Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz

widchost.exe

Máte problém s virem? Vložte sem log z FRST nebo RSIT.

Moderátor: Moderátoři

Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]

Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.

!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Odpovědět
Zpráva
Autor
exire
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 16 črc 2013 17:41

widchost.exe

#1 Příspěvek od exire »

Zdravím. Zistil som, že proces s týmto názvom je infikovaný a vďaka nemu mi blbne diakritika v akomkoľvek textovom editore. Tým myslím tlačítko na mäkčene a dĺžne (už len túto správu píšem s velkými problémami...). Konkrétne musím spraviť toto, aby som mohol napísať vôbec dlhé o: oooo´´óo´´oó. Síce ho viem zmazať cez safemode, ale po reštarte je widchost.exe späť v počítači... V obyčajnom režime je proces spustený a nedá sa ani vypnúť, nieto ešte zmazať. Akonáhle ho vypnem, tak mi spadne systém a po reštarte je v PC znovu. NOD32 sa ho pokúsil odstrániť, ale tiež bezúspešne (reštart PC a vírus si beží veselo d´alej). Ked´ som chcel vírus vyhladať cez Google, tak mi našiel 0 výsledkov, čo je zvláštne, takže si už naozaj neviem rady. Fakt potrebujem zistit spôsob, ako ho zmazať bez preinštalovania systému, prosím vás o radu :cry: . Ďakujem vopred za rady :( .

Logfile of random's system information tool 1.09 (written by random/random)
Run by Exire at 2013-07-16 18:58:14
Microsoft Windows 7 Ultimate Service Pack 1
System drive D: has 225 GB (56%) free of 403 GB
Total RAM: 4056 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:58:22, on 16. 7. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
D:\Fraps\fraps.exe
D:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Users\Exire\AppData\Local\Temp\widchost.exe
D:\Program Files (x86)\Steam\Steam.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
D:\Program Files\trend micro\Exire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [HDAudDeck] D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ATKOSD2] D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKLM\..\Run: [fd0e76fdc9a8b9248988e681fafcb35b] "D:\Users\Exire\AppData\Local\Temp\widchost.exe" ..
O4 - HKCU\..\Run: [Skype] "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKCU\..\Run: [fd0e76fdc9a8b9248988e681fafcb35b] "D:\Users\Exire\AppData\Local\Temp\widchost.exe" ..
O4 - HKCU\..\Run: [d918b73bd5e7967017578d7ae27b0fa7] "D:\Users\Exire\AppData\Local\Temp\telnet.exe" ..
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: d918b73bd5e7967017578d7ae27b0fa7.exe
O4 - Startup: fd0e76fdc9a8b9248988e681fafcb35b.exe
O4 - Startup: sssxdw154ui.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - D:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - D:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11384 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
D:\Windows\system32\services.exe
winlogon.exe
D:\Windows\system32\lsass.exe
D:\Windows\system32\lsm.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
"D:\Windows\system32\nvvsvc.exe"
"D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\AUDIODG.EXE 0x27c
D:\Windows\system32\svchost.exe -k GPSvcGroup
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
"D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
D:\Windows\system32\nvvsvc.exe -session -first
"D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\system32\viakaraokesrv.exe
"D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1860
D:\Windows\system32\svchost.exe -k bthsvcs
"D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
"taskhost.exe"
taskeng.exe {5162E1BA-F806-4FF9-88B1-BE5A8C37F221}
"D:\Windows\system32\Dwm.exe"
D:\Windows\Explorer.EXE
ATKOSD.exe
D:\Fraps\fraps.exe
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
WDC.exe
"D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"D:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"D:\Users\Exire\AppData\Local\Temp\telnet.exe" ..
"D:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
widchost
"D:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
D:\Windows\system32\SearchIndexer.exe /Embedding
"D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
"D:\Fraps\fraps64.dat"
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
D:\Windows\System32\svchost.exe -k secsvcs
"D:\Program Files (x86)\Steam\Steam.exe" "-silent"
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1944.1e167100.1511305211 "D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" -greomni "D:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "D:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "D:\Program Files (x86)\Mozilla Firefox\browser" 260915DCF3A62DA7 1944 "\\.\pipe\gecko-crash-server-pipe.1944" plugin
"D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe" --proxy-stub-channel=Flash3820.6301F630.20840 --host-broker-channel=Flash3820.6301F630.7688 --host-pid=3820 --host-npapi-version=27 --plugin-path="D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll"
"D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe" --channel=1832.002EF2AC.617131888 --proxy-stub-channel=Flash3820.6301F630.20840 --plugin-path="D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" --host-npapi-version=27 --type=renderer
"taskhost.exe"
taskmgr.exe /3
taskeng.exe {7A7217FF-D2C4-4105-AB29-160176A84FCE}
"D:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe11_ Global\UsGthrCtrlFltPipeMssGthrPipe11 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "D:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"D:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
"D:\Users\Exire\Downloads\RSITx64.exe"
D:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

D:\Windows\tasks\Adobe Flash Player Updater.job
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - D:\Users\Exire\AppData\Roaming\Mozilla\Firefox\Profiles\56hcwogp.default

prefs.js - "browser.search.useDBForOrder" - "false"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=D:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=D:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.15.2]
"Description"=Java™ Deployment Toolkit
"Path"=D:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


D:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre7\bin\ssv.dll [2013-02-22 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-22 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-12 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-12 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2012-03-28 373248]
"AdobeAAMUpdater-1.0"=D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-01-26 2869008]
"d918b73bd5e7967017578d7ae27b0fa7"=D:\Users\Exire\AppData\Local\Temp\telnet.exe [2013-07-15 26112]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=D:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03 19636840]
"DAEMON Tools Lite"=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"Steam"=D:\Program Files (x86)\Steam\Steam.exe [2013-07-16 1807272]
"AdobeBridge"= []
"fd0e76fdc9a8b9248988e681fafcb35b"=D:\Users\Exire\AppData\Local\Temp\widchost.exe [2013-07-13 147968]
"d918b73bd5e7967017578d7ae27b0fa7"=D:\Users\Exire\AppData\Local\Temp\telnet.exe [2013-07-15 26112]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-07 291608]
"HDAudDeck"=D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-07-11 5256336]
"Adobe ARM"=D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"BCSSync"=D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"ATKOSD2"=D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14 328064]
"ATKMEDIA"=D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2012-10-17 205184]
"HControlUser"=D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"SunJavaUpdateSched"=D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"LogMeIn Hamachi Ui"=D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2013-06-28 2255184]
"fd0e76fdc9a8b9248988e681fafcb35b"=D:\Users\Exire\AppData\Local\Temp\widchost.exe [2013-07-13 147968]

D:\Users\Exire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
d918b73bd5e7967017578d7ae27b0fa7.exe
fd0e76fdc9a8b9248988e681fafcb35b.exe
sssxdw154ui.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=D:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-16 18:58:15 ----D---- D:\Program Files\trend micro
2013-07-16 18:58:14 ----D---- D:\rsit
2013-07-16 01:53:09 ----D---- D:\ProgramData\TEMP
2013-07-16 01:52:55 ----D---- D:\Program Files (x86)\Trojan Remover
2013-07-16 01:46:51 ----A---- D:\Windows\ntbtlog.txt
2013-07-16 01:08:04 ----A---- D:\Windows\system32\.tmp
2013-07-16 01:07:42 ----D---- D:\Windows\Minidump
2013-07-15 13:50:16 ----D---- D:\Users\Exire\AppData\Roaming\gd.sos.McPixel
2013-07-15 11:28:12 ----D---- D:\Program Files (x86)\Mozilla Firefox
2013-07-03 23:24:50 ----D---- D:\Program Files (x86)\LogMeIn Hamachi
2013-07-03 01:35:43 ----D---- D:\Program Files (x86)\Mozilla Firefox.bak
2013-06-26 23:12:05 ----D---- D:\ProgramData\Package Cache
2013-06-26 14:11:37 ----D---- D:\Users\Exire\AppData\Roaming\fltk.org
2013-06-19 12:43:28 ----A---- D:\Windows\SYSWOW64\javaws.exe

======List of files/folders modified in the last 1 month======

2013-07-16 18:58:22 ----D---- D:\Windows\Prefetch
2013-07-16 18:58:18 ----D---- D:\Windows\Temp
2013-07-16 18:58:15 ----RD---- D:\Program Files
2013-07-16 18:57:05 ----D---- D:\Users\Exire\AppData\Roaming\Skype
2013-07-16 13:41:42 ----D---- D:\Program Files (x86)\Steam
2013-07-16 13:03:45 ----D---- D:\Windows\System32
2013-07-16 13:03:45 ----D---- D:\Windows\inf
2013-07-16 13:03:45 ----A---- D:\Windows\system32\PerfStringBackup.INI
2013-07-16 13:00:22 ----HD---- D:\ProgramData
2013-07-16 13:00:10 ----SHD---- D:\Windows\Installer
2013-07-16 12:58:57 ----D---- D:\Windows\system32\DriverStore
2013-07-16 12:58:57 ----D---- D:\Windows\system32\drivers
2013-07-16 12:58:57 ----D---- D:\Windows\system32\catroot
2013-07-16 12:57:18 ----D---- D:\Windows\system32\Tasks
2013-07-16 12:57:18 ----D---- D:\Fraps
2013-07-16 12:56:54 ----D---- D:\ProgramData\NVIDIA
2013-07-16 12:56:50 ----D---- D:\Windows
2013-07-16 01:52:55 ----RD---- D:\Program Files (x86)
2013-07-16 01:46:52 ----D---- D:\Windows\debug
2013-07-16 01:38:23 ----D---- D:\Windows\system32\config
2013-07-16 01:31:01 ----D---- D:\Windows\Tasks
2013-07-16 01:25:43 ----D---- D:\Program Files (x86)\Xara
2013-07-16 01:24:53 ----D---- D:\Users\Exire\AppData\Roaming\Mozilla
2013-07-16 01:24:44 ----SHD---- D:\System Volume Information
2013-07-16 01:23:52 ----RSD---- D:\Windows\Fonts
2013-07-16 01:13:41 ----D---- D:\Windows\SysWOW64
2013-07-16 01:08:44 ----A---- D:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-16 01:07:19 ----D---- D:\Program Files (x86)\Mozilla Maintenance Service
2013-07-15 12:43:47 ----D---- D:\Users\Exire\AppData\Roaming\.minecraft
2013-07-15 10:49:41 ----D---- D:\Users\Exire\AppData\Roaming\BitTorrent
2013-07-15 10:49:32 ----D---- D:\Users\Exire\AppData\Roaming\MAGIX
2013-07-15 10:49:32 ----D---- D:\ProgramData\MAGIX
2013-07-15 10:49:26 ----A---- D:\Windows\SYSWOW64\DLLDEV32i.dll
2013-07-15 10:49:01 ----D---- D:\ProgramData\Xara
2013-06-30 00:59:16 ----HD---- D:\Program Files (x86)\InstallShield Installation Information
2013-06-26 23:24:44 ----D---- D:\Program Files (x86)\Electronic Arts
2013-06-26 23:13:03 ----RSD---- D:\Windows\assembly
2013-06-24 20:01:45 ----D---- D:\Users\Exire\AppData\Roaming\.technic
2013-06-20 13:25:32 ----D---- D:\ProgramData\Skype
2013-06-20 13:25:31 ----RD---- D:\Program Files (x86)\Skype
2013-06-19 12:43:27 ----D---- D:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; D:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\D:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-22 283200]
R1 vwififlt;Virtual WiFi Filter Driver; D:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\Windows\system32\drivers\LMIRfsDriver.sys [2012-11-29 72216]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; D:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 athr;Atheros Extensible Wireless LAN device driver; D:\Windows\system32\DRIVERS\athrx.sys [2011-11-22 2796544]
R3 BthEnum;Bluetooth Enumerator Service; D:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); D:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; D:\Windows\System32\Drivers\BTHUSB.sys [2012-11-14 80384]
R3 hamachi;Hamachi Network Interface; D:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; D:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; D:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; D:\Windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
R3 lmimirr;lmimirr; D:\Windows\system32\DRIVERS\lmimirr.sys [2012-11-29 11552]
R3 MEIx64;Intel(R) Management Engine Interface ; D:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; D:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver; D:\Windows\system32\DRIVERS\nvstusb.sys [2013-03-15 448288]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SmbDrv;SmbDrv; D:\Windows\system32\DRIVERS\Smb_driver.sys [2012-01-26 22800]
R3 SynTP;Synaptics TouchPad Driver; D:\Windows\system32\DRIVERS\SynTP.sys [2012-01-26 413456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; D:\Windows\system32\drivers\viahduaa.sys [2012-07-06 2201744]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; D:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
R4 eamonm;eamonm; D:\Windows\system32\DRIVERS\eamonm.sys []
R4 ehdrv;ehdrv; D:\Windows\system32\DRIVERS\ehdrv.sys []
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys []
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol; D:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
S3 AmUStor;AM USB Stroage Driver; D:\Windows\system32\drivers\AmUStor.SYS [2012-01-04 94808]
S3 BTHPORT;Bluetooth Port Driver; D:\Windows\System32\Drivers\BTHport.sys [2012-11-14 552960]
S3 dmvsc;dmvsc; D:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 pciide;pciide; D:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; D:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 s3cap;s3cap; D:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; D:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; D:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; D:\Windows\system32\drivers\terminpt.sys [2012-11-14 29696]
S3 TsUsbFlt;TsUsbFlt; D:\Windows\system32\drivers\tsusbflt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; D:\Windows\system32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; D:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver; D:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 VGPU;VGPU; D:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; D:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; D:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; D:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 LMIRfsClientNP;LMIRfsClientNP; D:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 ASLDRService;ASLDR Service; D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2012-11-14 106880]
R2 ATKGFNEXSrv;ATKGFNEX Service; D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-11 135952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-06-28 2470736]
R2 nvsvc;NVIDIA Display Driver Service; D:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; D:\Windows\system32\viakaraokesrv.exe [2012-07-06 27792]
R2 wlidsvc;Windows Live ID Sign-in Assistant; D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
R3 osppsvc;Office Software Protection Platform; D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; D:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16 257416]
S3 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Desura Install Service;Desura Install Service; D:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-05-11 131912]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 116648]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-15 117656]
S3 ose;Office Source Engine; D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 Steam Client Service;Steam Client Service; D:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-07 543656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; D:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------
Naposledy upravil(a) vyosek dne 16 črc 2013 18:10, celkem upraveno 2 x.
Důvod: log odstranen z code - nedavejte jej do nej!!!
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: widchost.exe

#2 Příspěvek od vyosek »

Zdravim :)

:arrow: Jen se zeptam pouzivate legalni operacni system, nejvyssi licence Ultimate zrovna neni bezna. :?:

:arrow: Poprosim i o druhy log z RSIT s nazvem info.txt, je ulozen v c:\rsit
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
exire
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 16 črc 2013 17:41

Re: widchost.exe

#3 Příspěvek od exire »

Dakujem za rýchlu odpoved´. Ano, OS je legálny a tu je druhý výpis:

info.txt logfile of random's system information tool 1.09 2013-07-16 18:58:23

======Uninstall list======

-->MsiExec /X{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
Adobe After Effects CS6-->D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\core\PDApp.exe --appletID="DWA_UI" --appletVersion="2.0" --mode="Uninstall" --mediaSignature="{4817D846-700B-474E-A31B-80892B3E92E3}"
Adobe AIR-->D:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Resources\Adobe AIR Updater.exe -arp:uninstall
Adobe AIR-->MsiExec.exe /I{FE23D063-934D-4829-A0D8-00634CE79B4A}
Adobe Flash Player 11 Plugin-->D:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_8_800_94_Plugin.exe -maintain plugin
Adobe Reader XI (11.0.03) - Czech-->MsiExec.exe /I{AC76BA86-7AD7-1029-7B44-AB0000000001}
Alcor Micro USB Card Reader-->D:\Program Files (x86)\InstallShield Installation Information\{29499A4D-0742-4B73-B982-5049775F1F66}\setup.exe
Amnesia - The Dark Descent -->"D:\Program Files (x86)\Amnesia - The Dark Descent\unins000.exe"
ASUS Virtual Camera-->MsiExec.exe /I{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver-->"D:\Program Files (x86)\InstallShield Installation Information\{3108C217-BE83-42E4-AE9E-A56A2A92E549}\setup.exe" -runfromtemp -removeonly
Atheros Driver Installation Program-->"D:\Program Files (x86)\InstallShield Installation Information\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}\setup.exe" -runfromtemp -removeonly
ATK Package-->MsiExec.exe /I{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}
Audacity 2.0.3-->"D:\Program Files (x86)\Audacity\unins000.exe"
BioShock Infinite-->"D:\Program Files (x86)\BioShock Infinite\unins000.exe"
BitTorrent-->"D:\Users\Exire\AppData\Roaming\BitTorrent\BitTorrent.exe" /UNINSTALL
Borland Delphi 7-->MsiExec.exe /I{72263053-50D1-4598-9502-51ED64E54C51}
Call Of Cthulhu DCoTE-->RunDll32 D:\PROGRA~2\COMMON~1\INSTAL~1\PROFES~1\RunTime\0700\Intel32\Ctor.dll,LaunchSetup "D:\Program Files (x86)\InstallShield Installation Information\{E4406ED3-B04C-44F1-ABB4-08775B74934F}\Setup.exe" -l0x9
Cry of Fear-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/223710
D3DX10-->MsiExec.exe /X{E09C4DB7-630C-4F06-A631-8EA7239923AF}
DAEMON Tools Lite-->D:\Program Files (x86)\DAEMON Tools Lite\uninst.exe
Desura-->D:\Program Files (x86)\Desura\Desura_Uninstaller.exe
Doom 3 BFG Edition-->"D:\Program Files (x86)\Bethesda Softworks\Doom 3 BFG Edition\unins000.exe"
Fraps (remove only)-->"D:\Fraps\uninstall.exe"
Game Dev Tycoon DEMO verze 1.0.1-->"D:\Program Files (x86)\Game Dev Tycoon DEMO\unins000.exe"
Garry's Mod-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/4000
Google Chrome-->"D:\Program Files (x86)\Google\Chrome\Application\28.0.1500.72\Installer\setup.exe" --uninstall --multi-install --chrome --system-level
Google Update Helper-->MsiExec.exe /I{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}
Half-Life 2-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220
Half-Life-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/70
Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed-->MsiExec.exe /X{2C0E6BD4-65B1-4E82-B2AC-43EFFC8F100C}
Intel(R) USB 3.0 eXtensible Host Controller Driver-->D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Uninstall\setup.exe -uninstall
Java 7 Update 15 (64-bit)-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F86417015FF}
Java 7 Update 25-->MsiExec.exe /X{26A24AE4-039D-4CA4-87B4-2F83217017FF}
LogMeIn Hamachi-->D:\Windows\SysWOW64\\msiexec.exe /i {0ACC2993-2058-4BE7-9A92-9DCDAA9B3412} REMOVE=ALL
LogMeIn Hamachi-->MsiExec.exe /I{0ACC2993-2058-4BE7-9A92-9DCDAA9B3412}
McPixel-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/220860
Microsoft .NET Framework 4 Client Profile-->D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Client\Setup.exe /repair /x86 /x64 /parameterfolder Client
Microsoft .NET Framework 4 Client Profile-->MsiExec.exe /X{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}
Microsoft .NET Framework 4 Extended-->D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SetupCache\Extended\Setup.exe /repair /x86 /x64 /parameterfolder Extended
Microsoft .NET Framework 4 Extended-->MsiExec.exe /X{8E34682C-8118-31F1-BC4C-98CD9675E1C2}
Microsoft Office Access MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0015-041B-0000-0000000FF1CE}
Microsoft Office Excel MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0016-041B-0000-0000000FF1CE}
Microsoft Office Groove MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00BA-041B-0000-0000000FF1CE}
Microsoft Office InfoPath MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0044-041B-0000-0000000FF1CE}
Microsoft Office Office 64-bit Components 2010-->MsiExec.exe /X{90140000-002A-0000-1000-0000000FF1CE}
Microsoft Office OneNote MUI (Slovak) 2010-->MsiExec.exe /X{90140000-00A1-041B-0000-0000000FF1CE}
Microsoft Office Outlook MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001A-041B-0000-0000000FF1CE}
Microsoft Office PowerPoint MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0018-041B-0000-0000000FF1CE}
Microsoft Office Professional Plus 2010-->"D:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Office Setup Controller\setup.exe" /uninstall PROPLUSR /dll OSETUP.DLL
Microsoft Office Professional Plus 2010-->MsiExec.exe /X{91140000-0011-0000-0000-0000000FF1CE}
Microsoft Office Proof (Czech) 2010-->MsiExec.exe /X{90140000-001F-0405-0000-0000000FF1CE}
Microsoft Office Proof (English) 2010-->MsiExec.exe /X{90140000-001F-0409-0000-0000000FF1CE}
Microsoft Office Proof (German) 2010-->MsiExec.exe /X{90140000-001F-0407-0000-0000000FF1CE}
Microsoft Office Proof (Hungarian) 2010-->MsiExec.exe /X{90140000-001F-040E-0000-0000000FF1CE}
Microsoft Office Proof (Slovak) 2010-->MsiExec.exe /X{90140000-001F-041B-0000-0000000FF1CE}
Microsoft Office Proofing (Slovak) 2010-->MsiExec.exe /X{90140000-002C-041B-0000-0000000FF1CE}
Microsoft Office Publisher MUI (Slovak) 2010-->MsiExec.exe /X{90140000-0019-041B-0000-0000000FF1CE}
Microsoft Office Shared 64-bit MUI (Slovak) 2010-->MsiExec.exe /X{90140000-002A-041B-1000-0000000FF1CE}
Microsoft Office Shared MUI (Slovak) 2010-->MsiExec.exe /X{90140000-006E-041B-0000-0000000FF1CE}
Microsoft Office Word MUI (Slovak) 2010-->MsiExec.exe /X{90140000-001B-041B-0000-0000000FF1CE}
Microsoft SQL Server 2005 Compact Edition [ENU]-->MsiExec.exe /I{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}
Microsoft Visual C++ 2005 Redistributable (x64)-->MsiExec.exe /X{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{A49F249F-0C91-497F-86DF-B2585E8E76B7}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17-->MsiExec.exe /X{8220EEFE-38CD-377E-8595-13398D740ACE}
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148-->MsiExec.exe /X{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17-->MsiExec.exe /X{9A25302D-30C0-39D9-BD6F-21E6EC160475}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148-->MsiExec.exe /X{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161-->MsiExec.exe /X{9BE518E6-ECC6-35A9-88E4-87755C07200F}
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219-->MsiExec.exe /X{1D8E6291-B0D5-35EC-8441-6616F567A0F7}
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219-->MsiExec.exe /X{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106-->"D:\ProgramData\Package Cache\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}\vcredist_x64.exe" /uninstall
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.51106-->MsiExec.exe /X{3C28BFD4-90C7-3138-87EF-418DC16E9598}
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.51106-->MsiExec.exe /X{5AF4E09F-5C9B-3AAF-B731-544D3DC821DD}
Microsoft XNA Framework Redistributable 4.0-->MsiExec.exe /I{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}
Movie Maker-->MsiExec.exe /X{5BABDA39-61CF-41EE-992D-4054B6649A9B}
Movie Maker-->MsiExec.exe /X{ED6C77F9-4D7E-447C-9EC0-9A212D075535}
Mozilla Firefox 23.0 (x86 sk)-->"D:\Program Files (x86)\Mozilla Firefox\uninstall\helper.exe"
Mozilla Maintenance Service-->"D:\Program Files (x86)\Mozilla Maintenance Service\uninstall.exe"
MSVCRT Redists-->MsiExec.exe /I{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}
MSVCRT-->MsiExec.exe /I{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}
MSVCRT110_amd64-->MsiExec.exe /I{E9FA781F-3E80-4399-825A-AD3E11C28C77}
MSVCRT110-->MsiExec.exe /I{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}
MSXML 4.0 SP3 Parser-->MsiExec.exe /I{196467F1-C11F-4F76-858B-5812ADC83B94}
My Game Long Name-->D:\Program Files (x86)\Desura\Common\erie\Binaries\UnSetup.exe /uninstall
Need for Speed Underground 2-->D:\Program Files (x86)\EA GAMES\Need for Speed Underground 2\EAUninstall.exe
Need for Speed™ Carbon-->D:\Program Files (x86)\Electronic Arts\Need for Speed Carbon\EAUninstall.exe
Need For Speed™ World-->"D:\Program Files (x86)\Electronic Arts\Need For Speed World\unins000.exe"
NFS5 carparts Editor v0.8d-->D:\WINDOWS\st6unst.exe -n "C:\HRY\Need For Speed-Porsche 2000 (Windows PC) { theRock7 }\ST6UNST.LOG"
NVIDIA 3D Vision Controller Driver 314.22-->"D:\Windows\SysWOW64\RunDll32.EXE" "D:\Program Files\NVIDIA Corporation\Installer2\installer.{62E0588E-0B43-405D-A8F9-1B120E4349F8}\NVI2.DLL",UninstallPackage Display.NVIRUSB
NVIDIA 3D Vision Driver 314.22-->"D:\Windows\SysWOW64\RunDll32.EXE" "D:\Program Files\NVIDIA Corporation\Installer2\installer.{62E0588E-0B43-405D-A8F9-1B120E4349F8}\NVI2.DLL",UninstallPackage Display.3DVision
NVIDIA Graphics Driver 314.22-->"D:\Windows\SysWOW64\RunDll32.EXE" "D:\Program Files\NVIDIA Corporation\Installer2\installer.{62E0588E-0B43-405D-A8F9-1B120E4349F8}\NVI2.DLL",UninstallPackage Display.Driver
NVIDIA HD Audio Driver 1.3.23.1-->"D:\Windows\SysWOW64\RunDll32.EXE" "D:\Program Files\NVIDIA Corporation\Installer2\installer.{62E0588E-0B43-405D-A8F9-1B120E4349F8}\NVI2.DLL",UninstallPackage HDAudio.Driver
NVIDIA PhysX System Software 9.12.1031-->"D:\Windows\SysWOW64\RunDll32.EXE" "D:\Program Files\NVIDIA Corporation\Installer2\installer.{2FD7900D-158E-44F1-8A73-2F360FA42548}\NVI2.DLL",UninstallPackage Display.PhysX
NVIDIA PhysX-->MsiExec.exe /I{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}
NVIDIA Stereoscopic 3D Driver-->"D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvStInst.exe" /uninstall /ask
NVIDIA Update 1.12.12-->"D:\Windows\SysWOW64\RunDll32.EXE" "D:\Program Files\NVIDIA Corporation\Installer2\installer.{62E0588E-0B43-405D-A8F9-1B120E4349F8}\NVI2.DLL",UninstallPackage Display.Update
OpenAL-->"D:\Program Files (x86)\OpenAL\oalinst.exe" /U
Penumbra Black Plague-->"D:\Program Files (x86)\Paradox Interactive\Penumbra Black Plague\unins000.exe"
Photo Common-->MsiExec.exe /X{D888F114-7537-4D48-AF03-5DA9C82D7540}
Photo Gallery-->MsiExec.exe /X{30F99474-EBE3-4134-A02B-F6CD38CFE243}
Photo Gallery-->MsiExec.exe /X{FC6C7107-7D72-41A1-A031-3CE751159BAB}
Skype™ 6.5-->MsiExec.exe /X{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}
Steam-->MsiExec.exe /X{048298C9-A4D3-490B-9FF9-AB023A9238F3}
Synaptics Pointing Device Driver-->rundll32.exe "%ProgramFiles%\Synaptics\SynTP\SynISDLL.dll",standAloneUninstall
TeamSpeak 3 Client-->"D:\Program Files\TeamSpeak 3 Client\uninstall.exe"
Terraria-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/105600
Test Drive Unlimited-->MsiExec.exe /X{C37A0BC1-52EE-4F97-8223-5CA9FC0357B0}
Towns Demo-->"D:\Program Files (x86)\Steam\steam.exe" steam://uninstall/221030
Vegas Pro 11.0-->MsiExec.exe /X{6AEFCA01-8DF1-11E1-A17B-F04DA23A5C58}
VIA Platform Device Manager-->D:\PROGRA~2\COMMON~1\INSTAL~1\Driver\7\INTEL3~1\IDriver.exe /M{20D4A895-748C-4D88-871C-FDB1695B0169}
Winamp-->"D:\Program Files (x86)\Winamp\UninstWA.exe"
Windows Live Communications Platform-->MsiExec.exe /I{0454BB9A-2A7A-4214-BDFF-937F7A711A44}
Windows Live Essentials-->D:\Program Files (x86)\Windows Live\Installer\wlarp.exe
Windows Live Essentials-->MsiExec.exe /I{C034A6F9-6569-491B-B3BF-F5D15221A708}
Windows Live ID Sign-in Assistant-->MsiExec.exe /I{CE52672C-A0E9-4450-8875-88A221D5CD50}
Windows Live Installer-->MsiExec.exe /I{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}
Windows Live Photo Common-->MsiExec.exe /X{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}
Windows Live PIMT Platform-->MsiExec.exe /I{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}
Windows Live SOXE Definitions-->MsiExec.exe /I{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}
Windows Live SOXE-->MsiExec.exe /I{FE7C0B3D-50B9-4951-BE78-A321CBF86552}
Windows Live UX Platform Language Pack-->MsiExec.exe /I{18272881-CFC0-434D-A975-E5BE44206AA0}
Windows Live UX Platform-->MsiExec.exe /I{4CCBD1F4-CEEC-452A-9CB8-46564B501315}
WinRAR 4.20 (64-bit)-->D:\Program Files\WinRAR\uninstall.exe
Xara Designer Pro X-->"D:\Program Files (x86)\Common Files\Xara Services\Uninstall\{1EA1B671-0720-431A-94BC-4474F1B7D99B}\Xara_Designer_Pro_X_en-GB_setup.exe"
Xara Designer Pro X-->MsiExec.exe /I{1EA1B671-0720-431A-94BC-4474F1B7D99B}
YTD Video Downloader 3.9.6-->"D:\Program Files (x86)\GreenTree Applications\YTD Video Downloader\uninstall.exe"

======System event log======

Computer Name: Exire-WS
Event Code: 136
Message: The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset. The data contains the error code.
Record Number: 399
Source Name: Ntfs
Time Written: 20130222053231.763602-000
Event Type: Warning
User:

Computer Name: 37L4247F27-25
Event Code: 27
Message: The shadow copies of volume C: were aborted during detection because a critical control file could not be opened.
Record Number: 34
Source Name: volsnap
Time Written: 20130222052743.935202-000
Event Type: Error
User:

Computer Name: 37L4247F27-25
Event Code: 137
Message: The default transaction resource manager on volume C: encountered a non-retryable error and could not start. The data contains the error code.
Record Number: 33
Source Name: Ntfs
Time Written: 20130222052743.935202-000
Event Type: Error
User:

Computer Name: 37L4247F27-25
Event Code: 136
Message: The default transaction resource manager on volume C: encountered an error while starting and its metadata was reset. The data contains the error code.
Record Number: 32
Source Name: Ntfs
Time Written: 20130222052743.872802-000
Event Type: Warning
User:

Computer Name: 37L4247F27-25
Event Code: 46
Message: Crash dump initialization failed!
Record Number: 31
Source Name: volmgr
Time Written: 20130222052743.685602-000
Event Type: Error
User:

=====Application event log=====

Computer Name: Exire-WS
Event Code: 1130
Message: .NET Runtime Optimization Service (2.0.50727.5466) - Version or flavor did not match with repository: AuditPolicyGPManagedStubs.Interop
Record Number: 165
Source Name: .NET Runtime Optimization Service
Time Written: 20130221204257.000000-000
Event Type: Warning
User:

Computer Name: Exire-WS
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 159
Source Name: Microsoft-Windows-WMI
Time Written: 20130221204227.000000-000
Event Type: Error
User:

Computer Name: Exire-WS
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 151
Source Name: Microsoft-Windows-Search
Time Written: 20130221204130.000000-000
Event Type: Warning
User:

Computer Name: Exire-WS
Event Code: 1008
Message: The Windows Search Service is starting up and attempting to remove the old search index {Reason: Full Index Reset}.

Record Number: 131
Source Name: Microsoft-Windows-Search
Time Written: 20130221203935.000000-000
Event Type: Warning
User:

Computer Name: Exire-WS
Event Code: 10
Message: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
Record Number: 128
Source Name: Microsoft-Windows-WMI
Time Written: 20130222053855.000000-000
Event Type: Error
User:

=====Security event log=====

Computer Name: 37L4247F27-25
Event Code: 4735
Message: A security-enabled local group was changed.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Changed Attributes:
SAM Account Name: -
SID History: -

Additional Information:
Privileges: -
Record Number: 5
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130222052807.366443-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4731
Message: A security-enabled local group was created.

Subject:
Security ID: S-1-5-18
Account Name: 37L4247F27-25$
Account Domain: WORKGROUP
Logon ID: 0x3e7

New Group:
Security ID: S-1-5-32-551
Group Name: Backup Operators
Group Domain: Builtin

Attributes:
SAM Account Name: Backup Operators
SID History: -

Additional Information:
Privileges: -
Record Number: 4
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130222052807.366443-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4902
Message: The Per-user audit policy table was created.

Number of Elements: 0
Policy ID: 0x34d36
Record Number: 3
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130222052807.179243-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4624
Message: An account was successfully logged on.

Subject:
Security ID: S-1-0-0
Account Name: -
Account Domain: -
Logon ID: 0x0

Logon Type: 0

New Logon:
Security ID: S-1-5-18
Account Name: SYSTEM
Account Domain: NT AUTHORITY
Logon ID: 0x3e7
Logon GUID: {00000000-0000-0000-0000-000000000000}

Process Information:
Process ID: 0x4
Process Name:

Network Information:
Workstation Name: -
Source Network Address: -
Source Port: -

Detailed Authentication Information:
Logon Process: -
Authentication Package: -
Transited Services: -
Package Name (NTLM only): -
Key Length: 0

This event is generated when a logon session is created. It is generated on the computer that was accessed.

The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.

The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).

The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.

The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.

The authentication information fields provide detailed information about this specific logon request.
- Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- Transited services indicate which intermediate services have participated in this logon request.
- Package name indicates which sub-protocol was used among the NTLM protocols.
- Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Record Number: 2
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130222052805.666040-000
Event Type: Audit Success
User:

Computer Name: 37L4247F27-25
Event Code: 4608
Message: Windows is starting up.

This event is logged when LSASS.EXE starts and the auditing subsystem is initialized.
Record Number: 1
Source Name: Microsoft-Windows-Security-Auditing
Time Written: 20130222052805.634840-000
Event Type: Audit Success
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"Path"=D:\Program Files (x86)\Borland\Delphi7\Bin;D:\Program Files (x86)\Borland\Delphi7\Projects\Bpl\;D:\Program Files\Common Files\Microsoft Shared\Windows Live;D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live;D:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem;%SYSTEMROOT%\System32\WindowsPowerShell\v1.0\;D:\Program Files (x86)\Windows Live\Shared
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC
"PROCESSOR_ARCHITECTURE"=AMD64
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"USERNAME"=SYSTEM
"windir"=%SystemRoot%
"PSModulePath"=%SystemRoot%\system32\WindowsPowerShell\v1.0\Modules\
"NUMBER_OF_PROCESSORS"=8
"PROCESSOR_LEVEL"=6
"PROCESSOR_IDENTIFIER"=Intel64 Family 6 Model 58 Stepping 9, GenuineIntel
"PROCESSOR_REVISION"=3a09
"windows_tracing_logfile"=D:\BVTBin\Tests\installpackage\csilogfile.log
"windows_tracing_flags"=3

-----------------EOF-----------------
Naposledy upravil(a) vyosek dne 16 črc 2013 18:12, celkem upraveno 1 x.
Důvod: log odstranen z code
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: widchost.exe

#4 Příspěvek od vyosek »

:arrow: Stahnete Malwarebytes Anti-Rootkit http://www.bleepingcomputer.com/downloa ... i-rootkit/
  • Ulozte nejlepe na Plochu a rozbalte
  • Spustte kliknutim na mbanr
  • Nyni postupne kliknete na Next a Update
  • Po dokonceni update (aktualizace) databaze kliknete opet na Next
  • Nechte zaskrtnute vsechny tri moznosti a klinete na Scan cimz spustite prohledavani PC
  • Po dokonceni skenu (cca 5 minutek) zkontrolujte, zda-li je u vsech nalezu (samozrejme pokud budou) zatrzitko
  • Tez zkontrolujte, jetsli je zatrzitko u Create Restore point
  • Nyni kliknete na CleanUp cimz nalezenou infekci odstranime
  • PC bude restartovan
  • Slozka mbar by mela obsahovat log (a zrejme se i sam otevre) mbar-log-rok-mesic-den (hodina-minuta-sekunda).txt, ten mi sem dejte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
exire
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 16 črc 2013 17:41

Re: widchost.exe

#5 Příspěvek od exire »

Urobil som presne to, čo ste mi poradil a malware je preč! Naozaj som vám vďačný, ďakujem za pomoc :).
Ó, a tu je ešte ten výpis:

Malwarebytes Anti-Rootkit BETA 1.06.0.1004

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 9.0.8112.16421

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.294000 GHz
Memory total: 4252938240, free: 2583420928

Downloaded database version: v2013.07.16.05
Downloaded database version: v2013.07.15.01
Initializing...
------------ Kernel report ------------
07/16/2013 19:15:59
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\system32\DRIVERS\iusb3hcs.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\vmstorfl.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\drivers\disk.sys
\SystemRoot\system32\drivers\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\eamonm.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\system32\DRIVERS\ehdrv.sys
D:\Program Files\ESET\ESET NOD32 Antivirus\em006_64.dat
D:\Program Files\ESET\ESET NOD32 Antivirus\em018_64.dat
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\DRIVERS\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\system32\drivers\csc.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\D:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\nvlddmkm.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\DRIVERS\HDAudBus.sys
\SystemRoot\system32\DRIVERS\iusb3xhc.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\DRIVERS\usbehci.sys
\SystemRoot\system32\DRIVERS\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\L1C62x64.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\SynTP.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\Smb_driver.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\wmiacpi.sys
\SystemRoot\system32\DRIVERS\AMPPAL.sys
\SystemRoot\system32\DRIVERS\CompositeBus.sys
\SystemRoot\system32\DRIVERS\lmimirr.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\hamachi.sys
\SystemRoot\system32\DRIVERS\rdpbus.sys
\SystemRoot\system32\DRIVERS\swenum.sys
\SystemRoot\system32\DRIVERS\ks.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\nvhda64v.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\iusb3hub.sys
\SystemRoot\system32\drivers\viahduaa.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_dumpata.sys
\SystemRoot\System32\Drivers\dump_msahci.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\system32\DRIVERS\nvstusb.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\rfcomm.sys
\SystemRoot\system32\DRIVERS\BthEnum.sys
\SystemRoot\system32\DRIVERS\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\System32\ATMFD.DLL
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\??\D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\vwifimp.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\??\D:\Windows\system32\drivers\LMIRfsDriver.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\asyncmac.sys
\??\D:\Windows\system32\drivers\mbamchameleon.sys
\??\D:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
----------- End -----------
Done!
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004789790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IdeDeviceP0T0L0-0\
Lower Device Object: 0xfffffa8004237680
Lower Device Driver Name: \Driver\atapi\
<<<2>>>
Device number: 0, partition: 4
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004789790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004697970, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004789790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800426b520, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004237680, DeviceName: \Device\Ide\IdeDeviceP0T0L0-0\, DriverName: \Driver\atapi\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
Partition type: GUID
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: D:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 4
Partition type: GUID
<<<3>>>
Volume: D:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: FE50551B

GPT Protective MBR Partition information:

Partition 0 type is EFI-GPT (0xee)
Partition is NOT ACTIVE.
Partition starts at LBA: 1 Numsec = 4294967295

Partition 1 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 2 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

Partition 3 type is Empty (0x0)
Partition is NOT ACTIVE.
Partition starts at LBA: 0 Numsec = 0

GPT Partition information:

GPT Header Signature 4546492050415254
GPT Header Revision 65536 Size 92 CRC 2541945114
GPT Header CurrentLba = 1 BackupLba 1465149167
GPT Header FirstUsableLba 34 LastUsableLba 1465149134
GPT Header Guid 626931a0-11ad-4a47-a4f-3689a858c60
GPT Header Contains 128 partition entries starting at LBA 2
GPT Header Partition entry size = 128

Backup GPT header Signature 4546492050415254
Backup GPT header Revision 65536 Size 92 CRC 2541945114
Backup GPT header CurrentLba = 1465149167 BackupLba 1
Backup GPT header FirstUsableLba 34 LastUsableLba 1465149134
Backup GPT header Guid 626931a0-11ad-4a47-a4f-3689a858c60
Backup GPT header Contains 128 partition entries starting at LBA 1465149135
Backup GPT header Partition entry size = 128

Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
Partition ID 33f55c50-d46e-46cf-9db8-e99a5189e284
FirstLBA 2048 Last LBA 411647
Attributes 0
Partition Name EFI system partition

GPT Partition 0 is bootable
Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
Partition ID f3b14fcb-7d4b-45ef-8ad0-1a878848ace
FirstLBA 411648 Last LBA 673791
Attributes 0
Partition Name Microsoft reserved partition

Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID 52b033b3-88b4-4914-b96c-be1ed6af6ea5
FirstLBA 673792 Last LBA 586731519
Attributes 0
Partition Name Basic data partition

Partition 3 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID fbd4369d-115a-4ae2-beed-53a12988149
FirstLBA 586731520 Last LBA 1412718591
Attributes 0
Partition Name Basic data partition

Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
Partition ID bd0bf495-d885-4af7-9996-97701d862c4
FirstLBA 1412718592 Last LBA 1465147391
Attributes 1
Partition Name Basic data partition

Disk Size: 750156374016 bytes
Sector size: 512 bytes

Done!
Infected: d:\Users\Exire\AppData\Local\Temp\widchost.exe --> [Backdoor.MSIL.PGen]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fd0e76fdc9a8b9248988e681fafcb35b --> [Backdoor.MSIL.PGen]
Infected: HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|fd0e76fdc9a8b9248988e681fafcb35b --> [Backdoor.MSIL.PGen]
Infected: d:\Users\Exire\AppData\Local\Temp\widchost.exe --> [Backdoor.MSIL.PGen]
Infected: d:\Users\Exire\AppData\Local\Temp\telnet.exe --> [IPH.Trojan.MSIL.GenX]
Infected: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|d918b73bd5e7967017578d7ae27b0fa7 --> [IPH.Trojan.MSIL.GenX]
Infected: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|d918b73bd5e7967017578d7ae27b0fa7 --> [IPH.Trojan.MSIL.GenX]
Infected: d:\Users\Exire\AppData\Local\Temp\telnet.exe --> [IPH.Trojan.MSIL.GenX]
Infected: d:\Users\Exire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\d918b73bd5e7967017578d7ae27b0fa7.exe --> [Trojan.MSIL.GenX]
Infected: d:\Users\Exire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fd0e76fdc9a8b9248988e681fafcb35b.exe --> [Backdoor.MSIL.PGen]
Infected: d:\Users\Exire\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\sssxdw154ui.exe --> [Backdoor.MSIL.PGen]
Infected: d:\Windows\AutoKMS.exe --> [RiskWare.Tool.CK]
Scan finished
Creating System Restore point...
Cleaning up...
Removal scheduling successful. System shutdown needed.
System shutdown occurred
=======================================


Removal queue found; removal started
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_0_i.mbam...
Removing d:\programdata\malwarebytes' anti-malware (portable)\mbr_0_r.mbam...
Removal finished


Uričite vaše fórum podporím aj cez PayPal. Vidieť, že ste v tomto naozaj dobrí :thumbsup: .
Naposledy upravil(a) vyosek dne 16 črc 2013 18:40, celkem upraveno 1 x.
Důvod: Potreti - log odstranen z code
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: widchost.exe

#6 Příspěvek od vyosek »

:arrow: Ono tam toho jeste dost bude

:arrow: Potreti jsem Vam odstranil log z code, proboha, uz to do nej nedavejte

:arrow: Muzu mit dotaz, proc kdyz si zakoupite tak drahou licenci na W7 Ultimate, tak si uz nekoupite licenci na Office?? A NOD, ten mate tez zakoupeny??

:arrow: Za podporu fora jmenem tymu dekuji

:arrow: Dejte novy log z RSIT
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
exire
Návštěvník
Návštěvník
Příspěvky: 4
Registrován: 16 črc 2013 17:41

Re: widchost.exe

#7 Příspěvek od exire »

:arrow: Pardon za to hádzanie logov do code, už sa to nebude opakovať.
:arrow: Je to jednoduché, licencovaný W7 Ultimate som mal už v PC, ktorý som kúpil na Vianoce a office nepoužívam veľmi často, tak som si ho zatiaľ nekúpil.
:arrow: Ďakovať ani nemusíte, podľa mňa ste si to plne zaslúžili :D .

:arrow: Aktuálny výpis z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Exire at 2013-07-16 19:48:14
Microsoft Windows 7 Ultimate Service Pack 1
System drive D: has 224 GB (56%) free of 403 GB
Total RAM: 4056 MB (54% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:48:16, on 16. 7. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
D:\Fraps\fraps.exe
D:\Program Files (x86)\Skype\Phone\Skype.exe
D:\Program Files (x86)\Steam\Steam.exe
D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
D:\Program Files (x86)\Mozilla Firefox\firefox.exe
D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe
D:\Program Files\trend micro\Exire.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = D:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe,
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [USB3MON] "D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
O4 - HKLM\..\Run: [HDAudDeck] D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe -r
O4 - HKLM\..\Run: [Adobe ARM] "D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [BCSSync] "D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [ATKOSD2] D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [LogMeIn Hamachi Ui] "D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
O4 - HKCU\..\Run: [Skype] "D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DAEMON Tools Lite] "D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [Steam] "D:\Program Files (x86)\Steam\Steam.exe" -silent
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://D:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://D:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - D:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: d:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - D:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - D:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - D:\Windows\System32\alg.exe (file missing)
O23 - Service: Intel® Centrino® Wireless Bluetooth® + High Speed Service (AMPPALR3) - Intel Corporation - D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUSTek Computer Inc. - D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service (BTHSSecurityMgr) - Intel(R) Corporation - D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe
O23 - Service: Desura Install Service - Desura Pty Ltd - D:\Program Files (x86)\Common Files\Desura\desura_service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - D:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - D:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - D:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: LogMeIn Hamachi Tunneling Engine (Hamachi2Svc) - LogMeIn Inc. - D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - D:\Windows\System32\msdtc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - D:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - D:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - D:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - D:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - D:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - D:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - D:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - D:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - D:\Windows\System32\vds.exe (file missing)
O23 - Service: VIA Karaoke digital mixer Service (VIAKaraokeService) - Unknown owner - D:\Windows\system32\viakaraokesrv.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - D:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - D:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - D:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - D:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - D:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10943 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
D:\Windows\system32\services.exe
D:\Windows\system32\lsass.exe
D:\Windows\system32\lsm.exe
winlogon.exe
D:\Windows\system32\svchost.exe -k DcomLaunch
"D:\Windows\system32\nvvsvc.exe"
"D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
D:\Windows\system32\svchost.exe -k RPCSS
D:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
D:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
D:\Windows\system32\svchost.exe -k netsvcs
D:\Windows\system32\svchost.exe -k GPSvcGroup
D:\Windows\system32\svchost.exe -k LocalService
D:\Windows\system32\svchost.exe -k NetworkService
"D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"D:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
D:\Windows\system32\nvvsvc.exe -session -first
"D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
D:\Windows\System32\spoolsv.exe
D:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe" -s
D:\Windows\system32\svchost.exe -k imgsvc
D:\Windows\system32\viakaraokesrv.exe
"D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1584
D:\Windows\system32\svchost.exe -k bthsvcs
D:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
taskhost.exe USER
"D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
taskeng.exe {5F10E8A4-DF49-4E78-8B64-02DD6C93335D}
"D:\Windows\system32\Dwm.exe"
D:\Fraps\fraps.exe
D:\Windows\Explorer.EXE
ATKOSD.exe
WDC.exe
"D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"D:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"D:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"D:\Program Files (x86)\Steam\Steam.exe" -silent
"D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe"
"D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" -r
"D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" --auto-start
"D:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"D:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
D:\Windows\system32\SearchIndexer.exe /Embedding
D:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"D:\Fraps\fraps64.dat"
"D:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"D:\Windows\system32\NOTEPAD.EXE" D:\Users\Exire\Downloads\mbar-1.06.0.1004\mbar\system-log.txt
"D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe"
"D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe"
D:\Windows\System32\svchost.exe -k secsvcs
taskmgr.exe /3
"D:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3080.d9ae200.71046231 "D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" -greomni "D:\Program Files (x86)\Mozilla Firefox\omni.ja" -appomni "D:\Program Files (x86)\Mozilla Firefox\browser\omni.ja" -appdir "D:\Program Files (x86)\Mozilla Firefox\browser" 260915DCF3A62DA7 3080 "\\.\pipe\gecko-crash-server-pipe.3080" plugin
"D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe" --proxy-stub-channel=Flash812.693BF630.11689 --host-broker-channel=Flash812.693BF630.21778 --host-pid=812 --host-npapi-version=27 --plugin-path="D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll"
"D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_8_800_94.exe" --channel=3252.002BF7B0.731389202 --proxy-stub-channel=Flash812.693BF630.11689 --plugin-path="D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll" --host-npapi-version=27 --type=renderer
D:\Windows\system32\AUDIODG.EXE 0x70c
"D:\Users\Exire\Downloads\RSITx64.exe"
"D:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "D:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"D:\Windows\system32\SearchFilterHost.exe" 0 532 536 544 65536 540
D:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

D:\Windows\tasks\Adobe Flash Player Updater.job
D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
D:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - D:\Users\Exire\AppData\Roaming\Mozilla\Firefox\Profiles\56hcwogp.default

prefs.js - "browser.search.useDBForOrder" - "false"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.25.2]
"Description"=Java™ Deployment Toolkit
"Path"=D:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=D:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912]
"Description"=WLPG Install MIME type
"Path"=D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision]
"Description"=NVIDIA stereo images plugin for Mozilla browsers
"Path"=D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming]
"Description"=NVIDIA 3D Vision Streaming plugin for Mozilla browsers
"Path"=D:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=D:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=D:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.8.800.94 Plugin
"Path"=D:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_94.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.15.2]
"Description"=Java™ Deployment Toolkit
"Path"=D:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=D:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=D:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll


D:\Program Files (x86)\Mozilla Firefox\searchplugins\
babylon.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files\Java\jre7\bin\ssv.dll [2013-02-22 551840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - D:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 529664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-02-22 209824]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - D:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-06-12 463272]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - D:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17 441592]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - D:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - D:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-06-12 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AmIcoSinglun64"=D:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2012-03-28 373248]
"AdobeAAMUpdater-1.0"=D:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]
"SynTPEnh"=D:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2012-01-26 2869008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Skype"=D:\Program Files (x86)\Skype\Phone\Skype.exe [2013-06-03 19636840]
"DAEMON Tools Lite"=D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2013-01-08 3674320]
"Steam"=D:\Program Files (x86)\Steam\Steam.exe [2013-07-16 1807272]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"=D:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [2012-02-07 291608]
"HDAudDeck"=D:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [2012-07-11 5256336]
"Adobe ARM"=D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2013-04-04 958576]
"BCSSync"=D:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"ATKOSD2"=D:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2012-09-14 328064]
"ATKMEDIA"=D:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2012-10-17 205184]
"HControlUser"=D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"SunJavaUpdateSched"=D:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-03-12 253816]
"LogMeIn Hamachi Ui"=D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe [2013-06-28 2255184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=D:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=D:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv

======File associations======

.js - edit - D:\Windows\System32\Notepad.exe %1
.js - open - D:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-07-16 19:15:59 ----D---- D:\ProgramData\Malwarebytes' Anti-Malware (portable)
2013-07-16 19:15:28 ----D---- D:\ProgramData\Malwarebytes
2013-07-16 19:15:28 ----A---- D:\Windows\system32\drivers\mbamchameleon.sys
2013-07-16 18:58:15 ----D---- D:\Program Files\trend micro
2013-07-16 18:58:14 ----D---- D:\rsit
2013-07-16 01:53:09 ----D---- D:\ProgramData\TEMP
2013-07-16 01:52:55 ----D---- D:\Program Files (x86)\Trojan Remover
2013-07-16 01:46:51 ----A---- D:\Windows\ntbtlog.txt
2013-07-16 01:08:04 ----A---- D:\Windows\system32\.tmp
2013-07-16 01:07:42 ----D---- D:\Windows\Minidump
2013-07-15 13:50:16 ----D---- D:\Users\Exire\AppData\Roaming\gd.sos.McPixel
2013-07-15 11:28:12 ----D---- D:\Program Files (x86)\Mozilla Firefox
2013-07-03 23:24:50 ----D---- D:\Program Files (x86)\LogMeIn Hamachi
2013-07-03 01:35:43 ----D---- D:\Program Files (x86)\Mozilla Firefox.bak
2013-06-26 23:12:05 ----D---- D:\ProgramData\Package Cache
2013-06-26 14:11:37 ----D---- D:\Users\Exire\AppData\Roaming\fltk.org
2013-06-19 12:43:28 ----A---- D:\Windows\SYSWOW64\javaws.exe

======List of files/folders modified in the last 1 month======

2013-07-16 19:48:15 ----D---- D:\Windows\Temp
2013-07-16 19:40:56 ----D---- D:\Users\Exire\AppData\Roaming\Skype
2013-07-16 19:29:43 ----D---- D:\Windows\System32
2013-07-16 19:29:43 ----D---- D:\Windows\inf
2013-07-16 19:29:43 ----A---- D:\Windows\system32\PerfStringBackup.INI
2013-07-16 19:27:26 ----D---- D:\Windows\Prefetch
2013-07-16 19:23:40 ----D---- D:\Fraps
2013-07-16 19:23:39 ----D---- D:\Windows\system32\Tasks
2013-07-16 19:23:29 ----D---- D:\Program Files (x86)\Steam
2013-07-16 19:23:13 ----D---- D:\ProgramData\NVIDIA
2013-07-16 19:23:09 ----D---- D:\Windows
2013-07-16 19:22:05 ----SHD---- D:\System Volume Information
2013-07-16 19:15:59 ----HD---- D:\ProgramData
2013-07-16 19:15:59 ----D---- D:\Windows\system32\drivers
2013-07-16 18:58:15 ----RD---- D:\Program Files
2013-07-16 13:00:10 ----SHD---- D:\Windows\Installer
2013-07-16 12:58:57 ----D---- D:\Windows\system32\DriverStore
2013-07-16 12:58:57 ----D---- D:\Windows\system32\catroot
2013-07-16 01:52:55 ----RD---- D:\Program Files (x86)
2013-07-16 01:46:52 ----D---- D:\Windows\debug
2013-07-16 01:38:23 ----D---- D:\Windows\system32\config
2013-07-16 01:31:01 ----D---- D:\Windows\Tasks
2013-07-16 01:25:43 ----D---- D:\Program Files (x86)\Xara
2013-07-16 01:24:53 ----D---- D:\Users\Exire\AppData\Roaming\Mozilla
2013-07-16 01:23:52 ----RSD---- D:\Windows\Fonts
2013-07-16 01:13:41 ----D---- D:\Windows\SysWOW64
2013-07-16 01:08:44 ----A---- D:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-07-16 01:07:19 ----D---- D:\Program Files (x86)\Mozilla Maintenance Service
2013-07-15 12:43:47 ----D---- D:\Users\Exire\AppData\Roaming\.minecraft
2013-07-15 10:49:41 ----D---- D:\Users\Exire\AppData\Roaming\BitTorrent
2013-07-15 10:49:32 ----D---- D:\Users\Exire\AppData\Roaming\MAGIX
2013-07-15 10:49:32 ----D---- D:\ProgramData\MAGIX
2013-07-15 10:49:26 ----A---- D:\Windows\SYSWOW64\DLLDEV32i.dll
2013-07-15 10:49:01 ----D---- D:\ProgramData\Xara
2013-06-30 00:59:16 ----HD---- D:\Program Files (x86)\InstallShield Installation Information
2013-06-26 23:24:44 ----D---- D:\Program Files (x86)\Electronic Arts
2013-06-26 23:13:03 ----RSD---- D:\Windows\assembly
2013-06-24 20:01:45 ----D---- D:\Users\Exire\AppData\Roaming\.technic
2013-06-20 13:25:32 ----D---- D:\ProgramData\Skype
2013-06-20 13:25:31 ----RD---- D:\Program Files (x86)\Skype
2013-06-19 12:43:27 ----D---- D:\Program Files (x86)\Java

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 iusb3hcs;Intel(R) USB 3.0 Host Controller Switch Driver; D:\Windows\system32\DRIVERS\iusb3hcs.sys [2012-02-07 16152]
R0 rdyboost;ReadyBoost; D:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\D:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-09-07 17536]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; D:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; D:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-22 283200]
R1 vwififlt;Virtual WiFi Filter Driver; D:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 LMIRfsDriver;LogMeIn Remote File System Driver; \??\D:\Windows\system32\drivers\LMIRfsDriver.sys [2012-11-29 72216]
R3 AMPPAL;Intel® Centrino® Wireless Bluetooth® + High Speed Virtual Adapter; D:\Windows\system32\DRIVERS\AMPPAL.sys [2012-01-09 195584]
R3 athr;Atheros Extensible Wireless LAN device driver; D:\Windows\system32\DRIVERS\athrx.sys [2011-11-22 2796544]
R3 BthEnum;Bluetooth Enumerator Service; D:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); D:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; D:\Windows\System32\Drivers\BTHUSB.sys [2012-11-14 80384]
R3 hamachi;Hamachi Network Interface; D:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
R3 iusb3hub;Intel(R) USB 3.0 Hub Driver; D:\Windows\system32\DRIVERS\iusb3hub.sys [2012-02-07 356120]
R3 iusb3xhc;Intel(R) USB 3.0 eXtensible Host Controller Driver; D:\Windows\system32\DRIVERS\iusb3xhc.sys [2012-02-07 787736]
R3 L1C;NDIS Miniport Driver for Atheros AR81xx PCI-E Ethernet Controller; D:\Windows\system32\DRIVERS\L1C62x64.sys [2011-09-19 108656]
R3 lmimirr;lmimirr; D:\Windows\system32\DRIVERS\lmimirr.sys [2012-11-29 11552]
R3 MEIx64;Intel(R) Management Engine Interface ; D:\Windows\system32\DRIVERS\HECIx64.sys [2012-07-17 62784]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; D:\Windows\system32\drivers\nvhda64v.sys [2012-12-19 194488]
R3 NvStUSB;NVIDIA Stereoscopic 3D USB driver; D:\Windows\system32\DRIVERS\nvstusb.sys [2013-03-15 448288]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); D:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SmbDrv;SmbDrv; D:\Windows\system32\DRIVERS\Smb_driver.sys [2012-01-26 22800]
R3 SynTP;Synaptics TouchPad Driver; D:\Windows\system32\DRIVERS\SynTP.sys [2012-01-26 413456]
R3 VIAHdAudAddService;VIA High Definition Audio Driver Service; D:\Windows\system32\drivers\viahduaa.sys [2012-07-06 2201744]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; D:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S2 LMIInfo;LogMeIn Kernel Information Provider; \??\D:\Program Files (x86)\LogMeIn\x64\RaInfo.sys []
S3 AMPPALP;Intel® Centrino® Wireless Bluetooth® + High Speed Protocol; D:\Windows\system32\DRIVERS\amppal.sys [2012-01-09 195584]
S3 AmUStor;AM USB Stroage Driver; D:\Windows\system32\drivers\AmUStor.SYS [2012-01-04 94808]
S3 BTHPORT;Bluetooth Port Driver; D:\Windows\System32\Drivers\BTHport.sys [2012-11-14 552960]
S3 dmvsc;dmvsc; D:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 mbamchameleon;mbamchameleon; \??\D:\Windows\system32\drivers\mbamchameleon.sys [2013-07-16 36680]
S3 pciide;pciide; D:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; D:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; D:\Windows\System32\drivers\rdpvideominiport.sys [2012-11-14 19456]
S3 s3cap;s3cap; D:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; D:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; D:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver; D:\Windows\system32\drivers\terminpt.sys [2012-11-14 29696]
S3 TsUsbFlt;TsUsbFlt; D:\Windows\system32\drivers\tsusbflt.sys [2012-11-14 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; D:\Windows\system32\drivers\TsUsbGD.sys [2012-11-14 30208]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; D:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 USBAAPL64;Apple Mobile USB Driver; D:\Windows\System32\Drivers\usbaapl64.sys [2012-12-13 54784]
S3 VGPU;VGPU; D:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; D:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; D:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb; D:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
S4 LMIRfsClientNP;LMIRfsClientNP; D:\Windows\system32\drivers\LMIRfsClientNP.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2013-05-11 65640]
R2 AMPPALR3;Intel® Centrino® Wireless Bluetooth® + High Speed Service; D:\Program Files\Intel\BluetoothHS\BTHSAmpPalService.exe [2012-01-09 659968]
R2 ASLDRService;ASLDR Service; D:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2012-11-14 106880]
R2 ATKGFNEXSrv;ATKGFNEX Service; D:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2011-11-21 96896]
R2 BTHSSecurityMgr;Intel(R) Centrino(R) Wireless Bluetooth(R) + High Speed Security Service; D:\Program Files\Intel\BluetoothHS\BTHSSecurityMgr.exe [2012-01-11 135952]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; D:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe [2013-06-28 2470736]
R2 nvsvc;NVIDIA Display Driver Service; D:\Windows\system32\nvvsvc.exe [2013-03-15 877856]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; D:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-03-14 383264]
R2 VIAKaraokeService;VIA Karaoke digital mixer Service; D:\Windows\system32\viakaraokesrv.exe [2012-07-06 27792]
R2 wlidsvc;Windows Live ID Sign-in Assistant; D:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2012-07-17 2292480]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 116648]
S2 nvUpdatusService;NVIDIA Update Service Daemon; D:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-03-15 1266464]
S2 SkypeUpdate;Skype Updater; D:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-03 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-07-16 257416]
S3 AppMgmt;@appmgmts.dll,-3250; D:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 Desura Install Service;Desura Install Service; D:\Program Files (x86)\Common Files\Desura\desura_service.exe [2013-05-11 131912]
S3 gupdatem;Služba Google Update (gupdatem); D:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-02-22 116648]
S3 IDriverT;InstallDriver Table Manager; D:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; D:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 MozillaMaintenance;Mozilla Maintenance Service; D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-07-15 117656]
S3 ose;Office Source Engine; D:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; D:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 Steam Client Service;Steam Client Service; D:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-07 543656]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; D:\Windows\system32\Wat\WatAdminSvc.exe [2012-11-14 1255736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; D:\Windows\System32\svchost.exe [2009-07-14 27136]
S4 NetMsmqActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@D:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; D:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; D:\Windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------
Nahoru
Uživatelský avatar
vyosek
VIP
VIP
Příspěvky: 56373
Registrován: 07 lis 2006 15:24
Bydliště: Šalingrad - Brno

Re: widchost.exe

#8 Příspěvek od vyosek »

:arrow: Odinstalujte Trojan Remover

:arrow: Stahnete AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
  • Ulozte nejlepe na plochu
  • Ukoncete vsechny programy
  • Kliknete na Prohledat
  • Probehne skenovani a pak se objevi log, pripadne bude ulozen na systemovem disku jako AdwCleaner[R?].txt, ten sem vlozte
:arrow: Stahnete Malwarebytes' Anti-Malware (zkracene MBAM) http://forum.viry.cz/viewtopic.php?f=29&t=115222
  • Provedte aktualizaci
  • Provedte uplny sken - nic nemazte :!:
  • MBAM miva obcas falesne detekce, proto vlozte log do prispevku a pockejte na posouzeni
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen Obrázek od 1. února 2011.
Nahoru
Odpovědět

Zpět na „Řešení problémů, logy“