Windows prieskumník nereaguje

Zpráva

zolik · #1 Příspěvek od **zolik** » 12 led 2013 14:10

Zdravím, mám problém, aký ste tu už minimálne raz riešili ako som sa dočítal, ide o to že sa mi pri práci vo windowse hlavne pri otváraní okien proste vyskoči tabuka windos prieskumnik sa reštartuje a po par sekundach som vo windowse bez otvorenych okien, mám už aj stiahnute to RSIT, ale ak treba niečo ine tak stači povedať. Vopred dík za ochotu

zolik · #2 Příspěvek od **zolik** » 12 led 2013 14:13

Tu prikladám log.txt http://leteckaposta.cz/275635466

zolik · #3 Příspěvek od **zolik** » 12 led 2013 14:16

Logfile of random's system information tool 1.08 (written by random/random)
Run by Žolik at 2013-01-12 13:54:04
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 367 GB (63%) free of 585 GB
Total RAM: 2983 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 13:54:14, on 12. 1. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Steam\steam.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files\trend micro\Žolik.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://asus.msn.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ICQToolBar - {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
R3 - URLSearchHook: (no name) - - (no file)
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
O3 - Toolbar: ICQToolBar - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll" (file missing)
O4 - HKLM\..\Run: [Nuance PDF Reader-reminder] "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini"
O4 - HKLM\..\Run: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe /S
O4 - HKLM\..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
O4 - HKLM\..\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5"
O4 - HKLM\..\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3968942057-1830017158-2514965241-1000\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3968942057-1830017158-2514965241-1000\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: OpenOffice.org 3.2.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Global Startup: AsusVibeLauncher.lnk = C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
O4 - Global Startup: FancyStart daemon.lnk = ?
O4 - Global Startup: McAfee Security Scan Plus.lnk = C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: AFBAgent - Unknown owner - C:\Windows\system32\FBAgent.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: ICQ Service - Unknown owner - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: McAfee Security Scan Component Host Service (McComponentHostService) - McAfee, Inc. - C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (NVSvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PnkBstrA - Unknown owner - C:\Windows\system32\PnkBstrA.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 14359 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Windows\system32\FBAgent.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
C:\Windows\SysWOW64\PnkBstrA.exe
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe"
WLIDSvcM.exe 2280
"C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE"
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"taskhost.exe"
taskeng.exe {1EF1F83A-B4B9-4FEA-A3AF-8BBCD5DFBC30}
"C:\Windows\system32\Dwm.exe"
"C:\Program Files (x86)\ASUS\Splendid\ACMON.exe"
"C:\Program Files\P4G\BatteryLife.exe"
taskeng.exe {DA19A722-FEDB-41FE-AC51-4464C5FE2C52}
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe" /SF3
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe"
"C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe"
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
"C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2C:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\SysWOW64\ACEngSvr.exe" -Embedding
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Steam\steam.exe" -applaunch 71270
"C:\Program Files (x86)\Common Files\Steam\SteamService.exe" /RunAsService
"C:\Program Files (x86)\Skype\Phone\Skype.exe"
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe"
"C:\Windows\explorer.exe"
"C:\Users\Žolik\Downloads\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll [2011-04-01 318960]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2012-10-02 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}]
Google Toolbar Helper - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01 256112]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}]
Google Toolbar Notifier BHO - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll [2011-04-01 761840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C84D72FE-E17D-4195-BB24-76C02E2E7C4E}]
Google Dictionary Compression sdch - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll [2011-04-01 458736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2012-10-02 157672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2011-04-01 346736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{2318C2B1-4965-11d4-9B18-009027A5CD4F} - Google Toolbar - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2011-04-01 256112]
{855F3B16-6D32-4FE6-8A56-BBB695989046} - ICQToolBar - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll [2011-08-17 1055808]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll [2012-06-11 1307728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-10 167960]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-10 391704]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-10 418328]
"RtHDVBg"=C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2011-05-17 2226280]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-03-04 2712360]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2011-03-04 97064]
"Setwallpaper"=c:\programdata\SetWallpaper.cmd []
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 4081008]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2011-10-14 3058304]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CLMLServer]
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2009-11-02 103720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RtHDVCpl]
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2011-05-17 11855976]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"=C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe [2008-11-03 328992]
"ASUSPRP"=C:\Program Files (x86)\ASUS\APRP\APRP.EXE [2011-04-01 2018032]
"ASUSWebStorage"=C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe [2011-02-23 731472]
"SonicMasterTray"=C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe [2010-07-10 984400]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2010-08-17 5732992]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2010-10-07 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"Wireless Console 3"=C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [2010-09-24 1601536]
"UpdateLBPShortCut"=C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"UpdateP2GoShortCut"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2011-06-09 254696]
"HTC Sync Loader"=C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-11-14 655360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
AsusVibeLauncher.lnk - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe
FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe
McAfee Security Scan Plus.lnk - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe

C:\Users\Žolik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
OpenOffice.org 3.2.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-01-27 385024]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveAutoRun"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"HideSCAHealth"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 months======

2013-01-12 13:54:05 ----D---- C:\Program Files\trend micro
2013-01-12 13:54:04 ----D---- C:\rsit
2013-01-12 13:45:22 ----D---- C:\Program Files (x86)\SEGA
2013-01-12 13:22:25 ----D---- C:\Users\Žolik\AppData\Roaming\Sports Interactive
2013-01-11 02:46:09 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-01-09 23:00:32 ----A---- C:\Windows\SYSWOW64\win32spl.dll
2013-01-09 23:00:32 ----A---- C:\Windows\system32\win32spl.dll
2013-01-09 23:00:10 ----A---- C:\Windows\system32\msxml6.dll
2013-01-09 23:00:09 ----A---- C:\Windows\SYSWOW64\msxml6.dll
2013-01-09 23:00:09 ----A---- C:\Windows\system32\msxml3.dll
2013-01-09 23:00:08 ----A---- C:\Windows\SYSWOW64\msxml3.dll
2013-01-09 23:00:07 ----A---- C:\Windows\SYSWOW64\ncrypt.dll
2013-01-09 23:00:07 ----A---- C:\Windows\system32\ncrypt.dll
2013-01-09 23:00:06 ----A---- C:\Windows\SYSWOW64\usp10.dll
2013-01-09 23:00:06 ----A---- C:\Windows\system32\usp10.dll
2013-01-09 22:59:58 ----A---- C:\Windows\system32\Wpc.dll
2013-01-09 22:59:57 ----A---- C:\Windows\system32\gameux.dll
2013-01-09 22:59:56 ----A---- C:\Windows\SYSWOW64\gameux.dll
2013-01-09 22:59:55 ----A---- C:\Windows\SYSWOW64\Wpc.dll
2013-01-09 22:59:11 ----A---- C:\Windows\system32\KernelBase.dll
2013-01-09 22:59:09 ----A---- C:\Windows\SYSWOW64\KernelBase.dll
2013-01-09 22:59:09 ----A---- C:\Windows\system32\kernel32.dll
2013-01-09 22:59:08 ----A---- C:\Windows\SYSWOW64\kernel32.dll
2013-01-09 22:59:08 ----A---- C:\Windows\system32\wow64win.dll
2013-01-09 22:59:08 ----A---- C:\Windows\system32\winsrv.dll
2013-01-09 22:59:07 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-01-09 22:59:07 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-01-09 22:59:07 ----A---- C:\Windows\system32\wow64cpu.dll
2013-01-09 22:59:07 ----A---- C:\Windows\system32\wow64.dll
2013-01-09 22:59:07 ----A---- C:\Windows\system32\ntvdm64.dll
2013-01-09 22:59:07 ----A---- C:\Windows\system32\conhost.exe
2013-01-09 22:59:06 ----AH---- C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 22:59:05 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 22:59:05 ----AH---- C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 22:59:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 22:59:04 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 22:59:04 ----AH---- C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 22:59:04 ----AH---- C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 22:59:04 ----AH---- C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 22:59:03 ----AH---- C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 22:59:02 ----AH---- C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 22:59:01 ----AH---- C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 22:59:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 22:59:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 22:59:00 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 22:58:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 22:58:59 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 22:58:59 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-01-09 22:58:59 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-01-09 22:58:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 22:58:58 ----AH---- C:\Windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 22:58:58 ----AH---- C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 22:58:58 ----AH---- C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 22:58:58 ----A---- C:\Windows\SYSWOW64\user.exe
2013-01-09 22:58:46 ----A---- C:\Windows\system32\taskhost.exe
2013-01-09 22:58:45 ----A---- C:\Windows\system32\win32k.sys
2013-01-06 14:30:59 ----D---- C:\Program Files (x86)\AGEIA Technologies
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvwgf2um.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvumdshim.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvopencl.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvoglv32.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvd3dum.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvcuvid.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvcuvenc.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvcuda.dll
2013-01-06 14:26:06 ----A---- C:\Windows\SYSWOW64\nvcompiler.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvwgf2umx.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvopencl.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvoglv64.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvdispgenco64.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvd3dumx.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvcuvid.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvcuvenc.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvcuda.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\nvcompiler.dll
2013-01-06 14:26:06 ----A---- C:\Windows\system32\drivers\nvpciflt.sys
2013-01-06 14:26:06 ----A---- C:\Windows\system32\drivers\nvlddmkm.sys
2012-12-21 14:31:32 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2012-12-21 14:31:31 ----A---- C:\Windows\system32\atmlib.dll
2012-12-21 14:31:27 ----A---- C:\Windows\system32\atmfd.dll
2012-12-21 14:31:24 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2012-12-13 03:20:54 ----A---- C:\Windows\SYSWOW64\shoF3.tmp

======List of files/folders modified in the last 1 months======

2013-01-12 13:54:14 ----D---- C:\Windows\Prefetch
2013-01-12 13:54:07 ----D---- C:\Windows\Temp
2013-01-12 13:54:05 ----RD---- C:\Program Files
2013-01-12 13:48:33 ----D---- C:\Program Files (x86)\Steam
2013-01-12 13:45:22 ----RD---- C:\Program Files (x86)
2013-01-12 13:44:31 ----D---- C:\Users\Žolik\AppData\Roaming\Skype
2013-01-12 13:40:39 ----D---- C:\Windows\system32\config
2013-01-12 13:38:52 ----D---- C:\Users\Žolik\AppData\Roaming\DAEMON Tools Lite
2013-01-12 13:20:41 ----D---- C:\Windows\system32\Tasks
2013-01-12 13:19:35 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-11 07:44:07 ----D---- C:\Windows\rescache
2013-01-11 06:58:47 ----D---- C:\Windows\Microsoft.NET
2013-01-11 06:58:10 ----RSD---- C:\Windows\assembly
2013-01-11 05:42:14 ----D---- C:\Windows\winsxs
2013-01-11 05:38:49 ----D---- C:\Windows\SysWOW64
2013-01-11 05:38:49 ----D---- C:\Windows\System32
2013-01-11 05:38:38 ----D---- C:\Windows\SYSWOW64\sk-SK
2013-01-11 05:38:34 ----D---- C:\Windows\system32\sk-SK
2013-01-11 05:38:23 ----D---- C:\Windows\AppPatch
2013-01-11 03:21:09 ----SHD---- C:\Windows\Installer
2013-01-11 03:20:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-01-11 03:20:40 ----D---- C:\Windows\inf
2013-01-11 03:20:38 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-01-11 03:12:16 ----A---- C:\Windows\system32\MRT.exe
2013-01-11 03:04:27 ----D---- C:\ProgramData\Microsoft Help
2013-01-11 03:02:17 ----D---- C:\Windows
2013-01-11 03:01:07 ----SHD---- C:\System Volume Information
2013-01-09 22:58:40 ----D---- C:\Windows\system32\catroot
2013-01-09 22:58:27 ----D---- C:\Windows\system32\catroot2
2013-01-09 22:51:30 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-01-08 01:29:08 ----SD---- C:\Users\Žolik\AppData\Roaming\Microsoft
2013-01-06 23:36:27 ----D---- C:\Windows\SYSWOW64\NV
2013-01-06 23:36:23 ----D---- C:\Windows\system32\NV
2013-01-06 23:36:11 ----D---- C:\ProgramData\NVIDIA
2013-01-06 14:30:59 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2013-01-06 14:30:06 ----D---- C:\Program Files\NVIDIA Corporation
2013-01-06 14:30:04 ----D---- C:\temp
2013-01-06 14:27:59 ----D---- C:\Windows\system32\drivers
2013-01-06 14:27:45 ----D---- C:\Windows\system32\DriverStore
2013-01-06 13:09:50 ----A---- C:\Windows\system32\acovcnt.exe
2012-12-29 11:34:47 ----A---- C:\Windows\SYSWOW64\nvinit.dll
2012-12-29 11:34:47 ----A---- C:\Windows\SYSWOW64\nvapi.dll
2012-12-29 11:34:47 ----A---- C:\Windows\system32\nvumdshimx.dll
2012-12-29 11:34:47 ----A---- C:\Windows\system32\nvinitx.dll
2012-12-29 11:34:47 ----A---- C:\Windows\system32\nvdispco64.dll
2012-12-29 11:34:47 ----A---- C:\Windows\system32\nvapi64.dll
2012-12-29 09:40:27 ----A---- C:\Windows\system32\nvsvc64.dll
2012-12-29 09:40:27 ----A---- C:\Windows\system32\nvcpl.dll
2012-12-29 09:40:09 ----A---- C:\Windows\system32\nvvsvc.exe
2012-12-29 09:40:09 ----A---- C:\Windows\system32\nvsvcr.dll
2012-12-29 09:40:09 ----A---- C:\Windows\system32\nvshext.dll
2012-12-29 09:40:09 ----A---- C:\Windows\system32\nvmctray.dll
2012-12-29 09:40:09 ----A---- C:\Windows\system32\nv3dappshextr.dll
2012-12-29 09:40:09 ----A---- C:\Windows\system32\nv3dappshext.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2010-09-13 437272]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R1 ATKWMIACPIIO;ATKWMIACPI Driver; \??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-23 283200]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 187632]
R3 asmthub3;ASMedia USB3 Hub Service; C:\Windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
R3 asmtxhci;ASMEDIA XHCI Service; C:\Windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2011-10-07 2770944]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-01-27 12273408]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2011-05-17 2872680]
R3 IntcDAud;Intel(R) Display Audio; C:\Windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 15416]
R3 MEIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2010-09-22 56344]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
R3 Sftfs;Sftfs; C:\Windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
R3 Sftplay;Sftplay; C:\Windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
R3 Sftredir;Sftredir; C:\Windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
R3 Sftvol;Sftvol; C:\Windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-03-04 1413168]
S3 AthBTPort;Atheros Virtual Bluetooth Class; C:\Windows\system32\DRIVERS\btath_flt.sys []
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver; C:\Windows\system32\drivers\btath_a2dp.sys []
S3 BTATH_BUS;Atheros Bluetooth Bus; C:\Windows\system32\DRIVERS\btath_bus.sys []
S3 BTATH_HCRP;Bluetooth HCRP Server driver; C:\Windows\system32\DRIVERS\btath_hcrp.sys []
S3 BTATH_LWFLT;Bluetooth LWFLT Device; C:\Windows\system32\DRIVERS\btath_lwflt.sys []
S3 BTATH_RCP;Bluetooth AVRCP Device; C:\Windows\system32\DRIVERS\btath_rcp.sys []
S3 BtFilter;BtFilter; C:\Windows\system32\DRIVERS\btfilter.sys []
S3 BthEnum;Bluetooth Request Block Driver; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
S3 BTHPORT;Bluetooth Port Driver; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
S3 fssfltr;FssFltr; C:\Windows\system32\DRIVERS\fssfltr.sys [2010-09-23 48488]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files (x86)\Garena Classic\safedrv.sys []
S3 htcnprot;HTC NDIS Protocol Driver; C:\Windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
S3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
S3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader; C:\Windows\System32\Drivers\RtsUVStor.sys [2010-08-03 290920]
S3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver; C:\Windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 19968]
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-24 154168]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AFBAgent;AFBAgent; C:\Windows\system32\FBAgent.exe [2011-03-04 379520]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-16 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-12-15 96896]
R2 cvhsvc;Client Virtualization Handler; C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
R2 ICQ Service;ICQ Service; C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
R2 NVSvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-12-29 884152]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-12-29 1260472]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-08 166912]
R2 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2012-03-18 66872]
R2 sftlist;Application Virtualization Client; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 2286976]
R3 BBUpdate;BBUpdate; C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
R3 sftvsa;Application Virtualization Service Agent; C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
R3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-01-10 541760]
S2 BBSvc;BingBar Service; C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 135664]
S3 gusvc;Google Software Updater; C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe [2011-04-01 182768]
S3 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-11 115760]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
S4 NetMsmqActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@c:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]

-----------------EOF-----------------

zolik · #4 Příspěvek od **zolik** » 12 led 2013 15:05

Hmm, urobil som ten Research ale problem pretrvava, čo dalej? o.O

zolik · #5 Příspěvek od **zolik** » 12 led 2013 15:08

############################## | UsbFix V 7.096 | [Research]

User: Žolik (Administrator) # ZOLIK-PC
Updated 15/08/2012 by El Desaparecido
Started at 14:55:05 | 12/01/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: ASUSTeK Computer Inc. (K53SC) (x64-based PC) # Notebook
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz (2100)
RAM -> [Total : 2983 | Free : 853]
BIOS: BIOS Date: 09/26/11 14:09:47 Ver: 04.06.03
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AV: ESET Smart Security 5.2 [Enabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 571 Gb (362 Mb free - 63%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM

################## | Active Processes |

C:\Windows\system32\csrss.exe (492)
C:\Windows\system32\wininit.exe (592)
C:\Windows\system32\csrss.exe (612)
C:\Windows\system32\services.exe (656)
C:\Windows\system32\lsass.exe (672)
C:\Windows\system32\lsm.exe (680)
C:\Windows\system32\winlogon.exe (736)
C:\Windows\system32\svchost.exe (828)
C:\Windows\system32\nvvsvc.exe (888)
C:\Windows\system32\svchost.exe (928)
C:\Windows\System32\svchost.exe (300)
C:\Windows\System32\svchost.exe (364)
C:\Windows\system32\svchost.exe (544)
C:\Windows\system32\svchost.exe (1032)
C:\Windows\system32\svchost.exe (1112)
C:\Windows\system32\FBAgent.exe (1200)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1228)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1276)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1452)
C:\Windows\system32\nvvsvc.exe (1460)
C:\Windows\System32\spoolsv.exe (1624)
C:\Windows\system32\svchost.exe (1652)
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (1832)
C:\Windows\system32\svchost.exe (1864)
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (1888)
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (1960)
C:\Windows\SysWOW64\PnkBstrA.exe (2024)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2156)
C:\Windows\system32\svchost.exe (2248)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2280)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2352)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2508)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (2560)
C:\Windows\system32\svchost.exe (2960)
C:\Windows\system32\taskhost.exe (856)
C:\Windows\system32\taskeng.exe (2164)
C:\Windows\system32\Dwm.exe (1840)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2740)
C:\Program Files\P4G\BatteryLife.exe (3076)
C:\Windows\system32\taskeng.exe (3084)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (3176)
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (3208)
C:\Windows\System32\igfxtray.exe (3348)
C:\Windows\System32\hkcmd.exe (3356)
C:\Windows\System32\igfxpers.exe (3364)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3396)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3424)
C:\Program Files\ESET\ESET Smart Security\egui.exe (3536)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (3688)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3804)
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (3852)
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (3884)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (3912)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (3924)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (3932)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (3952)
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (3308)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (4108)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (4304)
C:\Windows\system32\SearchIndexer.exe (4504)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4772)
C:\Windows\SysWOW64\ACEngSvr.exe (4988)
C:\Windows\AsScrPro.exe (4196)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (3432)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (4396)
C:\Windows\System32\svchost.exe (4408)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (3944)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (896)
C:\Windows\System32\svchost.exe (2368)
C:\Program Files (x86)\Steam\steam.exe (2240)
C:\Program Files (x86)\Common Files\Steam\SteamService.exe (4784)
C:\Program Files (x86)\Skype\Phone\Skype.exe (4624)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4372)
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (3204)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (5200)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (5380)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (2788)
C:\Windows\explorer.exe (5784)
C:\Windows\system32\SearchProtocolHost.exe (5300)
C:\Windows\system32\SearchFilterHost.exe (1424)
C:\UsbFix\Go.exe (2548)
C:\Windows\system32\wbem\wmiprvse.exe (4188)

################## | Files # Infected Folders |

Found ! C:\Windows\Temp\contentDATs.exe
Found ! C:\Windows\Temp\SecurityScan_Release.exe
Found ! C:\Users\OLIK~1\AppData\Local\Temp\svchost.exe
Found ! E:\Setup.exe
Found ! E:\autorun.inf
Found ! C:\Users\Žolik\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\3EANFAVT\cgminer[1].exe
Found ! C:\Users\Žolik\AppData\Local\Temp\svchost.exe

################## | Registry |

################## | Mountpoints2 |

HKCU\.\.\.\.\Explorer\MountPoints2\{250c706d-71a5-11e1-8c91-14dae91849b8}
Shell\AutoRun\Command = G:\SETUP.EXE

HKCU\.\.\.\.\Explorer\MountPoints2\{ee7005ed-5d27-11e1-9f03-742f6835b715}
Shell\AutoRun\Command = E:\Setup.exe

HKCU\.\.\.\.\Explorer\MountPoints2\{ee700601-5d27-11e1-9f03-742f6835b715}
Shell\AutoRun\Command = F:\SETUP.EXE

################## | Vaccin |

(!) This computer is not vaccinated!

################## | E.O.F |

zolik · #6 Příspěvek od **zolik** » 12 led 2013 15:38

############################## | UsbFix V 7.096 | [Deletion]

User: Žolik (Administrator) # ZOLIK-PC
Updated 15/08/2012 by El Desaparecido
Started at 15:29:49 | 12/01/2013

Website: http://eldesaparecido.com
Forum: http://forum.eldesaparecido.com
Suspicious file ? : http://eldesaparecido.com/upload.php
Contact: contact@eldesaparecido.com

PC: ASUSTeK Computer Inc. (K53SC) (x64-based PC) # Notebook
CPU: Intel(R) Core(TM) i3-2310M CPU @ 2.10GHz (2100)
RAM -> [Total : 2983 | Free : 1186]
BIOS: BIOS Date: 09/26/11 14:09:47 Ver: 04.06.03
BOOT: Normal boot

OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) # Service Pack 1
WB: Windows Internet Explorer 9.0.8112.16421

SC: Security Center Service [(!) Disabled]
WU: Windows Update Service [Enabled]
AV: ESET Smart Security 5.2 [Enabled | Updated]
FW: Windows FireWall Service [(!) Disabled]

C:\ (%systemdrive%) -> Fixed drive # 571 Gb (362 Mb free - 63%) [OS] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> CD-ROM
G:\ -> CD-ROM
H:\ -> CD-ROM

################## | Active Processes |

C:\Windows\system32\csrss.exe (500)
C:\Windows\system32\wininit.exe (596)
C:\Windows\system32\csrss.exe (616)
C:\Windows\system32\services.exe (660)
C:\Windows\system32\lsass.exe (676)
C:\Windows\system32\lsm.exe (696)
C:\Windows\system32\winlogon.exe (720)
C:\Windows\system32\svchost.exe (832)
C:\Windows\system32\nvvsvc.exe (892)
C:\Windows\system32\svchost.exe (936)
C:\Windows\System32\svchost.exe (120)
C:\Windows\System32\svchost.exe (460)
C:\Windows\system32\svchost.exe (528)
C:\Windows\system32\svchost.exe (788)
C:\Windows\system32\svchost.exe (1100)
C:\Windows\system32\FBAgent.exe (1240)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1272)
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1324)
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1464)
C:\Windows\system32\nvvsvc.exe (1472)
C:\Windows\System32\spoolsv.exe (1584)
C:\Windows\system32\svchost.exe (1616)
C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (1668)
C:\Windows\system32\taskeng.exe (1800)
C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (1816)
C:\Windows\system32\svchost.exe (1860)
C:\Windows\system32\taskhost.exe (1992)
C:\Windows\system32\taskeng.exe (1432)
C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (524)
C:\Windows\system32\taskeng.exe (1772)
C:\Program Files\P4G\BatteryLife.exe (1908)
C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (2104)
C:\Windows\system32\Dwm.exe (2140)
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (2200)
C:\Windows\SysWOW64\PnkBstrA.exe (2304)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2556)
C:\Windows\system32\svchost.exe (2608)
C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2696)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2720)
C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2776)
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (2908)
C:\Program Files (x86)\Dll-Files.com Fixer\DLLFixer.exe (2972)
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (2980)
C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (2260)
C:\Windows\System32\rundll32.exe (3152)
C:\Windows\system32\svchost.exe (3232)
C:\Windows\servicing\TrustedInstaller.exe (3404)
C:\Windows\System32\igfxtray.exe (3672)
C:\Windows\System32\hkcmd.exe (3680)
C:\Windows\System32\igfxpers.exe (3692)
C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3704)
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3724)
C:\Program Files\ESET\ESET Smart Security\egui.exe (3808)
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (3924)
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3320)
C:\Windows\SysWOW64\ACEngSvr.exe (3552)
C:\Program Files (x86)\ASUS\APRP\aprp.exe (2132)
C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (1676)
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (4104)
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (4112)
C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (4128)
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (4164)
C:\Windows\system32\SearchIndexer.exe (4376)
C:\Program Files\Windows Media Player\wmpnetwk.exe (4488)
C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (4524)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (4552)
C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (4596)
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (4640)
C:\Windows\system32\SearchProtocolHost.exe (4796)
C:\Windows\system32\SearchFilterHost.exe (4824)
C:\Windows\System32\svchost.exe (4960)
C:\Windows\AsScrPro.exe (4484)
C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4444)
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (4424)
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1204)
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (2468)
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4900)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (2312)
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (4792)
C:\Windows\explorer.exe (5748)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (900)
C:\Windows\system32\sppsvc.exe (3536)
C:\Windows\System32\svchost.exe (3864)
C:\UsbFix\Go.exe (1776)
C:\Windows\system32\wbem\wmiprvse.exe (1068)
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (504)

################## | Stopped processes |

Stopped! C:\Windows\system32\nvvsvc.exe (892)
Stopped! C:\Windows\system32\FBAgent.exe (1240)
Stopped! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (1272)
Stopped! C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (1324)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe (1464)
Stopped! C:\Windows\system32\nvvsvc.exe (1472)
Stopped! C:\Windows\System32\spoolsv.exe (1584)
Stopped! C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (1668)
Stopped! C:\Windows\system32\taskeng.exe (1800)
Stopped! C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe (1816)
Stopped! C:\Windows\system32\taskhost.exe (1992)
Stopped! C:\Windows\system32\taskeng.exe (1432)
Stopped! C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe (524)
Stopped! C:\Windows\system32\taskeng.exe (1772)
Stopped! C:\Program Files\P4G\BatteryLife.exe (1908)
Stopped! C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe (2104)
Stopped! C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (2200)
Stopped! C:\Windows\SysWOW64\PnkBstrA.exe (2304)
Stopped! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (2556)
Stopped! C:\Program Files (x86)\ASUS\Splendid\ACMON.exe (2696)
Stopped! C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (2720)
Stopped! C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (2776)
Stopped! C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe (2980)
Stopped! C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE (2260)
Stopped! C:\Windows\System32\rundll32.exe (3152)
Stopped! C:\Windows\servicing\TrustedInstaller.exe (3404)
Stopped! C:\Windows\System32\igfxtray.exe (3672)
Stopped! C:\Windows\System32\hkcmd.exe (3680)
Stopped! C:\Windows\System32\igfxpers.exe (3692)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (3704)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (3724)
Stopped! C:\Program Files\ESET\ESET Smart Security\egui.exe (3808)
Stopped! C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (3924)
Stopped! C:\Program Files\Synaptics\SynTP\SynTPHelper.exe (3320)
Stopped! C:\Windows\SysWOW64\ACEngSvr.exe (3552)
Stopped! C:\Program Files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe (1676)
Stopped! C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (4104)
Stopped! C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (4112)
Stopped! C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe (4128)
Stopped! C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe (4164)
Stopped! C:\Windows\system32\SearchIndexer.exe (4376)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (4488)
Stopped! C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (4524)
Stopped! C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (4552)
Stopped! C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (4596)
Stopped! C:\Program Files\NVIDIA Corporation\Display\nvtray.exe (4640)
Stopped! C:\Windows\system32\SearchProtocolHost.exe (4796)
Stopped! C:\Windows\system32\SearchFilterHost.exe (4824)
Stopped! C:\Windows\AsScrPro.exe (4484)
Stopped! C:\Program Files (x86)\Mozilla Firefox\firefox.exe (4444)
Stopped! C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (4424)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (1204)
Stopped! C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe (2468)
Stopped! C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe (4900)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (2312)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (4792)
Stopped! C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (900)
Stopped! C:\Windows\system32\sppsvc.exe (3536)

################## | Files # Infected Folders |

Not deleted ! E:\Setup.exe
Deleted ! C:\$RECYCLE.BIN\S-1-5-21-3968942057-1830017158-2514965241-1001
Not deleted ! E:\autorun.inf

(!) Temporary files deleted.

################## | Registry |

################## | Mountpoints2 |

Deleted ! HKCU\.\.\.\.\Explorer\MountPoints2\{ee7005ed-5d27-11e1-9f03-742f6835b715}

################## | Listing |

[12/01/2013 - 15:36:02 | SHD ] C:\$Recycle.Bin
[14/10/2011 - 15:55:25 | D ] C:\ASUS.DAT
[01/04/2011 - 10:22:01 | D ] C:\AsusVibeData
[12/01/2013 - 15:25:45 | RASHD ] C:\Autorun.inf
[29/07/2009 - 07:03:34 | SHD ] C:\Boot
[14/07/2009 - 02:38:58 | RASH | 383562] C:\bootmgr
[29/07/2009 - 07:03:37 | N | 8192] C:\BOOTSECT.BAK
[15/10/2011 - 00:46:29 | N | 0] C:\devlist.txt
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[14/10/2011 - 18:28:05 | D ] C:\eSupport
[22/04/2002 - 05:41:24 | N | 7] C:\FAC.TXT
[12/01/2013 - 15:26:45 | ASH | 2345689088] C:\hiberfil.sys
[14/10/2011 - 18:02:22 | D ] C:\Intel
[26/09/2011 - 13:16:50 | N | 2621440] C:\K53SC.BIN
[24/05/2011 - 08:56:56 | N | 2621440] C:\K53SJ.BIN
[31/05/2011 - 03:26:54 | N | 19] C:\K53SJ_K53SV_K53SC_WIN7.90
[18/05/2011 - 08:34:34 | N | 2621440] C:\K53SV.BIN
[16/10/2011 - 13:01:54 | RHD ] C:\MSOCache
[15/11/2011 - 15:18:22 | D ] C:\NVIDIA
[12/01/2013 - 15:26:45 | ASH | 3127586816] C:\pagefile.sys
[14/10/2011 - 18:22:28 | N | 14] C:\Pass.txt
[14/07/2009 - 04:20:08 | D ] C:\PerfLogs
[12/01/2013 - 13:54:05 | D ] C:\Program Files
[12/01/2013 - 15:17:43 | D ] C:\Program Files (x86)
[13/10/2012 - 12:07:01 | D ] C:\ProgramData
[14/10/2011 - 15:51:02 | SHD ] C:\Recovery
[30/03/2011 - 08:12:29 | N | 19] C:\RECOVERY.DAT
[14/10/2011 - 18:07:00 | N | 2328] C:\RHDSetup.log
[12/01/2013 - 14:19:13 | D ] C:\rsit
[14/10/2011 - 18:25:51 | N | 168] C:\setup.log
[14/10/2011 - 18:27:56 | N | 384] C:\setuplogfile.log
[11/01/2013 - 03:01:07 | SHD ] C:\System Volume Information
[06/01/2013 - 14:30:04 | D ] C:\temp
[05/11/2011 - 23:08:16 | D ] C:\TRANSLAT
[12/01/2013 - 15:36:02 | D ] C:\UsbFix
[12/01/2013 - 15:30:01 | A | 11787] C:\UsbFix.txt
[12/01/2013 - 15:25:47 | N | 13462091] C:\UsbFix_Upload_Me_ZOLIK-PC.zip
[22/05/2012 - 15:23:29 | D ] C:\Users
[14/10/2011 - 18:09:17 | N | 209] C:\usetup.iss
[14/10/2011 - 18:46:29 | D ] C:\WIMAPPLY
[11/01/2013 - 03:02:17 | D ] C:\Windows
[31/10/2011 - 15:16:33 | D ] E:\SKIDROW
[31/10/2011 - 15:16:33 | R | 999256576] E:\Setup-1a.bin
[31/10/2011 - 15:16:33 | R | 962301180] E:\Setup-1b.bin
[31/10/2011 - 15:16:33 | R | 743053] E:\Setup.exe
[31/10/2011 - 15:16:33 | R | 69] E:\autorun.inf
[31/10/2011 - 15:16:33 | R | 355574] E:\fm12.ico

################## | Vaccin |

C:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)

################## | Upload |

Please send the file: C:\UsbFix_Upload_Me_ZOLIK-PC.zip
http://eldesaparecido.com/upload.php
Thank you for your contribution.

################## | E.O.F |

zolik · #7 Příspěvek od **zolik** » 12 led 2013 16:09

Prepač že sa všetko tak blbo pytam ale nie som v tom uplny profik, takže mam stiahnuť ten Combofix a poslať ti z neho log?

zolik · #8 Příspěvek od **zolik** » 12 led 2013 21:29

ComboFix 13-01-12.01 - Žolik . 01. 2013 16:36:02.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2983.910 [GMT 1:00]
Running from: c:\users\Äolik\Desktop\ComboFix.exe
AV: ESET Smart Security 5.2 *Enabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Enabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\FullRemove.exe
c:\windows\msvcr71.dll
c:\windows\msxml4-KB2758694-enu.LOG
.
.
((((((((((((((((((((((((( Files Created from 2012-12-12 to 2013-01-12 )))))))))))))))))))))))))))))))
.
.
2013-01-12 15:54 . 2013-01-12 15:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-12 15:54 . 2013-01-12 15:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-12 14:18 . 2013-01-12 14:20 28613632 ----a-w- c:\windows\SysWow64\berkelium.dll
2013-01-12 14:17 . 2013-01-12 14:17 -------- d-----w- c:\users\Žolik\AppData\Roaming\dll-files.com
2013-01-12 14:17 . 2013-01-12 14:17 -------- d-----w- c:\program files (x86)\Dll-Files.com Fixer
2013-01-12 13:54 . 2013-01-12 14:41 -------- d-----w- C:\UsbFix
2013-01-12 12:54 . 2013-01-12 12:54 -------- d-----w- c:\program files\trend micro
2013-01-12 12:54 . 2013-01-12 13:19 -------- d-----w- C:\rsit
2013-01-12 12:45 . 2013-01-12 12:45 -------- d-----w- c:\program files (x86)\SEGA
2013-01-12 12:22 . 2013-01-12 12:22 -------- d-----w- c:\users\Žolik\AppData\Roaming\Sports Interactive
2013-01-12 12:22 . 2013-01-12 12:22 -------- d-----w- c:\users\Žolik\AppData\Local\Sports Interactive
2013-01-11 08:47 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{8A98D92B-0092-4546-ABBC-BF6966A2F992}\mpengine.dll
2013-01-09 22:00 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 22:00 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 22:00 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 22:00 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 22:00 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 22:00 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 22:00 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 22:00 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 22:00 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 22:00 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-09 21:58 . 2012-11-30 04:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 21:58 . 2012-11-30 02:44 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-01-09 21:58 . 2012-11-30 02:44 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-01-09 21:58 . 2012-11-30 02:38 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 21:58 . 2012-11-30 05:38 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 21:58 . 2012-11-30 05:38 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 21:58 . 2012-11-30 04:45 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 21:58 . 2012-11-30 04:45 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 21:58 . 2012-11-30 02:44 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-01-09 21:58 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 21:58 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-06 13:30 . 2013-01-06 13:30 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2012-12-21 13:31 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 13:31 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 13:31 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:31 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-12 15:56 . 2011-10-14 17:31 45056 ----a-w- c:\windows\system32\acovcnt.exe
2013-01-12 14:36 . 2013-01-12 14:25 13462022 ----a-w- C:\UsbFix_Upload_Me_ZOLIK-PC.zip
2013-01-11 02:12 . 2012-03-09 13:23 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 21:51 . 2012-10-11 16:27 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 21:51 . 2011-10-15 11:06 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-29 10:34 . 2011-11-15 14:19 1813432 ----a-w- c:\windows\system32\nvdispco64.dll
2012-12-29 10:34 . 2011-10-14 17:03 246024 ----a-w- c:\windows\system32\nvinitx.dll
2012-12-29 10:34 . 2011-10-14 17:03 201728 ----a-w- c:\windows\SysWow64\nvinit.dll
2012-12-29 10:34 . 2011-10-14 17:03 1107592 ----a-w- c:\windows\system32\nvumdshimx.dll
2012-12-29 10:34 . 2011-10-14 17:03 2824656 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-29 10:34 . 2011-10-14 17:03 2504248 ----a-w- c:\windows\SysWow64\nvapi.dll
2012-12-29 08:40 . 2011-04-10 15:14 6382008 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-29 08:40 . 2011-04-10 15:14 3455416 ----a-w- c:\windows\system32\nvsvc64.dll
2012-12-29 08:40 . 2011-04-10 15:15 2923201 ----a-w- c:\windows\system32\nvcoproc.bin
2012-12-29 08:40 . 2011-04-10 15:15 118712 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-29 08:40 . 2011-04-10 15:15 997816 ----a-w- c:\windows\system32\nv3dappshext.dll
2012-12-29 08:40 . 2011-04-10 15:15 884152 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-29 08:40 . 2011-04-10 15:15 63928 ----a-w- c:\windows\system32\nvshext.dll
2012-12-29 08:40 . 2011-04-10 15:15 55736 ----a-w- c:\windows\system32\nv3dappshextr.dll
2012-12-29 08:40 . 2011-04-10 15:15 2558392 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-13 02:20 . 2012-12-13 02:20 0 ----a-w- c:\windows\SysWow64\shoF3.tmp
2012-12-12 13:26 . 2012-12-12 13:26 0 ----a-w- c:\windows\SysWow64\shoE7A.tmp
2012-11-30 04:45 . 2013-01-09 21:59 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-27 22:32 . 2012-11-27 22:32 8282192 ----a-w- c:\programdata\Microsoft\BingBar\BBSvc\7.1.391.0oemBingBarSetup-Partner.EXE
2012-11-14 07:06 . 2012-12-12 13:21 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 13:21 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 13:22 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 13:22 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 13:22 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 13:22 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 13:22 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 13:22 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 13:22 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 13:22 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 13:22 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 13:22 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 13:22 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 13:22 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 13:22 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 13:22 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 13:22 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 13:22 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 13:22 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 13:22 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 13:22 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 13:22 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 17:52 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 17:52 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-02 05:59 . 2012-12-12 13:21 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 13:21 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-26 12:23 . 2012-10-26 12:23 0 ----a-w- c:\windows\SysWow64\sho9208.tmp
2012-10-16 08:38 . 2012-11-28 07:58 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:58 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:58 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-14 20:02 . 2012-03-18 19:30 183112 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-01 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"SonicMasterTray"="c:\program files (x86)\ASUS\Sonic Focus\SonicFocusTray.exe" [2010-07-10 984400]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-06-09 254696]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-11-14 655360]
.
c:\users\Žolik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.2.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-6-7 1195520]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-1 548528]
FancyStart daemon.lnk - c:\windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_C4A2FC3E3722966204FDD8.exe [2011-10-14 12862]
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAHealth"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944]
R3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [x]
R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [x]
R3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [x]
R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [x]
R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [x]
R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [x]
R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files (x86)\Garena Classic\safedrv.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 L1C;NDIS Miniport Driver for Atheros AR8131/AR8132 PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-06-10 57344]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 RSUSBVSTOR;RtsUVStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUVStor.sys [2010-08-03 290920]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-15 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 62496]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2012-12-29 30648]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-23 283200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 38288]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2011-03-03 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2012-03-07 913144]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-08 166912]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2011-02-24 126952]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\DRIVERS\asmtxhci.sys [2011-02-24 389608]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-01-13 413800]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
Contents of the 'Scheduled Tasks' folder
.
2013-01-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-10-11 21:51]
.
2013-01-12 c:\windows\Tasks\DLL-Files.Com Fixer_MONTHLY.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-01-12 09:56]
.
2013-01-12 c:\windows\Tasks\DLL-Files.Com Fixer_Updates.job
- c:\program files (x86)\Dll-Files.com Fixer\DLLFixer.exe [2013-01-12 09:56]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 08:58]
.
2013-01-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-04-01 08:58]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-05-17 2226280]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 4081008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
TCP: DhcpNameServer = 172.23.1.6 217.119.113.244 217.119.113.245
FF - ProfilePath - c:\users\Žolik\AppData\Roaming\Mozilla\Firefox\Profiles\2imoo8w2.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://start.icq.com/
FF - prefs.js: network.proxy.type - 0
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-SynAsusAcpi - c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-PC Translator - c:\users\OLIK~1\AppData\Local\Temp\UN32.EXE
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10k_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10k.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.exe
c:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\AsScrPro.exe
c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe
.
**************************************************************************
.
Completion time: 2013-01-12 17:14:30 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-12 16:14
.
Pre-Run: 388 280 156 160 bytes free
Post-Run: 390 288 736 256 bytes free
.
- - End Of File - - 0285CA060F661C46BB43DFA15BCCA27C

zolik · #9 Příspěvek od **zolik** » 12 led 2013 22:35

pretrvava

zolik · #10 Příspěvek od **zolik** » 13 led 2013 20:16

strašne dlhy je ten vypis ma to niečo cez 1120 000 znakov :-/ ale napisalo mi že je všetko v poriadku nič sa nenašlo a nič ani neodstranilo

zolik · #11 Příspěvek od **zolik** » 14 led 2013 15:28

GMER 2.0.18444 - http://www.gmer.net
Rootkit scan 2013-01-14 15:27:36
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.JEDO 596,17GB
Running: gmer.exe; Driver: C:\Users\OLIK~1\AppData\Local\Temp\ugloypod.sys

---- User code sections - GMER 2.0 ----

.text C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe[1864] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075e887b1 4 bytes [C2, 04, 00, 00]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765c1401 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765c1419 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765c1431 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765c144a 2 bytes [5C, 76]
.text ... * 9
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765c14dd 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765c14f5 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765c150d 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765c1525 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765c153d 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765c1555 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765c156d 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765c1585 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765c159d 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765c15b5 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765c15cd 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765c16b2 2 bytes [5C, 76]
.text C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe[3928] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765c16bd 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765c1401 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765c1419 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765c1431 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765c144a 2 bytes [5C, 76]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765c14dd 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765c14f5 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765c150d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765c1525 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765c153d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765c1555 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765c156d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765c1585 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765c159d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765c15b5 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765c15cd 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765c16b2 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[6956] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765c16bd 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 5 000000007732f991 8 bytes {MOV EDX, 0x903e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationThread + 15 000000007732f99b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 5 000000007732fa0d 8 bytes {MOV EDX, 0x901a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenKey + 15 000000007732fa17 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 5 000000007732fb25 8 bytes {MOV EDX, 0x90168; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateKey + 15 000000007732fb2f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 5 000000007732fbd5 8 bytes {MOV EDX, 0x90428; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadToken + 15 000000007732fbdf 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 5 000000007732fc05 8 bytes {MOV EDX, 0x90368; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcess + 15 000000007732fc0f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 5 000000007732fc1d 8 bytes {MOV EDX, 0x90128; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtSetInformationFile + 15 000000007732fc27 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 5 000000007732fc35 8 bytes {MOV EDX, 0x904e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtMapViewOfSection + 15 000000007732fc3f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 5 000000007732fc65 8 bytes {MOV EDX, 0x90528; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtUnmapViewOfSection + 15 000000007732fc6f 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 5 000000007732fce5 8 bytes {MOV EDX, 0x904a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenThreadTokenEx + 15 000000007732fcef 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 5 000000007732fcfd 8 bytes {MOV EDX, 0x90468; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessTokenEx + 15 000000007732fd07 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 5 000000007732fd49 8 bytes {MOV EDX, 0x90068; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenFile + 15 000000007732fd53 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 5 000000007732fdad 8 bytes {MOV EDX, 0x902e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenSection + 15 000000007732fdb7 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 5 000000007732fe41 8 bytes {MOV EDX, 0x900a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtQueryAttributesFile + 15 000000007732fe4b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 5 000000007732ff89 8 bytes {MOV EDX, 0x902a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateSection + 15 000000007732ff93 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 5 0000000077330099 8 bytes {MOV EDX, 0x90028; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateFile + 15 00000000773300a3 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 5 0000000077330781 8 bytes {MOV EDX, 0x90268; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant + 15 000000007733078b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 5 0000000077330ffd 8 bytes {MOV EDX, 0x901e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenKeyEx + 15 0000000077331007 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 5 000000007733105d 8 bytes {MOV EDX, 0x90228; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenMutant + 15 0000000077331067 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 5 00000000773310a5 8 bytes {MOV EDX, 0x903a8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenProcessToken + 15 00000000773310af 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 5 000000007733111d 8 bytes {MOV EDX, 0x90328; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtOpenThread + 15 0000000077331127 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 5 0000000077331321 8 bytes {MOV EDX, 0x900e8; JMP RDX}
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\SysWOW64\ntdll.dll!NtQueryFullAttributesFile + 15 000000007733132b 1 byte [90]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\kernel32.dll!CreateProcessW 0000000075e8103d 5 bytes JMP 0000000100010030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\kernel32.dll!CreateProcessA 0000000075e81072 5 bytes JMP 0000000100010070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!CreateEventW 000000007666119f 5 bytes JMP 0000000100020030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\KERNELBASE.dll!OpenEventW 00000000766611cf 5 bytes JMP 0000000100020070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetDeviceCaps 00000000766b4de0 5 bytes JMP 00000001001203b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SelectObject 00000000766b4f70 5 bytes JMP 00000001001205f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetBkMode 00000000766b51a2 5 bytes JMP 00000001001208f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetTextColor 00000000766b522d 5 bytes JMP 0000000100120a30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!DeleteObject 00000000766b5689 5 bytes JMP 00000001001201b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!DeleteDC 00000000766b58b3 5 bytes JMP 0000000100120170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetCurrentObject 00000000766b6bad 5 bytes JMP 0000000100120370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SaveDC 00000000766b6e05 5 bytes JMP 0000000100120570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!RestoreDC 00000000766b6ead 5 bytes JMP 0000000100120530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetStretchBltMode 00000000766b7180 5 bytes JMP 00000001001206b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!StretchDIBits 00000000766b7435 5 bytes JMP 0000000100120770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!CreateDCA 00000000766b7bcc 5 bytes JMP 00000001001200b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!IntersectClipRect 00000000766b7dc4 5 bytes JMP 00000001001203f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetTextAlign 00000000766b7fd5 5 bytes JMP 0000000100120d70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetTextMetricsW 00000000766b82b2 5 bytes JMP 0000000100120e30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetTextAlign 00000000766b8401 5 bytes JMP 00000001001209f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!ExtSelectClipRgn 00000000766b879f 5 bytes JMP 00000001001202f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SelectClipRgn 00000000766b8916 5 bytes JMP 00000001001205b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!ExtTextOutW 00000000766b8b7a 5 bytes JMP 0000000100120970
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!MoveToEx 00000000766b8ee6 5 bytes JMP 0000000100120470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetFontData 00000000766b9875 5 bytes JMP 0000000100120c70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetTextFaceW 00000000766b9936 5 bytes JMP 0000000100120d30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!Rectangle 00000000766ba53a 5 bytes JMP 00000001001209b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetClipBox 00000000766baf9f 5 bytes JMP 0000000100120330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!LineTo 00000000766bb9e5 5 bytes JMP 0000000100120430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetICMMode 00000000766bbd55 5 bytes JMP 0000000100120db0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!CreateICW 00000000766bc040 5 bytes JMP 0000000100120130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32W 00000000766bc107 5 bytes JMP 0000000100120670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetWorldTransform 00000000766bc269 5 bytes JMP 00000001001206f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetTextMetricsA 00000000766bd1f1 5 bytes JMP 0000000100120df0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetTextExtentPoint32A 00000000766bd349 5 bytes JMP 0000000100120630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!ExtTextOutA 00000000766bdce4 5 bytes JMP 0000000100120930
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!CreateDCW 00000000766be743 5 bytes JMP 00000001001200f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!ExtEscape 00000000766c03b7 5 bytes JMP 00000001001202b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!Escape 00000000766c1bda 5 bytes JMP 0000000100120270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetTextFaceA 00000000766c1e89 5 bytes JMP 0000000100120cf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetPolyFillMode 00000000766c4843 5 bytes JMP 0000000100120b30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SetMiterLimit 00000000766c5690 5 bytes JMP 0000000100120b70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!EndPage 00000000766c6bde 5 bytes JMP 0000000100120230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!ResetDCW 00000000766ce2db 5 bytes JMP 0000000100120ab0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!GetGlyphOutlineW 00000000766d940d 5 bytes JMP 0000000100120cb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!CreateScalableFontResourceW 00000000766dc621 5 bytes JMP 0000000100120bb0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!AddFontResourceW 00000000766dd2b2 5 bytes JMP 0000000100120bf0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!RemoveFontResourceW 00000000766dd919 5 bytes JMP 0000000100120c30
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!AbortDoc 00000000766e3adc 5 bytes JMP 0000000100120030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!EndDoc 00000000766e3f29 5 bytes JMP 00000001001201f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!StartPage 00000000766e401a 5 bytes JMP 0000000100120730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!StartDocW 00000000766e4c51 5 bytes JMP 00000001001207f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!BeginPath 00000000766e53fd 5 bytes JMP 0000000100120830
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!SelectClipPath 00000000766e5454 5 bytes JMP 0000000100120af0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!CloseFigure 00000000766e54af 5 bytes JMP 0000000100120070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!EndPath 00000000766e5506 5 bytes JMP 0000000100120a70
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!StrokePath 00000000766e573f 5 bytes JMP 00000001001207b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!FillPath 00000000766e57d2 5 bytes JMP 0000000100120870
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!PolylineTo 00000000766e5c44 5 bytes JMP 00000001001204f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!PolyBezierTo 00000000766e5cd5 5 bytes JMP 00000001001204b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\GDI32.dll!PolyDraw 00000000766e5d87 5 bytes JMP 00000001001208b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!MapWindowPoints 0000000074a68c40 5 bytes JMP 0000000100130570
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatW 0000000074a69ebd 5 bytes JMP 00000001001302b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!RegisterClipboardFormatA 0000000074a70afa 5 bytes JMP 00000001001302f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetClientRect 0000000074a70c62 7 bytes JMP 00000001001305b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetParent 0000000074a70f68 7 bytes JMP 00000001001306f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!IsWindowVisible 0000000074a7112d 7 bytes JMP 00000001001306b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!PostMessageW 0000000074a712a5 5 bytes JMP 00000001001305f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!ScreenToClient 0000000074a7227d 7 bytes JMP 0000000100130670
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!MonitorFromWindow 0000000074a73150 7 bytes JMP 0000000100130630
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!SetCursor 0000000074a741f6 5 bytes JMP 0000000100130530
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameA 0000000074a768ef 5 bytes JMP 0000000100130270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetClipboardFormatNameW 0000000074a777fa 5 bytes JMP 0000000100130230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetTopWindow 0000000074a77887 7 bytes JMP 0000000100130730
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!IsClipboardFormatAvailable 0000000074a78676 5 bytes JMP 00000001001300f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetClipboardSequenceNumber 0000000074a78696 5 bytes JMP 0000000100130330
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!CloseClipboard 0000000074a78e8d 5 bytes JMP 00000001001300b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!OpenClipboard 0000000074a78ecb 5 bytes JMP 0000000100130070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!ChangeClipboardChain 0000000074a7c17b 5 bytes JMP 0000000100130430
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!EnumClipboardFormats 0000000074a7c449 5 bytes JMP 00000001001301b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetOpenClipboardWindow 0000000074a7c468 5 bytes JMP 00000001001303f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!CountClipboardFormats 0000000074a7c486 5 bytes JMP 00000001001301f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!SetClipboardViewer 0000000074a7c4b6 5 bytes JMP 00000001001304b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!ActivateKeyboardLayout 0000000074a7d6c0 5 bytes JMP 00000001001304f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetClipboardOwner 0000000074a7e360 5 bytes JMP 0000000100130370
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!SetClipboardData 0000000074aa8e57 5 bytes JMP 0000000100130170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!SetCursorPos 0000000074aa9cfd 5 bytes JMP 0000000100130770
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetClipboardData 0000000074aa9f1d 5 bytes JMP 0000000100130030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!EmptyClipboard 0000000074ac7cb9 5 bytes JMP 0000000100130130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetClipboardViewer 0000000074ac8111 5 bytes JMP 0000000100130470
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\USER32.dll!GetPriorityClipboardFormat 0000000074ac832f 5 bytes JMP 00000001001303b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!FreeContextBuffer 0000000074a09606 5 bytes JMP 00000001001800f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!FreeCredentialsHandle 0000000074a10581 5 bytes JMP 0000000100180130
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!DeleteSecurityContext 0000000074a10bb9 5 bytes JMP 0000000100180270
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!ApplyControlToken 0000000074a10c2e 5 bytes JMP 00000001001801b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!QueryContextAttributesA 0000000074a10f2e 5 bytes JMP 0000000100180070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!QueryCredentialsAttributesA 0000000074a11096 5 bytes JMP 00000001001800b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!EncryptMessage 0000000074a1124e 5 bytes JMP 00000001001801f0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!DecryptMessage 0000000074a1129d 5 bytes JMP 0000000100180230
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!AcquireCredentialsHandleA 0000000074a11527 5 bytes JMP 0000000100180030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\SspiCli.dll!InitializeSecurityContextA 0000000074a11590 5 bytes JMP 0000000100180170
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\ole32.dll!OleSetClipboard 0000000075d60045 5 bytes JMP 0000000100190030
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\ole32.dll!OleIsCurrentClipboard 0000000075d636b2 5 bytes JMP 0000000100190070
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\ole32.dll!OleGetClipboard 0000000075d8fdcd 5 bytes JMP 00000001001900b0
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000765c1401 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000765c1419 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000765c1431 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000765c144a 2 bytes [5C, 76]
.text ... * 9
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000765c14dd 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000765c14f5 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000765c150d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000765c1525 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000765c153d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000765c1555 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000765c156d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000765c1585 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000765c159d 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000765c15b5 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000765c15cd 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000765c16b2 2 bytes [5C, 76]
.text C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe[4152] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000765c16bd 2 bytes [5C, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6788] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075e887b1 5 bytes JMP 000000015c18856d
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6788] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075d06143 5 bytes JMP 000000015c6bfa9a
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6788] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000762d3e59 5 bytes JMP 000000015c1b97d1
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6788] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000762d3eae 5 bytes JMP 000000015c1c7641
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6788] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000762d4731 5 bytes JMP 000000015c1c65d9
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[6788] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000762d5dee 5 bytes JMP 000000015c1eda4f
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[2296] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000075e887b1 5 bytes JMP 000000015c18856d
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[2296] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000075d06143 5 bytes JMP 000000015c6bfa9a
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[2296] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 00000000762d3e59 5 bytes JMP 000000015c1b97d1
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[2296] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 00000000762d3eae 5 bytes JMP 000000015c1c7641
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[2296] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 00000000762d4731 5 bytes JMP 000000015c1c65d9
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[2296] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 00000000762d5dee 5 bytes JMP 000000015c1eda4f

---- Threads - GMER 2.0 ----

Thread C:\Windows\System32\svchost.exe [348:5184] 000007fef82244e0
Thread C:\Windows\System32\svchost.exe [348:5264] 000007fef14d8a4c
Thread C:\Windows\System32\svchost.exe [348:676] 000007fefb51a2b0
Thread C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1332:1476] 000007fef9c07c60
Thread C:\Windows\System32\spoolsv.exe [1596:3480] 000007fef5cb10c8
Thread C:\Windows\System32\spoolsv.exe [1596:3528] 000007fef5a36144
Thread C:\Windows\System32\spoolsv.exe [1596:3536] 000007fef8805fd0
Thread C:\Windows\System32\spoolsv.exe [1596:3540] 000007fef5993438
Thread C:\Windows\System32\spoolsv.exe [1596:3544] 000007fef88063ec
Thread C:\Windows\System32\spoolsv.exe [1596:3560] 000007fef5d95e5c
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:1764] 000000007091f030
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:2976] 0000000070ae15c0
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:2988] 0000000070920a30
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:2992] 000000007091da40
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:2996] 000000007091da40
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:3000] 000000007091d6d0
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:3004] 000000007091d6d0
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:3012] 000000007091db50
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:3024] 00000000706f3750
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:4604] 00000000706aa050
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:1820] 00000000706f44b0
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:1692] 000000006f7852c9
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:3596] 0000000070936150
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:3240] 000000007071b550
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:3076] 000000007071b550
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:2280] 00000000708d62ee
Thread C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864:5084] 00000000709349d0
Thread C:\Windows\System32\svchost.exe [2336:2084] 000007fef6ea9688
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2456:2496] 000000007044102d
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2456:2504] 000000007014f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2456:2548] 000000007014f1dc
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2456:2552] 00000000701455d3
Thread C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2456:2616] 00000000703ec159
Thread C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2632:2708] 000000006fb3473d
Thread C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [3656:3144] 00000000734c786a
Thread C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [3656:3912] 0000000069bab684
Thread C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [3656:5632] 0000000070c732fb
Thread C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [3656:368] 00000000708d62ee
Thread C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [4076:3232] 000007fefba32a7c
Thread C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [4076:3396] 000007fefc0c6204
Thread C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [4076:3632] 000000006edd6f38
Thread C:\Program Files\ESET\ESET Smart Security\egui.exe [3436:4568] 000000006d672910
Thread C:\Program Files\ESET\ESET Smart Security\egui.exe [3436:4572] 000000006d6729b0
Thread C:\Program Files\ESET\ESET Smart Security\egui.exe [3436:4580] 000000006d5a21b0
Thread C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3316:4412] 000000006e2f66ee
Thread C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3316:4416] 000000006e2f66ee
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:4836] 00000000002e5230
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:4864] 0000000070c732fb
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:5024] 000000006e8c765f
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:5028] 000000006e942695
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:1276] 000000006e942695
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:1096] 000000006e942695
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:744] 000000006e942695
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:1104] 000000006ead3803
Thread C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396:4532] 0000000006fa4bd0
Thread C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [4460:4716] 00000000734c786a
Thread C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [4460:4556] 0000000001ba79f9
Thread C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [3152:4588] 00000000734c786a
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [4308:4816] 000007fefba32a7c
Thread C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [4308:4444] 000007fefc0c6204
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [4440:1272] 000007feefc3cc10
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [4440:824] 000007feefafb564
Thread C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [4440:3900] 000007feefafb564
Thread C:\Windows\system32\DllHost.exe [5196:5268] 000007feec9fae40
Thread C:\Program Files (x86)\Steam\steam.exe [4212:1032] 0000000077362e25
Thread C:\Program Files (x86)\Steam\steam.exe [4212:1040] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:1252] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5248] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:1260] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5480] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5352] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:4928] 00000000573ca510
Thread C:\Program Files (x86)\Steam\steam.exe [4212:908] 0000000057bd28ad
Thread C:\Program Files (x86)\Steam\steam.exe [4212:4176] 0000000077363e45
Thread C:\Program Files (x86)\Steam\steam.exe [4212:3116] 00000000573ca510
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5728] 00000000573ca510
Thread C:\Program Files (x86)\Steam\steam.exe [4212:6128] 00000000573ca510
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5216] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5276] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5444] 00000000380b5530
Thread C:\Program Files (x86)\Steam\steam.exe [4212:3184] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:2588] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:6012] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:2964] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5780] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:788] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5296] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:4808] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:2116] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5988] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5696] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5032] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:4560] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5756] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5672] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5676] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:4280] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:948] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5292] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5792] 000000005a04b420
Thread C:\Program Files (x86)\Steam\steam.exe [4212:4824] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:6096] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:4820] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:6048] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5940] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:2388] 00000000301a81a4
Thread C:\Program Files (x86)\Steam\steam.exe [4212:2852] 0000000060c00540
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5920] 0000000077363e45
Thread C:\Program Files (x86)\Steam\steam.exe [4212:3960] 0000000077363e45
Thread C:\Program Files (x86)\Steam\steam.exe [4212:2196] 0000000077363e45
Thread C:\Program Files (x86)\Steam\steam.exe [4212:5888] 00000000573ca510
Thread C:\Program Files (x86)\Steam\steam.exe [4212:1512] 0000000077367111
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5040] 000000005fc2628d
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3084] 000000005fc252c2
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5896] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6028] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3860] 00000000708d62ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3044] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6860] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4072] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4548] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5408] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6616] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:7064] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:2520] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:1124] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6460] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5884] 0000000077362e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4920] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3456] 000000006d4f27e1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4952] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6520] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5492] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4408] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6140] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3180] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6508] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4220] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:864] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4640] 0000000077363e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3204] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3360] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5700] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3916] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6812] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5980] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:780] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3820] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:1548] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3472] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:7164] 0000000077363e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:1840] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:6816] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4536] 0000000077363e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5220] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4764] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:1684] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:4636] 0000000072a3c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:5816] 0000000070c732fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:3696] 0000000077363e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:2088] 0000000077363e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [6820:7140] 0000000077367111
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:2108] 000000005fc252c2
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:5916] 00000000612ceb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:4608] 00000000612ceb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:1432] 0000000077362e25
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:5460] 0000000077363e45
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:6008] 00000000612ceb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:812] 00000000612ceb50
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:5400] 000000006d4f27e1
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:4772] 0000000077363e45
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:4360] 0000000077367111
Thread C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe [1564:6604] 0000000077363e45
---- Processes - GMER 2.0 ----

Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [348] 000007fef84e0000
Library ? (*** suspicious ***) @ C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe [1332] 0000000073b20000
Library ? (*** suspicious ***) @ C:\Windows\system32\FBAgent.exe [1360] 000007fef9810000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [1400] 0000000074b80000
Library ? (*** suspicious ***) @ C:\Windows\System32\spoolsv.exe [1596] 000007fef96f0000
Library ? (*** suspicious ***) @ C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [1864] 0000000070c50000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe [1952] 0000000076470000
Library ? (*** suspicious ***) @ C:\Windows\SysWOW64\PnkBstrA.exe [1108] 00000000765f0000
Library ? (*** suspicious ***) @ C:\Windows\system32\svchost.exe [2300] 000007fefea50000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [2336] 000007feff090000
Library ? (*** suspicious ***) @ C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2416] 000007fefd4c0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2456] 0000000070c50000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2632] 00000000772e0000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskhost.exe [3248] 000007fefc0c0000
Library ? (*** suspicious ***) @ C:\Windows\system32\taskeng.exe [3308] 000007fefea50000
Library ? (*** suspicious ***) @ C:\Program Files\P4G\BatteryLife.exe [3516] 000007fef8470000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [3656] 000000006d600000
Library ? (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [4076] 000007fefee10000
Library ? (*** suspicious ***) @ C:\Program Files\ESET\ESET Smart Security\egui.exe [3436] 000000006d730000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [3316] 000000006ee20000
Library ? (*** suspicious ***) @ [4244] 0000000000400000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [4396] 0000000076470000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin [4460] 0000000000330000
Library ? (*** suspicious ***) @ C:\Windows\system32\SearchIndexer.exe [4272] 000007fefae10000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4192] 000007fefea80000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [3152] 00000000739f0000
Library ? (*** suspicious ***) @ C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [4308] 000007fefd7b0000
Library ? (*** suspicious ***) @ C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [4440] 000007fef5320000
Library ? (*** suspicious ***) @ C:\Windows\system32\DllHost.exe [5196] 000007fefd4c0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2828] 000000006f490000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [6060] 00000000698b0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Common Files\Steam\SteamService.exe [5800] 0000000076900000

---- Registry - GMER 2.0 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f6835b715
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\742f6835b715@0026e26443be 0xE9 0x60 0x41 0xF0 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f6835b715 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\742f6835b715@0026e26443be 0xE9 0x60 0x41 0xF0 ...

---- EOF - GMER 2.0 ----

VIRY.CZ

Windows prieskumník nereaguje

Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje

Re: Windows prieskumník nereaguje