Zase jsem zlobil... podezrele procesy

Zpráva

Real · #1 Příspěvek od **Real** » 29 říj 2013 18:26

Ahoj. V prvni rade sorry za opakovane nedokonceni tematu, prosim, nechte defragmantaci uplne na konec a tim se rozloucim protoze je to na straaaasne dlouho a ja pak zapomenu napsat dik vse je fajn. predem dekuju jestly to prijmete tolerovane... take sorry ze nemam hacky na klavesnici a na CZ jazyk pocitac neprepinam... ziju v GB. jde to ale kdz to udelam samo se to prepina z5 na EN ale s tim bych se nezatezoval.

jinak avast mi az dnes odpoledne nahlasil malwere updater.exe pritom ho uz sleduju asi tyden ale nebylo moc casu neco podniknout... parkrat se obevil dllhost z MMO Lineage2 ktery jsem odinstaloval a nehral veky a prosim o ponechani cokoli z GW2 taky me zajima jak nastavim programy po spusteni... uTorrent a Origin client take Rockstar client se mi obevujou a nvm jak je to dat pryc... rozhodne jsem vedel s win 98 a XP ale win7 nemam rad, ale zjic je v pytli xD nic nenadelam.

Logfile of random's system information tool 1.09 (written by random/random)
Run by ADMIN at 2013-10-29 17:19:03
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 653 GB (68%) free of 954 GB
Total RAM: 3839 MB (48% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 5:22:18 PM, on 10/29/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\Guild Wars 2\Gw2.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\Program Files\trend micro\ADMIN.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www1.delta-search.com/?babsrc=HP ... 7&tsp=4980
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 81.0.254.162 L2authd.Lineage2.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\New folder\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\New folder\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi
O4 - HKCU\..\Run: [uTorrent] "C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8254 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\Explorer.EXE
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Windows\system32\Dwm.exe"
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"C:\ProgramData\DatacardService\DCSHelper.exe"
"C:\ProgramData\MobileBrServ\mbbservice.exe" -service
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\Windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 3124
C:\Windows\system32\svchost.exe -k WindowsMobile
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-20b9014e-f194-4c6d-bb90-de3145211864 -SystemEventPortName:HostProcess-a0aa7244-e532-481f-a277-0d3984f9e6e5 -IoCancelEventPortName:HostProcess-83e75571-1f82-42ce-940b-040ffbdc4bf7 -NonStateChangingEventPortName:HostProcess-63691593-f743-4717-a825-26d03948640b -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:14ed56a7-57ac-4233-ab38-2ce6cb25fb6e -DeviceGroupId:WpdFsGroup
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Program Files (x86)\Guild Wars 2\Gw2.exe"
"C:\uzit+\chrome-win32\chrome.exe"
"C:\uzit+\chrome-win32\chrome.exe" --type=gpu-process --channel="4604.0.1741125957\724048234" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,8,19,21 --gpu-vendor-id=0x10de --gpu-device-id=0x084b --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.2018 --ignored=" --type=renderer " /prefetch:822062411
"C:\uzit+\chrome-win32\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=CacheSensitivityAnalysis/No/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OneClickSignIn/BlueOnWhite/OverlappedReadImpact/OverlappedReadDisabled/Prefetch/ContentPrefetchPrefetchOn/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/PrerenderLoggedInPredictor/Enabled/SpdyCwnd/cwnd16/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --disable-html-notifications --channel="4604.4.24686742\24896890" /prefetch:673131151
"C:\Users\ADMIN\Downloads\RSITx64 (2).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\AmiUpdXp.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\TopArcadeHits.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\New folder\bin\ssv.dll [2013-04-21 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
TopArcadeHits Games - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll [2013-08-20 153432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\New folder\bin\jp2ssv.dll [2013-04-21 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MobileAppSync"=C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [2013-05-14 312320]
"Mobile Partner"=C:\Program Files (x86)\3MobileWiFi\3MobileWiFi []
"uTorrent"=C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe [2013-06-22 1045072]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2013-10-03 3551576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-09-21 1814440]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-29 16:47:55 ----D---- C:\rsit
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\mod7700.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewusbwwan.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_juwwanecm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_juextctrl.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jucdcecm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jucdcacm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_hwusbdev.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_hwupgrade.sys
2013-10-25 18:27:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-10-25 18:27:54 ----A---- C:\Windows\system32\ieui.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iernonce.dll
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-10-25 18:27:51 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-25 18:27:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-10-25 18:27:48 ----A---- C:\Windows\system32\iertutil.dll
2013-10-25 18:27:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-10-25 18:27:45 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-25 18:27:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-10-25 18:27:44 ----A---- C:\Windows\system32\jscript.dll
2013-10-25 18:27:42 ----A---- C:\Windows\system32\jscript9.dll
2013-10-25 18:27:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-10-25 18:27:40 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-10-25 18:27:39 ----A---- C:\Windows\system32\urlmon.dll
2013-10-25 18:27:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-10-25 18:27:37 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-25 18:27:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-10-25 18:27:35 ----A---- C:\Windows\system32\wininet.dll
2013-10-25 18:27:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-10-25 18:27:32 ----A---- C:\Windows\system32\ieframe.dll
2013-10-25 18:27:29 ----A---- C:\Windows\system32\mshtml.dll
2013-10-25 18:27:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-10-25 17:57:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-25 17:57:38 ----A---- C:\Windows\system32\advapi32.dll
2013-10-25 17:57:37 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-25 17:57:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-25 17:57:36 ----A---- C:\Windows\system32\tdh.dll
2013-10-25 17:57:35 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-25 17:57:34 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-25 17:57:34 ----A---- C:\Windows\system32\ntdll.dll
2013-10-25 17:57:33 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-25 17:57:32 ----A---- C:\Windows\system32\wow64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-25 17:57:07 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-25 17:57:06 ----A---- C:\Windows\system32\davclnt.dll
2013-10-25 17:57:03 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-25 17:57:03 ----A---- C:\Windows\system32\comctl32.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\mswsock.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-25 17:56:58 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-25 17:56:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\fontsub.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\atmfd.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-25 17:56:55 ----A---- C:\Windows\system32\atmlib.dll
2013-10-25 17:56:50 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:50 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:26 ----A---- C:\Windows\system32\win32k.sys
2013-10-25 17:56:25 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-25 17:56:24 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-25 17:55:26 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-20 20:19:53 ----D---- C:\Users\ADMIN\AppData\Roaming\runic games
2013-10-18 20:03:51 ----D---- C:\Program Files (x86)\JoWooD
2013-10-10 19:26:25 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-03 19:24:01 ----D---- C:\Users\ADMIN\AppData\Roaming\Fatshark

======List of files/folders modified in the last 1 month======

2013-10-29 17:22:18 ----D---- C:\Windows\temp
2013-10-29 17:22:17 ----D---- C:\Program Files\trend micro
2013-10-29 17:07:53 ----SHD---- C:\System Volume Information
2013-10-29 17:06:49 ----D---- C:\Windows\Prefetch
2013-10-29 17:02:18 ----D---- C:\Windows
2013-10-29 17:01:25 ----D---- C:\Windows\winsxs
2013-10-29 17:00:45 ----D---- C:\Windows\System32
2013-10-29 17:00:45 ----D---- C:\Windows\inf
2013-10-29 17:00:45 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-29 16:57:35 ----D---- C:\Windows\system32\config
2013-10-29 16:57:11 ----RD---- C:\Program Files (x86)
2013-10-29 16:57:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-29 16:57:03 ----D---- C:\Windows\SysWOW64
2013-10-29 16:56:12 ----D---- C:\Windows\system32\Tasks
2013-10-29 16:54:38 ----D---- C:\Users\ADMIN\AppData\Roaming\uTorrent
2013-10-29 16:53:42 ----D---- C:\ProgramData\NVIDIA
2013-10-29 16:53:30 ----D---- C:\ProgramData\BitGuard
2013-10-26 17:04:14 ----D---- C:\Windows\system32\NDF
2013-10-25 23:43:21 ----D---- C:\Windows\rescache
2013-10-25 23:16:37 ----D---- C:\Windows\Microsoft.NET
2013-10-25 23:15:45 ----RSD---- C:\Windows\assembly
2013-10-25 23:07:38 ----D---- C:\Windows\system32\DriverStore
2013-10-25 23:07:38 ----D---- C:\Windows\system32\drivers
2013-10-25 23:07:38 ----D---- C:\Windows\system32\catroot
2013-10-25 23:04:00 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-25 23:03:59 ----D---- C:\Program Files\Internet Explorer
2013-10-25 23:03:57 ----D---- C:\Windows\AppPatch
2013-10-25 18:28:17 ----D---- C:\Windows\system32\catroot2
2013-10-25 18:26:23 ----SHD---- C:\Windows\Installer
2013-10-25 18:25:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-10-25 18:16:23 ----D---- C:\Windows\system32\MRT
2013-10-25 18:09:47 ----A---- C:\Windows\system32\MRT.exe
2013-10-25 18:00:11 ----D---- C:\Windows\system32\en-US
2013-10-25 17:40:11 ----D---- C:\Windows\system32\wdi
2013-10-19 17:12:12 ----D---- C:\Users\ADMIN\AppData\Roaming\Audacity
2013-10-15 22:28:24 ----D---- C:\Program Files (x86)\Steam
2013-10-15 21:27:11 ----D---- C:\Program Files (x86)\Origin
2013-10-08 18:43:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-03 22:15:45 ----D---- C:\Program Files (x86)\Guild Wars 2
2013-10-03 22:15:32 ----D---- C:\Users\ADMIN\AppData\Roaming\Guild Wars 2
2013-10-03 19:39:47 ----D---- C:\ProgramData\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-07-14 189936]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-09 22600]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-07-14 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-07-14 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-13 283200]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-08-20 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-08-20 43680]
R3 droidpad;DroidPad Joystick; C:\Windows\system32\DRIVERS\droidpad.sys [2012-12-24 21320]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 14336]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 104960]
R3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2012-10-29 76800]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 90112]
R3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 30720]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [2012-06-28 233344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-05-12 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2013-05-20 5086240]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-06 543656]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-15 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#2 Příspěvek od **Rudy** » 29 říj 2013 19:00

Zdravím!
Spusťte nejprve tuto utilitu:

Stáhněte AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
Uložte na plochu
Ukončete všechny programy
Klikněte nejprve na >Scan< a pak na >Clean<.
Proběhne skenováni a pak se objeví log, který sem vložte.

Real · #3 Příspěvek od **Real** » 29 říj 2013 19:16

koukam ze asi nejsem sam kdyz to nekomentujete

# AdwCleaner v3.010 - Report created 29/10/2013 at 18:08:00
# Updated 20/10/2013 by Xplode
# Operating System : Windows 7 Professional Service Pack 1 (64 bits)
# Username : ADMIN - ADMIN-PC
# Running from : C:\Users\ADMIN\Downloads\adwcleaner.exe
# Option : Clean

***** [ Services ] *****

***** [ Files / Folders ] *****

Folder Deleted : C:\ProgramData\Babylon
[!] Folder Deleted : C:\ProgramData\BitGuard
Folder Deleted : C:\ProgramData\Trymedia
Folder Deleted : C:\Program Files (x86)\Conduit
Folder Deleted : C:\Program Files (x86)\MyPC Backup
Folder Deleted : C:\Program Files (x86)\RelevantKnowledge
Folder Deleted : C:\Program Files (x86)\WebConnect
Folder Deleted : C:\Windows\SysWOW64\ARFC
Folder Deleted : C:\Windows\SysWOW64\jmdp
Folder Deleted : C:\Users\ADMIN\AppData\Local\SwvUpdater
Folder Deleted : C:\Users\ADMIN\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\ADMIN\AppData\LocalLow\Delta
Folder Deleted : C:\Users\ADMIN\AppData\Roaming\Babylon
Folder Deleted : C:\Users\ADMIN\AppData\Roaming\file scout
Folder Deleted : C:\Users\ADMIN\AppData\Roaming\goforfiles
Folder Deleted : C:\Users\ADMIN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FTDownloader.com
Folder Deleted : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\Extensions\{AD9A41D2-9A49-4FA6-A79E-71A0785364C8}
Folder Deleted : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\ieakfmpjhljbpbfpldjkddkjmmgjmgon
Folder Deleted : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Folder Deleted : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
File Deleted : C:\END
File Deleted : C:\Windows\System32\dmwu.exe
File Deleted : C:\Windows\System32\ImhxxpComm.dll
File Deleted : C:\Windows\System32\roboot64.exe
File Deleted : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\searchplugins\Mysearchdial.xml
File Deleted : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\user.js
File Deleted : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\user.js
File Deleted : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\Tasks\AmiUpdXp.job
File Deleted : C:\Windows\System32\Tasks\AmiUpdXp
File Deleted : C:\Windows\System32\Tasks\GoforFilesUpdate

***** [ Shortcuts ] *****

***** [ Registry ] *****

Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje
Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
Key Deleted : HKCU\Software\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\mahgaopgbalgbfohkikbdjfmaapiehaf
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Key Deleted : HKLM\SOFTWARE\Classes\FTDownloader
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd
Key Deleted : HKLM\SOFTWARE\Classes\Updater.AmiUpd.1
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs [bProtectTabs]
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasapi32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\au__rasmancs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\UpdateTask_RASMANCS
Key Deleted : HKCU\Software\596dddbb334ed10
Key Deleted : HKLM\SOFTWARE\596dddbb334ed10
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{67BD9EEB-AA06-4329-A940-D250019300C9}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{BB975E58-E769-4E5A-BA12-B765BC559FF3}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F511AFDB-726E-4458-90E7-1ECB97406544}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FB684D26-01F4-4D9D-87CB-F486BEBA56DC}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A0EE0278-2986-4E5A-884E-A3BF0357E476}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{1231839B-064E-4788-B865-465A1B5266FD}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{2DAC2231-CC35-482B-97C5-CED1D4185080}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F1CD84C-04A3-4EA0-9EA1-7D134FD66C82}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{3F83A9CA-B5F0-44EC-9357-35BB3E84B07F}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47E520EA-CAD2-4F51-8F30-613B3A1C33EB}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{57C91446-8D81-4156-A70E-624551442DE9}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{70AFB7B2-9FB5-4A70-905B-0E9576142E1D}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7AD65FD1-79E0-406D-B03C-DD7C14726D69}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7C28CEF1-A4A6-4B6A-8B97-C44F1267753C}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{97DD820D-2E20-40AD-B01E-6730B2FCE630}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9EDC0C90-2B5B-4512-953E-35767BAD5C67}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{B177446D-54A4-4869-BABC-8566110B4BE0}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D54C859C-6066-4F31-8FE0-2AAEDCAE67D7}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{D9D1DFC5-502D-43E4-B1BB-4D0B7841489A}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{E0B07188-A528-4F9E-B2F7-C7FDE8680AE4}
Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{F05B12E1-ADE8-4485-B45B-898748B53C37}
Key Deleted : HKCU\Software\BabSolution
Key Deleted : HKCU\Software\Conduit
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\filescout
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\smartbar
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Updater By Sweetpacks
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96}
Key Deleted : [x64] HKLM\SOFTWARE\DomaIQ
Key Deleted : [x64] HKLM\SOFTWARE\Updater By Sweetpacks
Key Deleted : [x64] HKLM\SOFTWARE\wnlt

***** [ Browsers ] *****

-\\ Internet Explorer v10.0.9200.16720

Setting Restored : HKCU\Software\Microsoft\Internet Explorer\Main [Start Page]

-\\ Mozilla Firefox v

[ File : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\extensions\prefs.js ]

Line Deleted : user_pref("browser.search.defaultenginename", "Mysearchdial");

[ File : C:\Users\ADMIN\AppData\Roaming\Mozilla\Firefox\Profiles\[ofr2][opt]rs0,[slws][slns]\prefs.js ]

-\\ Google Chrome v30.0.1599.101

[ File : C:\Users\ADMIN\AppData\Local\Google\Chrome\User Data\Default\preferences ]

Deleted : icon_url
Deleted : search_url
Deleted : keyword
Deleted : homepage
Deleted : urls_to_restore_on_startup

*************************

AdwCleaner[R0].txt - [8032 octets] - [29/10/2013 18:06:58]
AdwCleaner[S0].txt - [7467 octets] - [29/10/2013 18:08:00]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [7527 octets] ##########

#4 Příspěvek od **Rudy** » 29 říj 2013 19:44

Dejte nový log RSIT.

Real · #5 Příspěvek od **Real** » 29 říj 2013 21:23

Logfile of random's system information tool 1.09 (written by random/random)
Run by ADMIN at 2013-10-29 20:22:16
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 654 GB (69%) free of 954 GB
Total RAM: 3839 MB (64% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:22:28 PM, on 10/29/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\Program Files\trend micro\ADMIN.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 81.0.254.162 L2authd.Lineage2.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\New folder\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\New folder\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi
O4 - HKCU\..\Run: [uTorrent] "C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8088 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"C:\ProgramData\MobileBrServ\mbbservice.exe" -service
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 1972
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-d297eb9f-4977-483c-84eb-2c1414f9d873 -SystemEventPortName:HostProcess-f4050b29-4fe1-4ada-b11d-7e0e57d8ed66 -IoCancelEventPortName:HostProcess-0e4e6c6d-88be-47b5-ac9d-bb98411ad79b -NonStateChangingEventPortName:HostProcess-bb1524cb-e76b-43a6-93b0-6ec215b6d263 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:96e827fe-a79f-4dd5-b92c-c7b7f6d544db -DeviceGroupId:WpdFsGroup
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\ProgramData\DatacardService\DCSHelper.exe"
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\uzit+\chrome-win32\chrome.exe"
"C:\uzit+\chrome-win32\chrome.exe" --type=gpu-process --channel="4896.0.995952198\1823842384" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,8,19,21 --gpu-vendor-id=0x10de --gpu-device-id=0x084b --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.2018 --ignored=" --type=renderer " /prefetch:822062411
"C:\Windows\system32\wuauclt.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\uzit+\chrome-win32\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=CacheSensitivityAnalysis/No/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderControl/PrerenderLoggedInPredictor/Enabled/SpdyCwnd/cwnd16/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --disable-html-notifications --channel="4896.3.2059363513\383940559" /prefetch:673131151
C:\Windows\system32\wbem\wmiprvse.exe
"C:\uzit+\chrome-win32\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=CacheSensitivityAnalysis/No/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderControl/PrerenderLoggedInPredictor/Enabled/SpdyCwnd/cwnd16/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_14/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --disable-html-notifications --channel="4896.18.1084300483\2033272146" /prefetch:673131151
"C:\Users\ADMIN\Downloads\RSITx64 (2).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\TopArcadeHits.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\New folder\bin\ssv.dll [2013-04-21 462752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
TopArcadeHits Games - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll [2013-08-20 153432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\New folder\bin\jp2ssv.dll [2013-04-21 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MobileAppSync"=C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [2013-05-14 312320]
"Mobile Partner"=C:\Program Files (x86)\3MobileWiFi\3MobileWiFi []
"uTorrent"=C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe [2013-06-22 1045072]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2013-10-03 3551576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-09-21 1814440]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-29 18:06:52 ----D---- C:\AdwCleaner
2013-10-29 16:47:55 ----D---- C:\rsit
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\mod7700.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewusbwwan.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_juwwanecm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_juextctrl.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jucdcecm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jucdcacm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_hwusbdev.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_hwupgrade.sys
2013-10-25 18:27:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-10-25 18:27:54 ----A---- C:\Windows\system32\ieui.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iernonce.dll
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-10-25 18:27:51 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-25 18:27:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-10-25 18:27:48 ----A---- C:\Windows\system32\iertutil.dll
2013-10-25 18:27:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-10-25 18:27:45 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-25 18:27:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-10-25 18:27:44 ----A---- C:\Windows\system32\jscript.dll
2013-10-25 18:27:42 ----A---- C:\Windows\system32\jscript9.dll
2013-10-25 18:27:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-10-25 18:27:40 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-10-25 18:27:39 ----A---- C:\Windows\system32\urlmon.dll
2013-10-25 18:27:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-10-25 18:27:37 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-25 18:27:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-10-25 18:27:35 ----A---- C:\Windows\system32\wininet.dll
2013-10-25 18:27:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-10-25 18:27:32 ----A---- C:\Windows\system32\ieframe.dll
2013-10-25 18:27:29 ----A---- C:\Windows\system32\mshtml.dll
2013-10-25 18:27:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-10-25 17:57:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-25 17:57:38 ----A---- C:\Windows\system32\advapi32.dll
2013-10-25 17:57:37 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-25 17:57:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-25 17:57:36 ----A---- C:\Windows\system32\tdh.dll
2013-10-25 17:57:35 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-25 17:57:34 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-25 17:57:34 ----A---- C:\Windows\system32\ntdll.dll
2013-10-25 17:57:33 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-25 17:57:32 ----A---- C:\Windows\system32\wow64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-25 17:57:07 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-25 17:57:06 ----A---- C:\Windows\system32\davclnt.dll
2013-10-25 17:57:03 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-25 17:57:03 ----A---- C:\Windows\system32\comctl32.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\mswsock.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-25 17:56:58 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-25 17:56:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\fontsub.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\atmfd.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-25 17:56:55 ----A---- C:\Windows\system32\atmlib.dll
2013-10-25 17:56:50 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:50 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:26 ----A---- C:\Windows\system32\win32k.sys
2013-10-25 17:56:25 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-25 17:56:24 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-25 17:55:26 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-20 20:19:53 ----D---- C:\Users\ADMIN\AppData\Roaming\runic games
2013-10-18 20:03:51 ----D---- C:\Program Files (x86)\JoWooD
2013-10-10 19:26:25 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-03 19:24:01 ----D---- C:\Users\ADMIN\AppData\Roaming\Fatshark

======List of files/folders modified in the last 1 month======

2013-10-29 20:22:27 ----D---- C:\Program Files\trend micro
2013-10-29 20:22:26 ----D---- C:\Windows\temp
2013-10-29 18:19:20 ----D---- C:\Users\ADMIN\AppData\Roaming\uTorrent
2013-10-29 18:15:57 ----D---- C:\Windows\System32
2013-10-29 18:15:57 ----D---- C:\Windows\inf
2013-10-29 18:15:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-29 18:13:34 ----D---- C:\Windows\Prefetch
2013-10-29 18:12:44 ----D---- C:\Windows\winsxs
2013-10-29 18:11:41 ----D---- C:\Windows\system32\catroot
2013-10-29 18:11:40 ----D---- C:\Windows\system32\catroot2
2013-10-29 18:09:38 ----D---- C:\Windows\system32\config
2013-10-29 18:09:33 ----D---- C:\Windows
2013-10-29 18:09:31 ----D---- C:\ProgramData\NVIDIA
2013-10-29 18:09:12 ----D---- C:\ProgramData
2013-10-29 18:08:09 ----D---- C:\Windows\Tasks
2013-10-29 18:08:09 ----D---- C:\Windows\system32\Tasks
2013-10-29 18:08:03 ----RD---- C:\Program Files (x86)
2013-10-29 18:08:03 ----D---- C:\Windows\SysWOW64
2013-10-29 17:07:53 ----SHD---- C:\System Volume Information
2013-10-29 16:57:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-26 17:04:14 ----D---- C:\Windows\system32\NDF
2013-10-25 23:43:21 ----D---- C:\Windows\rescache
2013-10-25 23:16:37 ----D---- C:\Windows\Microsoft.NET
2013-10-25 23:15:45 ----RSD---- C:\Windows\assembly
2013-10-25 23:07:38 ----D---- C:\Windows\system32\DriverStore
2013-10-25 23:07:38 ----D---- C:\Windows\system32\drivers
2013-10-25 23:04:00 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-25 23:03:59 ----D---- C:\Program Files\Internet Explorer
2013-10-25 23:03:57 ----D---- C:\Windows\AppPatch
2013-10-25 18:26:23 ----SHD---- C:\Windows\Installer
2013-10-25 18:25:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-10-25 18:16:23 ----D---- C:\Windows\system32\MRT
2013-10-25 18:09:47 ----A---- C:\Windows\system32\MRT.exe
2013-10-25 18:00:11 ----D---- C:\Windows\system32\en-US
2013-10-25 17:40:11 ----D---- C:\Windows\system32\wdi
2013-10-19 17:12:12 ----D---- C:\Users\ADMIN\AppData\Roaming\Audacity
2013-10-15 22:28:24 ----D---- C:\Program Files (x86)\Steam
2013-10-15 21:27:11 ----D---- C:\Program Files (x86)\Origin
2013-10-08 18:43:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-03 22:15:45 ----D---- C:\Program Files (x86)\Guild Wars 2
2013-10-03 22:15:32 ----D---- C:\Users\ADMIN\AppData\Roaming\Guild Wars 2
2013-10-03 19:39:47 ----D---- C:\ProgramData\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-07-14 189936]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-09 22600]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-07-14 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-07-14 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-13 283200]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-08-20 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-08-20 43680]
R3 droidpad;DroidPad Joystick; C:\Windows\system32\DRIVERS\droidpad.sys [2012-12-24 21320]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 14336]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 104960]
R3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2012-10-29 76800]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 90112]
R3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 30720]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [2012-06-28 233344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-05-12 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2013-05-20 5086240]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-06 543656]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-15 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#6 Příspěvek od **Rudy** » 29 říj 2013 22:06

Stáhněte OTM: http://oldtimer.geekstogo.com/OTM.exe a uložte na plochu. Spusťte a do levého okna zkopírujte:

:files
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

:reg
[-HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]

:commands
[Purity]
[Emptytemp]
[Empyflash]

a klikněte na >MoveIt!<. Před skenem vypněte antivir a po něm restartujte PC. Dejte nový log RSIT.

Real · #7 Příspěvek od **Real** » 30 říj 2013 00:07

Logfile of random's system information tool 1.09 (written by random/random)
Run by ADMIN at 2013-10-29 23:05:03
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 654 GB (69%) free of 954 GB
Total RAM: 3839 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:05:17 PM, on 10/29/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\Program Files\trend micro\ADMIN.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 81.0.254.162 L2authd.Lineage2.com
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\New folder\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKCU\..\Run: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi
O4 - HKCU\..\Run: [uTorrent] "C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8010 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\Windows\System32\spoolsv.exe
"taskhost.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"C:\ProgramData\MobileBrServ\mbbservice.exe" -service
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {06E9DB65-762F-45E3-8139-7F036AB372CC}
taskeng.exe {37F558A4-E17F-46A1-8457-44A78F8137FC}
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\ProgramData\DatacardService\DCSHelper.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2168
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\1_0_0_0\RGSC.exe" /silent
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-e64360ff-b0b4-483e-b3c3-c946a4e120ff -SystemEventPortName:HostProcess-4490a793-6669-42aa-99d1-4c5790e3a9a7 -IoCancelEventPortName:HostProcess-f6fcd177-e5c8-4980-98fa-d648bb9f21d5 -NonStateChangingEventPortName:HostProcess-52a78afa-9657-4528-a6b5-d989765852dc -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:741d7ae8-c402-45e4-92cd-72e22c2bf69e -DeviceGroupId:WpdFsGroup
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\wbem\wmiprvse.exe
"C:\uzit+\chrome-win32\chrome.exe"
"C:\uzit+\chrome-win32\chrome.exe" --type=gpu-process --channel="3516.0.1410219104\1713008616" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,8,19,21 --gpu-vendor-id=0x10de --gpu-device-id=0x084b --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.2018 --ignored=" --type=renderer " /prefetch:822062411
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\uzit+\chrome-win32\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=CacheSensitivityAnalysis/No/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OneClickSignIn/BlueOnWhite/OverlappedReadImpact/OverlappedReadDisabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderNoUse/PrerenderLoggedInPredictor/Enabled/SpdyCwnd/cwnd16/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_06/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --disable-html-notifications --channel="3516.3.1624634194\1377299864" /prefetch:673131151
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Users\ADMIN\Downloads\RSITx64 (2).exe"

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\TopArcadeHits.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
TopArcadeHits Games - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll [2013-08-20 153432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\New folder\bin\jp2ssv.dll [2013-04-21 171424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MobileAppSync"=C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [2013-05-14 312320]
"Mobile Partner"=C:\Program Files (x86)\3MobileWiFi\3MobileWiFi []
"uTorrent"=C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe [2013-06-22 1045072]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2013-10-03 3551576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-09-21 1814440]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-29 23:05:03 ----D---- C:\rsit
2013-10-29 18:06:52 ----D---- C:\AdwCleaner
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\mod7700.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewusbwwan.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_juwwanecm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_juextctrl.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jucdcecm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jucdcacm.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_hwusbdev.sys
2013-10-25 23:07:38 ----A---- C:\Windows\system32\drivers\ew_hwupgrade.sys
2013-10-25 18:27:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-10-25 18:27:54 ----A---- C:\Windows\system32\ieui.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iernonce.dll
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-10-25 18:27:51 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-25 18:27:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-10-25 18:27:48 ----A---- C:\Windows\system32\iertutil.dll
2013-10-25 18:27:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-10-25 18:27:45 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-25 18:27:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-10-25 18:27:44 ----A---- C:\Windows\system32\jscript.dll
2013-10-25 18:27:42 ----A---- C:\Windows\system32\jscript9.dll
2013-10-25 18:27:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-10-25 18:27:40 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-10-25 18:27:39 ----A---- C:\Windows\system32\urlmon.dll
2013-10-25 18:27:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-10-25 18:27:37 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-25 18:27:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-10-25 18:27:35 ----A---- C:\Windows\system32\wininet.dll
2013-10-25 18:27:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-10-25 18:27:32 ----A---- C:\Windows\system32\ieframe.dll
2013-10-25 18:27:29 ----A---- C:\Windows\system32\mshtml.dll
2013-10-25 18:27:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-10-25 17:57:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-25 17:57:38 ----A---- C:\Windows\system32\advapi32.dll
2013-10-25 17:57:37 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-25 17:57:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-25 17:57:36 ----A---- C:\Windows\system32\tdh.dll
2013-10-25 17:57:35 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-25 17:57:34 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-25 17:57:34 ----A---- C:\Windows\system32\ntdll.dll
2013-10-25 17:57:33 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-25 17:57:32 ----A---- C:\Windows\system32\wow64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-25 17:57:07 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-25 17:57:06 ----A---- C:\Windows\system32\davclnt.dll
2013-10-25 17:57:03 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-25 17:57:03 ----A---- C:\Windows\system32\comctl32.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\mswsock.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-25 17:56:58 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-25 17:56:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\fontsub.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\atmfd.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-25 17:56:55 ----A---- C:\Windows\system32\atmlib.dll
2013-10-25 17:56:50 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:50 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:26 ----A---- C:\Windows\system32\win32k.sys
2013-10-25 17:56:25 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-25 17:56:24 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-25 17:55:26 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-20 20:19:53 ----D---- C:\Users\ADMIN\AppData\Roaming\runic games
2013-10-18 20:03:51 ----D---- C:\Program Files (x86)\JoWooD
2013-10-10 19:26:25 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-03 19:24:01 ----D---- C:\Users\ADMIN\AppData\Roaming\Fatshark

======List of files/folders modified in the last 1 month======

2013-10-29 23:05:15 ----D---- C:\Program Files\trend micro
2013-10-29 23:05:04 ----D---- C:\Windows\temp
2013-10-29 23:04:44 ----D---- C:\Windows\Prefetch
2013-10-29 23:04:27 ----D---- C:\Users\ADMIN\AppData\Roaming\uTorrent
2013-10-29 23:03:53 ----D---- C:\ProgramData\NVIDIA
2013-10-29 23:02:32 ----D---- C:\Windows\Tasks
2013-10-29 18:25:23 ----D---- C:\Windows\system32\config
2013-10-29 18:15:57 ----D---- C:\Windows\System32
2013-10-29 18:15:57 ----D---- C:\Windows\inf
2013-10-29 18:15:57 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-29 18:12:44 ----D---- C:\Windows\winsxs
2013-10-29 18:11:41 ----D---- C:\Windows\system32\catroot
2013-10-29 18:11:40 ----D---- C:\Windows\system32\catroot2
2013-10-29 18:09:33 ----D---- C:\Windows
2013-10-29 18:09:12 ----D---- C:\ProgramData
2013-10-29 18:08:09 ----D---- C:\Windows\system32\Tasks
2013-10-29 18:08:03 ----RD---- C:\Program Files (x86)
2013-10-29 18:08:03 ----D---- C:\Windows\SysWOW64
2013-10-29 17:07:53 ----SHD---- C:\System Volume Information
2013-10-29 16:57:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-26 17:04:14 ----D---- C:\Windows\system32\NDF
2013-10-25 23:43:21 ----D---- C:\Windows\rescache
2013-10-25 23:16:37 ----D---- C:\Windows\Microsoft.NET
2013-10-25 23:15:45 ----RSD---- C:\Windows\assembly
2013-10-25 23:07:38 ----D---- C:\Windows\system32\DriverStore
2013-10-25 23:07:38 ----D---- C:\Windows\system32\drivers
2013-10-25 23:04:00 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-25 23:03:59 ----D---- C:\Program Files\Internet Explorer
2013-10-25 23:03:57 ----D---- C:\Windows\AppPatch
2013-10-25 18:26:23 ----SHD---- C:\Windows\Installer
2013-10-25 18:25:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-10-25 18:16:23 ----D---- C:\Windows\system32\MRT
2013-10-25 18:09:47 ----A---- C:\Windows\system32\MRT.exe
2013-10-25 18:00:11 ----D---- C:\Windows\system32\en-US
2013-10-25 17:40:11 ----D---- C:\Windows\system32\wdi
2013-10-19 17:12:12 ----D---- C:\Users\ADMIN\AppData\Roaming\Audacity
2013-10-15 22:28:24 ----D---- C:\Program Files (x86)\Steam
2013-10-15 21:27:11 ----D---- C:\Program Files (x86)\Origin
2013-10-08 18:43:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-03 22:15:45 ----D---- C:\Program Files (x86)\Guild Wars 2
2013-10-03 22:15:32 ----D---- C:\Users\ADMIN\AppData\Roaming\Guild Wars 2
2013-10-03 19:39:47 ----D---- C:\ProgramData\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-07-14 189936]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-09 22600]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-07-14 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-07-14 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-13 283200]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-08-20 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-08-20 43680]
R3 droidpad;DroidPad Joystick; C:\Windows\system32\DRIVERS\droidpad.sys [2012-12-24 21320]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 14336]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 104960]
R3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2012-10-29 76800]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 90112]
R3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 30720]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [2012-06-28 233344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-05-12 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2013-05-20 5086240]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-06 543656]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-15 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#8 Příspěvek od **Rudy** » 30 říj 2013 12:20

Dvouklikem na soubor C:\Program Files\trend micro\ADMIN.exe spusťte HijackThis. Klikněte na "Do a system scan only" a v otevřeném okně vlevo ve čtverečcích zaškrtněte:

O16 - DPF: {6A060448-60F9-11D5-A6CD-0002B31F7455} (ExentInf Class) -

Klikněte na >FixChecked<. Pak znovu spusťte OTM a klikněte na >CleanUp!<. OTM po sobě uklidí. Nakonec restartujte PC.

Real · #9 Příspěvek od **Real** » 30 říj 2013 19:09

mam o hodne vic Gigabajtu of free space... nice1... OTM nevytvoril log tak posilam Rsit.

Logfile of random's system information tool 1.09 (written by random/random)
Run by ADMIN at 2013-10-30 18:06:28
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 654 GB (69%) free of 954 GB
Total RAM: 3839 MB (65% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 6:06:39 PM, on 10/30/2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16720)
Boot mode: Normal

Running processes:
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
C:\Program Files (x86)\Mobile App Sync\D2MClient.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\uzit+\chrome-win32\chrome.exe
C:\Program Files\trend micro\ADMIN.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: ::1 localhost
O1 - Hosts: 81.0.254.162 L2authd.Lineage2.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: TopArcadeHits Games - {A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA} - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [MobileAppSync] "C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
O4 - HKCU\..\Run: [Mobile Partner] C:\Program Files (x86)\3MobileWiFi\3MobileWiFi
O4 - HKCU\..\Run: [uTorrent] "C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [RGSC] C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKCU\..\Run: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-2424735532-840248378-3633617618-1001\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mobile Broadband HL Service - Unknown owner - C:\ProgramData\MobileBrServ\mbbservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: NVIDIA Stereoscopic 3D Driver Service (Stereo Service) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 8188 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
"C:\Windows\system32\nvvsvc.exe"
"C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe"
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\ProgramData\DatacardService\HWDeviceService64.exe" -/service
"taskhost.exe"
taskeng.exe {3D00591F-FB19-4746-A3A1-06AB011CB8E5}
"C:\ProgramData\MobileBrServ\mbbservice.exe" -service
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe"
taskeng.exe {0D780CB1-A34C-4AAF-8D27-930F2157F65B}
"C:\Program Files (x86)\Skype\Updater\Updater.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Google\Update\GoogleUpdate.exe" /c
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\ProgramData\DatacardService\DCSHelper.exe"
WLIDSvcM.exe 2248
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-309e0d0b-38ae-4f7b-9eea-3714bd2cbe33 -SystemEventPortName:HostProcess-b3a0d6c2-11ba-420f-95db-0403494c8d11 -IoCancelEventPortName:HostProcess-376fd049-5d3f-4353-ac31-ef69fa91c767 -NonStateChangingEventPortName:HostProcess-b740aceb-7d0e-4b4e-bf84-049f4576915f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:d665e899-5875-4582-9a24-62de823a90b0 -DeviceGroupId:WpdFsGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 524 528 536 65536 532
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe"
"C:\Windows\WindowsMobile\wmdc.exe"
"C:\Program Files (x86)\Mobile App Sync\D2MClient.exe"
C:\Windows\system32\svchost.exe -k WindowsMobile
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:/Program Files/NVIDIA Corporation/Display/nvtray.exe" -user_has_logged_in 1
"C:\uzit+\chrome-win32\chrome.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
"C:\uzit+\chrome-win32\chrome.exe" --type=gpu-process --channel="4088.0.1735154000\1496510392" --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,8,19,21 --gpu-vendor-id=0x10de --gpu-device-id=0x084b --gpu-driver-vendor=NVIDIA --gpu-driver-version=9.18.13.2018 --ignored=" --type=renderer " /prefetch:822062411
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\uzit+\chrome-win32\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=CacheSensitivityAnalysis/No/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderMulti/PrerenderLoggedInPredictor/Enabled/SpdyCwnd/cwnd16/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --disable-html-notifications --channel="4088.5.735146768\1435409784" /prefetch:673131151
"C:\uzit+\chrome-win32\chrome.exe" --type=renderer --lang=en-US --force-fieldtrials=CacheSensitivityAnalysis/No/ForceCompositingMode/thread/InfiniteCache/No/OmniboxHQPReplaceHUPProhibitTrumpingInlineableResult/Standard/OneClickSignIn/Standard/OverlappedReadImpact/OverlappedReadEnabled/Prefetch/ContentPrefetchPrefetchOff/Prerender/PrerenderMulti/PrerenderLoggedInPredictor/Enabled/SpdyCwnd/cwnd16/UMA-New-Install-Uniformity-Trial/Control/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-1-Percent/group_29/UMA-Uniformity-Trial-10-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/group_01/ --enable-threaded-compositing --disable-html-notifications --channel="4088.6.938284008\2074781978" /prefetch:673131151
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Users\ADMIN\Downloads\RSITx64 (2).exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\TopArcadeHits.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2013-10-29 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A7A9D7E7-E0C0-4202-9F13-6A06BD073CDA}]
TopArcadeHits Games - C:\Users\ADMIN\AppData\Local\TopArcadeHits\Toparcadehits.dll [2013-08-20 153432]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2013-10-29 171944]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2013-05-09 242496]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! Online Security - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2013-05-09 198688]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Nvtmru"=C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [2013-05-16 1012000]
"Windows Mobile Device Center"=C:\Windows\WindowsMobile\wmdc.exe [2007-05-31 660360]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"MobileAppSync"=C:\Program Files (x86)\Mobile App Sync\D2MClient.exe [2013-05-14 312320]
"Mobile Partner"=C:\Program Files (x86)\3MobileWiFi\3MobileWiFi []
"uTorrent"=C:\Users\ADMIN\AppData\Roaming\uTorrent\uTorrent.exe [2013-06-22 1045072]
"RGSC"=C:\Program Files (x86)\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2008-11-14 305064]
"EADM"=C:\Program Files (x86)\Origin\Origin.exe [2013-10-03 3551576]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\Program Files (x86)\Steam\Steam.exe [2013-09-21 1814440]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2013-05-09 4858968]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"aux1"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2013-10-30 18:06:28 ----D---- C:\rsit
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\mod7700.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ewusbwwan.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ewusbmdm.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ewdcsc.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_usbenumfilter.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_juwwanecm.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_juextctrl.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_jucdcecm.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_jucdcacm.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_jubusenum.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_hwusbdev.sys
2013-10-30 08:06:41 ----A---- C:\Windows\system32\drivers\ew_hwupgrade.sys
2013-10-29 23:26:59 ----D---- C:\ProgramData\Oracle
2013-10-29 23:26:55 ----A---- C:\Windows\SYSWOW64\javaws.exe
2013-10-29 23:26:51 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2013-10-29 23:26:51 ----A---- C:\Windows\SYSWOW64\javaw.exe
2013-10-29 23:26:51 ----A---- C:\Windows\SYSWOW64\java.exe
2013-10-29 23:26:43 ----D---- C:\Program Files (x86)\Java
2013-10-29 18:06:52 ----D---- C:\AdwCleaner
2013-10-25 18:27:55 ----A---- C:\Windows\SYSWOW64\ieui.dll
2013-10-25 18:27:54 ----A---- C:\Windows\system32\ieui.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\SYSWOW64\iernonce.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iesetup.dll
2013-10-25 18:27:52 ----A---- C:\Windows\system32\iernonce.dll
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\RegisterIEPKEYs.exe
2013-10-25 18:27:51 ----A---- C:\Windows\SYSWOW64\iesysprep.dll
2013-10-25 18:27:51 ----A---- C:\Windows\system32\ie4uinit.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\RegisterIEPKEYs.exe
2013-10-25 18:27:50 ----A---- C:\Windows\system32\iesysprep.dll
2013-10-25 18:27:49 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2013-10-25 18:27:48 ----A---- C:\Windows\system32\iertutil.dll
2013-10-25 18:27:46 ----A---- C:\Windows\SYSWOW64\msfeeds.dll
2013-10-25 18:27:45 ----A---- C:\Windows\system32\msfeeds.dll
2013-10-25 18:27:44 ----A---- C:\Windows\SYSWOW64\jscript.dll
2013-10-25 18:27:44 ----A---- C:\Windows\system32\jscript.dll
2013-10-25 18:27:42 ----A---- C:\Windows\system32\jscript9.dll
2013-10-25 18:27:41 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2013-10-25 18:27:40 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2013-10-25 18:27:39 ----A---- C:\Windows\system32\urlmon.dll
2013-10-25 18:27:37 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2013-10-25 18:27:37 ----A---- C:\Windows\system32\jsproxy.dll
2013-10-25 18:27:36 ----A---- C:\Windows\SYSWOW64\wininet.dll
2013-10-25 18:27:35 ----A---- C:\Windows\system32\wininet.dll
2013-10-25 18:27:33 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2013-10-25 18:27:32 ----A---- C:\Windows\system32\ieframe.dll
2013-10-25 18:27:29 ----A---- C:\Windows\system32\mshtml.dll
2013-10-25 18:27:23 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2013-10-25 17:57:39 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-10-25 17:57:38 ----A---- C:\Windows\system32\advapi32.dll
2013-10-25 17:57:37 ----A---- C:\Windows\SYSWOW64\ntkrnlpa.exe
2013-10-25 17:57:36 ----A---- C:\Windows\SYSWOW64\ntoskrnl.exe
2013-10-25 17:57:36 ----A---- C:\Windows\system32\tdh.dll
2013-10-25 17:57:35 ----A---- C:\Windows\SYSWOW64\tdh.dll
2013-10-25 17:57:34 ----A---- C:\Windows\SYSWOW64\advapi32.dll
2013-10-25 17:57:34 ----A---- C:\Windows\system32\ntdll.dll
2013-10-25 17:57:33 ----A---- C:\Windows\SYSWOW64\ntdll.dll
2013-10-25 17:57:32 ----A---- C:\Windows\system32\wow64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\wow32.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\user.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\setup16.exe
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\ntvdm64.dll
2013-10-25 17:57:28 ----A---- C:\Windows\SYSWOW64\instnm.exe
2013-10-25 17:57:07 ----A---- C:\Windows\system32\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\WebClnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\SYSWOW64\davclnt.dll
2013-10-25 17:57:06 ----A---- C:\Windows\system32\drivers\mrxdav.sys
2013-10-25 17:57:06 ----A---- C:\Windows\system32\davclnt.dll
2013-10-25 17:57:03 ----A---- C:\Windows\SYSWOW64\comctl32.dll
2013-10-25 17:57:03 ----A---- C:\Windows\system32\comctl32.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\mswsock.dll
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-10-25 17:56:59 ----A---- C:\Windows\system32\drivers\afd.sys
2013-10-25 17:56:58 ----A---- C:\Windows\SYSWOW64\mswsock.dll
2013-10-25 17:56:58 ----A---- C:\Windows\system32\drivers\Wdf01000.sys
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\SYSWOW64\atmfd.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\lpk.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\fontsub.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\dciman32.dll
2013-10-25 17:56:56 ----A---- C:\Windows\system32\atmfd.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\fontsub.dll
2013-10-25 17:56:55 ----A---- C:\Windows\SYSWOW64\atmlib.dll
2013-10-25 17:56:55 ----A---- C:\Windows\system32\atmlib.dll
2013-10-25 17:56:50 ----A---- C:\Windows\SYSWOW64\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:50 ----A---- C:\Windows\system32\PresentationCFFRasterizerNative_v0300.dll
2013-10-25 17:56:26 ----A---- C:\Windows\system32\win32k.sys
2013-10-25 17:56:25 ----A---- C:\Windows\system32\drivers\usbcir.sys
2013-10-25 17:56:24 ----A---- C:\Windows\system32\drivers\USBAUDIO.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidparse.sys
2013-10-25 17:55:30 ----A---- C:\Windows\system32\drivers\hidclass.sys
2013-10-25 17:55:26 ----A---- C:\Windows\system32\drivers\dxgkrnl.sys
2013-10-20 20:19:53 ----D---- C:\Users\ADMIN\AppData\Roaming\runic games
2013-10-18 20:03:51 ----D---- C:\Program Files (x86)\JoWooD
2013-10-10 19:26:25 ----A---- C:\Windows\system32\scavengeui.dll
2013-10-03 19:24:01 ----D---- C:\Users\ADMIN\AppData\Roaming\Fatshark

======List of files/folders modified in the last 1 month======

2013-10-30 18:06:38 ----D---- C:\Windows\temp
2013-10-30 18:06:38 ----D---- C:\Program Files\trend micro
2013-10-30 18:06:37 ----D---- C:\Windows\Prefetch
2013-10-30 18:05:39 ----D---- C:\Users\ADMIN\AppData\Roaming\uTorrent
2013-10-30 18:04:48 ----D---- C:\Windows\inf
2013-10-30 18:04:48 ----D---- C:\ProgramData\NVIDIA
2013-10-30 17:58:16 ----D---- C:\Windows\system32\config
2013-10-30 08:08:16 ----D---- C:\Windows\System32
2013-10-30 08:08:16 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-10-30 08:06:41 ----D---- C:\Windows\system32\drivers
2013-10-30 08:06:40 ----D---- C:\Windows\system32\DriverStore
2013-10-30 08:06:40 ----D---- C:\Windows\system32\catroot
2013-10-30 08:04:38 ----D---- C:\Windows\system32\catroot2
2013-10-30 01:13:22 ----SHD---- C:\System Volume Information
2013-10-29 23:27:14 ----SHD---- C:\Windows\Installer
2013-10-29 23:27:13 ----D---- C:\Program Files (x86)\Common Files
2013-10-29 23:26:59 ----D---- C:\ProgramData
2013-10-29 23:26:55 ----D---- C:\Windows\SysWOW64
2013-10-29 23:26:43 ----RD---- C:\Program Files (x86)
2013-10-29 23:26:38 ----D---- C:\Program Files (x86)\New folder
2013-10-29 23:02:32 ----D---- C:\Windows\Tasks
2013-10-29 18:12:44 ----D---- C:\Windows\winsxs
2013-10-29 18:09:33 ----D---- C:\Windows
2013-10-29 18:08:09 ----D---- C:\Windows\system32\Tasks
2013-10-29 16:57:11 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-26 17:04:14 ----D---- C:\Windows\system32\NDF
2013-10-25 23:43:21 ----D---- C:\Windows\rescache
2013-10-25 23:16:37 ----D---- C:\Windows\Microsoft.NET
2013-10-25 23:15:45 ----RSD---- C:\Windows\assembly
2013-10-25 23:04:00 ----D---- C:\Program Files (x86)\Internet Explorer
2013-10-25 23:03:59 ----D---- C:\Program Files\Internet Explorer
2013-10-25 23:03:57 ----D---- C:\Windows\AppPatch
2013-10-25 18:25:52 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2013-10-25 18:16:23 ----D---- C:\Windows\system32\MRT
2013-10-25 18:09:47 ----A---- C:\Windows\system32\MRT.exe
2013-10-25 18:00:11 ----D---- C:\Windows\system32\en-US
2013-10-25 17:40:11 ----D---- C:\Windows\system32\wdi
2013-10-19 17:12:12 ----D---- C:\Users\ADMIN\AppData\Roaming\Audacity
2013-10-15 22:28:24 ----D---- C:\Program Files (x86)\Steam
2013-10-15 21:27:11 ----D---- C:\Program Files (x86)\Origin
2013-10-08 18:43:10 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2013-10-03 22:15:45 ----D---- C:\Program Files (x86)\Guild Wars 2
2013-10-03 22:15:32 ----D---- C:\Users\ADMIN\AppData\Roaming\Guild Wars 2
2013-10-03 19:39:47 ----D---- C:\ProgramData\Origin

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aswRvrt;aswRvrt; C:\Windows\system32\drivers\aswRvrt.sys [2013-05-09 65336]
R0 aswVmm;aswVmm; C:\Windows\system32\drivers\aswVmm.sys [2013-07-14 189936]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 aswKbd;aswKbd; C:\Windows\system32\drivers\aswKbd.sys [2013-05-09 22600]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2013-05-09 72016]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2013-07-14 1030952]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2013-07-14 378944]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2013-05-09 64288]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-05-13 283200]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2013-05-09 33400]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2013-05-09 80816]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-08-20 314016]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-08-20 43680]
R3 droidpad;DroidPad Joystick; C:\Windows\system32\DRIVERS\droidpad.sys [2012-12-24 21320]
R3 ew_usbenumfilter;huawei_CompositeFilter; C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-10-30 14336]
R3 huawei_cdcacm;huawei_cdcacm; C:\Windows\system32\DRIVERS\ew_jucdcacm.sys [2012-08-20 104960]
R3 huawei_cdcecm;huawei_cdcecm; C:\Windows\system32\DRIVERS\ew_jucdcecm.sys [2012-10-29 76800]
R3 huawei_enumerator;huawei_enumerator; C:\Windows\system32\DRIVERS\ew_jubusenum.sys [2012-08-20 90112]
R3 huawei_ext_ctrl;huawei_ext_ctrl; C:\Windows\system32\DRIVERS\ew_juextctrl.sys [2012-08-20 30720]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x64.sys [2009-06-10 408960]
R3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\Windows\system32\drivers\nvhda64v.sys [2013-02-25 194848]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-05-13 36328]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 95232]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\Windows\system32\DRIVERS\ew_hwusbdev.sys [2010-07-27 117248]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver; C:\Windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-05-13 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-05-13 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-05-13 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-05-13 146920]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 usb_rndisx;USB RNDIS Adapter; C:\Windows\system32\DRIVERS\usb8023x.sys [2013-02-12 19968]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 WinUsb;WinUsb Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2013-05-09 46808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2011-03-14 346976]
R2 Mobile Broadband HL Service;Mobile Broadband HL Service; C:\ProgramData\MobileBrServ\mbbservice.exe [2012-06-28 233344]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2013-05-12 884512]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2013-05-16 1826592]
R2 RapiMgr;@%windir%\WindowsMobile\rapimgr.dll,-104; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service; C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-05-12 413472]
R2 WcesComm;@%windir%\WindowsMobile\wcescomm.dll,-40079; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Google Update Service (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-08 257416]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 gupdatem;Google Update Service (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-04-12 136176]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\syswow64\GameMon.des [2013-05-20 5086240]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2013-06-06 543656]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-05-15 1255736]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; c:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]

-----------------EOF-----------------

#10 Příspěvek od **Rudy** » 30 říj 2013 19:17

Tady OTM log nevytvoří, on po sobě jen uklízí. Smazané položky se zobrazí v pravé polovině okna. Log je již OK. Zmizely ty procesy?

Real · #11 Příspěvek od **Real** » 30 říj 2013 19:56

yop... jsou pryc diky moc. Ted mam ciste svedomi tohle tema jsme spolecne ukoncily

uz jen defragmantovat disk

#12 Příspěvek od **Rudy** » 30 říj 2013 20:19

Defragmentace je občas zapotřebí. Nemáte zač!

VIRY.CZ

Zase jsem zlobil... podezrele procesy

Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy

Re: Zase jsem zlobil... podezrele procesy