ahojte
mam problem s trojanom avast stale hlasi trojana ale ked dam scanovat pc tak nenajde nic dost blbne pc ked si pozrem napr video na YT tak windovs hlasi problem s vga a potom zblbne cele video resp obraz zvuk funguje alebo aj ked nieje spustene ziadne video tak preblikne obrazovka do cierna a nabehne spet potom opet win hlasi problem s vga
neviem ci sa naozaj jedna o vir/trojan alebo si to len avast mysli
tu je log s Rsit :
Logfile of random's system information tool 1.09 (written by random/random)
Run by admin at 2013-06-19 07:20:58
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 81 GB (53%) free of 153 GB
Total RAM: 2047 MB (10% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:21:06, on 19. 6. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16576)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Program Files\AVAST Software\Avast Business\AvastUI.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Users\admin\Desktop\RSIT.exe
C:\Program Files (x86)\trend micro\admin.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 10.10.11.2:8080
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Microsoft - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast Business\avastUI.exe" /nogui
O4 - HKLM\..\Run: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [Eaton Systray Launcher] "C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe" -systray
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [CCBoot] C:\CCBoot\CCBoot.exe -mini
O4 - HKCU\..\Run: [SkyDrive] "C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [SP TimeSync] "C:\Program Files (x86)\SP TimeSync 2.4\SP TimeSync.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [tsiVideo] C:\Windows\SysWOW64\rundll32.exe C:\Users\admin\AppData\Local\Temp\\tsiVi032.dll,start
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-2323929210-2214759298-3638803407-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2323929210-2214759298-3638803407-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: MagicDisc.lnk = C:\Program Files (x86)\MagicDisc\MagicDisc.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\Office15\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~2\MIF5BA~1\Office15\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} (ZTransferX Control) - https://www.sec-lps.com/slps_oz30/ozvie ... nsferX.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/pub/s ... wflash.cab
O18 - Protocol: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
O23 - Service: avast! Net Client Service - AVAST Software - C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
O23 - Service: CCBoot - Youngzsoft - C:\CCBoot\CCBoot.exe
O23 - Service: DCScheduler - Unknown owner - C:\Program Files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdlerSRVC.exe
O23 - Service: Eaton Intelligent Power Manager (Eaton IntelligentPowerManager) - Unknown owner - C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: File Backup Agent (FBAgent) - Farstone Technology Inc. - C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: DCNTranProc (Tran_Process_Proc) - Unknown owner - C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe
O23 - Service: VMware Workstation Server (VMwareHostd) - Unknown owner - C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: VNC Server Version 4 (WinVNC4) - TigerVNC Project - C:\Program Files (x86)\TigerVNC\winvnc4.exe
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12777 bytes
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default
"wrc@avast.com"=C:\Program Files\AVAST Software\Avast Business\WebRep\FF
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.7.700.224 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.6]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-04-04 462752]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll [2012-07-04 1003744]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Microsoft - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2013-05-17 704704]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-04-04 171424]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll [2012-07-04 1003744]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast Business\avastUI.exe [2012-07-04 4251328]
"ST7501"= []
"vmware-tray"=C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [2011-08-22 103536]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"Eaton Systray Launcher"=C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe [2013-05-03 4688400]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"=C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-30 138096]
"CCBoot"=C:\CCBoot\CCBoot.exe [2011-07-23 1691648]
"SkyDrive"=C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe [2013-06-04 257136]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2013-04-16 19662744]
"SP TimeSync"=C:\Program Files (x86)\SP TimeSync 2.4\SP TimeSync.exe [2010-02-07 94720]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03 19604072]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1475584]
"tsiVideo"=C:\Users\admin\AppData\Local\Temp\\tsiVi032.dll [2013-06-13 1482752]
C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
MagicDisc.lnk - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-06-19 07:20:59 ----D---- C:\Program Files (x86)\trend micro
2013-06-19 07:20:58 ----D---- C:\rsit
2013-06-18 14:16:07 ----A---- C:\AdwCleaner[S2].txt
2013-06-18 14:11:24 ----A---- C:\AdwCleaner[S1].txt
2013-06-18 14:11:07 ----A---- C:\AdwCleaner[R2].txt
2013-06-18 14:09:27 ----A---- C:\AdwCleaner[R1].txt
2013-06-17 10:11:22 ----A---- C:\Windows\SysWOW64\nvwgf2um.dll
2013-06-17 10:11:22 ----A---- C:\Windows\SysWOW64\nvumdshim.dll
2013-06-17 10:11:22 ----A---- C:\Windows\SysWOW64\nvopencl.dll
2013-06-17 10:11:22 ----A---- C:\Windows\SysWOW64\nvoglv32.dll
2013-06-17 10:11:22 ----A---- C:\Windows\SysWOW64\nvoglshim32.dll
2013-06-17 10:11:21 ----A---- C:\Windows\SysWOW64\nvinit.dll
2013-06-17 10:11:21 ----A---- C:\Windows\SysWOW64\NvIFR.dll
2013-06-17 10:11:20 ----A---- C:\Windows\SysWOW64\NvFBC.dll
2013-06-17 10:11:20 ----A---- C:\Windows\SysWOW64\nvcuvid.dll
2013-06-17 10:11:19 ----A---- C:\Windows\SysWOW64\nvcuvenc.dll
2013-06-17 10:11:19 ----A---- C:\Windows\SysWOW64\nvcuda.dll
2013-06-17 10:11:19 ----A---- C:\Windows\SysWOW64\nvcompiler.dll
2013-06-17 10:11:18 ----A---- C:\Windows\SysWOW64\nvapi.dll
2013-06-12 10:01:30 ----A---- C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-10 06:59:25 ----HD---- C:\SkyDriveTemp
2013-06-07 09:38:06 ----D---- C:\Program Files (x86)\GD Software
2013-06-05 08:59:19 ----D---- C:\Program Files (x86)\Advanced IP Scanner v2
2013-06-05 07:03:04 ----A---- C:\Windows\SysWOW64\ieui.dll
2013-06-05 07:02:58 ----A---- C:\Windows\SysWOW64\iesetup.dll
2013-06-05 07:02:58 ----A---- C:\Windows\SysWOW64\iernonce.dll
2013-06-05 07:02:57 ----A---- C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-05 07:02:57 ----A---- C:\Windows\SysWOW64\iesysprep.dll
2013-06-05 07:02:56 ----A---- C:\Windows\SysWOW64\msfeeds.dll
2013-06-05 07:02:54 ----A---- C:\Windows\SysWOW64\iertutil.dll
2013-06-05 07:02:51 ----A---- C:\Windows\SysWOW64\urlmon.dll
2013-06-05 07:02:49 ----A---- C:\Windows\SysWOW64\jscript.dll
2013-06-05 07:02:47 ----A---- C:\Windows\SysWOW64\jscript9.dll
2013-06-05 07:02:43 ----A---- C:\Windows\SysWOW64\jsproxy.dll
2013-06-05 07:02:42 ----A---- C:\Windows\SysWOW64\wininet.dll
2013-06-05 07:02:36 ----A---- C:\Windows\SysWOW64\mshtml.dll
2013-06-05 07:02:26 ----A---- C:\Windows\SysWOW64\ieframe.dll
2013-06-05 07:00:07 ----A---- C:\Windows\SysWOW64\mstscax.dll
2013-06-05 07:00:02 ----A---- C:\Windows\SysWOW64\aaclient.dll
2013-06-05 06:59:58 ----A---- C:\Windows\SysWOW64\tsgqec.dll
2013-06-05 06:59:28 ----A---- C:\Windows\SysWOW64\shell32.dll
2013-06-05 06:59:27 ----A---- C:\Windows\SysWOW64\authui.dll
2013-06-05 06:59:26 ----A---- C:\Windows\SysWOW64\shdocvw.dll
2013-06-05 06:55:53 ----A---- C:\Windows\SysWOW64\ntoskrnl.exe
2013-06-05 06:55:53 ----A---- C:\Windows\SysWOW64\ntkrnlpa.exe
2013-06-05 06:55:47 ----A---- C:\Windows\SysWOW64\apisetschema.dll
2013-06-03 13:54:53 ----D---- C:\Users\admin\AppData\Roaming\GHISLER
2013-06-03 13:54:53 ----D---- C:\totalcmd
2013-06-03 08:20:14 ----D---- C:\Program Files (x86)\Common Files\Skype
2013-05-27 07:13:57 ----D---- C:\Program Files (x86)\TeamViewer
2013-05-22 07:42:59 ----D---- C:\Program Files (x86)\Mozilla Firefox
======List of files/folders modified in the last 1 month======
2013-06-19 07:21:06 ----D---- C:\Windows\Temp
2013-06-19 07:20:59 ----RD---- C:\Program Files (x86)
2013-06-19 07:15:52 ----D---- C:\Users\admin\AppData\Roaming\Skype
2013-06-19 07:15:15 ----D---- C:\CCBoot
2013-06-19 07:14:31 ----D---- C:\ProgramData\VMware
2013-06-19 07:10:44 ----D---- C:\Users\admin\AppData\Roaming\uTorrent
2013-06-19 07:10:44 ----D---- C:\ProgramData\NVIDIA
2013-06-18 14:28:00 ----SHD---- C:\System Volume Information
2013-06-17 10:23:29 ----D---- C:\Windows
2013-06-17 10:20:46 ----D---- C:\ProgramData\NVIDIA Corporation
2013-06-17 10:20:00 ----D---- C:\Windows\inf
2013-06-17 10:19:40 ----D---- C:\Windows\SysWOW64
2013-06-17 10:19:40 ----D---- C:\Windows\System32
2013-06-17 10:18:11 ----RSD---- C:\Windows\assembly
2013-06-17 10:17:21 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-06-17 08:39:56 ----D---- C:\www
2013-06-14 08:01:08 ----D---- C:\Windows\Panther
2013-06-14 08:01:07 ----D---- C:\Windows\debug
2013-06-14 08:00:42 ----HD---- C:\ProgramData
2013-06-14 08:00:42 ----D---- C:\Program Files (x86)\Common Files
2013-06-14 07:06:09 ----D---- C:\Windows\LiveKernelReports
2013-06-13 15:24:37 ----D---- C:\Users\admin\AppData\Roaming\NVIDIA
2013-06-13 06:52:19 ----SHD---- C:\Windows\Installer
2013-06-13 06:52:19 ----D---- C:\ProgramData\Skype
2013-06-13 06:52:14 ----RD---- C:\Program Files (x86)\Skype
2013-06-12 10:01:38 ----A---- C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-06 12:06:03 ----D---- C:\Users\admin\AppData\Roaming\vlc
2013-06-05 15:54:38 ----D---- C:\Windows\rescache
2013-06-05 12:37:40 ----D---- C:\Windows\Microsoft.NET
2013-06-05 09:54:18 ----D---- C:\Windows\winsxs
2013-06-05 09:47:50 ----D---- C:\Windows\SysWOW64\sk-SK
2013-06-05 09:47:50 ----D---- C:\Windows\AppPatch
2013-06-05 09:47:49 ----D---- C:\Program Files (x86)\Internet Explorer
2013-06-03 08:20:56 ----D---- C:\Program Files (x86)\Windows Live
2013-05-27 07:14:04 ----RSD---- C:\Windows\Fonts
2013-05-27 06:48:19 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-05-22 12:41:43 ----D---- C:\Users\admin\AppData\Roaming\MySQL
2013-05-20 06:59:14 ----D---- C:\Program Files (x86)\Mozilla Thunderbird
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 dcsnap;dcsnap; C:\Windows\SysWOW64\drivers\dcsnap.sys []
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys []
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys []
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys []
R1 aswKbd;aswKbd; C:\Windows\SysWOW64\drivers\aswKbd.sys []
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys []
R1 aswSnx;aswSnx; C:\Windows\SysWOW64\drivers\aswSnx.sys []
R1 aswSP;aswSP; C:\Windows\SysWOW64\drivers\aswSP.sys []
R1 aswTdi;avast! Network Shield Support; C:\Windows\SysWOW64\drivers\aswTdi.sys []
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys []
R2 aswFsBlk;aswFsBlk; C:\Windows\SysWOW64\drivers\aswFsBlk.sys []
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys []
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys []
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys []
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys []
R2 VMparport;VMware VMparport; \??\C:\Windows\system32\drivers\VMparport.sys []
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\drivers\vmx86.sys []
R2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared); C:\Windows\SysWOW64\drivers\vstor2-mntapi10-shared.sys [2011-07-08 33392]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys []
R3 mcdbus;Driver for MagicISO SCSI Host Controller; C:\Windows\system32\DRIVERS\mcdbus.sys [2009-02-24 255552]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys []
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver; C:\Windows\system32\DRIVERS\Rtnic64.sys []
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys []
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys []
R3 WSDPrintDevice;WSD Print Support via UMB; C:\Windows\system32\DRIVERS\WSDPrint.sys []
S3 FARMNTIO;FARMNTIO; \??\c:\windows\system32\drivers\farmntio.sys []
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys []
S3 honeywell_enum;honeywell_enum; C:\Windows\system32\DRIVERS\honeywell_enum_21617.sys []
S3 libusb0;USB Kernel Driver; C:\Windows\system32\DRIVERS\libusb0.sys []
S3 NTIOLib_1_0_4;NTIOLib_1_0_4; \??\C:\Program Files (x86)\MSI\Live Update 5\NTIOLib_X64.sys []
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys []
S3 Ser2pl;Prolific Serial port WDF driver; C:\Windows\system32\DRIVERS\ser2pl64.sys []
S3 SliceDisk5;SliceDisk5; \??\C:\Users\admin\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys []
S3 SNP2STD;AnMo DinoLite Plus and Pro; C:\Windows\system32\DRIVERS\snp2sxp.sys [2008-02-13 12067328]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys []
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys []
S3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys []
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys []
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys []
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys []
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [2012-07-04 44808]
R2 avast! Net Client Service;avast! Net Client Service; C:\Program Files\AVAST Software\Avast Business\AvastNet.exe [2012-07-04 200344]
R2 CCBoot;CCBoot; C:\CCBoot\CCBoot.exe [2011-07-23 1691648]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 Eaton IntelligentPowerManager;Eaton Intelligent Power Manager; C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe [2013-05-03 4688400]
R2 FBAgent;File Backup Agent; C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe [2010-01-11 86016]
R2 MBAMService;MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-04-04 701512]
R2 MBAMScheduler;MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-04-04 418376]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe []
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
R2 OfficeSvc;Služba balíka Microsoft Office; C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-04-19 1872568]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 157720]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R2 TeamViewer8;TeamViewer 8; C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-04-23 3574624]
R2 Tran_Process_Proc;DCNTranProc; C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe [2009-11-26 77824]
R2 VMAuthdService;VMware Authorization Service; C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe [2011-08-22 79872]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2011-08-22 354416]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-08-21 846448]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2011-08-22 432752]
R2 WinVNC4;VNC Server Version 4; C:\Program Files (x86)\TigerVNC\winvnc4.exe [2012-03-09 5578105]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 DCScheduler;DCScheduler; C:\Program Files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdlerSRVC.exe [2009-11-26 104976]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 116648]
S2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 57617752]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-06-12 256904]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-09-12 1512448]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 116648]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-05-22 117144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2013-02-25 150600]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2013-02-22 5132888]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 VMwareHostd;VMware Workstation Server; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-08-22 11837440]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe []
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-22 61976]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2008-07-29 4737024]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
BitCoinMiner-CA a blbne grafika
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
black_angel1
- Návštěvník
- Příspěvky: 90
- Registrován: 23 led 2013 14:56
BitCoinMiner-CA a blbne grafika
- Přílohy
-
- warning od avastu
- trojan.jpg (42.27 KiB) Zobrazeno 2245 x
Naposledy upravil(a) vyosek dne 19 čer 2013 07:42, celkem upraveno 1 x.
Důvod: log odstranen z code - nedavejte jej do nej!!!
Důvod: log odstranen z code - nedavejte jej do nej!!!
Re: BitCoinMiner-CA a blbne grafika
Zdravim 
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
Stahnete RKill http://download.bleepingcomputer.com/grinler/rkill.com
- Pokud ho havet blokuje, pouzijte jeden z nasledujicich - i ty prejmenovane
Rkill EXE:
http://download.bleepingcomputer.com/grinler/rkill.exe
Rkill iExplore.exe:
http://download.bleepingcomputer.com/gr ... xplore.exe
Rkill uSeRiNiT.exe:
http://download.bleepingcomputer.com/gr ... eRiNiT.exe
Rkill WiNlOgOn.exe:
http://download.bleepingcomputer.com/gr ... NlOgOn.exe - Ulozte nejlepena plochu a ukoncete vsechny aplikace (jinak to udela RKill za Vas)
- Spustte tradicne dvojklikem - program probehne do par sekund a ukonci i svou cinnost
- RKill ukonci vsechny ne-systemove procesy - tedy i procesy, pod kterymi bezi havet
- Na plose vznikne log Rkill.txt ten mi sem vlozte
- Ted nerestartujte PC - prisli byste o ucinek RKillu
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
black_angel1
- Návštěvník
- Příspěvky: 90
- Registrován: 23 led 2013 14:56
Re: BitCoinMiner-CA a blbne grafika
Rkill 2.5.3 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/19/2013 09:02:08 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\admin\Desktop\rkill\rkill-06-19-2013-09-02-49.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 06/19/2013 09:04:57 AM
Execution time: 0 hours(s), 2 minute(s), and 49 seconds(s)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html
Program started at: 06/19/2013 09:02:08 AM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1
Checking for Windows services to stop:
* No malware services found to stop.
Checking for processes to terminate:
* No malware processes found to kill.
Checking Registry for malware related settings:
* Explorer Policy Removed: NoActiveDesktopChanges [HKLM]
Backup Registry file created at:
C:\Users\admin\Desktop\rkill\rkill-06-19-2013-09-02-49.reg
Resetting .EXE, .COM, & .BAT associations in the Windows Registry.
Performing miscellaneous checks:
* Windows Firewall Disabled
[HKLM\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = dword:00000000
Checking Windows Service Integrity:
* No issues found.
Searching for Missing Digital Signatures:
* No issues found.
Checking HOSTS File:
* No issues found.
Program finished at: 06/19/2013 09:04:57 AM
Execution time: 0 hours(s), 2 minute(s), and 49 seconds(s)
Naposledy upravil(a) vyosek dne 19 čer 2013 08:06, celkem upraveno 1 x.
Důvod: log odstranen z code - nedavejte jej do nej!!!
Důvod: log odstranen z code - nedavejte jej do nej!!!
Re: BitCoinMiner-CA a blbne grafika
Pockam si na ComboFix
Nedavejte logy do code, uz jsem Vam oba z nej odtranil - blbe se to lusti a boli z toho oci - code slouzi pouze radcum na opravne skripty
Nedavejte logy do code, uz jsem Vam oba z nej odtranil - blbe se to lusti a boli z toho oci - code slouzi pouze radcum na opravne skripty
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
black_angel1
- Návštěvník
- Příspěvky: 90
- Registrován: 23 led 2013 14:56
Re: BitCoinMiner-CA a blbne grafika
sorry za ten code nevsimol som si to
tu je log ale momentalne nedokazem nic spustit pise to hlasku :
"vyskytol sa pokus o nepovolenu operaciu s klucom s databazy registry ktory bol oznaceny na odstranenie"
ComboFix 13-06-18.02 - admin . 06. 2013 9:26.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2047.434 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Temp\_MEI20082\_ctypes.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_elementtree.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_hashlib.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_multiprocessing.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_socket.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_ssl.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\pyexpat.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\pysqlite2._sqlite.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\python27.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\pythoncom27.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\PyWinTypes27.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\select.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\unicodedata.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32api.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32com.shell.shell.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32crypt.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32event.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32file.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32inet.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32pdh.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32process.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32profile.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32security.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32ts.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\windows._cacheinvalidation.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._controls_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._core_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._gdi_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._html2.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._misc_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._windows_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._wizard.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wxbase294u_net_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxbase294u_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_adv_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_core_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_html_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_webview_vc90.dll
c:\users\admin\AppData\Local\Temp\tsiVi032.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\UsbLibrary.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-05-19 to 2013-06-19 )))))))))))))))))))))))))))))))
.
.
2013-06-19 05:20 . 2013-06-19 05:21 -------- d-----w- c:\program files (x86)\trend micro
2013-06-19 05:20 . 2013-06-19 05:21 -------- d-----w- C:\rsit
2013-06-17 08:21 . 2013-06-17 08:21 -------- d-----w- c:\users\admin\AppData\Local\NVIDIA
2013-06-13 01:11 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBF1E71E-1E79-48AF-8020-2E086B3A8D6F}\mpengine.dll
2013-06-12 08:01 . 2013-06-12 08:01 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-10 04:59 . 2013-06-10 04:59 -------- d-----w- C:\SkyDriveTemp
2013-06-07 07:38 . 2013-06-07 07:38 -------- d-----w- c:\program files (x86)\GD Software
2013-06-05 07:34 . 2013-06-13 13:27 4 ----a-w- c:\users\admin\advanced_ip_scanner_MAC.bin
2013-06-05 06:59 . 2013-06-05 06:59 -------- d-----w- c:\program files (x86)\Advanced IP Scanner v2
2013-06-05 05:03 . 2013-04-05 04:43 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-05 05:03 . 2013-04-05 04:29 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 05:03 . 2013-04-05 06:50 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-05 05:03 . 2013-04-05 06:51 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-05 05:03 . 2013-04-05 05:27 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-05 05:03 . 2013-04-05 06:52 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-05 05:03 . 2013-04-05 05:26 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-05 05:03 . 2013-04-05 06:50 356352 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-06-05 05:03 . 2013-04-05 06:50 701952 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-06-05 05:00 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-06-05 05:00 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-06-05 05:00 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-06-05 05:00 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-06-05 04:59 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-06-05 04:59 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-06-05 04:59 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-06-05 04:59 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-06-05 04:59 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-06-05 04:59 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-06-05 04:59 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-06-05 04:59 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-06-05 04:58 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-06-05 04:58 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-06-05 04:58 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-05 04:58 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-05 04:58 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-06-05 04:58 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-06-05 04:58 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-05 04:56 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-06-05 04:55 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-05 04:55 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-06-05 04:55 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-06-05 04:55 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-06-05 04:55 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-05 04:55 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-06-03 12:14 . 2013-06-03 12:14 -------- d-----w- c:\users\admin\AppData\Local\GHISLER
2013-06-03 11:54 . 2013-06-03 11:55 -------- d-----w- C:\totalcmd
2013-06-03 11:54 . 2013-06-03 11:54 -------- d-----w- c:\users\admin\AppData\Roaming\GHISLER
2013-06-03 06:20 . 2013-06-03 06:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-27 05:13 . 2013-05-27 05:13 -------- d-----w- c:\program files (x86)\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 08:01 . 2013-01-29 08:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:01 . 2013-01-29 08:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-20 04:56 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 03:58 . 2013-03-21 08:41 563920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-12 21:42 . 2013-01-29 10:38 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-05-12 21:42 . 2013-01-29 10:38 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-05-12 21:42 . 2012-10-10 20:23 2935696 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2012-10-10 20:23 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2012-10-10 20:23 15910736 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2012-10-10 20:22 12426216 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-05-12 20:34 . 2013-01-29 10:38 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2013-01-29 10:38 6491936 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2013-01-29 10:38 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2013-01-29 10:38 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2013-01-29 10:38 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-12 13:43 . 2013-05-12 13:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-05-08 14:13 . 2013-01-29 10:38 3165737 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-03 14:15 . 2013-01-31 12:04 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-03 06:19 . 2013-05-03 06:19 44448 ----a-w- c:\windows\system32\drivers\libusb0.sys
2013-05-02 00:06 . 2013-01-29 08:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-06-05 04:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-05 04:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-05 04:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-05 04:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-05 04:59 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-05 04:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-05 07:59 . 2013-04-05 07:59 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-05 07:59 . 2013-04-05 07:59 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 07:59 . 2013-04-05 07:59 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-05 07:59 . 2013-04-05 07:59 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-05 07:59 . 2013-04-05 07:59 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 07:59 . 2013-04-05 07:59 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 07:59 . 2013-04-05 07:59 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-05 07:59 . 2013-04-05 07:59 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-05 07:59 . 2013-04-05 07:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-05 07:59 . 2013-04-05 07:59 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-05 07:59 . 2013-04-05 07:59 441856 ----a-w- c:\windows\system32\html.iec
2013-04-05 07:59 . 2013-04-05 07:59 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-05 07:59 . 2013-04-05 07:59 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-05 07:59 . 2013-04-05 07:59 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-05 07:59 . 2013-04-05 07:59 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 07:59 . 2013-04-05 07:59 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-05 07:59 . 2013-04-05 07:59 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-05 07:59 . 2013-04-05 07:59 235008 ----a-w- c:\windows\system32\url.dll
2013-04-05 07:59 . 2013-04-05 07:59 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-05 07:59 . 2013-04-05 07:59 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 07:59 . 2013-04-05 07:59 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 07:59 . 2013-04-05 07:59 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-05 07:59 . 2013-04-05 07:59 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-05 07:59 . 2013-04-05 07:59 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-05 07:59 . 2013-04-05 07:59 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 07:59 . 2013-04-05 07:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-05 07:59 . 2013-04-05 07:59 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-05 07:59 . 2013-04-05 07:59 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-05 07:59 . 2013-04-05 07:59 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-05 07:59 . 2013-04-05 07:59 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-05 07:59 . 2013-04-05 07:59 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-05 07:59 . 2013-04-05 07:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 07:59 . 2013-04-05 07:59 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 07:59 . 2013-04-05 07:59 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-05 07:59 . 2013-04-05 07:59 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 07:59 . 2013-04-05 07:59 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 07:59 . 2013-04-05 07:59 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 07:59 . 2013-04-05 07:59 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-05 07:59 . 2013-04-05 07:59 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 07:59 . 2013-04-05 07:59 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-05 07:59 . 2013-04-05 07:59 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 07:59 . 2013-04-05 07:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 07:59 . 2013-04-05 07:59 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 07:59 . 2013-04-05 07:59 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 07:59 . 2013-04-05 07:59 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-05 07:59 . 2013-04-05 07:59 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 07:59 . 2013-04-05 07:59 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-05 07:59 . 2013-04-05 07:59 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 07:59 . 2013-04-05 07:59 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-05 07:57 . 2013-04-05 07:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-05 07:57 . 2013-04-05 07:57 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-05 07:57 . 2013-04-05 07:57 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-05 07:57 . 2013-04-05 07:57 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-05 07:57 . 2013-04-05 07:57 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-05 07:57 . 2013-04-05 07:57 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-05 07:57 . 2013-04-05 07:57 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-05 07:57 . 2013-04-05 07:57 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-05 07:57 . 2013-04-05 07:57 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 296960 ----a-w- c:\windows\system32\d3d10core.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 05:01 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 05:01 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 05:01 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-30 138096]
"CCBoot"="c:\ccboot\CCBoot.exe" [2011-07-23 1691648]
"SkyDrive"="c:\users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-06-04 257136]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"SP TimeSync"="c:\program files (x86)\SP TimeSync 2.4\SP TimeSync.exe" [2010-02-07 94720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2012-07-04 4251328]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Eaton Systray Launcher"="c:\program files (x86)\Eaton\IntelligentPowerManager\mc2.exe" [2013-05-03 4688400]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-2-6 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DCScheduler;DCScheduler;c:\program files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdlerSRVC.exe;c:\program files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdlerSRVC.exe [x]
R2 FBAgent;File Backup Agent;c:\program files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe;c:\program files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Tran_Process_Proc;DCNTranProc;c:\program files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe;c:\program files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe [x]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys;c:\windows\SYSNATIVE\drivers\farmntio.sys [x]
R3 honeywell_enum;honeywell_enum;c:\windows\system32\DRIVERS\honeywell_enum_21617.sys;c:\windows\SYSNATIVE\DRIVERS\honeywell_enum_21617.sys [x]
R3 libusb0;USB Kernel Driver;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 SliceDisk5;SliceDisk5;c:\users\admin\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys;c:\users\admin\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 dcsnap;dcsnap; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe;c:\program files\AVAST Software\Avast Business\AvastNet.exe [x]
S2 CCBoot;CCBoot;c:\ccboot\CCBoot.exe;c:\ccboot\CCBoot.exe [x]
S2 Eaton IntelligentPowerManager;Eaton Intelligent Power Manager;c:\program files (x86)\Eaton\IntelligentPowerManager\mc2.exe;c:\program files (x86)\Eaton\IntelligentPowerManager\mc2.exe [x]
S2 OfficeSvc;Služba balíka Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 08:01]
.
2013-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-30 07:48]
.
2013-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-30 07:48]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 12:54]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 12:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 05:01 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 05:01 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 05:01 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-17 04:00 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-17 04:00 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-17 04:00 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-04 15:18 135448 ----a-w- c:\program files\AVAST Software\Avast Business\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 10.10.11.2:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office15\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.10.11.1
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxps://www.sec-lps.com/slps_oz30/ozviewer/ZTransferX.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\
FF - prefs.js: network.proxy.http - 221.210.40.150
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-03 07:34; proxyselector@mozilla.org; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\extensions\proxyselector@mozilla.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ST7501 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast Business\AvastSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\TigerVNC\winvnc4.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2013-06-19 10:00:43 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-19 08:00
.
Pre-Run: 84 461 117 440 bytes free
Post-Run: 84 252 954 624 bytes free
.
- - End Of File - - 9A31EF3A9F0CFAC2A81521685DBD6706
A36C5E4F47E84449FF07ED3517B43A31
tu je log ale momentalne nedokazem nic spustit pise to hlasku :
"vyskytol sa pokus o nepovolenu operaciu s klucom s databazy registry ktory bol oznaceny na odstranenie"
ComboFix 13-06-18.02 - admin . 06. 2013 9:26.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2047.434 [GMT 2:00]
Running from: c:\users\admin\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\admin\AppData\Local\Temp\_MEI20082\_ctypes.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_elementtree.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_hashlib.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_multiprocessing.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_socket.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\_ssl.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\pyexpat.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\pysqlite2._sqlite.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\python27.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\pythoncom27.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\PyWinTypes27.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\select.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\unicodedata.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32api.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32com.shell.shell.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32crypt.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32event.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32file.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32inet.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32pdh.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32process.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32profile.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32security.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\win32ts.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\windows._cacheinvalidation.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._controls_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._core_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._gdi_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._html2.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._misc_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._windows_.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wx._wizard.pyd
c:\users\admin\AppData\Local\Temp\_MEI20082\wxbase294u_net_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxbase294u_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_adv_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_core_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_html_vc90.dll
c:\users\admin\AppData\Local\Temp\_MEI20082\wxmsw294u_webview_vc90.dll
c:\users\admin\AppData\Local\Temp\tsiVi032.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\UsbLibrary.dll
.
.
((((((((((((((((((((((((( Files Created from 2013-05-19 to 2013-06-19 )))))))))))))))))))))))))))))))
.
.
2013-06-19 05:20 . 2013-06-19 05:21 -------- d-----w- c:\program files (x86)\trend micro
2013-06-19 05:20 . 2013-06-19 05:21 -------- d-----w- C:\rsit
2013-06-17 08:21 . 2013-06-17 08:21 -------- d-----w- c:\users\admin\AppData\Local\NVIDIA
2013-06-13 01:11 . 2013-05-13 06:37 9460464 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{CBF1E71E-1E79-48AF-8020-2E086B3A8D6F}\mpengine.dll
2013-06-12 08:01 . 2013-06-12 08:01 9089416 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-06-10 04:59 . 2013-06-10 04:59 -------- d-----w- C:\SkyDriveTemp
2013-06-07 07:38 . 2013-06-07 07:38 -------- d-----w- c:\program files (x86)\GD Software
2013-06-05 07:34 . 2013-06-13 13:27 4 ----a-w- c:\users\admin\advanced_ip_scanner_MAC.bin
2013-06-05 06:59 . 2013-06-05 06:59 -------- d-----w- c:\program files (x86)\Advanced IP Scanner v2
2013-06-05 05:03 . 2013-04-05 04:43 2706432 ----a-w- c:\windows\system32\mshtml.tlb
2013-06-05 05:03 . 2013-04-05 04:29 2706432 ----a-w- c:\windows\SysWow64\mshtml.tlb
2013-06-05 05:03 . 2013-04-05 06:50 526336 ----a-w- c:\windows\system32\ieui.dll
2013-06-05 05:03 . 2013-04-05 06:51 278528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-06-05 05:03 . 2013-04-05 05:27 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2013-06-05 05:03 . 2013-04-05 06:52 51712 ----a-w- c:\windows\system32\ie4uinit.exe
2013-06-05 05:03 . 2013-04-05 05:26 257536 ----a-w- c:\program files (x86)\Internet Explorer\ieproxy.dll
2013-06-05 05:03 . 2013-04-05 06:50 356352 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2013-06-05 05:03 . 2013-04-05 06:50 701952 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2013-06-05 05:00 . 2013-02-15 06:06 3717632 ----a-w- c:\windows\system32\mstscax.dll
2013-06-05 05:00 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\SysWow64\mstscax.dll
2013-06-05 05:00 . 2013-02-15 04:34 131584 ----a-w- c:\windows\SysWow64\aaclient.dll
2013-06-05 05:00 . 2013-02-15 06:02 158720 ----a-w- c:\windows\system32\aaclient.dll
2013-06-05 04:59 . 2013-02-15 06:08 44032 ----a-w- c:\windows\system32\tsgqec.dll
2013-06-05 04:59 . 2013-02-15 03:25 36864 ----a-w- c:\windows\SysWow64\tsgqec.dll
2013-06-05 04:59 . 2013-02-27 05:52 14172672 ----a-w- c:\windows\system32\shell32.dll
2013-06-05 04:59 . 2013-02-27 05:48 1930752 ----a-w- c:\windows\system32\authui.dll
2013-06-05 04:59 . 2013-02-27 05:52 197120 ----a-w- c:\windows\system32\shdocvw.dll
2013-06-05 04:59 . 2013-02-27 06:02 111448 ----a-w- c:\windows\system32\consent.exe
2013-06-05 04:59 . 2013-02-27 04:49 1796096 ----a-w- c:\windows\SysWow64\authui.dll
2013-06-05 04:59 . 2013-02-27 05:47 70144 ----a-w- c:\windows\system32\appinfo.dll
2013-06-05 04:58 . 2013-03-19 05:53 48640 ----a-w- c:\windows\system32\wwanprotdim.dll
2013-06-05 04:58 . 2013-03-19 05:53 230400 ----a-w- c:\windows\system32\wwansvc.dll
2013-06-05 04:58 . 2013-04-12 14:45 1656680 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-06-05 04:58 . 2013-04-10 06:01 983400 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2013-06-05 04:58 . 2013-04-10 06:01 265064 ----a-w- c:\windows\system32\drivers\dxgmms1.sys
2013-06-05 04:58 . 2011-02-03 11:25 144384 ----a-w- c:\windows\system32\cdd.dll
2013-06-05 04:58 . 2013-04-10 03:30 3153920 ----a-w- c:\windows\system32\win32k.sys
2013-06-05 04:56 . 2013-01-24 06:01 223752 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-06-05 04:55 . 2013-03-19 06:04 5550424 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-06-05 04:55 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-06-05 04:55 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-06-05 04:55 . 2013-03-19 03:06 112640 ----a-w- c:\windows\system32\smss.exe
2013-06-05 04:55 . 2013-03-19 05:46 43520 ----a-w- c:\windows\system32\csrsrv.dll
2013-06-05 04:55 . 2013-03-19 04:47 6656 ----a-w- c:\windows\SysWow64\apisetschema.dll
2013-06-03 12:14 . 2013-06-03 12:14 -------- d-----w- c:\users\admin\AppData\Local\GHISLER
2013-06-03 11:54 . 2013-06-03 11:55 -------- d-----w- C:\totalcmd
2013-06-03 11:54 . 2013-06-03 11:54 -------- d-----w- c:\users\admin\AppData\Roaming\GHISLER
2013-06-03 06:20 . 2013-06-03 06:20 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-05-27 05:13 . 2013-05-27 05:13 -------- d-----w- c:\program files (x86)\TeamViewer
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-06-12 08:01 . 2013-01-29 08:41 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:01 . 2013-01-29 08:41 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-20 04:56 . 2012-07-17 13:37 22240 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-17 03:58 . 2013-03-21 08:41 563920 ----a-w- c:\programdata\Microsoft\ClickToRun\{9AC08E99-230B-47e8-9721-4577B7F124EA}\integrator.exe
2013-05-12 21:42 . 2013-01-29 10:38 61216 ----a-w- c:\windows\system32\OpenCL.dll
2013-05-12 21:42 . 2013-01-29 10:38 53024 ----a-w- c:\windows\SysWow64\OpenCL.dll
2013-05-12 21:42 . 2012-10-10 20:23 2935696 ----a-w- c:\windows\system32\nvapi64.dll
2013-05-12 21:42 . 2012-10-10 20:23 1059560 ----a-w- c:\windows\system32\nvumdshimx.dll
2013-05-12 21:42 . 2012-10-10 20:23 15910736 ----a-w- c:\windows\system32\nvwgf2umx.dll
2013-05-12 21:42 . 2012-10-10 20:22 12426216 ----a-w- c:\windows\SysWow64\nvd3dum.dll
2013-05-12 20:34 . 2013-01-29 10:38 3514656 ----a-w- c:\windows\system32\nvsvc64.dll
2013-05-12 20:34 . 2013-01-29 10:38 6491936 ----a-w- c:\windows\system32\nvcpl.dll
2013-05-12 20:34 . 2013-01-29 10:38 884512 ----a-w- c:\windows\system32\nvvsvc.exe
2013-05-12 20:34 . 2013-01-29 10:38 63776 ----a-w- c:\windows\system32\nvshext.dll
2013-05-12 20:34 . 2013-01-29 10:38 237856 ----a-w- c:\windows\system32\nvmctray.dll
2013-05-12 13:43 . 2013-05-12 13:43 566048 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2013-05-08 14:13 . 2013-01-29 10:38 3165737 ----a-w- c:\windows\system32\nvcoproc.bin
2013-05-03 14:15 . 2013-01-31 12:04 75016696 ----a-w- c:\windows\system32\MRT.exe
2013-05-03 06:19 . 2013-05-03 06:19 44448 ----a-w- c:\windows\system32\drivers\libusb0.sys
2013-05-02 00:06 . 2013-01-29 08:35 278800 ------w- c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-06-05 04:59 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-06-05 04:59 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-06-05 04:59 308736 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-06-05 04:59 111104 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-06-05 04:59 474624 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-06-05 04:59 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-04-05 07:59 . 2013-04-05 07:59 97280 ----a-w- c:\windows\system32\mshtmled.dll
2013-04-05 07:59 . 2013-04-05 07:59 905728 ----a-w- c:\windows\system32\mshtmlmedia.dll
2013-04-05 07:59 . 2013-04-05 07:59 81408 ----a-w- c:\windows\system32\icardie.dll
2013-04-05 07:59 . 2013-04-05 07:59 762368 ----a-w- c:\windows\system32\ieapfltr.dll
2013-04-05 07:59 . 2013-04-05 07:59 73728 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 07:59 . 2013-04-05 07:59 719360 ----a-w- c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 07:59 . 2013-04-05 07:59 61952 ----a-w- c:\windows\SysWow64\tdc.ocx
2013-04-05 07:59 . 2013-04-05 07:59 523264 ----a-w- c:\windows\SysWow64\vbscript.dll
2013-04-05 07:59 . 2013-04-05 07:59 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2013-04-05 07:59 . 2013-04-05 07:59 452096 ----a-w- c:\windows\system32\dxtmsft.dll
2013-04-05 07:59 . 2013-04-05 07:59 441856 ----a-w- c:\windows\system32\html.iec
2013-04-05 07:59 . 2013-04-05 07:59 38400 ----a-w- c:\windows\SysWow64\imgutil.dll
2013-04-05 07:59 . 2013-04-05 07:59 361984 ----a-w- c:\windows\SysWow64\html.iec
2013-04-05 07:59 . 2013-04-05 07:59 281600 ----a-w- c:\windows\system32\dxtrans.dll
2013-04-05 07:59 . 2013-04-05 07:59 27648 ----a-w- c:\windows\system32\licmgr10.dll
2013-04-05 07:59 . 2013-04-05 07:59 270848 ----a-w- c:\windows\system32\iedkcs32.dll
2013-04-05 07:59 . 2013-04-05 07:59 247296 ----a-w- c:\windows\system32\webcheck.dll
2013-04-05 07:59 . 2013-04-05 07:59 235008 ----a-w- c:\windows\system32\url.dll
2013-04-05 07:59 . 2013-04-05 07:59 23040 ----a-w- c:\windows\SysWow64\licmgr10.dll
2013-04-05 07:59 . 2013-04-05 07:59 226304 ----a-w- c:\windows\system32\elshyph.dll
2013-04-05 07:59 . 2013-04-05 07:59 216064 ----a-w- c:\windows\system32\msls31.dll
2013-04-05 07:59 . 2013-04-05 07:59 197120 ----a-w- c:\windows\system32\msrating.dll
2013-04-05 07:59 . 2013-04-05 07:59 185344 ----a-w- c:\windows\SysWow64\elshyph.dll
2013-04-05 07:59 . 2013-04-05 07:59 158720 ----a-w- c:\windows\SysWow64\msls31.dll
2013-04-05 07:59 . 2013-04-05 07:59 1509376 ----a-w- c:\windows\system32\inetcpl.cpl
2013-04-05 07:59 . 2013-04-05 07:59 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2013-04-05 07:59 . 2013-04-05 07:59 1441280 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2013-04-05 07:59 . 2013-04-05 07:59 1400416 ----a-w- c:\windows\system32\ieapfltr.dat
2013-04-05 07:59 . 2013-04-05 07:59 138752 ----a-w- c:\windows\SysWow64\wextract.exe
2013-04-05 07:59 . 2013-04-05 07:59 137216 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2013-04-05 07:59 . 2013-04-05 07:59 12800 ----a-w- c:\windows\SysWow64\mshta.exe
2013-04-05 07:59 . 2013-04-05 07:59 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 07:59 . 2013-04-05 07:59 1054720 ----a-w- c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 07:59 . 2013-04-05 07:59 102912 ----a-w- c:\windows\system32\inseng.dll
2013-04-05 07:59 . 2013-04-05 07:59 144896 ----a-w- c:\windows\system32\wextract.exe
2013-04-05 07:59 . 2013-04-05 07:59 92160 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 07:59 . 2013-04-05 07:59 77312 ----a-w- c:\windows\system32\tdc.ocx
2013-04-05 07:59 . 2013-04-05 07:59 62976 ----a-w- c:\windows\system32\pngfilt.dll
2013-04-05 07:59 . 2013-04-05 07:59 599552 ----a-w- c:\windows\system32\vbscript.dll
2013-04-05 07:59 . 2013-04-05 07:59 52224 ----a-w- c:\windows\system32\msfeedsbs.dll
2013-04-05 07:59 . 2013-04-05 07:59 51200 ----a-w- c:\windows\system32\imgutil.dll
2013-04-05 07:59 . 2013-04-05 07:59 48640 ----a-w- c:\windows\system32\mshtmler.dll
2013-04-05 07:59 . 2013-04-05 07:59 173568 ----a-w- c:\windows\system32\ieUnatt.exe
2013-04-05 07:59 . 2013-04-05 07:59 167424 ----a-w- c:\windows\system32\iexpress.exe
2013-04-05 07:59 . 2013-04-05 07:59 149504 ----a-w- c:\windows\system32\occache.dll
2013-04-05 07:59 . 2013-04-05 07:59 13824 ----a-w- c:\windows\system32\mshta.exe
2013-04-05 07:59 . 2013-04-05 07:59 136192 ----a-w- c:\windows\system32\iepeers.dll
2013-04-05 07:59 . 2013-04-05 07:59 135680 ----a-w- c:\windows\system32\IEAdvpack.dll
2013-04-05 07:59 . 2013-04-05 07:59 12800 ----a-w- c:\windows\system32\msfeedssync.exe
2013-04-05 07:57 . 2013-04-05 07:57 9728 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 648192 ----a-w- c:\windows\system32\d3d10level9.dll
2013-04-05 07:57 . 2013-04-05 07:57 604160 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 5632 ---ha-w- c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 522752 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2013-04-05 07:57 . 2013-04-05 07:57 465920 ----a-w- c:\windows\system32\WMPhoto.dll
2013-04-05 07:57 . 2013-04-05 07:57 417792 ----a-w- c:\windows\SysWow64\WMPhoto.dll
2013-04-05 07:57 . 2013-04-05 07:57 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 4096 ---ha-w- c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3928064 ----a-w- c:\windows\system32\d2d1.dll
2013-04-05 07:57 . 2013-04-05 07:57 364544 ----a-w- c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-05 07:57 . 2013-04-05 07:57 363008 ----a-w- c:\windows\system32\dxgi.dll
2013-04-05 07:57 . 2013-04-05 07:57 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3584 ---ha-w- c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3419136 ----a-w- c:\windows\SysWow64\d2d1.dll
2013-04-05 07:57 . 2013-04-05 07:57 333312 ----a-w- c:\windows\system32\d3d10_1core.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 3072 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 07:57 . 2013-04-05 07:57 296960 ----a-w- c:\windows\system32\d3d10core.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 05:01 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 05:01 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 05:01 222832 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\SkyDriveShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2013-01-30 138096]
"CCBoot"="c:\ccboot\CCBoot.exe" [2011-07-23 1691648]
"SkyDrive"="c:\users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" [2013-06-04 257136]
"GoogleDriveSync"="c:\program files (x86)\Google\Drive\googledrivesync.exe" [2013-04-16 19662744]
"SP TimeSync"="c:\program files (x86)\SP TimeSync 2.4\SP TimeSync.exe" [2010-02-07 94720]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-06-03 19604072]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"avast"="c:\program files\AVAST Software\Avast Business\avastUI.exe" [2012-07-04 4251328]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-08-22 103536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
"Eaton Systray Launcher"="c:\program files (x86)\Eaton\IntelligentPowerManager\mc2.exe" [2013-05-03 4688400]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
MagicDisc.lnk - c:\program files (x86)\MagicDisc\MagicDisc.exe [2013-2-6 576000]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 DCScheduler;DCScheduler;c:\program files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdlerSRVC.exe;c:\program files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdlerSRVC.exe [x]
R2 FBAgent;File Backup Agent;c:\program files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe;c:\program files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R2 Tran_Process_Proc;DCNTranProc;c:\program files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe;c:\program files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe [x]
R3 FARMNTIO;FARMNTIO;c:\windows\system32\drivers\farmntio.sys;c:\windows\SYSNATIVE\drivers\farmntio.sys [x]
R3 honeywell_enum;honeywell_enum;c:\windows\system32\DRIVERS\honeywell_enum_21617.sys;c:\windows\SYSNATIVE\DRIVERS\honeywell_enum_21617.sys [x]
R3 libusb0;USB Kernel Driver;c:\windows\system32\DRIVERS\libusb0.sys;c:\windows\SYSNATIVE\DRIVERS\libusb0.sys [x]
R3 NTIOLib_1_0_4;NTIOLib_1_0_4;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys;c:\program files (x86)\MSI\Live Update 5\NTIOLib_X64.sys [x]
R3 SliceDisk5;SliceDisk5;c:\users\admin\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys;c:\users\admin\AppData\Local\Temp\FindAndMount\slicedisk-x64.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetAdp.sys [x]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys;c:\windows\SYSNATIVE\DRIVERS\VBoxNetFlt.sys [x]
R3 VMwareHostd;VMware Workstation Server;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe;c:\program files (x86)\VMware\VMware Workstation\vmware-hostd.exe [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys;c:\windows\SYSNATIVE\DRIVERS\RsFx0103.sys [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE;c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
S0 dcsnap;dcsnap; [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys;c:\windows\SYSNATIVE\DRIVERS\vmci.sys [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys;c:\windows\SYSNATIVE\drivers\aswMonFlt.sys [x]
S2 avast! Net Client Service;avast! Net Client Service;c:\program files\AVAST Software\Avast Business\AvastNet.exe;c:\program files\AVAST Software\Avast Business\AvastNet.exe [x]
S2 CCBoot;CCBoot;c:\ccboot\CCBoot.exe;c:\ccboot\CCBoot.exe [x]
S2 Eaton IntelligentPowerManager;Eaton Intelligent Power Manager;c:\program files (x86)\Eaton\IntelligentPowerManager\mc2.exe;c:\program files (x86)\Eaton\IntelligentPowerManager\mc2.exe [x]
S2 OfficeSvc;Služba balíka Microsoft Office;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe;c:\program files\Microsoft Office 15\ClientX64\integratedoffice.exe [x]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
S2 TeamViewer8;TeamViewer 8;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe;c:\program files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [x]
S2 vstor2-mntapi10-shared;Vstor2 MntApi 1.0 Driver (shared);SysWOW64\drivers\vstor2-mntapi10-shared.sys;SysWOW64\drivers\vstor2-mntapi10-shared.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
S3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;c:\windows\system32\DRIVERS\Rtnic64.sys;c:\windows\SYSNATIVE\DRIVERS\Rtnic64.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2013-06-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-29 08:01]
.
2013-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000Core.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-30 07:48]
.
2013-06-19 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000UA.job
- c:\users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2013-01-30 07:48]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 12:54]
.
2013-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 12:54]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2013-06-04 05:01 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2013-06-04 05:01 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2013-06-04 05:01 261744 ----a-w- c:\users\admin\AppData\Local\Microsoft\SkyDrive\17.0.2010.0530\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-05-17 04:00 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-05-17 04:00 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-05-17 04:00 2328760 ----a-w- c:\program files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-07-04 15:18 135448 ----a-w- c:\program files\AVAST Software\Avast Business\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D44}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2013-04-16 14:10 776144 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-05-16 1012000]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.sk/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyServer = 10.10.11.2:8080
IE: E&xport to Microsoft Excel - c:\progra~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~2\MIF5BA~1\Office15\ONBttnIE.dll/105
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 10.10.11.1
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxps://www.sec-lps.com/slps_oz30/ozviewer/ZTransferX.cab
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\
FF - prefs.js: network.proxy.http - 221.210.40.150
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - ExtSQL: 2013-06-03 07:34; proxyselector@mozilla.org; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\extensions\proxyselector@mozilla.org.xpi
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-ST7501 - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_224_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_224.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast Business\AvastSvc.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\program files\Microsoft Office 15\Root\Office15\MsoSync.exe
c:\windows\SysWOW64\vmnat.exe
c:\program files (x86)\TigerVNC\winvnc4.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\SysWOW64\vmnetdhcp.exe
.
**************************************************************************
.
Completion time: 2013-06-19 10:00:43 - machine was rebooted
ComboFix-quarantined-files.txt 2013-06-19 08:00
.
Pre-Run: 84 461 117 440 bytes free
Post-Run: 84 252 954 624 bytes free
.
- - End Of File - - 9A31EF3A9F0CFAC2A81521685DBD6706
A36C5E4F47E84449FF07ED3517B43A31
Re: BitCoinMiner-CA a blbne grafika
Restartujte PC a registr se da do kupy, jedna se o vnitrni chybu CF, bohuzel autor ji zatim neumi opravit Pak poprosim o log z DDS http://forum.viry.cz/viewtopic.php?f=13&t=125171"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
black_angel1
- Návštěvník
- Příspěvky: 90
- Registrován: 23 led 2013 14:56
Re: BitCoinMiner-CA a blbne grafika
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by admin at 12:51:50 on 2013-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2047.355 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
C:\Program Files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdler.exe
C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe
C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TigerVNC\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\CCBoot\CCBoot.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVAST Software\Avast Business\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uProxyServer = 10.10.11.2:8080
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
BHO: Pomocník pri prihlasovaní v konte Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
uRun: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [CCBoot] C:\CCBoot\CCBoot.exe -mini
uRun: [SkyDrive] "C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SP TimeSync] "C:\Program Files (x86)\SP TimeSync 2.4\SP TimeSync.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast Business\avastUI.exe" /nogui
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Eaton Systray Launcher] "C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe" -systray
StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxps://www.sec-lps.com/slps_oz30/ozviewer/ZTransferX.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.10.11.1
TCP: Interfaces\{1342CC60-498A-40F6-AE01-F6FE2D0CB7E5} : DHCPNameServer = 10.10.11.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\
FF - prefs.js: network.proxy.http - 221.210.40.150
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-03 07:34; proxyselector@mozilla.org; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\extensions\proxyselector@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 dcsnap;dcsnap;C:\Windows\System32\drivers\dcsnap.sys [2013-1-31 91152]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-1-29 19600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-29 824000]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-29 339376]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-29 24720]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-29 70552]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [2013-1-29 44808]
R2 avast! Net Client Service;avast! Net Client Service;C:\Program Files\AVAST Software\Avast Business\AvastNet.exe [2013-1-29 200344]
R2 CCBoot;CCBoot;C:\CCBoot\CCBoot.exe [2013-4-3 1691648]
R2 Eaton IntelligentPowerManager;Eaton Intelligent Power Manager;C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe [2013-5-3 4688400]
R2 FBAgent;File Backup Agent;C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe [2013-1-31 86016]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-24 701512]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-24 418376]
R2 OfficeSvc;Služba balíka Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-21 1900728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-27 3574624]
R2 Tran_Process_Proc;DCNTranProc;C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe [2009-11-26 77824]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-24 25928]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DCScheduler;DCScheduler;C:\Program Files (x86)\FarStone\TotalRecovery\Client\CBP\DCSchdlerSRVC.exe [2013-1-31 104976]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 FARMNTIO;FARMNTIO;C:\Windows\System32\drivers\FarMntIo.sys [2013-1-31 23056]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-11 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 honeywell_enum;honeywell_enum;C:\Windows\System32\drivers\honeywell_enum_21617.sys [2010-5-10 85640]
S3 libusb0;USB Kernel Driver;C:\Windows\System32\drivers\libusb0.sys [2013-5-3 44448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-31 59392]
S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
S3 WatAdminSvc;Služba Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-29 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2013-06-19 07:46:06 -------- d-----w- C:\$RECYCLE.BIN
2013-06-19 07:24:03 98816 ----a-w- C:\Windows\sed.exe
2013-06-19 07:24:03 256000 ----a-w- C:\Windows\PEV.exe
2013-06-19 07:24:03 208896 ----a-w- C:\Windows\MBR.exe
2013-06-19 05:20:59 -------- d-----w- C:\Program Files (x86)\trend micro
2013-06-17 08:21:00 -------- d-----w- C:\Users\admin\AppData\Local\NVIDIA
2013-06-13 01:11:31 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBF1E71E-1E79-48AF-8020-2E086B3A8D6F}\mpengine.dll
2013-06-12 08:01:30 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-10 04:59:25 -------- d-----w- C:\SkyDriveTemp
2013-06-07 07:38:06 -------- d-----w- C:\Program Files (x86)\GD Software
2013-06-05 07:34:09 4 ----a-w- C:\Users\admin\advanced_ip_scanner_MAC.bin
2013-06-05 06:59:19 -------- d-----w- C:\Program Files (x86)\Advanced IP Scanner v2
2013-06-05 05:03:06 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-05 05:03:05 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 05:03:03 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-05 05:03:03 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-05 05:03:02 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-05 05:03:01 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-05 05:03:01 356352 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-06-05 05:00:08 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-06-05 05:00:07 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-06-05 05:00:02 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-06-05 05:00:00 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-06-05 04:59:59 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-06-05 04:59:58 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-06-05 04:59:30 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-06-05 04:59:27 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-06-05 04:59:27 111448 ----a-w- C:\Windows\System32\consent.exe
2013-06-05 04:59:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-06-05 04:58:51 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-06-05 04:58:51 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-05 04:58:47 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-06-05 04:58:41 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-05 04:58:40 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-05 04:58:39 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-05 04:58:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-05 04:56:14 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-06-05 04:55:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-05 04:55:53 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-06-05 04:55:53 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-06-05 04:55:49 112640 ----a-w- C:\Windows\System32\smss.exe
2013-06-05 04:55:48 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-06-05 04:55:47 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-03 12:14:54 -------- d-----w- C:\Users\admin\AppData\Local\GHISLER
2013-06-03 11:54:53 -------- d-----w- C:\Users\admin\AppData\Roaming\GHISLER
2013-06-03 11:54:53 -------- d-----w- C:\totalcmd
2013-05-27 05:13:57 -------- d-----w- C:\Program Files (x86)\TeamViewer
.
==================== Find3M ====================
.
2013-06-12 08:01:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:01:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll
2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-05-12 13:43:36 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-05-03 06:19:29 44448 ----a-w- C:\Windows\System32\drivers\libusb0.sys
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-05 07:57:38 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-04 03:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 12:52:55,81 ===============
Internet Explorer: 10.0.9200.16576 BrowserJavaVersion: 10.21.2
Run by admin at 12:51:50 on 2013-06-19
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.2047.355 [GMT 2:00]
.
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\AVAST Software\Avast Business\AvastNet.exe
C:\Program Files (x86)\FarStone\TotalRecovery\Client\cbp\DCSchdler.exe
C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe
C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe
C:\Windows\System32\svchost.exe -k HPZ12
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe
C:\Windows\System32\vds.exe
C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Windows\SysWOW64\vmnat.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Program Files (x86)\TigerVNC\winvnc4.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\CCBoot\CCBoot.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
C:\Windows\SysWOW64\vmnetdhcp.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\System32\WUDFHost.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\AVAST Software\Avast Business\AvastUI.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
C:\Program Files (x86)\MagicDisc\MagicDisc.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Opera\opera.exe
C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe
C:\Windows\servicing\TrustedInstaller.exe
C:\Windows\system32\wuauclt.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.sk/
uProxyServer = 10.10.11.2:8080
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
BHO: Pomocník pri prihlasovaní v konte Microsoft: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\office15\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE.dll
uRun: [Facebook Update] "C:\Users\admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
uRun: [CCBoot] C:\CCBoot\CCBoot.exe -mini
uRun: [SkyDrive] "C:\Users\admin\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe" /background
uRun: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
uRun: [SP TimeSync] "C:\Program Files (x86)\SP TimeSync 2.4\SP TimeSync.exe"
uRun: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
uRun: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
mRun: [avast] "C:\Program Files\AVAST Software\Avast Business\avastUI.exe" /nogui
mRun: [vmware-tray] "C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe"
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [Eaton Systray Launcher] "C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe" -systray
StartupFolder: C:\Users\admin\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MAGICD~1.LNK - C:\Program Files (x86)\MagicDisc\MagicDisc.exe
uPolicies-Explorer: NoDrives = dword:0
mPolicies-Explorer: NoDrives = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MIF5BA~1\Office15\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~2\MIF5BA~1\OFFICE11\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MIF5BA~1\Office15\ONBttnIE.dll/105
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
LSP: %SystemRoot%\system32\vsocklib.dll
DPF: {C7C7225A-9476-47AC-B0B0-FF3B79D55E67} - hxxps://www.sec-lps.com/slps_oz30/ozviewer/ZTransferX.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 10.10.11.1
TCP: Interfaces\{1342CC60-498A-40F6-AE01-F6FE2D0CB7E5} : DHCPNameServer = 10.10.11.1
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\office15\MSOSB.DLL
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL
x64-BHO: Microsoft SkyDrive Pro Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast Business\aswWebRepIE64.dll
x64-Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesX64\Microsoft Office\Office15\ONBttnIELinkedNotes.dll
x64-Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - <orphaned>
x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\
FF - prefs.js: network.proxy.http - 221.210.40.150
FF - prefs.js: network.proxy.http_port - 8080
FF - prefs.js: network.proxy.type - 0
FF - plugin: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL
FF - plugin: C:\Users\admin\AppData\Local\Facebook\Messenger\2.1.4814.0\npFbDesktopPlugin.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll
FF - ExtSQL: 2013-06-03 07:34; proxyselector@mozilla.org; C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\extensions\proxyselector@mozilla.org.xpi
.
============= SERVICES / DRIVERS ===============
.
R0 dcsnap;dcsnap;C:\Windows\System32\drivers\dcsnap.sys [2013-1-31 91152]
R1 aswKbd;aswKbd;C:\Windows\System32\drivers\aswKbd.sys [2013-1-29 19600]
R1 aswSnx;aswSnx;C:\Windows\System32\drivers\aswSnx.sys [2013-1-29 824000]
R1 aswSP;aswSP;C:\Windows\System32\drivers\aswSP.sys [2013-1-29 339376]
R2 aswFsBlk;aswFsBlk;C:\Windows\System32\drivers\aswFsBlk.sys [2013-1-29 24720]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2013-1-29 70552]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast Business\AvastSvc.exe [2013-1-29 44808]
R2 avast! Net Client Service;avast! Net Client Service;C:\Program Files\AVAST Software\Avast Business\AvastNet.exe [2013-1-29 200344]
R2 CCBoot;CCBoot;C:\CCBoot\CCBoot.exe [2013-4-3 1691648]
R2 Eaton IntelligentPowerManager;Eaton Intelligent Power Manager;C:\Program Files (x86)\Eaton\IntelligentPowerManager\mc2.exe [2013-5-3 4688400]
R2 FBAgent;File Backup Agent;C:\Program Files (x86)\FarStone\TotalRecovery\Client\Efb\FBPAgent.exe [2013-1-31 86016]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-4-24 701512]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-4-24 418376]
R2 OfficeSvc;Služba balíka Microsoft Office;C:\Program Files\Microsoft Office 15\ClientX64\integratedoffice.exe [2013-3-21 1900728]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-5-12 413472]
R2 TeamViewer8;TeamViewer 8;C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe [2013-5-27 3574624]
R2 Tran_Process_Proc;DCNTranProc;C:\Program Files (x86)\FarStone\TotalRecovery\Client\DCNTranProc.exe [2009-11-26 77824]
R2 VMUSBArbService;VMware USB Arbitration Service;C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe [2011-8-21 846448]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-4-24 25928]
R3 RTL8023x64;Realtek 10/100 NIC Family NDIS x64 Driver;C:\Windows\System32\drivers\Rtnic64.sys [2009-6-10 51712]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 DCScheduler;DCScheduler;C:\Program Files (x86)\FarStone\TotalRecovery\Client\CBP\DCSchdlerSRVC.exe [2013-1-31 104976]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-6-3 162408]
S3 FARMNTIO;FARMNTIO;C:\Windows\System32\drivers\FarMntIo.sys [2013-1-31 23056]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-4-11 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 honeywell_enum;honeywell_enum;C:\Windows\System32\drivers\honeywell_enum_21617.sys [2010-5-10 85640]
S3 libusb0;USB Kernel Driver;C:\Windows\System32\drivers\libusb0.sys [2013-5-3 44448]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2013-1-31 59392]
S3 VMwareHostd;VMware Workstation Server;C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [2011-8-22 11837440]
S3 WatAdminSvc;Služba Windows Activation Technologies;C:\Windows\System32\Wat\WatAdminSvc.exe [2013-1-29 1255736]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2009-7-22 61976]
S4 RsFx0103;RsFx0103 Driver;C:\Windows\System32\drivers\RsFx0103.sys [2009-3-30 311656]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-3-30 427880]
.
=============== Created Last 30 ================
.
2013-06-19 07:46:06 -------- d-----w- C:\$RECYCLE.BIN
2013-06-19 07:24:03 98816 ----a-w- C:\Windows\sed.exe
2013-06-19 07:24:03 256000 ----a-w- C:\Windows\PEV.exe
2013-06-19 07:24:03 208896 ----a-w- C:\Windows\MBR.exe
2013-06-19 05:20:59 -------- d-----w- C:\Program Files (x86)\trend micro
2013-06-17 08:21:00 -------- d-----w- C:\Users\admin\AppData\Local\NVIDIA
2013-06-13 01:11:31 9460464 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CBF1E71E-1E79-48AF-8020-2E086B3A8D6F}\mpengine.dll
2013-06-12 08:01:30 9089416 ----a-w- C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-06-10 04:59:25 -------- d-----w- C:\SkyDriveTemp
2013-06-07 07:38:06 -------- d-----w- C:\Program Files (x86)\GD Software
2013-06-05 07:34:09 4 ----a-w- C:\Users\admin\advanced_ip_scanner_MAC.bin
2013-06-05 06:59:19 -------- d-----w- C:\Program Files (x86)\Advanced IP Scanner v2
2013-06-05 05:03:06 2706432 ----a-w- C:\Windows\System32\mshtml.tlb
2013-06-05 05:03:05 2706432 ----a-w- C:\Windows\SysWow64\mshtml.tlb
2013-06-05 05:03:03 278528 ----a-w- C:\Program Files\Internet Explorer\sqmapi.dll
2013-06-05 05:03:03 217600 ----a-w- C:\Program Files (x86)\Internet Explorer\sqmapi.dll
2013-06-05 05:03:02 257536 ----a-w- C:\Program Files (x86)\Internet Explorer\ieproxy.dll
2013-06-05 05:03:01 701952 ----a-w- C:\Program Files\Internet Explorer\ieproxy.dll
2013-06-05 05:03:01 356352 ----a-w- C:\Program Files\Internet Explorer\IEShims.dll
2013-06-05 05:00:08 3717632 ----a-w- C:\Windows\System32\mstscax.dll
2013-06-05 05:00:07 3217408 ----a-w- C:\Windows\SysWow64\mstscax.dll
2013-06-05 05:00:02 131584 ----a-w- C:\Windows\SysWow64\aaclient.dll
2013-06-05 05:00:00 158720 ----a-w- C:\Windows\System32\aaclient.dll
2013-06-05 04:59:59 44032 ----a-w- C:\Windows\System32\tsgqec.dll
2013-06-05 04:59:58 36864 ----a-w- C:\Windows\SysWow64\tsgqec.dll
2013-06-05 04:59:30 1930752 ----a-w- C:\Windows\System32\authui.dll
2013-06-05 04:59:27 1796096 ----a-w- C:\Windows\SysWow64\authui.dll
2013-06-05 04:59:27 111448 ----a-w- C:\Windows\System32\consent.exe
2013-06-05 04:59:26 70144 ----a-w- C:\Windows\System32\appinfo.dll
2013-06-05 04:58:51 48640 ----a-w- C:\Windows\System32\wwanprotdim.dll
2013-06-05 04:58:51 230400 ----a-w- C:\Windows\System32\wwansvc.dll
2013-06-05 04:58:47 1656680 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2013-06-05 04:58:41 983400 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2013-06-05 04:58:40 265064 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2013-06-05 04:58:39 144384 ----a-w- C:\Windows\System32\cdd.dll
2013-06-05 04:58:01 3153920 ----a-w- C:\Windows\System32\win32k.sys
2013-06-05 04:56:14 223752 ----a-w- C:\Windows\System32\drivers\fvevol.sys
2013-06-05 04:55:59 5550424 ----a-w- C:\Windows\System32\ntoskrnl.exe
2013-06-05 04:55:53 3968856 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2013-06-05 04:55:53 3913560 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
2013-06-05 04:55:49 112640 ----a-w- C:\Windows\System32\smss.exe
2013-06-05 04:55:48 43520 ----a-w- C:\Windows\System32\csrsrv.dll
2013-06-05 04:55:47 6656 ----a-w- C:\Windows\SysWow64\apisetschema.dll
2013-06-03 12:14:54 -------- d-----w- C:\Users\admin\AppData\Local\GHISLER
2013-06-03 11:54:53 -------- d-----w- C:\Users\admin\AppData\Roaming\GHISLER
2013-06-03 11:54:53 -------- d-----w- C:\totalcmd
2013-05-27 05:13:57 -------- d-----w- C:\Program Files (x86)\TeamViewer
.
==================== Find3M ====================
.
2013-06-12 08:01:38 71048 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-12 08:01:38 692104 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2013-05-12 20:34:14 6491936 ----a-w- C:\Windows\System32\nvcpl.dll
2013-05-12 20:34:14 3514656 ----a-w- C:\Windows\System32\nvsvc64.dll
2013-05-12 20:34:12 884512 ----a-w- C:\Windows\System32\nvvsvc.exe
2013-05-12 20:34:12 63776 ----a-w- C:\Windows\System32\nvshext.dll
2013-05-12 20:34:11 237856 ----a-w- C:\Windows\System32\nvmctray.dll
2013-05-12 13:43:36 566048 ----a-w- C:\Windows\SysWow64\nvStreaming.exe
2013-05-08 14:13:10 3165737 ----a-w- C:\Windows\System32\nvcoproc.bin
2013-05-03 06:19:29 44448 ----a-w- C:\Windows\System32\drivers\libusb0.sys
2013-05-02 00:06:08 278800 ------w- C:\Windows\System32\MpSigStub.exe
2013-04-13 05:49:23 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 308736 ----a-w- C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 111104 ----a-w- C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 474624 ----a-w- C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 2176512 ----a-w- C:\Windows\apppatch\AcGenral.dll
2013-04-05 07:57:38 9728 ---ha-w- C:\Windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 06:52:14 2242048 ----a-w- C:\Windows\System32\wininet.dll
2013-04-05 06:50:36 3958784 ----a-w- C:\Windows\System32\jscript9.dll
2013-04-05 06:50:31 67072 ----a-w- C:\Windows\System32\iesetup.dll
2013-04-05 06:50:31 136704 ----a-w- C:\Windows\System32\iesysprep.dll
2013-04-05 05:28:24 1767424 ----a-w- C:\Windows\SysWow64\wininet.dll
2013-04-05 05:26:26 2877440 ----a-w- C:\Windows\SysWow64\jscript9.dll
2013-04-05 05:26:21 61440 ----a-w- C:\Windows\SysWow64\iesetup.dll
2013-04-05 05:26:21 109056 ----a-w- C:\Windows\SysWow64\iesysprep.dll
2013-04-05 03:51:11 89600 ----a-w- C:\Windows\System32\RegisterIEPKEYs.exe
2013-04-05 03:38:25 71680 ----a-w- C:\Windows\SysWow64\RegisterIEPKEYs.exe
2013-04-04 12:50:32 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2013-04-04 03:35:05 95648 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
.
============= FINISH: 12:52:55,81 ===============
Re: BitCoinMiner-CA a blbne grafika
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=- "CCBoot"=- "SkyDrive"=- "GoogleDriveSync"=- "Skype"=- [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "vmware-tray"=- "SunJavaUpdateSched"=- Driver:: dcsnap Firefox:: FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\za6lb596.default\ FF - prefs.js: network.proxy.http - 221.210.40.150 FF - prefs.js: network.proxy.http_port - 8080 FF - prefs.js: network.proxy.type - 0 RegLock:: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] File:: C:\Windows\tasks\Adobe Flash Player Updater.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2323929210-2214759298-3638803407-1000UA.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job ClearJavaCache:: Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Pokud vyskoci hlaska "Pokus pouzit neplatnou operaci na klic registru, ktery je oznacen pro odstraneni", tak jen restartujte PC - registr se da do kupy - jedna se o vnitrni chybu, kterou zpusobuje CF a autor ji zatim neumi bohuzel opravit Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
black_angel1
- Návštěvník
- Příspěvky: 90
- Registrován: 23 led 2013 14:56
Re: BitCoinMiner-CA a blbne grafika
PC uz funguje ale ten combofix po restarte sa len otvaralo a zatvaralo okno
Re: BitCoinMiner-CA a blbne grafika
Jak otvaralo a zatvaralo okno, tomu nejak nerozumim...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
black_angel1
- Návštěvník
- Příspěvky: 90
- Registrován: 23 led 2013 14:56
Re: BitCoinMiner-CA a blbne grafika
proste sa rychlo otvarali okna a zatvarali akoby dosacke
Re: BitCoinMiner-CA a blbne grafika
Tak jeste uklidime 
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
OTC http://oldtimer.geekstogo.com/OTC.exe
TFC http://oldtimer.geekstogo.com/TFC.exe
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič
A pokud nejsou problemy ci dotazy, je to z me strany vse 
T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe
- Stahnete a spustte
- Pro potvrzeni volby mackejte A, Enter
- Po pouziti utilitu smazte
- Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)
OTC http://oldtimer.geekstogo.com/OTC.exe
- Stahnete a spustte
- Kliknete na CleanUp a potvrdte YES
- Program uklidi a restartuje PC
TFC http://oldtimer.geekstogo.com/TFC.exe
- Stahnete a spustte
- Kliknete na Start a potvrdte OK
- Program uklidi a restartuje pc
- Po pouziti utilitu smazte
Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478Panel čistič
- Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner
- dejte Hledej problémy
- nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
- postup opakujte dokud nebude bez problemu - vetsinou cca 3x
- Zde muzete odinstalovat nepotrebne programy
A pokud nejsou problemy ci dotazy, je to z me strany vse "Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
black_angel1
- Návštěvník
- Příspěvky: 90
- Registrován: 23 led 2013 14:56
Re: BitCoinMiner-CA a blbne grafika
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.
Přispějete na provoz fóra?