conbofix
rsitComboFix 11-06-21.03 - bot . 06. 2011 18:36:10.2.4 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.421.1051.18.4094.2532 [GMT 2:00]
Running from: c:\users\bot\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {108DAC43-C256-20B7-BB05-914135DA5160}
SP: Microsoft Security Essentials *Disabled/Updated* {ABEC4DA7-E46C-2F39-81B5-AA334E5D1BDD}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\msvcsv60.dll
.
.
((((((((((((((((((((((((( Files Created from 2011-05-21 to 2011-06-21 )))))))))))))))))))))))))))))))
.
.
2011-06-21 16:40 . 2011-06-21 16:42 -------- d-----w- c:\users\bot\AppData\Local\temp
2011-06-21 16:40 . 2011-06-21 16:40 -------- d-----w- c:\users\Public\AppData\Local\temp
2011-06-21 16:40 . 2011-06-21 16:40 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-06-21 16:34 . 2011-06-21 16:35 -------- d-----w- C:\32788R22FWJFW
2011-06-21 14:42 . 2011-06-06 16:29 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2011-06-21 14:42 . 2011-06-06 16:24 25920 ----a-w- c:\windows\system32\authuitu.dll
2011-06-21 14:42 . 2011-06-06 16:24 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2011-06-21 14:42 . 2011-06-06 16:23 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2011-06-21 14:42 . 2011-06-06 16:24 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2011-06-21 11:40 . 2011-06-21 11:41 -------- d-----w- C:\rsit
2011-06-21 11:40 . 2011-06-21 11:41 -------- d-----w- c:\program files\trend micro
2011-06-21 11:17 . 2011-06-07 17:10 8873296 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{4D715697-1C20-4F5A-ABA9-595F3B14D16F}\mpengine.dll
2011-06-20 23:46 . 2011-06-20 23:46 -------- d-----w- c:\users\bot\AppData\Roaming\Tordex
2011-06-20 19:25 . 2011-06-20 19:25 -------- d-----w- c:\program files (x86)\Winamp Detect
2011-06-20 19:25 . 2011-06-21 12:45 -------- d-----w- c:\program files (x86)\Winamp
2011-06-20 19:25 . 2011-06-21 12:45 -------- d-----w- c:\users\bot\AppData\Roaming\Winamp
2011-06-20 18:50 . 2010-09-13 13:56 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2011-06-20 18:28 . 2011-06-20 18:28 -------- d-----w- c:\programdata\Windows Media Player
2011-06-20 13:35 . 2011-06-20 13:35 -------- d-----w- c:\program files (x86)\BES 1.4.2
2011-06-15 09:38 . 2011-04-28 16:27 176128 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2011-06-13 11:45 . 2005-04-03 21:02 753664 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iKernel.dll
2011-06-13 11:45 . 2005-04-03 21:02 69714 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ctor.dll
2011-06-13 11:45 . 2005-04-03 21:01 274432 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iscript.dll
2011-06-13 11:45 . 2005-04-03 21:00 184320 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iuser.dll
2011-06-13 11:45 . 2005-04-03 21:00 63488 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\ISBEW64.exe
2011-06-13 11:45 . 2005-04-03 20:59 5632 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\DotNetInstaller.exe
2011-06-13 11:45 . 2011-06-13 11:45 331908 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\setup.dll
2011-06-13 11:45 . 2011-06-13 11:45 200836 ----a-w- c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\11\00\Intel32\iGdi.dll
2011-06-13 11:44 . 2011-06-13 11:54 -------- d-----w- c:\program files (x86)\Prey
2011-06-06 22:06 . 2007-06-13 05:16 -------- d-----w- c:\windows\Avalon (win)
2011-06-06 22:01 . 2006-08-09 06:37 -------- d-----w- c:\windows\NOD (win)
2011-06-03 14:40 . 2011-06-03 14:40 -------- d--h--w- c:\windows\PIF
2011-06-03 13:44 . 2011-06-03 13:50 -------- d-----w- c:\windows\$regcmp$
2011-06-03 13:37 . 2011-06-03 13:47 -------- d-----w- c:\program files (x86)\Registry Clean Expert
2011-06-02 15:24 . 2011-06-02 15:24 -------- d-----w- c:\program files (x86)\M-Audio
2011-06-02 15:02 . 2011-06-02 15:02 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2011-06-02 14:53 . 2011-06-02 14:53 -------- d-----w- c:\users\bot\AppData\Roaming\Image-Line
2011-06-02 14:51 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2011-05-26 17:44 . 2011-05-26 17:44 -------- d-----w- c:\users\bot\AppData\Local\The Witcher 2
2011-05-23 12:58 . 2011-05-23 12:58 -------- d-----w- C:\perflogs
2011-05-23 12:44 . 2011-05-23 12:44 -------- d-----w- c:\users\bot\AppData\Roaming\PeerNetworking
2011-05-22 18:07 . 2011-05-22 18:07 -------- d-----w- c:\users\bot\AppData\Local\SKIDROW
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-06-20 19:51 . 2010-11-05 17:53 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2011-06-20 19:51 . 2010-11-05 17:52 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2011-06-20 18:06 . 2010-11-05 17:52 280768 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2011-06-19 15:08 . 2011-05-15 09:58 404640 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2011-05-29 07:11 . 2010-12-08 17:58 39984 ----a-w- c:\windows\SysWow64\drivers\mbamswissarmy.sys
2011-05-29 07:11 . 2010-12-08 17:58 25912 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-11 13:50 . 2011-05-21 20:43 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2011-05-11 13:50 . 2011-05-21 20:42 601424 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{74BFA068-8348-492B-A68B-BDBD164110FE}\gapaengine.dll
2011-05-09 22:00 . 2011-05-11 22:36 8718160 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-03-31 21:48 . 2011-03-31 21:48 86016 ----a-w- c:\windows\SysWow64\frapsvid.dll
2011-03-31 21:48 . 2011-03-31 21:48 84992 ----a-w- c:\windows\system32\frapsv64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-10 . 9235EC680D3DB17464B39C7C7DECB4DD . 301568 . . [6.0.6001.18287] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18287_none_28ff7f1fd585934f\shsvcs.dll
[7] 2009-07-10 . 3F6101365E6319171054ADD75788516C . 300032 . . [6.0.6000.21081] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.21081_none_279cb3aaf1823d60\shsvcs.dll
[7] 2009-07-10 . C2409C9B7C7E422E7680AE4E1738BFC8 . 302080 . . [6.0.6001.22467] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.22467_none_299ebda8ee92f85e\shsvcs.dll
[7] 2009-07-10 . F33C4D0B9EEFCDE346F8753DC4D6867F . 299520 . . [6.0.6000.16883] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6000.16883_none_27153f51d8629d02\shsvcs.dll
[7] 2009-07-10 . 00DD742B99B278429714DEE859A73DD0 . 302080 . . [6.0.6002.22169] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.22169_none_2b873024ebb78030\shsvcs.dll
[7] 2009-07-10 . 56793271ECDEDD350C5ADD305603E963 . 302080 . . [6.0.6002.18063] .. c:\windows\ERDNT\cache64\shsvcs.dll
[7] 2009-07-10 . 56793271ECDEDD350C5ADD305603E963 . 302080 . . [6.0.6002.18063] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18063_none_2af7919dd29f485c\shsvcs.dll
[7] 2009-04-10 . 2AD15758174DCC7993FF3C00A955DD66 . 301568 . . [6.0.6002.18005] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6002.18005_none_2b3a71b9d26cd364\shsvcs.dll
[7] 2008-01-21 . EB3114330236CF030E8EDF62881BAF67 . 301568 . . [6.0.6001.18000] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.0.6001.18000_none_294ef8add54b0818\shsvcs.dll
[-] 2011-03-12 . 66CFDF478939DD6388858DE06F2CE14C . 302080 . . [6.0.6000.16386] .. c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2010-04-01 357696]
"WinFast Schedule"="c:\program files\WinFast\WFDTV\WFWIZ.exe" [2010-08-11 2920448]
"Flashnote"="c:\program files (x86)\Flashnote\flashnote.exe" [2011-05-02 4425728]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Kone"="c:\program files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE" [2009-09-15 180224]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Logo Calibration Loader.lnk - c:\program files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe [2010-11-29 708608]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ PDBoot.exe\0autocheck autochk *
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"WinFastDTV"=c:\program files\WinFast\WFDTV\DTVSchdl.exe
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe"
"CTxfiHlp"=CTXFIHLP.EXE
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe"
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]
R2 PDIHWCTL;PDIHWCTL;c:\windows\system32\drivers\pdihwctl.sys [x]
R3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
R3 afcdpsrv;Acronis Nonstop Backup service;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-10 2480048]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-05 79360]
R3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.SYS [x]
R3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.SYS [x]
R3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.SYS [x]
R3 EyeOneDisplay;EyeOneDisplay;c:\windows\system32\Drivers\i1display_x64.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 136176]
R3 MAUSBMIDI;Service for M-Audio USB MIDI Series;c:\windows\system32\DRIVERS\MAudioUSBMIDI.sys [x]
R3 MpNWMon;Microsoft Malware Protection Network Driver;c:\windows\system32\DRIVERS\MpNWMon.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Kontrola siete od spoločnosti Microsoft;c:\program files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
R3 NLNdisMP;NLNdisMP;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 NLNdisPT;NetLimiter Ndis Protocol Service;c:\windows\system32\DRIVERS\nlndis.sys [x]
R3 nmwcdcx64;Nokia USB Generic;c:\windows\system32\drivers\ccdcmbox64.sys [x]
R3 nmwcdx64;Nokia USB Phone Parent;c:\windows\system32\drivers\ccdcmbx64.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TeamViewer6;TeamViewer 6;c:\program files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
R3 teamviewervpn;TeamViewer VPN Adapter;c:\windows\system32\DRIVERS\teamviewervpn.sys [x]
R3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S0 mrdd;Marvell Removable Disk Control Driver;c:\windows\system32\DRIVERS\mrdd.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\DRIVERS\tdrpm258.sys [x]
S1 EIO64;EIO Driver;c:\windows\system32\DRIVERS\EIO64.sys [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [x]
S2 ASIT;ASIT;c:\windows\SysWOW64\ASIT.exe [2008-06-05 61440]
S2 hasplms;HASP License Manager;c:\windows\system32\hasplms.exe -run [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-06-06 2026304]
S2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor;c:\program files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]
S2 yksvc;Marvell Yukon Service;RUNDLL32.EXE ykx64mpcoinst,serviceStartProc [x]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\System32\drivers\CT20XUT.SYS [x]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\System32\drivers\CTEXFIFX.SYS [x]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\System32\drivers\CTHWIUT.SYS [x]
S3 KoneFltr;ROCCAT Kone;c:\windows\system32\drivers\Kone.sys [x]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-05-18 11856]
S3 WFSONORA;WinFast PxDVR3200 H (XC3028);c:\windows\system32\drivers\wfsonora.sys [x]
S3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk60x64.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 22:26]
.
2011-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-15 22:26]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 1436224]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = %SystemRoot%\system32\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.100.99 192.168.2.1
CLSID: {603d3801-bd81-11d0-a3a5-00c04fd706ec} - %SystemRoot%\SysWow64\browseui.dll
FF - ProfilePath - c:\users\bot\AppData\Roaming\Mozilla\Firefox\Profiles\kt4uakph.default\
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
FF - user.js: network.http.pipelining - true
FF - user.js: network.http.proxy.pipelining - true
FF - user.js: network.http.pipelining.ssl - true
FF - user.js: network.http.pipelining.maxrequests - 8
FF - user.js: ui.submenuDelay - 163
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{D4027C7F-154A-4066-A1AD-4243D8127440} - (no file)
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3724557465-3059560990-3305193679-1000\Software\SecuROM\License information*]
"datasecu"=hex:4f,30,fa,e6,b5,4b,69,b6,60,66,b5,ed,bd,32,54,07,e4,5b,ef,5f,21,
f7,67,8e,a8,ec,9a,da,68,e9,96,5b,1d,3e,b9,f2,d0,4a,dc,56,0e,64,7a,58,29,62,\
"rkeysecu"=hex:73,dd,64,6f,9c,98,cb,aa,d5,6d,0d,e8,52,90,17,ad
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:c0,1b,a7,ad,04,9a,89,95,04,ba,b5,45,5b,cc,63,f2,02,67,de,41,cd,
ed,b3,dc,1e,e2,cc,7f,40,48,3a,cd,80,d3,60,19,64,79,57,4f,47,7d,19,3d,71,86,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10g.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:c0,1b,a7,ad,04,9a,89,95,04,ba,b5,45,5b,cc,63,f2,02,67,de,41,cd,
ed,b3,dc,1e,e2,cc,7f,40,48,3a,cd,80,d3,60,19,64,79,57,4f,47,7d,19,3d,71,86,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Classes]
"SymbolicLinkValue"=hex(6):5c,00,52,00,45,00,47,00,49,00,53,00,54,00,52,00,59,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Creative\Shared Files\CTAudSvc.exe
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\windows\system32\hasplms.exe
c:\program files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\iTracker\iTracker.exe
.
**************************************************************************
.
Completion time: 2011-06-21 18:45:34 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-21 16:45
.
Pre-Run: 62 561 980 416 bytes free
Post-Run: 62 496 636 928 bytes free
.
- - End Of File - - 1A036634079803D3C08CFAB230C142F5
Logfile of random's system information tool 1.08 (written by random/random)
Run by bot at 2011-06-21 19:00:25
Microsoft® Windows Vista™ Home Premium Service Pack 2
System drive C: has 60 GB (25%) free of 235 GB
Total RAM: 4094 MB (54% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:00:33, on 21. 6. 2011
Platform: Windows Vista SP2 (WinNT 6.00.1906)
MSIE: Internet Explorer v7.00 (7.00.6002.18005)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\ASUS\iTracker\iTracker.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files\WinFast\WFDTV\WFWIZ.exe
C:\Program Files (x86)\Flashnote\Flashnote.exe
C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE
C:\Program Files (x86)\Mozilla Firefox4\firefox.exe
C:\Users\bot\AppData\Roaming\Mozilla\Firefox\Profiles\kt4uakph.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\mozgestBinary\mozgestMouseHook.exe
C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe
C:\Program Files\trend micro\bot.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - (no file)
O4 - HKLM\..\Run: [Kone] "C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKCU\..\Run: [WinFast Schedule] C:\Program Files\WinFast\WFDTV\WFWIZ.exe
O4 - HKCU\..\Run: [Flashnote] C:\Program Files (x86)\Flashnote\flashnote.exe
O4 - Global Startup: Logo Calibration Loader.lnk = C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... PIDPDE.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://ccfiles.creative.com/Web/softwar ... /CTPID.cab
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\Windows\system32\browseui.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Acronis Nonstop Backup service (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASIT - Unknown owner - C:\Windows\SysWOW64\ASIT.exe
O23 - Service: Creative Audio Engine Licensing Service - Creative Labs - C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe
O23 - Service: Creative Audio Service (CTAudSvcService) - Creative Technology Ltd - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
O23 - Service: @dfsrres.dll,-101 (DFSR) - Unknown owner - C:\Windows\system32\DFSR.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HASP License Manager (hasplms) - Unknown owner - C:\Windows\system32\hasplms.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: PDAgent - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDAgent.exe
O23 - Service: PDEngine - Raxco Software, Inc. - C:\Program Files\Raxco\PerfectDisk\PDEngine.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\SLsvc.exe,-101 (slsvc) - Unknown owner - C:\Windows\system32\SLsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: TeamViewer 6 (TeamViewer6) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: USB MIDI Series Audio Device Monitor (USBMIDIAudioDevMon) - M-Audio - C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: Windows Media Player - služba zdieľania v sieti (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Marvell Yukon Service (yksvc) - Unknown owner - RUNDLL32.EXE (file missing)
--
End of file - 7791 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\Windows\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k rpcss
"C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe"
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
"C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe"
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {24D41EE5-9708-41C0-9BF1-30835826BA7B}
taskeng.exe {8F9CF4C1-4A8A-49A3-B7ED-D4798492F43C}
C:\Windows\system32\conime.exe
"C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe"
C:\Windows\SysWOW64\ASIT.exe
C:\Windows\system32\hasplms.exe -run
"C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe"
"C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe"
RUNDLL32.EXE ykx64mpcoinst,serviceStartProc
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesApp64.exe" /TUStart /pid:2916
"C:\Program Files (x86)\ASUS\iTracker\iTracker.exe" /start
"C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
"C:\Windows\ehome\ehtray.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\WinFast\WFDTV\WFWIZ.exe"
"C:\Program Files (x86)\Flashnote\Flashnote.exe"
"C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE"
C:\Windows\ehome\ehmsas.exe -Embedding
C:\Windows\ehome\ehsched.exe
C:\Windows\ehome\ehRecvr.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe"
"C:\Program Files (x86)\Mozilla Firefox4\firefox.exe"
C:\Users\bot\AppData\Roaming\Mozilla\Firefox\Profiles\kt4uakph.default\extensions\{FFA36170-80B1-4535-B0E3-A4569E497DD0}\mozgestBinary\mozgestMouseHook.exe 3540
"C:\Program Files (x86)\Mozilla Firefox4\plugin-container.exe" --channel=3540.f5f5080.286067400 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" - -omnijar C:\Program Files (x86)\Mozilla Firefox4\omni.jar 3540 \\.\pipe\gecko-crash-server-pipe.3540 plugin
taskeng.exe {E19DEFB2-B0FC-4B24-95B8-901E3267026F}
C:\Windows\system32\wbem\wmiprvse.exe
"C:\taskbar\av\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~2\SPYBOT~1\SDHelper.dll [2009-01-26 1879896]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{10EDB994-47F8-43F7-AE96-F2EA63E9F90F}
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2010-11-30 1436224]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"=C:\Windows\ehome\ehTray.exe [2008-01-21 138240]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2010-04-01 357696]
"WinFast Schedule"=C:\Program Files\WinFast\WFDTV\WFWIZ.exe [2010-08-11 2920448]
"Flashnote"=C:\Program Files (x86)\Flashnote\flashnote.exe [2011-05-02 4425728]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CTxfiHlp]
CTXFIHLP.EXE []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Kone"=C:\Program Files (x86)\ROCCAT\Kone Mouse\KoneHID.EXE [2009-09-15 180224]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Logo Calibration Loader.lnk - C:\Program Files (x86)\GretagMacbeth\i1\Eye-One Match 3\CalibrationLoader\CalibrationLoader.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"= []
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfPf]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfRd]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfSvc]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WudfUsbccidDriver]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"EnableLUA"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableUIADesktopToggle"=0
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"BindDirectlyToPropertySetStorage"=0
"NoDrives"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
======File associations======
.txt - open - C:\PROGRA~2\PSPADE~1\PSPad.exe "%1"
======List of files/folders created in the last 1 months======
2011-06-21 18:50:07 ----SHD---- C:\$RECYCLE.BIN
2011-06-21 18:45:34 ----A---- C:\ComboFix.txt
2011-06-21 16:42:05 ----A---- C:\Windows\SYSWOW64\uxtuneup.dll
2011-06-21 16:42:05 ----A---- C:\Windows\system32\uxtuneup.dll
2011-06-21 16:42:05 ----A---- C:\Windows\system32\TURegOpt.exe
2011-06-21 16:42:05 ----A---- C:\Windows\system32\authuitu.dll
2011-06-21 16:42:04 ----A---- C:\Windows\SYSWOW64\authuitu.dll
2011-06-21 13:40:51 ----D---- C:\rsit
2011-06-21 13:40:51 ----D---- C:\Program Files\trend micro
2011-06-21 13:25:58 ----A---- C:\Windows\Your Product Setup Log.txt
2011-06-21 01:46:31 ----D---- C:\Users\bot\AppData\Roaming\Tordex
2011-06-20 21:25:59 ----D---- C:\Program Files (x86)\Winamp Detect
2011-06-20 21:25:49 ----D---- C:\Users\bot\AppData\Roaming\Winamp
2011-06-20 21:25:49 ----D---- C:\Program Files (x86)\Winamp
2011-06-20 20:52:23 ----A---- C:\Windows\system32\wmploc.DLL.mui
2011-06-20 20:52:01 ----D---- C:\Program Files\Windows Media Player
2011-06-20 20:50:54 ----A---- C:\Windows\system32\wmploc.DLL
2011-06-20 20:28:44 ----D---- C:\ProgramData\Windows Media Player
2011-06-20 15:35:13 ----D---- C:\Program Files (x86)\BES 1.4.2
2011-06-15 13:52:25 ----A---- C:\Windows\dd_vcredistUI76D9.txt
2011-06-15 13:52:25 ----A---- C:\Windows\dd_vcredistMSI76D9.txt
2011-06-15 13:52:08 ----A---- C:\Windows\dd_vcredistUI76A2.txt
2011-06-15 13:52:08 ----A---- C:\Windows\dd_vcredistMSI76A2.txt
2011-06-15 11:39:05 ----A---- C:\Windows\system32\mshtml.dll
2011-06-15 11:39:04 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-06-15 11:39:04 ----A---- C:\Windows\system32\ieframe.dll
2011-06-15 11:39:02 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-06-15 11:39:02 ----A---- C:\Windows\system32\urlmon.dll
2011-06-15 11:39:01 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-06-15 11:39:01 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-06-15 11:39:01 ----A---- C:\Windows\system32\mshtmled.dll
2011-06-15 11:39:00 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2011-06-15 11:39:00 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-06-15 11:39:00 ----A---- C:\Windows\system32\wininet.dll
2011-06-15 11:39:00 ----A---- C:\Windows\system32\msfeeds.dll
2011-06-15 11:39:00 ----A---- C:\Windows\system32\iertutil.dll
2011-06-15 11:38:59 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-06-15 11:38:58 ----A---- C:\Windows\SYSWOW64\mstime.dll
2011-06-15 11:38:58 ----A---- C:\Windows\SYSWOW64\iepeers.dll
2011-06-15 11:38:58 ----A---- C:\Windows\system32\mstime.dll
2011-06-15 11:38:58 ----A---- C:\Windows\system32\iepeers.dll
2011-06-15 11:38:57 ----A---- C:\Windows\SYSWOW64\ieencode.dll
2011-06-15 11:38:57 ----A---- C:\Windows\SYSWOW64\ieapfltr.dll
2011-06-15 11:38:57 ----A---- C:\Windows\system32\ieencode.dll
2011-06-15 11:38:57 ----A---- C:\Windows\system32\ieapfltr.dll
2011-06-15 11:38:36 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-06-15 11:38:36 ----A---- C:\Windows\system32\oleaut32.dll
2011-06-15 11:38:35 ----A---- C:\Windows\system32\drivers\srvnet.sys
2011-06-15 11:38:35 ----A---- C:\Windows\system32\drivers\srv2.sys
2011-06-15 11:38:35 ----A---- C:\Windows\system32\drivers\afd.sys
2011-06-15 11:38:34 ----A---- C:\Windows\system32\win32k.sys
2011-06-15 11:38:34 ----A---- C:\Windows\system32\drivers\mrxsmb20.sys
2011-06-15 11:38:34 ----A---- C:\Windows\system32\drivers\mrxsmb10.sys
2011-06-15 11:38:34 ----A---- C:\Windows\system32\drivers\mrxsmb.sys
2011-06-15 11:38:32 ----A---- C:\Windows\system32\inetcomm.dll
2011-06-15 11:38:32 ----A---- C:\Windows\system32\drivers\dfsc.sys
2011-06-15 11:38:31 ----A---- C:\Windows\SYSWOW64\inetcomm.dll
2011-06-13 13:44:52 ----D---- C:\Program Files (x86)\Prey
2011-06-07 00:06:50 ----D---- C:\Windows\Avalon (win)
2011-06-07 00:01:55 ----D---- C:\Windows\NOD (win)
2011-06-03 16:40:15 ----HD---- C:\Windows\PIF
2011-06-03 15:44:01 ----D---- C:\Windows\$regcmp$
2011-06-03 15:37:32 ----D---- C:\Program Files (x86)\Registry Clean Expert
2011-06-02 17:24:12 ----D---- C:\Program Files (x86)\M-Audio
2011-06-02 17:02:40 ----D---- C:\Program Files (x86)\ASIO4ALL v2
2011-06-02 16:53:58 ----D---- C:\Users\bot\AppData\Roaming\Image-Line
2011-05-23 14:58:42 ----D---- C:\perflogs
2011-05-23 14:44:56 ----D---- C:\Users\bot\AppData\Roaming\PeerNetworking
======List of files/folders modified in the last 1 months======
2011-06-21 19:00:31 ----D---- C:\Windows\Temp
2011-06-21 18:48:02 ----D---- C:\Windows\System32
2011-06-21 18:48:02 ----D---- C:\Windows\inf
2011-06-21 18:48:02 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-06-21 18:45:37 ----D---- C:\Windows\system32\drivers
2011-06-21 18:45:37 ----D---- C:\Qoobox
2011-06-21 18:43:06 ----D---- C:\Users\bot\AppData\Roaming\Flashnote
2011-06-21 18:42:08 ----N---- C:\Windows\system.ini
2011-06-21 18:42:08 ----D---- C:\Windows
2011-06-21 18:42:03 ----D---- C:\Windows\system32\drivers\etc
2011-06-21 18:40:26 ----D---- C:\Windows\ERDNT
2011-06-21 18:40:11 ----D---- C:\Windows\SysWOW64
2011-06-21 18:37:49 ----D---- C:\Windows\SYSWOW64\drivers
2011-06-21 18:37:49 ----D---- C:\Windows\AppPatch
2011-06-21 18:37:47 ----D---- C:\Program Files\Common Files
2011-06-21 18:37:47 ----D---- C:\Program Files (x86)\Common Files
2011-06-21 18:21:34 ----RD---- C:\rapid
2011-06-21 17:40:55 ----D---- C:\Windows\system32\Tasks
2011-06-21 16:42:10 ----SHD---- C:\Windows\Installer
2011-06-21 16:42:03 ----D---- C:\Program Files (x86)\TuneUp Utilities 2011
2011-06-21 15:06:19 ----D---- C:\Program Files (x86)\Serious Sam HD - The Second Encounter
2011-06-21 13:40:51 ----RD---- C:\Program Files
2011-06-21 13:35:00 ----D---- C:\ProgramData\Spybot - Search & Destroy
2011-06-21 02:51:53 ----D---- C:\Windows\Tasks
2011-06-21 02:49:01 ----D---- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2011-06-21 02:10:47 ----D---- C:\Windows\Prefetch
2011-06-21 01:37:58 ----RD---- C:\Program Files (x86)
2011-06-20 21:51:31 ----A---- C:\Windows\SYSWOW64\PnkBstrB.exe
2011-06-20 21:25:59 ----D---- C:\Program Files (x86)\Mozilla Firefox4
2011-06-20 21:22:57 ----D---- C:\Windows\Logs
2011-06-20 21:22:57 ----D---- C:\Windows\Debug
2011-06-20 21:22:57 ----D---- C:\Users\bot\AppData\Roaming\TS3Client
2011-06-20 21:22:57 ----D---- C:\Users\bot\AppData\Roaming\Skype
2011-06-20 21:02:10 ----D---- C:\Program Files\Unlocker
2011-06-20 20:28:44 ----D---- C:\ProgramData
2011-06-20 19:53:16 ----D---- C:\Program Files (x86)\QIP Infium
2011-06-20 17:59:34 ----D---- C:\Users\bot\AppData\Roaming\XnView
2011-06-20 09:34:58 ----D---- C:\Windows\system32\catroot2
2011-06-19 20:35:36 ----D---- C:\Program Files (x86)\Electronic Arts
2011-06-16 14:33:29 ----D---- C:\Windows\Microsoft.NET
2011-06-16 14:33:27 ----RSD---- C:\Windows\assembly
2011-06-16 14:04:37 ----D---- C:\SISSigner
2011-06-15 15:46:27 ----D---- C:\Windows\winsxs
2011-06-15 15:36:22 ----D---- C:\Windows\system32\catroot
2011-06-15 15:34:35 ----D---- C:\Program Files\Internet Explorer
2011-06-15 15:34:35 ----D---- C:\Program Files (x86)\Internet Explorer
2011-06-15 15:34:33 ----D---- C:\Program Files\Windows Mail
2011-06-15 15:34:33 ----D---- C:\Program Files (x86)\Windows Mail
2011-06-15 13:54:16 ----A---- C:\Windows\system32\mrt.exe
2011-06-15 13:54:12 ----D---- C:\ProgramData\Microsoft Help
2011-06-15 13:52:09 ----D---- C:\Program Files\Common Files\Microsoft Shared
2011-06-13 13:45:34 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2011-06-12 00:59:56 ----ASD---- C:\ProgramData\Microsoft
2011-06-12 00:59:56 ----A---- C:\Windows\SurCode.INI
2011-06-12 00:51:33 ----D---- C:\Users\bot\AppData\Roaming\vlc
2011-06-11 23:00:23 ----D---- C:\Users\bot\AppData\Roaming\X-Chat 2
2011-06-09 20:39:45 ----D---- C:\Program Files\TeamSpeak 3 Client
2011-06-04 01:03:52 ----D---- C:\Program Files (x86)\yBook
2011-06-03 15:50:27 ----D---- C:\Windows\system32\config
2011-06-03 15:50:27 ----D---- C:\Boot
2011-06-03 15:43:03 ----D---- C:\Program Files\CCleaner
2011-05-24 12:18:35 ----D---- C:\Users\bot\AppData\Roaming\Adobe
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-06-21 388120]
R0 mrdd;Marvell Removable Disk Control Driver; C:\Windows\system32\DRIVERS\mrdd.sys [2008-11-12 22568]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2010-06-10 257120]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2010-11-05 834544]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258); C:\Windows\system32\DRIVERS\tdrpm258.sys [2010-06-10 1477728]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2010-06-10 943712]
R1 EIO64;EIO Driver; C:\Windows\system32\DRIVERS\EIO64.sys [2010-06-10 15872]
R1 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2010-10-24 188928]
R2 aksdf;aksdf; \??\C:\Windows\system32\drivers\aksdf.sys [2008-02-11 70272]
R2 aksfridge;aksfridge; \??\C:\Windows\system32\drivers\aksfridge.sys [2008-03-27 128512]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2010-11-21 314016]
R2 DefragFS;DefragFS; C:\Windows\system32\drivers\DefragFS.sys [2010-04-07 138256]
R2 Hardlock;Hardlock; \??\C:\Windows\system32\drivers\hardlock.sys [2007-08-06 314880]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2010-11-21 43680]
R3 CT20XUT.SYS;CT20XUT.SYS; C:\Windows\System32\drivers\CT20XUT.SYS [2009-06-04 202776]
R3 ctac32k;Creative AC3 Software Decoder; C:\Windows\system32\drivers\ctac32k.sys [2009-06-04 580632]
R3 ctaud2k;Creative Audio Driver (WDM); C:\Windows\system32\drivers\ctaud2k.sys [2009-06-04 684312]
R3 CTEXFIFX.SYS;CTEXFIFX.SYS; C:\Windows\System32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
R3 CTHWIUT.SYS;CTHWIUT.SYS; C:\Windows\System32\drivers\CTHWIUT.SYS [2009-06-04 94744]
R3 ctprxy2k;Creative Proxy Driver; C:\Windows\system32\drivers\ctprxy2k.sys [2009-06-04 15896]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\Windows\system32\drivers\ctsfm2k.sys [2009-06-04 213016]
R3 emupia;E-mu Plug-in Architecture Driver; C:\Windows\system32\drivers\emupia2k.sys [2009-06-04 118296]
R3 ha20x2k;Creative 20X HAL Driver; C:\Windows\system32\drivers\ha20x2k.sys [2009-06-04 1561112]
R3 KoneFltr;ROCCAT Kone; C:\Windows\system32\drivers\Kone.sys [2008-12-11 15488]
R3 MpNWMon;Microsoft Malware Protection Network Driver; C:\Windows\system32\DRIVERS\MpNWMon.sys [2010-10-24 40832]
R3 MSPQM;Microsoft Streaming Quality Manager Proxy; C:\Windows\system32\drivers\MSPQM.sys [2006-11-02 6656]
R3 MTsensor;ATK0110 ACPI UTILITY; C:\Windows\system32\DRIVERS\ASACPI.sys [2005-03-29 8192]
R3 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2010-10-24 72064]
R3 nvlddmkm;nvlddmkm; C:\Windows\system32\DRIVERS\nvlddmkm.sys [2011-01-08 12961640]
R3 ossrv;Creative OS Services Driver; C:\Windows\system32\drivers\ctoss2k.sys [2009-06-04 179224]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-05-18 11856]
R3 usbaudio;USB Audio Driver (WDM); C:\Windows\system32\drivers\usbaudio.sys [2009-04-10 98944]
R3 usbvideo;USB Video Device (WDM); C:\Windows\System32\Drivers\usbvideo.sys [2008-01-21 168704]
R3 WFSONORA;WinFast PxDVR3200 H (XC3028); C:\Windows\system32\drivers\wfsonora.sys [2010-03-23 369280]
R3 yukonx64;NDIS6.0 Miniport Driver for Marvell Yukon Ethernet Controller; C:\Windows\system32\DRIVERS\yk60x64.sys [2008-09-19 395776]
S2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys []
S2 PDIHWCTL;PDIHWCTL; \??\C:\Windows\system32\drivers\pdihwctl.sys []
S3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2010-06-10 251488]
S3 ajwdiznv;ajwdiznv; C:\Windows\system32\drivers\ajwdiznv.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 CT20XUT;CT20XUT; C:\Windows\system32\drivers\CT20XUT.SYS [2009-06-04 202776]
S3 CTEXFIFX;CTEXFIFX; C:\Windows\system32\drivers\CTEXFIFX.SYS [2009-06-04 1417240]
S3 CTHWIUT;CTHWIUT; C:\Windows\system32\drivers\CTHWIUT.SYS [2009-06-04 94744]
S3 drmkaud;Microsoft Kernel DRM Audio Descrambler; C:\Windows\system32\drivers\drmkaud.sys [2008-01-21 6144]
S3 EyeOneDisplay;EyeOneDisplay; C:\Windows\System32\Drivers\i1display_x64.sys [2005-12-14 7808]
S3 MAUSBMIDI;Service for M-Audio USB MIDI Series; C:\Windows\system32\DRIVERS\MAudioUSBMIDI.sys [2010-04-13 200200]
S3 MSKSSRV;Microsoft Streaming Service Proxy; C:\Windows\system32\drivers\MSKSSRV.sys [2008-01-21 11008]
S3 MSPCLOCK;Microsoft Streaming Clock Proxy; C:\Windows\system32\drivers\MSPCLOCK.sys [2006-11-02 7040]
S3 MSTEE;Microsoft Streaming Tee/Sink-to-Sink Converter; C:\Windows\system32\drivers\MSTEE.sys [2008-01-21 7936]
S3 NLNdisMP;NLNdisMP; C:\Windows\system32\DRIVERS\nlndis.sys []
S3 NLNdisPT;NetLimiter Ndis Protocol Service; C:\Windows\system32\DRIVERS\nlndis.sys []
S3 nmwcdcx64;Nokia USB Generic; C:\Windows\system32\drivers\ccdcmbox64.sys [2010-02-26 25088]
S3 nmwcdx64;Nokia USB Phone Parent; C:\Windows\system32\drivers\ccdcmbx64.sys [2010-02-26 19456]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 teamviewervpn;TeamViewer VPN Adapter; C:\Windows\system32\DRIVERS\teamviewervpn.sys [2010-10-15 35112]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2010-02-26 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2009-04-10 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltx64j.sys [2010-02-26 9216]
S3 WpdUsb;WpdUsb; C:\Windows\system32\DRIVERS\wpdusb.sys [2009-10-01 46592]
S3 WUDFRd;WUDFRd; C:\Windows\system32\DRIVERS\WUDFRd.sys [2008-01-21 108544]
S4 ErrDev;Microsoft Hardware Error Device Driver; C:\Windows\system32\drivers\errdev.sys [2008-01-21 8704]
S4 MegaSR;MegaSR; C:\Windows\system32\drivers\megasr.sys [2008-01-21 438328]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 ASIT;ASIT; C:\Windows\SysWOW64\ASIT.exe [2008-06-05 61440]
R2 CTAudSvcService;Creative Audio Service; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [2009-02-23 307200]
R2 FontCache;@%systemroot%\system32\FntCache.dll,-100; C:\Windows\system32\svchost.exe [2008-01-21 27648]
R2 hasplms;HASP License Manager; C:\Windows\system32\hasplms.exe [2008-07-17 2549248]
R2 MDM;Machine Debug Manager; C:\Program Files (x86)\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe [2006-10-26 335872]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [2010-11-11 12784]
R2 NVSvc;NVIDIA Driver Helper Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2010-12-01 75136]
R2 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-06-06 2026304]
R2 USBMIDIAudioDevMon;USB MIDI Series Audio Device Monitor; C:\Program Files (x86)\M-Audio\USB MIDI Series\AudioDevMon.exe [2010-04-13 1636872]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2008-01-21 27648]
R2 yksvc;Marvell Yukon Service; ykx64mpcoinst,serviceStartProc []
R3 NisSrv;@C:\Program Files\Microsoft Security Client\Antimalware\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [2010-11-11 282616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]
S3 afcdpsrv;Acronis Nonstop Backup service; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2010-06-10 2480048]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2010-11-05 79360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2010-11-16 136176]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PDAgent;PDAgent; C:\Program Files\Raxco\PerfectDisk\PDAgent.exe [2010-11-30 2610952]
S3 PDEngine;PDEngine; C:\Program Files\Raxco\PerfectDisk\PDEngine.exe [2010-11-30 2266376]
S3 PerfHost;@%systemroot%\sysWow64\perfhost.exe,-2; C:\Windows\SysWow64\perfhost.exe [2008-01-21 19968]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2010-10-20 630272]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 TeamViewer6;TeamViewer 6; C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe [2010-12-07 2228008]
S3 WPFFontCache_v0400;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe,-100; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\WPF\WPFFontCache_v0400.exe [2010-03-18 1020768]
S4 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Plán2\schedul2.exe [2009-11-26 894480]
S4 UleadBurningHelper;Ulead Burning Helper; C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe [2004-12-13 49152]
-----------------EOF-----------------
Přispějete na provoz fóra?