Zdravim..
Nanestastie sa zaradujem do radu ludi, ktori tento virus nestastnou nahodou chytili a nevedia si ziadnej rady.
Pre popis - eset s najnovsou aktualizaciou po hlbkovej kontrole PC nenasiel nic okrem instalaciek, ktore povazoval za skodne (instalacka cpu-z a pod).
PC bol nanestastie nakazeny pocas prace pod admin uctom, vdaka comu momentalne nie je mozne akymkolvek sposobom lognut na administratorsky ucet. V pripade prihlasovania v safe modu / safe modu se sitou pc automaticky restartuje, nech to skusim kolkokrat chcem, do safe modu s prikazovym riadkom som neliezol, bez nejakej navigacie by som bol v podstate strateny a nevedel, co tam vlastne hladat; pocas lognutia v normalnom rezime hned po prihlaseni nabehne biela obrazovka, ktora sa objavila aj pri infikovani (akurat uz bez zadneho textu/obrazkov) - antivir nijak nezasahuje, len raz akoby bielu obrazovku killnul a namiesto nej nasadil ciere pozadie bez akejkolvek dalsej reakcie (znova bola jedinou cestou von hard reset).
SKusal som sa pozriet, ci zlozka Startup neobsahuje nejake nove neziaduce odkazy - tiez naprazdno.
"pred nakazou" bol na pc mrkvosoftacky antivirak, pak pokus o zmenu na eset - rozdiel ziadny.
Log z RSIT som bol teda schopny prilozit len zo (nateraz zdanlivo) neinfikovanym uctom s obmedzenzmi pravami:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Szepsiék at 2013-05-18 11:12:57
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 3 GB (1%) free of 461 GB
Total RAM: 3948 MB (57% free)
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
"C:\Program Files\Sandboxie\SbieSvc.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Launch Manager\dsiwmis.exe"
"C:\Program Files (x86)\Launch Manager\LMutilps32.exe" --system-level-mutex="Local\{B904A927-FE6B-48fd-8C83-6B807BED1F9C}"
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Acer\Registration\GREGsvc.exe"
"C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe"
"C:\Program Files\Acer\Acer Updater\UpdaterService.exe"
"C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
"C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\Winstep\WsxService"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
adb fork-server server
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe"
"C:\Program Files\Wamon\wamon.exe" /daemon
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
C:\Windows\system32\igfxext.exe -Embedding
"C:\Program Files (x86)\Launch Manager\LManager.exe"
C:\Windows\system32\wbem\unsecapp.exe -Embedding
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" /s
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe"
"C:\Program Files (x86)\Launch Manager\LMworker.exe"
"C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe"
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
"C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe2_ Global\UsGthrCtrlFltPipeMssGthrPipe2 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{3EB3C877-1F16-487C-9050-104DBCD66683}
"C:\Program Files\trend micro\Szepsiék.exe" /silentautolog
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\host\Downloads\RSITx64.exe"
C:\Windows\system32\DllHost.exe /Processid:{F9717507-6651-4EDB-BFF7-AE615179BCCF}
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\At1.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3994876036-146924776-3017831812-1001Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3994876036-146924776-3017831812-1001UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Szepsiék\AppData\Roaming\Mozilla\Firefox\Profiles\dgl6yc6j.default
prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "keyword.URL" - "https://www.google.com/search?q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\PROGRAM FILES (X86)\FOXIT SOFTWARE\FOXIT READER\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0]
"Description"=Picasa3 plugin
"Path"=C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.2]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0]
"Description"=WildTangent Games App V2 Presence Detector Plugin
"Path"=C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\5\NP_wtapp.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.202 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.1]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.4]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
babylon.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Szepsiék\AppData\Roaming\Mozilla\Firefox\Profiles\dgl6yc6j.default\extensions\
en-gb@flyingtophat.co.uk
ffxtlbr@babylon.com
hu@dictionaries.addons.mozilla.org
sk@dictionaries.addons.mozilla.org
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{11f349ad-067f-4254-8341-d7af23eecd99}
{3d7eb24f-2740-49df-8937-200b1cc08f8a}
{6AC85730-7D0F-4de0-B3FA-21142DD85326}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-08-31 537576]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 529280]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype add-on for Internet Explorer - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2013-04-15 6305912]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-08-31 193512]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4a99-B4B6-146BF802613B}]
Babylon toolbar helper
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-04 462752]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-29 441216]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2013-04-15 4529272]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{98889811-442D-49dd-99D7-DC866BE87DBC}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-05-09 168216]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-05-09 391960]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-05-09 419096]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-10-08 2392360]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-06-09 11860072]
"Power Management"=C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [2011-08-02 1831016]
"Windows Activity Monitor"=C:\Program Files\Wamon\wamon.exe [2012-02-20 258560]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-03-21 6330568]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RSSGuard"= []
"Steam"=C:\Program Files (x86)\Steam\steam.exe [2013-05-10 1636776]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-02-28 18642024]
"ScreenCloud"=C:\Program Files (x86)\ScreenCloud\ScreenCloud.exe [2012-11-25 5706469]
"Rainlendar2"=C:\Program Files\Rainlendar2\Rainlendar2.exe [2012-07-24 3931136]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BackupManagerTray]
C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe [2011-04-24 297280]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NetWorx]
C:\Program Files\NetWorx\networx.exe [2012-11-21 4770192]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Szepsiék^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Dropbox.lnk]
C:\Users\SZEPSI~1\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-03-12 29106336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Szepsiék^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
C:\Program Files (x86)\Stardock\ObjectDockFree\ObjectDock.exe []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"LManager"=C:\Program Files (x86)\Launch Manager\LManager.exe [2011-03-14 1081424]
"VirtualCloneDrive"=C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [2011-03-07 89456]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
C:\Users\Szepsiék\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Szepsiék\AppData\Roaming\Dropbox\bin\Dropbox.exe
speedfan.lnk - C:\Program Files (x86)\SpeedFan\speedfan.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-03-25 385024]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MCODS]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.ini - open -
.js - edit -
.js - open -
.txt - open -
.vbs - edit -
.vbs - open -
======List of files/folders created in the last 1 month======
2013-05-18 11:04:52 ----D---- C:\Program Files\trend micro
2013-05-18 11:04:51 ----D---- C:\rsit
2013-05-18 10:34:04 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-05-18 10:34:04 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-05-18 10:34:04 ----A---- C:\Windows\SYSWOW64\java.exe
2013-05-18 10:12:47 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-05-18 10:12:47 ----A---- C:\Windows\system32\ieui.dll
2013-05-18 10:12:46 ----A---- C:\Windows\system32\ie4uinit.exe
2013-05-18 10:12:45 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-05-18 10:12:45 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-05-18 10:12:45 ----A---- C:\Windows\system32\iesetup.dll
2013-05-18 10:12:45 ----A---- C:\Windows\system32\iernonce.dll
2013-05-18 10:12:44 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-05-18 10:12:44 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-05-18 10:12:44 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-05-18 10:12:44 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-05-18 10:12:44 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-05-18 10:12:44 ----A---- C:\Windows\system32\msfeeds.dll
2013-05-18 10:12:44 ----A---- C:\Windows\system32\iesysprep.dll
2013-05-18 10:12:43 ----A---- C:\Windows\system32\iertutil.dll
2013-05-18 10:12:42 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-05-18 10:12:42 ----A---- C:\Windows\system32\urlmon.dll
2013-05-18 10:12:41 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-05-18 10:12:41 ----A---- C:\Windows\system32\jscript.dll
2013-05-18 10:12:39 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-05-18 10:12:39 ----A---- C:\Windows\system32\jscript9.dll
2013-05-18 10:12:38 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-05-18 10:12:38 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-05-18 10:12:38 ----A---- C:\Windows\system32\jsproxy.dll
2013-05-18 10:12:37 ----A---- C:\Windows\system32\wininet.dll
2013-05-18 10:12:35 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-05-18 10:12:32 ----A---- C:\Windows\system32\mshtml.dll
2013-05-18 10:12:29 ----A---- C:\Windows\system32\ieframe.dll
2013-05-18 10:12:27 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-05-18 10:00:53 ----D---- C:\ProgramData\ESET
2013-05-18 10:00:53 ----D---- C:\Program Files\ESET
2013-05-18 05:07:30 ----D---- C:\ESET
2013-05-18 04:28:53 ----D---- C:\Program Files (x86)\ESET
2013-05-18 04:17:50 ----A---- C:\Windows\ntbtlog.txt
2013-05-18 04:08:01 ----A---- C:\Users\Szepsiék\AppData\Roaming\skype.ini
2013-05-15 20:04:00 ----A---- C:\Windows\system32\drivers\dxgmms1.sys
2013-05-15 20:04:00 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-05-15 20:04:00 ----A---- C:\Windows\system32\cdd.dll
2013-05-15 20:03:47 ----A---- C:\Windows\system32\shell32.dll
2013-05-15 20:03:46 ----A---- C:\Windows\SYSWOW64\shell32.dll
2013-05-15 20:03:46 ----A---- C:\Windows\system32\shdocvw.dll
2013-05-15 20:03:46 ----A---- C:\Windows\system32\authui.dll
2013-05-15 20:03:45 ----A---- C:\Windows\system32\consent.exe
2013-05-15 20:03:44 ----A---- C:\Windows\SYSWOW64\shdocvw.dll
2013-05-15 20:03:44 ----A---- C:\Windows\SYSWOW64\authui.dll
2013-05-15 20:03:43 ----A---- C:\Windows\system32\appinfo.dll
2013-05-15 20:03:25 ----A---- C:\Windows\system32\wwansvc.dll
2013-05-15 20:03:25 ----A---- C:\Windows\system32\wwanprotdim.dll
2013-05-15 20:03:23 ----A---- C:\Windows\system32\win32k.sys
2013-04-26 02:31:49 ----D---- C:\Program Files (x86)\mIRC
2013-04-23 21:03:10 ----A---- C:\Windows\system32\drivers\ntfs.sys
2013-04-21 21:21:24 ----D---- C:\Program Files (x86)\OpenAL
2013-04-21 21:21:24 ----A---- C:\Windows\system32\wrap_oal.dll
2013-04-21 21:21:24 ----A---- C:\Windows\system32\OpenAL32.dll
2013-04-21 21:21:23 ----A---- C:\Windows\SYSWOW64\wrap_oal.dll
2013-04-21 21:21:23 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2013-04-20 21:52:54 ----D---- C:\Users\Szepsiék\AppData\Roaming\mIRC
2013-04-20 21:49:43 ----D---- C:\Users\Szepsiék\AppData\Roaming\quassel-irc.org
======List of files/folders modified in the last 1 month======
2013-05-18 11:13:03 ----D---- C:\ProgramData\wam
2013-05-18 11:12:59 ----D---- C:\Windows\Temp
2013-05-18 11:08:38 ----D---- C:\Windows\Microsoft.NET
2013-05-18 11:08:33 ----RSD---- C:\Windows\assembly
2013-05-18 11:06:45 ----D---- C:\Windows\System32
2013-05-18 11:06:45 ----D---- C:\Windows\inf
2013-05-18 11:06:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-05-18 11:04:52 ----RD---- C:\Program Files
2013-05-18 11:03:12 ----A---- C:\Windows\SYSWOW64\log.txt
2013-05-18 10:57:41 ----D---- C:\Windows\winsxs
2013-05-18 10:56:38 ----D---- C:\Windows\system32\config
2013-05-18 10:54:53 ----D---- C:\Windows\system32\drivers
2013-05-18 10:54:53 ----D---- C:\Windows\AppPatch
2013-05-18 10:54:52 ----D---- C:\Windows\SYSWOW64\en-US
2013-05-18 10:54:52 ----D---- C:\Windows\SysWOW64
2013-05-18 10:54:52 ----D---- C:\Windows\system32\en-US
2013-05-18 10:54:52 ----D---- C:\Program Files\Internet Explorer
2013-05-18 10:54:52 ----D---- C:\Program Files (x86)\Internet Explorer
2013-05-18 10:34:21 ----SHD---- C:\Windows\Installer
2013-05-18 10:34:20 ----D---- C:\Program Files (x86)\Common Files
2013-05-18 10:34:04 ----D---- C:\Program Files (x86)\Java
2013-05-18 10:22:47 ----A---- C:\Windows\system32\MRT.exe
2013-05-18 10:13:32 ----D---- C:\Windows\system32\catroot
2013-05-18 10:13:26 ----D---- C:\Windows\system32\catroot2
2013-05-18 10:11:47 ----SHD---- C:\System Volume Information
2013-05-18 10:10:40 ----RD---- C:\Program Files (x86)
2013-05-18 10:02:05 ----D---- C:\Windows\system32\DriverStore
2013-05-18 10:00:53 ----HD---- C:\ProgramData
2013-05-18 09:56:47 ----D---- C:\Windows\Prefetch
2013-05-18 04:17:50 ----D---- C:\Windows
2013-05-18 03:53:23 ----D---- C:\Users\Szepsiék\AppData\Roaming\Skype
2013-05-18 02:06:57 ----D---- C:\Program Files (x86)\Steam
2013-05-18 00:46:32 ----D---- C:\Users\Szepsiék\AppData\Roaming\Mp3tag
2013-05-18 00:17:43 ----D---- C:\Users\Szepsiék\AppData\Roaming\vlc
2013-05-18 00:02:11 ----D---- C:\Users\Szepsiék\AppData\Roaming\uTorrent
2013-05-18 00:00:02 ----D---- C:\Program Files (x86)\SpeedFan
2013-05-17 23:03:39 ----D---- C:\Users\Szepsiék\AppData\Roaming\Dropbox
2013-05-17 21:06:50 ----D---- C:\Users\Szepsiék\AppData\Roaming\GitHub
2013-05-15 23:04:00 ----D---- C:\repos
2013-05-15 12:25:31 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
2013-05-14 22:53:37 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-05-11 20:32:33 ----D---- C:\eclipse
2013-05-11 20:32:11 ----D---- C:\Program Files (x86)\uTorrent
2013-05-11 20:31:38 ----D---- C:\install
2013-05-10 17:27:36 ----D---- C:\ProgramData\Adobe
2013-05-10 17:08:37 ----D---- C:\Users\Szepsiék\AppData\Roaming\Rainmeter
2013-05-10 16:22:49 ----D---- C:\Windows\system32\NDF
2013-05-08 14:05:02 ----D---- C:\Media
2013-05-06 18:15:20 ----D---- C:\Program Files (x86)\RSSOwl
2013-05-04 00:17:47 ----D---- C:\Windows\Logs
2013-05-02 17:29:56 ----N---- C:\Windows\system32\MpSigStub.exe
2013-05-01 11:30:33 ----D---- C:\Python27
2013-04-29 18:53:42 ----D---- C:\ProgramData\Skype
2013-04-29 18:53:34 ----RD---- C:\Program Files (x86)\Skype
2013-04-24 22:51:03 ----D---- C:\Program Files (x86)\Google
2013-04-24 21:41:08 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-04-23 16:02:24 ----D---- C:\Program Files (x86)\Red Alert 2 Yuri's Revenge
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\drivers\iaStor.sys [2010-09-14 437272]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 speedfan;speedfan; C:\Windows\SysWOW64\speedfan.sys [2012-12-29 28664]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-09-27 560184]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
R1 ElbyCDIO;ElbyCDIO Driver; C:\Windows\System32\Drivers\ElbyCDIO.sys [2010-12-17 40816]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2013-01-10 190232]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-03-25 12262336]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-06-14 2899176]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\Windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\Windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-10-19 56344]
R3 NTIDrvr;NTIDrvr; \??\C:\Windows\system32\drivers\NTIDrvr.sys [2011-09-20 18432]
R3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver; C:\Windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-12-16 202632]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2010-10-08 1395248]
R3 UBHelper;UBHelper; \??\C:\Windows\system32\drivers\UBHelper.sys [2011-09-20 17408]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
R3 VClone;VClone; C:\Windows\system32\DRIVERS\VClone.sys [2011-01-15 36352]
S1 SBRE;SBRE; \??\C:\Windows\system32\drivers\SBREdrv.sys []
S3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
S3 BthEnum;Bluetooth Enumerator Service; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-09-21 80384]
S3 EagleX64;EagleX64; \??\C:\Windows\system32\drivers\EagleX64.sys []
S3 ESLvnic1;ESLvnic Virtual Network 64 Bit; C:\Windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 HTCAND64;HTC Device Driver; C:\Windows\System32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 19456]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 Ser2pl;Prolific Serial port WDFdriver; C:\Windows\system32\DRIVERS\ser2pl64.sys [2011-10-07 152064]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 DsiWMIService;Dritek WMI Service; C:\Program Files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
R2 ePowerSvc;ePower Service; C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
R2 GREGService;GREGService; C:\Program Files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
R2 HTCMonitorService;HTCMonitorService; C:\Program Files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
R2 Live Updater Service;Live Updater Service; C:\Program Files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2011-02-01 326168]
R2 NTI IScheduleSvc;NTI IScheduleSvc; C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-06-02 75064]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-12-16 123664]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 UNS;Intel(R) Management and Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
R2 Winstep Xtreme Service;Winstep Xtreme Service; C:\Program Files (x86)\Winstep\WsxService []
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-14 256904]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-11-24 655624]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service; C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
S3 GamesAppService;GamesAppService; C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 136176]
S3 gusvc;Google Updater Service; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-05-10 136120]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-04-12 115608]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2012-03-05 3953632]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-05-10 543656]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S3 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-29 2292096]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vir policia svk/cr
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Ve dnech 5.9. - 7.9.2025 budou někteří z nás na každoročním srazu teamu našeho fóra. V této době se může stát, že budete o něco déle čekat na naší odezvu. Děkujeme a omlouváme se.
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Ve dnech 5.9. - 7.9.2025 budou někteří z nás na každoročním srazu teamu našeho fóra. V této době se může stát, že budete o něco déle čekat na naší odezvu. Děkujeme a omlouváme se.
-
Rudy
- Site Admin
- Příspěvky: 119488
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vir policia svk/cr
Zdravím!
Dejte log ComboFix:
Dejte log ComboFix:
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe
pote spustte aplikaci pod uctem s administratorskym opravnenim
hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.
v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se
jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine
aplikace ani nic jineho
behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)
upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,
pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k
nezadoucim kolizim s rezidentem antispyware
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vir policia svk/cr
pc stale odmieta nastartovat pod administratorskym uctom v normal i safe modu. Bude postacovat, ak bude combofix spusteny pod "Run as administrator" z obmedzeneho uctu?
-
Rudy
- Site Admin
- Příspěvky: 119488
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vir policia svk/cr
To asi ne. Pokud se dostanete do admin účtu, změňte dočasně ten omezený na admin a spusťte CF až pak.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vir policia svk/cr
prava zmenene, cf spusteny..
ComboFix 13-05-16.02 - host . 05. 2013 12:35:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3948.2504 [GMT 2:00]
Running from: c:\users\host\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\ouch\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\ouch\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\SysWow64\C_0037.NLS
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 10:56 . 2013-05-18 10:56 -------- d-----w- c:\users\Szepsiék\AppData\Local\temp
2013-05-18 10:56 . 2013-05-18 10:56 -------- d-----w- c:\users\ouch\AppData\Local\temp
2013-05-18 10:56 . 2013-05-18 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 09:23 . 2013-05-18 10:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84B8BE0-D2FF-4C0C-B2F6-CBE49C086208}\offreg.dll
2013-05-18 09:04 . 2013-05-18 09:12 -------- d-----w- c:\program files\trend micro
2013-05-18 09:04 . 2013-05-18 09:13 -------- d-----w- C:\rsit
2013-05-18 08:34 . 2013-05-18 08:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-18 08:34 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 08:00 . 2013-05-18 08:00 -------- d-----w- c:\program files\ESET
2013-05-18 03:07 . 2013-05-18 03:07 -------- d-----w- C:\ESET
2013-05-18 02:41 . 2013-05-18 02:41 -------- d-----w- c:\users\host\AppData\Local\Apps
2013-05-18 02:28 . 2013-05-18 02:28 -------- d-----w- c:\program files (x86)\ESET
2013-05-15 18:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 18:03 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 18:03 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 18:03 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:03 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:03 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 18:03 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 18:03 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 18:03 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 18:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-29 16:53 . 2013-04-29 16:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-26 00:31 . 2013-04-26 00:31 -------- d-----w- c:\program files (x86)\mIRC
2013-04-23 19:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:21 . 2013-04-21 19:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-21 19:21 . 2013-04-21 19:21 -------- d-----w- c:\program files (x86)\OpenAL
2013-04-21 19:21 . 2013-04-21 19:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-04-20 19:52 . 2013-04-26 00:36 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\mIRC
2013-04-20 19:49 . 2013-04-20 19:51 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\quassel-irc.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 08:22 . 2012-02-06 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 20:53 . 2012-04-01 16:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:53 . 2011-10-13 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 20:57 . 2013-04-17 20:57 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-10 03:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 03:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 03:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 03:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 03:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 03:29 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-17 15:03 . 2013-03-17 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-17 15:03 . 2013-03-17 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-17 15:03 . 2013-03-17 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-17 15:03 . 2013-03-17 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-17 15:03 . 2013-03-17 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-17 15:03 . 2013-03-17 15:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-17 15:03 . 2013-03-17 15:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-17 15:03 . 2013-03-17 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-17 15:03 . 2013-03-17 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-17 15:03 . 2013-03-17 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-17 15:03 . 2013-03-17 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-17 15:03 . 2013-03-17 15:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-17 15:03 . 2013-03-17 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-17 15:03 . 2013-03-17 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-17 15:03 . 2013-03-17 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-17 15:03 . 2013-03-17 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-17 15:03 . 2013-03-17 15:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-17 15:03 . 2013-03-17 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-09 23:34 . 2012-08-23 11:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 23:34 . 2012-08-23 11:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\StartMenuIcon.exe
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\DesktopIcon.exe
2012-01-24 11:50 . 2012-04-30 02:51 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:53]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"Windows Activity Monitor"="c:\program files\Wamon\wamon.exe" [2012-02-20 258560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.4
FF - ProfilePath - c:\users\host\AppData\Roaming\Mozilla\Firefox\Profiles\4rf8h3e2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-18 13:02:29
ComboFix-quarantined-files.txt 2013-05-18 11:02
.
Pre-Run: 7 190 192 128 bytes free
Post-Run: 8 523 845 632 bytes free
.
- - End Of File - - 3022E52088370FFD5ACEDFA2A3F2F3AB
ComboFix 13-05-16.02 - host . 05. 2013 12:35:23.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3948.2504 [GMT 2:00]
Running from: c:\users\host\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\users\ouch\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\ouch\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
c:\windows\SysWow64\C_0037.NLS
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 10:56 . 2013-05-18 10:56 -------- d-----w- c:\users\Szepsiék\AppData\Local\temp
2013-05-18 10:56 . 2013-05-18 10:56 -------- d-----w- c:\users\ouch\AppData\Local\temp
2013-05-18 10:56 . 2013-05-18 10:56 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 09:23 . 2013-05-18 10:27 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C84B8BE0-D2FF-4C0C-B2F6-CBE49C086208}\offreg.dll
2013-05-18 09:04 . 2013-05-18 09:12 -------- d-----w- c:\program files\trend micro
2013-05-18 09:04 . 2013-05-18 09:13 -------- d-----w- C:\rsit
2013-05-18 08:34 . 2013-05-18 08:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-18 08:34 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 08:00 . 2013-05-18 08:00 -------- d-----w- c:\program files\ESET
2013-05-18 03:07 . 2013-05-18 03:07 -------- d-----w- C:\ESET
2013-05-18 02:41 . 2013-05-18 02:41 -------- d-----w- c:\users\host\AppData\Local\Apps
2013-05-18 02:28 . 2013-05-18 02:28 -------- d-----w- c:\program files (x86)\ESET
2013-05-15 18:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 18:03 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 18:03 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 18:03 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:03 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:03 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 18:03 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 18:03 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 18:03 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 18:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-29 16:53 . 2013-04-29 16:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-26 00:31 . 2013-04-26 00:31 -------- d-----w- c:\program files (x86)\mIRC
2013-04-23 19:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:21 . 2013-04-21 19:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-21 19:21 . 2013-04-21 19:21 -------- d-----w- c:\program files (x86)\OpenAL
2013-04-21 19:21 . 2013-04-21 19:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-04-20 19:52 . 2013-04-26 00:36 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\mIRC
2013-04-20 19:49 . 2013-04-20 19:51 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\quassel-irc.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 08:22 . 2012-02-06 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 20:53 . 2012-04-01 16:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:53 . 2011-10-13 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 20:57 . 2013-04-17 20:57 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-10 03:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 03:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 03:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 03:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 03:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 03:29 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-17 15:03 . 2013-03-17 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-17 15:03 . 2013-03-17 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-17 15:03 . 2013-03-17 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-17 15:03 . 2013-03-17 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-17 15:03 . 2013-03-17 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-17 15:03 . 2013-03-17 15:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-17 15:03 . 2013-03-17 15:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-17 15:03 . 2013-03-17 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-17 15:03 . 2013-03-17 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-17 15:03 . 2013-03-17 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-17 15:03 . 2013-03-17 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-17 15:03 . 2013-03-17 15:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-17 15:03 . 2013-03-17 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-17 15:03 . 2013-03-17 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-17 15:03 . 2013-03-17 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-17 15:03 . 2013-03-17 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-17 15:03 . 2013-03-17 15:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-17 15:03 . 2013-03-17 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-09 23:34 . 2012-08-23 11:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 23:34 . 2012-08-23 11:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\StartMenuIcon.exe
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\DesktopIcon.exe
2012-01-24 11:50 . 2012-04-30 02:51 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2013-04-15 3289208]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:53]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"Windows Activity Monitor"="c:\program files\Wamon\wamon.exe" [2012-02-20 258560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.4
FF - ProfilePath - c:\users\host\AppData\Roaming\Mozilla\Firefox\Profiles\4rf8h3e2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2013-05-18 13:02:29
ComboFix-quarantined-files.txt 2013-05-18 11:02
.
Pre-Run: 7 190 192 128 bytes free
Post-Run: 8 523 845 632 bytes free
.
- - End Of File - - 3022E52088370FFD5ACEDFA2A3F2F3AB
Re: vir policia svk/cr
Zdravím dnes řeším stejný problém , vir jsem už v PC měl a odstranil jsem jej přes jiný účet pomocí antiviru a po půl roce je zpět ale v nějaké lepší verzi... Zablokoval všechny uživatelské účty a nepustí mě nikam ani v nouzovém režimu . Zkoušel jsem bootovací USB i CD , ale ani to nefunguje PC na něj nereaguje , nevím si rady. Jedná se o XP
Děkuji za jakoukoliv radu , případně jak zachránit data aby bylo možné přemazat hdd
Děkuji za jakoukoliv radu , případně jak zachránit data aby bylo možné přemazat hdd
-
Rudy
- Site Admin
- Příspěvky: 119488
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vir policia svk/cr
2Barko789: Založte si, prosím, vlastní topic. Děkujeme.
2M0nty: Otevřte poznámkový blok a zkopírujte do něj:
2M0nty: Otevřte poznámkový blok a zkopírujte do něj:
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.KillAll::
File::
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"=-
Driver::
Skype C2C Service
RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Reboot::
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vir policia svk/cr
natiahnute, cf zbehlo.. prihlaseny stale/znova pod "potencionalne neinfokovanym uctom", ten povodny som si este netrufol pre istotu..
ComboFix 13-05-16.02 - host . 05. 2013 17:39:03.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3948.2048 [GMT 2:00]
Running from: c:\users\host\Desktop\ComboFix.exe
Command switches used :: c:\users\host\Desktop\CFScript.txt.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 15:54 . 2013-05-18 15:54 -------- d-----w- c:\users\Szepsiék\AppData\Local\temp
2013-05-18 15:54 . 2013-05-18 15:54 -------- d-----w- c:\users\Szepsi‚k\AppData\Local\temp
2013-05-18 15:54 . 2013-05-18 15:54 -------- d-----w- c:\users\ouch\AppData\Local\temp
2013-05-18 09:04 . 2013-05-18 09:12 -------- d-----w- c:\program files\trend micro
2013-05-18 09:04 . 2013-05-18 09:13 -------- d-----w- C:\rsit
2013-05-18 08:34 . 2013-05-18 08:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-18 08:34 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 08:00 . 2013-05-18 08:00 -------- d-----w- c:\program files\ESET
2013-05-18 03:07 . 2013-05-18 03:07 -------- d-----w- C:\ESET
2013-05-18 02:41 . 2013-05-18 02:41 -------- d-----w- c:\users\host\AppData\Local\Apps
2013-05-18 02:28 . 2013-05-18 02:28 -------- d-----w- c:\program files (x86)\ESET
2013-05-15 18:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 18:03 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 18:03 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 18:03 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:03 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:03 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 18:03 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 18:03 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 18:03 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 18:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-29 16:53 . 2013-04-29 16:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-26 00:31 . 2013-04-26 00:31 -------- d-----w- c:\program files (x86)\mIRC
2013-04-23 19:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:21 . 2013-04-21 19:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-21 19:21 . 2013-04-21 19:21 -------- d-----w- c:\program files (x86)\OpenAL
2013-04-21 19:21 . 2013-04-21 19:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-04-20 19:52 . 2013-04-26 00:36 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\mIRC
2013-04-20 19:49 . 2013-04-20 19:51 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\quassel-irc.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 08:22 . 2012-02-06 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 20:53 . 2012-04-01 16:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:53 . 2011-10-13 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 20:57 . 2013-04-17 20:57 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-10 03:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 03:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 03:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 03:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 03:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 03:29 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-17 15:03 . 2013-03-17 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-17 15:03 . 2013-03-17 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-17 15:03 . 2013-03-17 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-17 15:03 . 2013-03-17 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-17 15:03 . 2013-03-17 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-17 15:03 . 2013-03-17 15:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-17 15:03 . 2013-03-17 15:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-17 15:03 . 2013-03-17 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-17 15:03 . 2013-03-17 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-17 15:03 . 2013-03-17 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-17 15:03 . 2013-03-17 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-17 15:03 . 2013-03-17 15:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-17 15:03 . 2013-03-17 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-17 15:03 . 2013-03-17 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-17 15:03 . 2013-03-17 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-17 15:03 . 2013-03-17 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-17 15:03 . 2013-03-17 15:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-17 15:03 . 2013-03-17 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-09 23:34 . 2012-08-23 11:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 23:34 . 2012-08-23 11:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\StartMenuIcon.exe
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\DesktopIcon.exe
2012-01-24 11:50 . 2012-04-30 02:51 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:53]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"Windows Activity Monitor"="c:\program files\Wamon\wamon.exe" [2012-02-20 258560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.4
FF - ProfilePath - c:\users\host\AppData\Roaming\Mozilla\Firefox\Profiles\4rf8h3e2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-05-18 18:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-18 16:03
ComboFix2.txt 2013-05-18 11:02
.
Pre-Run: 8 792 408 064 bytes free
Post-Run: 8 101 371 904 bytes free
.
- - End Of File - - 2C57CA92EAD88A3B85BCF1D5F5345B42
ComboFix 13-05-16.02 - host . 05. 2013 17:39:03.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3948.2048 [GMT 2:00]
Running from: c:\users\host\Desktop\ComboFix.exe
Command switches used :: c:\users\host\Desktop\CFScript.txt.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_Skype C2C Service
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 15:54 . 2013-05-18 15:54 -------- d-----w- c:\users\Szepsiék\AppData\Local\temp
2013-05-18 15:54 . 2013-05-18 15:54 -------- d-----w- c:\users\Szepsi‚k\AppData\Local\temp
2013-05-18 15:54 . 2013-05-18 15:54 -------- d-----w- c:\users\ouch\AppData\Local\temp
2013-05-18 09:04 . 2013-05-18 09:12 -------- d-----w- c:\program files\trend micro
2013-05-18 09:04 . 2013-05-18 09:13 -------- d-----w- C:\rsit
2013-05-18 08:34 . 2013-05-18 08:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-18 08:34 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 08:00 . 2013-05-18 08:00 -------- d-----w- c:\program files\ESET
2013-05-18 03:07 . 2013-05-18 03:07 -------- d-----w- C:\ESET
2013-05-18 02:41 . 2013-05-18 02:41 -------- d-----w- c:\users\host\AppData\Local\Apps
2013-05-18 02:28 . 2013-05-18 02:28 -------- d-----w- c:\program files (x86)\ESET
2013-05-15 18:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 18:03 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 18:03 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 18:03 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:03 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:03 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 18:03 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 18:03 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 18:03 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 18:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-29 16:53 . 2013-04-29 16:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-26 00:31 . 2013-04-26 00:31 -------- d-----w- c:\program files (x86)\mIRC
2013-04-23 19:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:21 . 2013-04-21 19:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-21 19:21 . 2013-04-21 19:21 -------- d-----w- c:\program files (x86)\OpenAL
2013-04-21 19:21 . 2013-04-21 19:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-04-20 19:52 . 2013-04-26 00:36 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\mIRC
2013-04-20 19:49 . 2013-04-20 19:51 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\quassel-irc.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 08:22 . 2012-02-06 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 20:53 . 2012-04-01 16:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:53 . 2011-10-13 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 20:57 . 2013-04-17 20:57 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-10 03:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 03:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 03:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 03:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 03:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 03:29 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-17 15:03 . 2013-03-17 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-17 15:03 . 2013-03-17 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-17 15:03 . 2013-03-17 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-17 15:03 . 2013-03-17 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-17 15:03 . 2013-03-17 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-17 15:03 . 2013-03-17 15:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-17 15:03 . 2013-03-17 15:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-17 15:03 . 2013-03-17 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-17 15:03 . 2013-03-17 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-17 15:03 . 2013-03-17 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-17 15:03 . 2013-03-17 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-17 15:03 . 2013-03-17 15:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-17 15:03 . 2013-03-17 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-17 15:03 . 2013-03-17 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-17 15:03 . 2013-03-17 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-17 15:03 . 2013-03-17 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-17 15:03 . 2013-03-17 15:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-17 15:03 . 2013-03-17 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-09 23:34 . 2012-08-23 11:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 23:34 . 2012-08-23 11:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\StartMenuIcon.exe
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\DesktopIcon.exe
2012-01-24 11:50 . 2012-04-30 02:51 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:53]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"Windows Activity Monitor"="c:\program files\Wamon\wamon.exe" [2012-02-20 258560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.4
FF - ProfilePath - c:\users\host\AppData\Roaming\Mozilla\Firefox\Profiles\4rf8h3e2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-05-18 18:03:58 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-18 16:03
ComboFix2.txt 2013-05-18 11:02
.
Pre-Run: 8 792 408 064 bytes free
Post-Run: 8 101 371 904 bytes free
.
- - End Of File - - 2C57CA92EAD88A3B85BCF1D5F5345B42
-
Rudy
- Site Admin
- Příspěvky: 119488
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vir policia svk/cr
Chybně jste uložil skript. Musí být uložen jako CFScript.txt, nikoli jako CFScript.txt.txt. Uložte správně a znovu spusťte.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vir policia svk/cr
nevsimol som si, ze tam win pridal svoji koncovku.. tak zas:
ComboFix 13-05-16.02 - host . 05. 2013 18:23:03.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3948.2542 [GMT 2:00]
Running from: c:\users\host\Desktop\ComboFix.exe
Command switches used :: c:\users\host\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\Szepsiék\AppData\Local\temp
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\Szepsi‚k\AppData\Local\temp
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\ouch\AppData\Local\temp
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 09:04 . 2013-05-18 09:12 -------- d-----w- c:\program files\trend micro
2013-05-18 09:04 . 2013-05-18 09:13 -------- d-----w- C:\rsit
2013-05-18 08:34 . 2013-05-18 08:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-18 08:34 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 08:00 . 2013-05-18 08:00 -------- d-----w- c:\program files\ESET
2013-05-18 03:07 . 2013-05-18 03:07 -------- d-----w- C:\ESET
2013-05-18 02:41 . 2013-05-18 02:41 -------- d-----w- c:\users\host\AppData\Local\Apps
2013-05-18 02:28 . 2013-05-18 02:28 -------- d-----w- c:\program files (x86)\ESET
2013-05-15 18:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 18:03 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 18:03 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 18:03 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:03 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:03 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 18:03 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 18:03 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 18:03 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 18:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-29 16:53 . 2013-04-29 16:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-26 00:31 . 2013-04-26 00:31 -------- d-----w- c:\program files (x86)\mIRC
2013-04-23 19:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:21 . 2013-04-21 19:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-21 19:21 . 2013-04-21 19:21 -------- d-----w- c:\program files (x86)\OpenAL
2013-04-21 19:21 . 2013-04-21 19:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-04-20 19:52 . 2013-04-26 00:36 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\mIRC
2013-04-20 19:49 . 2013-04-20 19:51 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\quassel-irc.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 08:22 . 2012-02-06 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 20:53 . 2012-04-01 16:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:53 . 2011-10-13 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 20:57 . 2013-04-17 20:57 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-10 03:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 03:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 03:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 03:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 03:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 03:29 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-17 15:03 . 2013-03-17 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-17 15:03 . 2013-03-17 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-17 15:03 . 2013-03-17 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-17 15:03 . 2013-03-17 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-17 15:03 . 2013-03-17 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-17 15:03 . 2013-03-17 15:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-17 15:03 . 2013-03-17 15:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-17 15:03 . 2013-03-17 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-17 15:03 . 2013-03-17 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-17 15:03 . 2013-03-17 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-17 15:03 . 2013-03-17 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-17 15:03 . 2013-03-17 15:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-17 15:03 . 2013-03-17 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-17 15:03 . 2013-03-17 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-17 15:03 . 2013-03-17 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-17 15:03 . 2013-03-17 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-17 15:03 . 2013-03-17 15:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-17 15:03 . 2013-03-17 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-09 23:34 . 2012-08-23 11:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 23:34 . 2012-08-23 11:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\StartMenuIcon.exe
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\DesktopIcon.exe
2012-01-24 11:50 . 2012-04-30 02:51 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:53]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"Windows Activity Monitor"="c:\program files\Wamon\wamon.exe" [2012-02-20 258560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.4
FF - ProfilePath - c:\users\host\AppData\Roaming\Mozilla\Firefox\Profiles\4rf8h3e2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-05-18 18:47:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-18 16:47
ComboFix2.txt 2013-05-18 16:03
ComboFix3.txt 2013-05-18 11:02
.
Pre-Run: 8 195 588 096 bytes free
Post-Run: 8 116 719 616 bytes free
.
- - End Of File - - 671D8C30C0D277EA8195FCB69A795F3E
ComboFix 13-05-16.02 - host . 05. 2013 18:23:03.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1033.18.3948.2542 [GMT 2:00]
Running from: c:\users\host\Desktop\ComboFix.exe
Command switches used :: c:\users\host\Desktop\CFScript.txt
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk
c:\users\host\AppData\Roaming\Microsoft\Network\Connections\Pbk\_hiddenPbk\rasphone.pbk
.
.
((((((((((((((((((((((((( Files Created from 2013-04-18 to 2013-05-18 )))))))))))))))))))))))))))))))
.
.
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\Szepsiék\AppData\Local\temp
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\Szepsi‚k\AppData\Local\temp
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\ouch\AppData\Local\temp
2013-05-18 16:39 . 2013-05-18 16:39 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-05-18 09:04 . 2013-05-18 09:12 -------- d-----w- c:\program files\trend micro
2013-05-18 09:04 . 2013-05-18 09:13 -------- d-----w- C:\rsit
2013-05-18 08:34 . 2013-05-18 08:34 -------- d-----w- c:\program files (x86)\Common Files\Java
2013-05-18 08:34 . 2013-04-04 03:35 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-05-18 08:00 . 2013-05-18 08:00 -------- d-----w- c:\program files\ESET
2013-05-18 03:07 . 2013-05-18 03:07 -------- d-----w- C:\ESET
2013-05-18 02:41 . 2013-05-18 02:41 -------- d-----w- c:\users\host\AppData\Local\Apps
2013-05-18 02:28 . 2013-05-18 02:28 -------- d-----w- c:\program files (x86)\ESET
2013-05-15 18:04 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-05-15 18:04 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-05-15 18:04 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-05-15 18:03 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-05-15 18:03 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-05-15 18:03 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-05-15 18:03 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-05-15 18:03 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-05-15 18:03 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-05-15 18:03 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-05-15 18:03 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-05-15 18:03 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-04-29 16:53 . 2013-04-29 16:53 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-04-26 00:31 . 2013-04-26 00:31 -------- d-----w- c:\program files (x86)\mIRC
2013-04-23 19:03 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-21 19:21 . 2013-04-21 19:21 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2013-04-21 19:21 . 2013-04-21 19:21 -------- d-----w- c:\program files (x86)\OpenAL
2013-04-21 19:21 . 2013-04-21 19:21 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2013-04-21 19:21 . 2013-04-21 19:21 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2013-04-20 19:52 . 2013-04-26 00:36 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\mIRC
2013-04-20 19:49 . 2013-04-20 19:51 -------- d-----w- c:\users\Szepsiék\AppData\Roaming\quassel-irc.org
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 08:22 . 2012-02-06 08:44 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-14 20:53 . 2012-04-01 16:48 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-14 20:53 . 2011-10-13 13:51 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 15:29 . 2010-11-21 03:27 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-17 20:57 . 2013-04-17 20:57 163504 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10144.bin
2013-04-13 05:49 . 2013-05-15 18:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-15 18:03 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-15 18:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-15 18:03 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-15 18:03 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-02 14:09 . 2013-04-02 14:09 4550656 ----a-w- c:\windows\SysWow64\GPhotos.scr
2013-03-19 06:04 . 2013-04-10 03:29 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-03-19 05:46 . 2013-04-10 03:29 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-03-19 05:04 . 2013-04-10 03:29 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-03-19 05:04 . 2013-04-10 03:29 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-03-19 04:47 . 2013-04-10 03:29 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-03-19 03:06 . 2013-04-10 03:29 112640 ----a-w- c:\windows\system32\smss.exe
2013-03-17 15:03 . 2013-03-17 15:03 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-17 15:03 . 2013-03-17 15:03 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-03-17 15:03 . 2013-03-17 15:03 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-03-17 15:03 . 2013-03-17 15:03 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 81408 ----a-w- c:\windows\system32\icardie.dll
2013-03-17 15:03 . 2013-03-17 15:03 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-03-17 15:03 . 2013-03-17 15:03 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-03-17 15:03 . 2013-03-17 15:03 441856 ----a-w- c:\windows\system32\html.iec
2013-03-17 15:03 . 2013-03-17 15:03 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-03-17 15:03 . 2013-03-17 15:03 216064 ----a-w- c:\windows\system32\msls31.dll
2013-03-17 15:03 . 2013-03-17 15:03 197120 ----a-w- c:\windows\system32\msrating.dll
2013-03-17 15:03 . 2013-03-17 15:03 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-03-17 15:03 . 2013-03-17 15:03 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-03-17 15:03 . 2013-03-17 15:03 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-03-17 15:03 . 2013-03-17 15:03 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-03-17 15:03 . 2013-03-17 15:03 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-03-17 15:03 . 2013-03-17 15:03 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-03-17 15:03 . 2013-03-17 15:03 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-03-17 15:03 . 2013-03-17 15:03 235008 ----a-w- c:\windows\system32\url.dll
2013-03-17 15:03 . 2013-03-17 15:03 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-03-17 15:03 . 2013-03-17 15:03 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-03-17 15:03 . 2013-03-17 15:03 144896 ----a-w- c:\windows\system32\wextract.exe
2013-03-17 15:03 . 2013-03-17 15:03 102912 ----a-w- c:\windows\system32\inseng.dll
2013-03-17 15:03 . 2013-03-17 15:03 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-03-17 15:03 . 2013-03-17 15:03 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-03-17 15:03 . 2013-03-17 15:03 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-03-17 15:03 . 2013-03-17 15:03 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-03-17 15:03 . 2013-03-17 15:03 149504 ----a-w- c:\windows\system32\occache.dll
2013-03-17 15:03 . 2013-03-17 15:03 13824 ----a-w- c:\windows\system32\mshta.exe
2013-03-17 15:03 . 2013-03-17 15:03 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-03-17 15:03 . 2013-03-17 15:03 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-03-17 15:03 . 2013-03-17 15:03 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-03-17 15:03 . 2013-03-17 15:03 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-03-17 15:03 . 2013-03-17 15:03 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-03-17 15:03 . 2013-03-17 15:03 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-03-09 23:34 . 2012-08-23 11:27 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-03-09 23:34 . 2012-08-23 11:27 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\StartMenuIcon.exe
2013-03-04 19:00 . 2013-03-04 19:00 5706469 ----a-r- c:\users\Szepsiék\AppData\Roaming\Microsoft\Installer\{C19F31A6-7BB5-4796-9890-09E3F11CC0BB}\DesktopIcon.exe
2012-01-24 11:50 . 2012-04-30 02:51 168864 ----a-w- c:\program files\Common Files\WireHelpSvc.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2011-03-14 1081424]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"IsMyWinLockerReboot"="msiexec.exe" [2010-11-21 73216]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R1 SBRE;SBRE;c:\windows\system32\drivers\SBREdrv.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2011-01-14 74840]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 ESLvnic1;ESLvnic Virtual Network 64 Bit;c:\windows\system32\DRIVERS\ESLvnic.sys [2012-01-24 25528]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2011-12-09 135584]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2012-02-04 1255736]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-02-14 58416]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-02-14 213416]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-01-10 150616]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-01-10 59440]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2011-03-14 352336]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2013-03-21 1341664]
S2 ePowerSvc;ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2011-08-02 872552]
S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2011-05-30 36456]
S2 HTCMonitorService;HTCMonitorService;c:\program files (x86)\HTC\HTC Sync Manager\HSMServiceEntry.exe [2013-01-29 87368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-14 13336]
S2 Live Updater Service;Live Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2012-04-05 255376]
S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe [2011-04-24 256832]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-12-07 167424]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-02-01 2656280]
S2 Winstep Xtreme Service;Winstep Xtreme Service;c:\program files (x86)\Winstep\WsxService [x]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2011-04-20 169584]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2011-01-04 1109096]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-11 01:42 1642448 ----a-w- c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-05-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 20:53]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
2013-05-18 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-01 16:14]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-05-09 168216]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-05-09 391960]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-05-09 419096]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-06-09 11860072]
"Power Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2011-08-02 1831016]
"Windows Activity Monitor"="c:\program files\Wamon\wamon.exe" [2012-02-20 258560]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-03-21 6330568]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://acer.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
TCP: DhcpNameServer = 192.168.2.4
FF - ProfilePath - c:\users\host\AppData\Roaming\Mozilla\Firefox\Profiles\4rf8h3e2.default\
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{FB314ED9-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDA-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDB-A251-47B7-93E1-CDD82E34AF8B} - (no file)
ShellIconOverlayIdentifiers-{FB314EDC-A251-47B7-93E1-CDD82E34AF8B} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Winstep Xtreme Service]
"ImagePath"="c:\program files (x86)\Winstep\WsxService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Launch Manager\LMutilps32.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Winstep\WsxService.exe
c:\program files (x86)\HTC\HTC Sync Manager\HTC Sync\adb.exe
c:\program files (x86)\Launch Manager\LMworker.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Completion time: 2013-05-18 18:47:41 - machine was rebooted
ComboFix-quarantined-files.txt 2013-05-18 16:47
ComboFix2.txt 2013-05-18 16:03
ComboFix3.txt 2013-05-18 11:02
.
Pre-Run: 8 195 588 096 bytes free
Post-Run: 8 116 719 616 bytes free
.
- - End Of File - - 671D8C30C0D277EA8195FCB69A795F3E
-
Rudy
- Site Admin
- Příspěvky: 119488
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vir policia svk/cr
Už je to OK. Nastala nějaká změna?
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vir policia svk/cr
tak uspesne lognuto, par minut po spusteni beznych programov (ktore bezali aj v case infikovania) sa stale nic nezrutilo, vypada to uz v pohode 
mal by som pre istotu este nechat zbehnut nejaku kontrolu antivirom / inym programom?
mal by som pre istotu este nechat zbehnut nejaku kontrolu antivirom / inym programom?
-
Rudy
- Site Admin
- Příspěvky: 119488
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vir policia svk/cr
Test antivirem můžete provést, ale "policejní" vir je už pryč.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Re: vir policia svk/cr
diki, hlboka poklona za pomoc, rovnako ako pred rokom - radost na toto forum prist, cloveku sa tu dostane rychlejsia pomoc ako na niektorych supportoch
este drobnost, uz nie velmi suvisiaca s "policajtmi".. sice cistim viac menej tyzdenne registre / zbytocne subory ccleanerom, na uninstall neziadaneho bloatwaru som sa este nedal (lenivost sa s tym babrat)... bude systemu skodit, kdyz povyhadzuju vsechen predinstalovanej "acer" software?
este drobnost, uz nie velmi suvisiaca s "policajtmi".. sice cistim viac menej tyzdenne registre / zbytocne subory ccleanerom, na uninstall neziadaneho bloatwaru som sa este nedal (lenivost sa s tym babrat)... bude systemu skodit, kdyz povyhadzuju vsechen predinstalovanej "acer" software?
a mikrosoftacke balicky, ktore sa nainstalovali neviemkedy a podla mojich znalosti ich nijaky mnou bezne pouzivany program nepouziva?Acer Backup Manager-->C:\Program Files (x86)\InstallShield Installation Information\{0B61BBD5-DA3C-409A-8730-0C3DC3B0F270}\setup.exe -runfromtemp -l0x0409
Acer Crystal Eye Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{A0382E3C-7384-429A-9BFA-AF5888E5A193}\Setup.exe" /z-uninstall
Acer Crystal Eye Webcam-->"C:\Program Files (x86)\InstallShield Installation Information\{A0382E3C-7384-429A-9BFA-AF5888E5A193}\Setup.exe" /z-uninstall
Acer ePower Management-->"C:\Program Files (x86)\InstallShield Installation Information\{3DB0448D-AD82-4923-B305-D001E521A964}\setup.exe" -runfromtemp -l0x409 -removeonly
Acer eRecovery Management-->"C:\Program Files (x86)\InstallShield Installation Information\{7F811A54-5A09-4579-90E1-C93498E230D9}\setup.exe" -runfromtemp -l0x409 -removeonly
Acer Games-->"C:\Program Files (x86)\Acer Games\Uninstall.exe"
Acer Registration-->C:\Program Files (x86)\Acer\Registration\Uninstall.exe
Acer ScreenSaver-->C:\Program Files (x86)\Acer\Screensaver\Uninstall.exe
Acer Updater-->"C:\Program Files (x86)\InstallShield Installation Information\{EE171732-BEB4-4576-887D-CB62727F01CA}\setup.exe" -runfromtemp -l0x001b -removeonly
/zoznam vytiahnuty cez ccleaner/Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{837b34e3-7c30-493c-8f6a-2b0f04e2912c}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161-->MsiExec.exe /X{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022-->MsiExec.exe /X{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
..
Ovládací prvek ActiveX platformy Windows Live Mesh pro vzdálená připojení-->MsiExec.exe /I{B6190387-0036-4BEB-8D74-A0AFC5F14706}
Ovládací prvok ActiveX programu Windows Live Mesh pre vzdialené pripojenia-->MsiExec.exe /I{C2FD7DB5-FE30-49B6-8A2F-C5652E053C31}
-
Rudy
- Site Admin
- Příspěvky: 119488
- Registrován: 30 říj 2003 13:42
- Bydliště: Plzeň
- Kontaktovat uživatele:
Re: vir policia svk/cr
Ty Acerovské klidně vyhoďte, ale ty C++ bych ponechal, některé programy je potřebují ke své funkci.
Dotazy a logy vkládejte pouze do vašich threadů. Soukromé zprávy, icq a e-maily neslouží k řešení vašich problémů.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Podpořte, prosím, naše fórum : https://platba.viry.cz/payment/.
Navštivte:
e-mail: rudy(zavináč)forum.viry.cz
Varování: Před odvirováním PC si udělejte zálohy svých důležitých dat (pošta, kontakty, dokumenty, fotografie, videa, hudba apod.). Virus mimo svých "viditelných" aktivit může poškodit systém!
Po dořešení vašeho problému bude vlákno zamknuto. Stejně tak tehdy, pokud bude nečinné více než 14dnů. Pokud budete chtít vlákno aktivovat, napište mi na mail uvedený výše.
Přispějete na provoz fóra?