3 anvsnddrv;AnvSoft Virtual Sound Device; C:\Windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
S3 axnm3yhz;axnm3yhz; C:\Windows\system32\drivers\axnm3yhz.sys []
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2011-11-01 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2011-11-01 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-11-01 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-11-01 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 ATKFUSService;ATK Fast User Switch Service; C:\Windows\system32\ATKFUSService.exe [2009-12-01 63488]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-03-19 731840]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [2010-04-05 116104]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 891240]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-10 1258856]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-01-05 75136]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [2009-04-17 247152]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-08 251400]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2009-03-19 23296]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 116648]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2008-11-20 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2003-07-28 89136]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-01-04 718888]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-13 529744]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-01-17 1255736]
S4 AVerRemote;AVerRemote; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-09-22 348160]
S4 AVerScheduleService;AVerScheduleService; C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
S4 AVerUpdateServer;AVerUpdateServer; C:\Program Files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2009-09-30 169984]
S4 SnugTV Service;SnugTV Service; C:\Program Files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2009-11-26 464384]
S4 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-12-10 711112]

-----------------EOF-----------------

#4 Příspěvek od **Rudy** » 12 led 2013 21:51

Poprosím ještě o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Duklando · #5 Příspěvek od **Duklando** » 13 led 2013 20:07

Zdravím. Posielam výpis z Combofixu. Prestalo mi detekovať infiltrácie, jedine čo mi vadí je AVG Toolbar,ktorého sa
neviem zbaviť. Za všetko ďakujem.

ComboFix 13-01-13.01 - Juraj Cordas . 01. 2013 11:45:36.1.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.4055.2762 [GMT 1:00]
Running from: c:\users\Juraj Cordas\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Disabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Juraj Cordas\AppData\Roaming\vso_ts_preview.xml
c:\windows\ST6UNST.000
c:\windows\SysWow64\pthreadVC.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-12-13 to 2013-01-13 )))))))))))))))))))))))))))))))
.
.
2013-01-13 10:49 . 2013-01-13 10:49 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-13 10:49 . 2013-01-13 10:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 15:29 . 2013-01-11 15:39 -------- d-----w- c:\program files (x86)\Wise PC Engineer
2013-01-11 14:51 . 2013-01-11 14:51 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2013-01-11 13:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B10BFE01-2144-40C6-920E-E56A177B7FBB}\mpengine.dll
2013-01-09 18:03 . 2013-01-09 18:03 -------- d-----w- c:\users\Juraj Cordas\DoctorWeb
2013-01-09 16:31 . 2013-01-09 16:31 -------- d-----w- c:\program files\CCleaner
2013-01-09 15:23 . 2013-01-09 15:23 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\TeamViewer
2013-01-08 22:33 . 2013-01-08 22:33 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-01-08 21:50 . 2013-01-10 23:07 -------- d-----w- c:\program files\Max Registry Cleaner
2013-01-08 21:37 . 2013-01-08 21:50 -------- d-----w- c:\programdata\Max Secure
2013-01-08 21:29 . 2013-01-08 21:29 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\Max Secure Software
2013-01-08 21:16 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-08 21:16 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-08 21:14 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 21:14 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 16:41 . 2013-01-12 19:56 -------- d-----w- c:\program files\trend micro
2013-01-08 16:41 . 2013-01-08 16:41 -------- d-----w- C:\rsit
2013-01-05 19:06 . 2013-01-10 15:50 -------- d-sh--w- c:\users\Juraj Cordas\Drivers
2013-01-04 15:05 . 2013-01-04 15:05 -------- d-----w- c:\program files (x86)\Total Video Player
2013-01-04 14:50 . 2013-01-04 14:50 -------- d-----w- c:\programdata\CanonIJ
2013-01-03 19:40 . 2013-01-03 19:40 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Theta
2013-01-03 19:15 . 2012-11-20 22:32 3123272 ------w- c:\windows\SysWow64\pbsvc.exe
2013-01-02 15:12 . 2013-01-02 15:12 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Avery
2013-01-02 15:09 . 2013-01-02 15:09 -------- d-----w- c:\programdata\Avery
2013-01-02 15:09 . 2013-01-02 15:09 -------- d-----w- c:\program files (x86)\Avery Dennison
2013-01-02 15:03 . 2013-01-02 15:03 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Popisovac
2013-01-02 15:03 . 2013-01-02 15:03 -------- d-----w- c:\program files (x86)\Popisovač CD-DVD 4
2012-12-29 12:34 . 2012-12-29 12:37 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\Canon Easy-PhotoPrint EX
2012-12-29 12:22 . 2012-12-29 12:22 -------- d-----w- c:\program files\Canon
2012-12-26 13:48 . 2009-12-15 17:25 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-12-26 13:48 . 2009-12-15 17:25 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-12-26 13:48 . 2012-12-26 13:48 -------- d-----w- c:\program files (x86)\SureThing CD Labeler 5
2012-12-26 13:11 . 2013-01-11 22:02 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\DownTango
2012-12-26 13:10 . 2012-12-26 13:10 -------- d-----w- c:\program files (x86)\Red Sky
2012-12-26 12:31 . 2013-01-10 15:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-12-26 11:47 . 2012-12-26 13:48 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\MicroVision Applications
2012-12-26 11:46 . 2012-12-26 13:48 -------- d-----w- c:\program files (x86)\Common Files\SureThing Shared
2012-12-26 11:46 . 2012-12-26 11:46 -------- d-----w- c:\windows\MVUNINST
2012-12-26 11:46 . 1996-08-24 10:11 289552 ----a-w- c:\windows\SysWow64\temp.001
2012-12-26 11:46 . 1993-10-14 16:51 28672 ----a-w- c:\windows\SysWow64\temp.000
2012-12-25 17:05 . 2012-12-25 19:36 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-25 17:05 . 2012-12-25 17:05 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-12-24 18:02 . 2012-12-24 18:02 -------- d-----w- c:\program files (x86)\GotClip
2012-12-22 19:12 . 2012-12-22 19:12 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Vtools
2012-12-22 19:12 . 2012-12-23 14:15 -------- d-----w- c:\program files (x86)\Vtools
2012-12-22 19:10 . 2012-12-22 19:10 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\IObit
2012-12-22 14:54 . 2012-12-22 14:54 -------- d-----w- C:\Games
2012-12-22 08:20 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 08:20 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 21:35 . 2012-01-17 16:09 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 20:31 . 2012-06-26 13:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 20:31 . 2012-01-17 19:22 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-05 17:27 . 2012-03-07 20:37 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-05 17:27 . 2012-03-07 20:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-10 16:52 . 2012-12-10 16:52 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-30 04:45 . 2013-01-08 21:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-22 00:43 . 2012-11-21 13:02 165112 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-11-12 15:53 . 2012-11-12 15:53 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-11-12 15:53 . 2012-11-12 15:53 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-12 15:53 . 2012-11-12 15:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-09 05:45 . 2012-12-12 14:57 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 14:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 14:57 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 14:57 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-16 08:38 . 2012-11-28 14:55 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 14:55 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 14:55 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-10 15:36 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2013-01-10 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-11-27 3487128]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-19 3477312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-01-10 997320]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-9-19 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave9"=wdmaud.drv
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-09-22 348160]
R4 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
R4 AVerUpdateServer;AVerUpdateServer;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2009-09-30 169984]
R4 SnugTV Service;SnugTV Service;c:\program files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2009-11-26 464384]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-10 30568]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-03-19 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 121152]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2010-10-07 532864]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2010-10-07 50688]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-29 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-20 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 15:14 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 20:31]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 15:13]
.
2013-01-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-01-11 15:13]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2692008]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
IE: Stiahnuť s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
URLSearchHooks-{ba14329e-9550-4989-b3f2-9732e92d17cc} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Program Files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\program files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"scansk"=hex(0):ed,09,19,8c,fc,e6,b2,9e,4d,9b,c3,8b,56,f3,af,86,2b,c9,dd,ba,bf,
f7,d8,b9,58,15,e8,2b,aa,18,3b,2c,0a,e3,c1,f2,3a,70,62,8f,00,00,00,00,00,00,\
.
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000_Classes\Wow6432Node\CLSID\{ec54fdeb-273c-4168-93c3-88ab0471fe90}]
@Denied: (Full) (Everyone)
@Allowed: (Read) (RestrictedCode)
"Model"=dword:00000143
"Therad"=dword:00000030
"MData"=hex(0):2b,8f,78,29,5a,0c,ce,ec,48,d4,68,e5,9f,6a,96,3e,ab,de,c5,81,26,
38,95,44,63,9b,52,5f,a2,34,94,87,e2,ae,43,c6,b4,73,84,3f,0b,e7,88,60,95,82,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-01-13 11:51:14
ComboFix-quarantined-files.txt 2013-01-13 10:51
.
Pre-Run: 797 397 254 144 bytes free
Post-Run: 797 240 053 760 bytes free
.
- - End Of File - - 81AA6D3FA6B1491EBF702782F7331F19

#6 Příspěvek od **Rudy** » 13 led 2013 20:38

1. Odinstalujte AVG secure search. Tím by měl zmizet i ten toolbar.

2. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

RegLock::
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Program Files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\program files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000_Classes\Wow6432Node\CLSID\{5ED60779-4DE2-4E07-B862-974CA4FF2E9C}]
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000_Classes\Wow6432Node\CLSID\{ec54fdeb-273c-4168-93c3-88ab0471fe90}]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Duklando · #7 Příspěvek od **Duklando** » 14 led 2013 16:11

Dobrý deň. Toto je výpis z Combofixu. Vďaka.

ComboFix 13-01-13.01 - Juraj Cordas . 01. 2013 15:48:53.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1033.18.4055.2417 [GMT 1:00]
Running from: c:\users\Juraj Cordas\Desktop\ComboFix.exe
Command switches used :: c:\users\Juraj Cordas\Desktop\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {CB0F8167-5331-BA19-698E-64816B6801A5}
SP: ESET NOD32 Antivirus 4.0 *Enabled/Updated* {706E6083-750B-B597-533E-5FF310EF4B18}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Resident AV is active
.
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2012-12-14 to 2013-01-14 )))))))))))))))))))))))))))))))
.
.
2013-01-14 14:53 . 2013-01-14 14:53 -------- d-----w- c:\users\user\AppData\Local\temp
2013-01-14 14:53 . 2013-01-14 14:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-14 14:53 . 2013-01-14 14:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 14:41 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-13 14:07 . 2012-03-14 04:00 385024 ----a-w- c:\windows\system32\CNMLMAD.DLL
2013-01-11 15:29 . 2013-01-11 15:39 -------- d-----w- c:\program files (x86)\Wise PC Engineer
2013-01-11 13:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B10BFE01-2144-40C6-920E-E56A177B7FBB}\mpengine.dll
2013-01-09 18:03 . 2013-01-09 18:03 -------- d-----w- c:\users\Juraj Cordas\DoctorWeb
2013-01-09 16:31 . 2013-01-09 16:31 -------- d-----w- c:\program files\CCleaner
2013-01-09 15:23 . 2013-01-09 15:23 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\TeamViewer
2013-01-08 22:33 . 2013-01-08 22:33 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-01-08 21:50 . 2013-01-10 23:07 -------- d-----w- c:\program files\Max Registry Cleaner
2013-01-08 21:37 . 2013-01-08 21:50 -------- d-----w- c:\programdata\Max Secure
2013-01-08 21:29 . 2013-01-08 21:29 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\Max Secure Software
2013-01-08 21:16 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-08 21:16 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-08 21:14 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-08 21:14 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-08 16:41 . 2013-01-14 14:44 -------- d-----w- C:\rsit
2013-01-08 16:41 . 2013-01-12 19:56 -------- d-----w- c:\program files\trend micro
2013-01-05 19:06 . 2013-01-10 15:50 -------- d-sh--w- c:\users\Juraj Cordas\Drivers
2013-01-04 15:05 . 2013-01-04 15:05 -------- d-----w- c:\program files (x86)\Total Video Player
2013-01-04 14:50 . 2013-01-04 14:50 -------- d-----w- c:\programdata\CanonIJ
2013-01-03 19:40 . 2013-01-03 19:40 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Theta
2013-01-03 19:15 . 2012-11-20 22:32 3123272 ------w- c:\windows\SysWow64\pbsvc.exe
2013-01-02 15:12 . 2013-01-02 15:12 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Avery
2013-01-02 15:09 . 2013-01-02 15:09 -------- d-----w- c:\programdata\Avery
2013-01-02 15:09 . 2013-01-02 15:09 -------- d-----w- c:\program files (x86)\Avery Dennison
2013-01-02 15:03 . 2013-01-02 15:03 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Popisovac
2013-01-02 15:03 . 2013-01-02 15:03 -------- d-----w- c:\program files (x86)\Popisovač CD-DVD 4
2012-12-29 12:34 . 2012-12-29 12:37 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\Canon Easy-PhotoPrint EX
2012-12-29 12:22 . 2012-12-29 12:22 -------- d-----w- c:\program files\Canon
2012-12-26 13:48 . 2009-12-15 17:25 487424 ----a-w- c:\windows\SysWow64\msvcp70.dll
2012-12-26 13:48 . 2009-12-15 17:25 344064 ----a-w- c:\windows\SysWow64\msvcr70.dll
2012-12-26 13:48 . 2012-12-26 13:48 -------- d-----w- c:\program files (x86)\SureThing CD Labeler 5
2012-12-26 13:11 . 2013-01-11 22:02 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\DownTango
2012-12-26 13:10 . 2012-12-26 13:10 -------- d-----w- c:\program files (x86)\Red Sky
2012-12-26 12:31 . 2013-01-10 15:36 -------- d-----w- c:\program files (x86)\AVG Secure Search
2012-12-26 11:47 . 2012-12-26 13:48 -------- d-----w- c:\users\Juraj Cordas\AppData\Local\MicroVision Applications
2012-12-26 11:46 . 2012-12-26 13:48 -------- d-----w- c:\program files (x86)\Common Files\SureThing Shared
2012-12-26 11:46 . 2012-12-26 11:46 -------- d-----w- c:\windows\MVUNINST
2012-12-26 11:46 . 1996-08-24 10:11 289552 ----a-w- c:\windows\SysWow64\temp.001
2012-12-26 11:46 . 1993-10-14 16:51 28672 ----a-w- c:\windows\SysWow64\temp.000
2012-12-25 17:05 . 2012-12-25 19:36 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-12-25 17:05 . 2012-12-25 17:05 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-12-24 18:02 . 2012-12-24 18:02 -------- d-----w- c:\program files (x86)\GotClip
2012-12-22 19:12 . 2012-12-22 19:12 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\Vtools
2012-12-22 19:12 . 2012-12-23 14:15 -------- d-----w- c:\program files (x86)\Vtools
2012-12-22 19:10 . 2012-12-22 19:10 -------- d-----w- c:\users\Juraj Cordas\AppData\Roaming\IObit
2012-12-22 14:54 . 2012-12-22 14:54 -------- d-----w- C:\Games
2012-12-22 08:20 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 08:20 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-22 08:20 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 08:20 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-18 19:08 . 2012-12-18 19:08 209112 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\nppdf32.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-08 21:35 . 2012-01-17 16:09 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 20:31 . 2012-06-26 13:56 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-08 20:31 . 2012-01-17 19:22 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-05 17:27 . 2012-03-07 20:37 189248 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2013-01-05 17:27 . 2012-03-07 20:37 75136 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-10 16:52 . 2012-12-10 16:52 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-30 04:45 . 2013-01-08 21:15 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-22 00:43 . 2012-11-21 13:02 165112 ----a-w- c:\windows\system32\drivers\idmwfp.sys
2012-11-12 15:53 . 2012-11-12 15:53 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-11-12 15:53 . 2012-11-12 15:53 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-09 05:45 . 2012-12-12 14:57 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 14:57 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-02 05:59 . 2012-12-12 14:57 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 14:57 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2013-01-10 15:36 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2013-01-10 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IDMan"="c:\program files (x86)\Internet Download Manager\IDMan.exe" [2012-11-27 3487128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdatePDRShortCut"="c:\program files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-12-03 218408]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AVerQuick.lnk - c:\program files (x86)\Common Files\AVerMedia\AVerQuick\AVerQuick.exe [2012-9-19 651264]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"wave9"=wdmaud.drv
.
R1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 anvsnddrv;AnvSoft Virtual Sound Device;c:\windows\system32\drivers\anvsnddrv.sys [2011-11-28 33872]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-20 20992]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 tsusbhub;tsusbhub;tsusbhub [x]
R4 AVerRemote;AVerRemote;c:\program files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe [2009-09-22 348160]
R4 AVerScheduleService;AVerScheduleService;c:\program files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe [2009-10-09 389120]
R4 AVerUpdateServer;AVerUpdateServer;c:\program files (x86)\AVerMedia\AVerUpdate\AVerUpdateServer.exe [2009-09-30 169984]
R4 SnugTV Service;SnugTV Service;c:\program files (x86)\SnugTV\SnugTV Station\AMAServer.exe [2009-11-26 464384]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-12-10 30568]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2009-03-19 134024]
S2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2009-03-19 731840]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2009-03-19 121152]
S2 IDMWFP;IDMWFP;c:\windows\system32\DRIVERS\idmwfp.sys [2012-11-22 165112]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S3 AVerPola;AVerMedia USB Polaris Series Capture Service;c:\windows\system32\DRIVERS\AVerPola.sys [2010-10-07 532864]
S3 AVPolCIR;AVerMedia USB Polaris Series Custom IR Service;c:\windows\system32\DRIVERS\AVPolCIR.sys [2010-10-07 50688]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-01-29 283200]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [2012-01-20 82816]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-08-21 239616]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-11 15:14 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-13 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-26 20:31]
.
2013-01-13 c:\windows\Tasks\Wise PC Engineer Schedule Task.job
- c:\program files (x86)\Wise PC Engineer\ScheduleManager.exe [2013-01-11 20:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\IDM Shell Extension]
@="{CDC95B92-E27C-4745-A8C5-64A52A78855D}"
[HKEY_CLASSES_ROOT\CLSID\{CDC95B92-E27C-4745-A8C5-64A52A78855D}]
2012-11-15 23:07 23496 ----a-w- c:\program files (x86)\Internet Download Manager\IDMShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2009-03-19 2692008]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
uInternet Settings,ProxyOverride = <local>
IE: Stiahnuť s IDM - c:\program files (x86)\Internet Download Manager\IEExt.htm
IE: Stiahnuť s IDM všetky prepojenia - c:\program files (x86)\Internet Download Manager\IEGetAll.htm
TCP: DhcpNameServer = 195.34.133.21 212.186.211.21
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000\Software\Trolltech\OrganizationDefaults\Qt Factory Cache 4.7\com.trolltech.Qt.QImageIOHandlerFactoryInterface:\c:\Program Files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"qgif4.dll"=multi:"2011-10-10T17:42\00gif\00\00"
"qico4.dll"=multi:"2011-10-10T17:42\00ico\00\00"
"qjpeg4.dll"=multi:"2011-10-10T17:42\00jpeg\00jpg\00\00"
.
[HKEY_USERS\S-1-5-21-2897896145-2411329342-784474909-1000\Software\Trolltech\OrganizationDefaults\Qt Plugin Cache 4.7.false\c:\program files (x86)\B*a*t*t*l*e*f*i*e*l*d* *3*"!\Core\imageformats]
"Microsoft.VC80.CRT.manifest"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"msvcr80.dll"=multi:"0\001\00unknown\002011-10-10T17:42\00\00"
"qgif4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qico4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
"qjpeg4.dll"=multi:"40703\000\00Windows msvc release full-config QT_NO_DRAGANDDROP\002011-10-10T17:42\00\00"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Canon\IJPLM\IJPLMSVC.EXE
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2013-01-14 15:57:16 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-14 14:57
ComboFix2.txt 2013-01-13 10:51
.
Pre-Run: 796 337 442 816 bytes free
Post-Run: 796 144 377 856 bytes free
.
- - End Of File - - 62009C1BA50FCBB31024DA2F30BF8232

#8 Příspěvek od **Rudy** » 14 led 2013 18:21

Log již vypadá čistý.

VIRY.CZ

variant infiltrácie MSIL/Packed.Confuser.B

variant infiltrácie MSIL/Packed.Confuser.B

Re: variant infiltrácie MSIL/Packed.Confuser.B

Re: variant infiltrácie MSIL/Packed.Confuser.B

Re: variant infiltrácie MSIL/Packed.Confuser.B

Re: variant infiltrácie MSIL/Packed.Confuser.B

Re: variant infiltrácie MSIL/Packed.Confuser.B

Re: variant infiltrácie MSIL/Packed.Confuser.B

Re: variant infiltrácie MSIL/Packed.Confuser.B