(mazat,pustit…).Kamarád říká že mám v notebooku vir.
Začalo mi to blbnout i v netbooku.
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
vir na flešce
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
vir na flešce
Mám problém když vložím do Pc flešku tak se mi tam objeví zástupce a já nemůžu dál.
(mazat,pustit…).Kamarád říká že mám v notebooku vir.
Začalo mi to blbnout i v netbooku.
(mazat,pustit…).Kamarád říká že mám v notebooku vir.
Začalo mi to blbnout i v netbooku.
Re: vir na flešce
Zdravim 
Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)
Zapojte do PC vsechny USB klice (flashky, ext. disky apod.)
- Stahne a ulozte na plochu UsbFix http://www.viry.cz/forum/viewtopic.php?f=24&t=102308
- Spustte a kliknete na Deletion
- Po dokonceni sem vlozte log, pokud na Vas nevyskoci, najdete jej zde C:\UsbFix.txt
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
############################## | UsbFix V 7.148 | [Deletion]
User: Acer (Administrator) # ACER-PC
Updated 01/11/2013 by El Desaparecido - Team SosVirus
Started at 09:49:11 | 03/11/2013
Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: Acer (JE70_CP)
CPU: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
RAM -> [Total : 3956 | Free : 2649]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 466 Gb (72 Mb free - 15%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (4 Mb free - 99%) [A-DATA UFD] # NTFS
G:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [KINGSTON] # FAT
H:\ -> Removable drive # 978 Mb (811 Mb free - 83%) [] # FAT32
################## | Reference of comparison MD5 |
Md5 : 77805b9bcc69febb104fe83342a90a18 -> C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\pstfsvapsu.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\rqcqyuxmeb.vbs
Md5 : DENIED -> C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs
Md5 : DENIED -> C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> F:\pstfsvapsu.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> F:\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> G:\pstfsvapsu.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> G:\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> H:\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> H:\pstfsvapsu.vbs
################## | ByPass |
Stopped! C:\Users\Acer\AppData\Local\Temp\explorer.exe (ID: 2092 |ParentID: 2368)
Stopped! C:\Windows\Explorer.EXE (ID: 2368 |ParentID: 2304 )
################## | Stopped processes |
Stopped! C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (ID: 772 |ParentID: 544)
Stopped! C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 544)
Stopped! C:\Windows\system32\WLANExt.exe (ID: 1284 |ParentID: 1016)
Stopped! C:\Windows\system32\atieclxx.exe (ID: 1316 |ParentID: 880)
Stopped! C:\Windows\system32\taskeng.exe (ID: 1444 |ParentID: 420)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1464 |ParentID: 544)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1596 |ParentID: 544)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (ID: 1632 |ParentID: 544)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1764 |ParentID: 544)
Stopped! C:\Program Files (x86)\Tor\tor.exe (ID: 1900 |ParentID: 544)
Stopped! c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1972 |ParentID: 544)
Stopped! c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2100 |ParentID: 1972)
Stopped! C:\Windows\system32\taskeng.exe (ID: 2380 |ParentID: 420)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 2432 |ParentID: 544)
Stopped! C:\Program Files (x86)\IObit\Advanced SystemCare 5\PMonitor.exe (ID: 2520 |ParentID: 2380)
Stopped! C:\Windows\system32\taskhost.exe (ID: 2528 |ParentID: 544)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2864 |ParentID: 2368)
Stopped! C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 2872 |ParentID: 2368)
Stopped! C:\Windows\System32\wscript.exe (ID: 2988 |ParentID: 2368)
Stopped! C:\Windows\System32\wscript.exe (ID: 2996 |ParentID: 2368)
Stopped! C:\Users\Acer\AppData\Local\Temp\explorer.exe (ID: 2092 |ParentID: 2368)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2296 |ParentID: 544)
Stopped! C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3612 |ParentID: 2368)
Stopped! C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3812 |ParentID: 3612)
Stopped! C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3904 |ParentID: 3612)
Stopped! C:\Windows\system32\DllHost.exe (ID: 4024 |ParentID: 676)
Stopped! C:\Windows\SysWOW64\schtasks.exe (ID: 4120 |ParentID: 1632)
Stopped! C:\Windows\system32\conhost.exe (ID: 4128 |ParentID: 412)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4880 |ParentID: 544)
Stopped! C:\Windows\System32\WUDFHost.exe (ID: 2500 |ParentID: 1016)
Stopped! C:\Windows\explorer.exe (ID: 3860 |ParentID: 744)
Stopped! C:\Windows\system32\DllHost.exe (ID: 3492 |ParentID: 676)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [08f4dc96bbb7af09d1a37fe35c75a42f] - "C:\Users\Acer\AppData\Local\Temp\explorer.exe" ..
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [08f4dc96bbb7af09d1a37fe35c75a42f] - "C:\Users\Acer\AppData\Local\Temp\explorer.exe" ..
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-8095715-4125419755-1740114249-1000\SOFTWARE | Run : [pstfsvapsu] - wscript.exe //B "C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs"
HKU\S-1-5-21-8095715-4125419755-1740114249-1000\SOFTWARE | Run : [rqcqyuxmeb] - wscript.exe //B "C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs"
HKU\S-1-5-21-8095715-4125419755-1740114249-1000\SOFTWARE | Run : [08f4dc96bbb7af09d1a37fe35c75a42f] - "C:\Users\Acer\AppData\Local\Temp\explorer.exe" ..
################## | Generic Research |
Deleted ! F:\pstfsvapsu.vbs
Deleted ! F:\rqcqyuxmeb.vbs
Deleted ! G:\pstfsvapsu.vbs
Deleted ! G:\rqcqyuxmeb.vbs
Deleted ! H:\rqcqyuxmeb.vbs
Deleted ! H:\pstfsvapsu.vbs
Deleted ! C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs
Deleted ! C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs
Deleted ! C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\08f4dc96bbb7af09d1a37fe35c75a42f.exe
Deleted ! C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\pstfsvapsu.vbs
Deleted ! C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\rqcqyuxmeb.vbs
Deleted ! F:\pstfsvapsu.lnk
Deleted ! F:\rqcqyuxmeb.lnk
Deleted ! F:\Země-ztracených.lnk
Deleted ! G:\rqcqyuxmeb.lnk
Deleted ! G:\pstfsvapsu.lnk
Deleted ! H:\letohratky-01.lnk
Deleted ! H:\rqcqyuxmeb.lnk
Deleted ! H:\pstfsvapsu.lnk
Deleted ! C:\Users\Acer\AppData\Local\Temp\explorer.exe.tmp
(!) Temporary files deleted.
################## | Comparison MD5 |
Deleted ! Md5 : 77805B9BCC69FEBB104FE83342A90A18 -> C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20131102-180931-687-rqcqyuxmeb.vbs
Deleted ! Md5 : 77805B9BCC69FEBB104FE83342A90A18 -> C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20131102-180931-857-pstfsvapsu.vbs
################## | Registry |
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\Microsoft\Windows\CurrentVersion\Run|pstfsvapsu
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\Microsoft\Windows\CurrentVersion\Run|rqcqyuxmeb
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\Microsoft\Windows\CurrentVersion\Run|08f4dc96bbb7af09d1a37fe35c75a42f
Deleted ! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|08f4dc96bbb7af09d1a37fe35c75a42f
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\.\.\.\.\Mountpoints2\{975c5be7-8ba1-11e2-b7e2-00262da365bf}
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\.\.\.\.\Mountpoints2\{aed84886-c868-11e2-a777-00262da365bf}
################## | Listing |
[15/09/2013 - 15:57:43 | SHD ] C:\$Recycle.Bin
[13/03/2013 - 09:14:19 | D ] C:\2925ea8c7bb106e62ffb
[26/05/2013 - 18:21:11 | D ] C:\82bfc48aea082f3057a168
[28/08/2013 - 18:17:52 | N | 0] C:\AILog.txt
[16/03/2013 - 06:07:59 | N | 0] C:\asc_rdflag
[19/07/2013 - 15:52:18 | N | 294] C:\cmdlog.txt
[06/04/2013 - 12:47:35 | N | 170] C:\Debug.log
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[20/06/2013 - 06:29:44 | N | 41325] C:\editor.log
[11/12/2007 - 12:08:01 | N | 1284346] C:\F4Viewer.exe
[18/10/2013 - 14:58:17 | D ] C:\Games
[03/11/2013 - 08:13:39 | ASH | 3111469056] C:\hiberfil.sys
[20/06/2013 - 06:25:38 | N | 13970] C:\ingameanimmaker.log
[08/03/2013 - 09:19:17 | D ] C:\Intel
[03/11/2013 - 08:13:39 | ASH | 4148625408] C:\pagefile.sys
[02/11/2013 - 20:06:30 | D ] C:\Program Files
[02/11/2013 - 18:05:44 | D ] C:\Program Files (x86)
[22/09/2013 - 17:37:52 | HD ] C:\ProgramData
[07/03/2013 - 16:47:06 | SHD ] C:\Recovery
[07/09/2013 - 09:03:27 | N | 0] C:\RemoteLuaDebuggingServerNetworkConnection.txt
[23/04/2013 - 07:00:56 | N | 1645] C:\RHDSetup.log
[19/08/2013 - 17:00:00 | N | 6002] C:\shared.log
[03/11/2013 - 09:48:17 | D ] C:\stah
[02/11/2013 - 18:05:32 | SHD ] C:\System Volume Information
[05/04/2013 - 17:23:46 | D ] C:\totalcmd
[03/11/2013 - 09:54:11 | D ] C:\UsbFix
[03/11/2013 - 09:55:52 | A | 9364] C:\UsbFix [Clean 1] ACER-PC.txt
[15/09/2013 - 15:59:24 | RD ] C:\Users
[02/11/2013 - 19:35:39 | D ] C:\Windows
[23/09/2013 - 10:05:04 | N | 175067136] H:\letohratky-01.avi
################## | Vaccin |
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
User: Acer (Administrator) # ACER-PC
Updated 01/11/2013 by El Desaparecido - Team SosVirus
Started at 09:49:11 | 03/11/2013
Website: http://www.usbfix.net/
Forum : http://www.sosvirus.net/
Upload Malware: http://www.sosvirus.net/upload_malware.php
Contact: http://www.usbfix.net/contact/
PC: Acer (JE70_CP)
CPU: Intel(R) Pentium(R) CPU P6000 @ 1.87GHz
RAM -> [Total : 3956 | Free : 2649]
Bios: Phoenix Technologies LTD
Boot: Normal boot
OS: Microsoft Windows 7 Home Premium (6.1.7601 64-Bit) Service Pack 1
WB: Windows Internet Explorer : 9.0.8112.16421
SC: Security Center Service [Enabled]
WU: Windows Update Service [Enabled]
AV: AVG AntiVirus Free Edition 2013 [(!) Disabled | Updated]
AS: Windows Defender : 6.1.7600.16385 (win7_rtm.090713-1255)
FW: Windows FireWall Service [Enabled]
C:\ (%systemdrive%) -> Fixed drive # 466 Gb (72 Mb free - 15%) [] # NTFS
D:\ -> CD-ROM
E:\ -> CD-ROM
F:\ -> Removable drive # 4 Gb (4 Mb free - 99%) [A-DATA UFD] # NTFS
G:\ -> Removable drive # 2 Gb (2 Mb free - 100%) [KINGSTON] # FAT
H:\ -> Removable drive # 978 Mb (811 Mb free - 83%) [] # FAT32
################## | Reference of comparison MD5 |
Md5 : 77805b9bcc69febb104fe83342a90a18 -> C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\pstfsvapsu.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\rqcqyuxmeb.vbs
Md5 : DENIED -> C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs
Md5 : DENIED -> C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> F:\pstfsvapsu.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> F:\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> G:\pstfsvapsu.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> G:\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> H:\rqcqyuxmeb.vbs
Md5 : 77805b9bcc69febb104fe83342a90a18 -> H:\pstfsvapsu.vbs
################## | ByPass |
Stopped! C:\Users\Acer\AppData\Local\Temp\explorer.exe (ID: 2092 |ParentID: 2368)
Stopped! C:\Windows\Explorer.EXE (ID: 2368 |ParentID: 2304 )
################## | Stopped processes |
Stopped! C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe (ID: 772 |ParentID: 544)
Stopped! C:\Windows\system32\atiesrxx.exe (ID: 880 |ParentID: 544)
Stopped! C:\Windows\system32\WLANExt.exe (ID: 1284 |ParentID: 1016)
Stopped! C:\Windows\system32\atieclxx.exe (ID: 1316 |ParentID: 880)
Stopped! C:\Windows\system32\taskeng.exe (ID: 1444 |ParentID: 420)
Stopped! C:\Windows\System32\spoolsv.exe (ID: 1464 |ParentID: 544)
Stopped! C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (ID: 1596 |ParentID: 544)
Stopped! C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (ID: 1632 |ParentID: 544)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (ID: 1764 |ParentID: 544)
Stopped! C:\Program Files (x86)\Tor\tor.exe (ID: 1900 |ParentID: 544)
Stopped! c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (ID: 1972 |ParentID: 544)
Stopped! c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe (ID: 2100 |ParentID: 1972)
Stopped! C:\Windows\system32\taskeng.exe (ID: 2380 |ParentID: 420)
Stopped! C:\Windows\system32\SearchIndexer.exe (ID: 2432 |ParentID: 544)
Stopped! C:\Program Files (x86)\IObit\Advanced SystemCare 5\PMonitor.exe (ID: 2520 |ParentID: 2380)
Stopped! C:\Windows\system32\taskhost.exe (ID: 2528 |ParentID: 544)
Stopped! C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (ID: 2864 |ParentID: 2368)
Stopped! C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (ID: 2872 |ParentID: 2368)
Stopped! C:\Windows\System32\wscript.exe (ID: 2988 |ParentID: 2368)
Stopped! C:\Windows\System32\wscript.exe (ID: 2996 |ParentID: 2368)
Stopped! C:\Users\Acer\AppData\Local\Temp\explorer.exe (ID: 2092 |ParentID: 2368)
Stopped! C:\Program Files\Windows Media Player\wmpnetwk.exe (ID: 2296 |ParentID: 544)
Stopped! C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3612 |ParentID: 2368)
Stopped! C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3812 |ParentID: 3612)
Stopped! C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe (ID: 3904 |ParentID: 3612)
Stopped! C:\Windows\system32\DllHost.exe (ID: 4024 |ParentID: 676)
Stopped! C:\Windows\SysWOW64\schtasks.exe (ID: 4120 |ParentID: 1632)
Stopped! C:\Windows\system32\conhost.exe (ID: 4128 |ParentID: 412)
Stopped! C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (ID: 4880 |ParentID: 544)
Stopped! C:\Windows\System32\WUDFHost.exe (ID: 2500 |ParentID: 1016)
Stopped! C:\Windows\explorer.exe (ID: 3860 |ParentID: 744)
Stopped! C:\Windows\system32\DllHost.exe (ID: 3492 |ParentID: 676)
################## | Regedit Run |
HKLM\SOFTWARE | Run : [] -
HKLM\SOFTWARE | Run : [08f4dc96bbb7af09d1a37fe35c75a42f] - "C:\Users\Acer\AppData\Local\Temp\explorer.exe" ..
HKLM\SOFTWARE\wow6432Node | Run : [] -
HKLM\SOFTWARE\wow6432Node | Run : [08f4dc96bbb7af09d1a37fe35c75a42f] - "C:\Users\Acer\AppData\Local\Temp\explorer.exe" ..
HKLM\SOFTWARE | RunOnce : [] -
HKLM\SOFTWARE\wow6432Node | RunOnce : [] -
HKU\S-1-5-21-8095715-4125419755-1740114249-1000\SOFTWARE | Run : [pstfsvapsu] - wscript.exe //B "C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs"
HKU\S-1-5-21-8095715-4125419755-1740114249-1000\SOFTWARE | Run : [rqcqyuxmeb] - wscript.exe //B "C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs"
HKU\S-1-5-21-8095715-4125419755-1740114249-1000\SOFTWARE | Run : [08f4dc96bbb7af09d1a37fe35c75a42f] - "C:\Users\Acer\AppData\Local\Temp\explorer.exe" ..
################## | Generic Research |
Deleted ! F:\pstfsvapsu.vbs
Deleted ! F:\rqcqyuxmeb.vbs
Deleted ! G:\pstfsvapsu.vbs
Deleted ! G:\rqcqyuxmeb.vbs
Deleted ! H:\rqcqyuxmeb.vbs
Deleted ! H:\pstfsvapsu.vbs
Deleted ! C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs
Deleted ! C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs
Deleted ! C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\08f4dc96bbb7af09d1a37fe35c75a42f.exe
Deleted ! C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\pstfsvapsu.vbs
Deleted ! C:\Users\Acer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp\rqcqyuxmeb.vbs
Deleted ! F:\pstfsvapsu.lnk
Deleted ! F:\rqcqyuxmeb.lnk
Deleted ! F:\Země-ztracených.lnk
Deleted ! G:\rqcqyuxmeb.lnk
Deleted ! G:\pstfsvapsu.lnk
Deleted ! H:\letohratky-01.lnk
Deleted ! H:\rqcqyuxmeb.lnk
Deleted ! H:\pstfsvapsu.lnk
Deleted ! C:\Users\Acer\AppData\Local\Temp\explorer.exe.tmp
(!) Temporary files deleted.
################## | Comparison MD5 |
Deleted ! Md5 : 77805B9BCC69FEBB104FE83342A90A18 -> C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20131102-180931-687-rqcqyuxmeb.vbs
Deleted ! Md5 : 77805B9BCC69FEBB104FE83342A90A18 -> C:\Program Files (x86)\Trend Micro\HiJackThis\backups\backup-20131102-180931-857-pstfsvapsu.vbs
################## | Registry |
Repaired ! HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\System|EnableLUA -> 1
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\Microsoft\Windows\CurrentVersion\Run|pstfsvapsu
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\Microsoft\Windows\CurrentVersion\Run|rqcqyuxmeb
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\Microsoft\Windows\CurrentVersion\Run|08f4dc96bbb7af09d1a37fe35c75a42f
Deleted ! HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run|08f4dc96bbb7af09d1a37fe35c75a42f
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\.\.\.\.\Mountpoints2\{975c5be7-8ba1-11e2-b7e2-00262da365bf}
Deleted ! HKU\S-1-5-21-8095715-4125419755-1740114249-1000\Software\.\.\.\.\Mountpoints2\{aed84886-c868-11e2-a777-00262da365bf}
################## | Listing |
[15/09/2013 - 15:57:43 | SHD ] C:\$Recycle.Bin
[13/03/2013 - 09:14:19 | D ] C:\2925ea8c7bb106e62ffb
[26/05/2013 - 18:21:11 | D ] C:\82bfc48aea082f3057a168
[28/08/2013 - 18:17:52 | N | 0] C:\AILog.txt
[16/03/2013 - 06:07:59 | N | 0] C:\asc_rdflag
[19/07/2013 - 15:52:18 | N | 294] C:\cmdlog.txt
[06/04/2013 - 12:47:35 | N | 170] C:\Debug.log
[14/07/2009 - 06:08:56 | SHD ] C:\Documents and Settings
[20/06/2013 - 06:29:44 | N | 41325] C:\editor.log
[11/12/2007 - 12:08:01 | N | 1284346] C:\F4Viewer.exe
[18/10/2013 - 14:58:17 | D ] C:\Games
[03/11/2013 - 08:13:39 | ASH | 3111469056] C:\hiberfil.sys
[20/06/2013 - 06:25:38 | N | 13970] C:\ingameanimmaker.log
[08/03/2013 - 09:19:17 | D ] C:\Intel
[03/11/2013 - 08:13:39 | ASH | 4148625408] C:\pagefile.sys
[02/11/2013 - 20:06:30 | D ] C:\Program Files
[02/11/2013 - 18:05:44 | D ] C:\Program Files (x86)
[22/09/2013 - 17:37:52 | HD ] C:\ProgramData
[07/03/2013 - 16:47:06 | SHD ] C:\Recovery
[07/09/2013 - 09:03:27 | N | 0] C:\RemoteLuaDebuggingServerNetworkConnection.txt
[23/04/2013 - 07:00:56 | N | 1645] C:\RHDSetup.log
[19/08/2013 - 17:00:00 | N | 6002] C:\shared.log
[03/11/2013 - 09:48:17 | D ] C:\stah
[02/11/2013 - 18:05:32 | SHD ] C:\System Volume Information
[05/04/2013 - 17:23:46 | D ] C:\totalcmd
[03/11/2013 - 09:54:11 | D ] C:\UsbFix
[03/11/2013 - 09:55:52 | A | 9364] C:\UsbFix [Clean 1] ACER-PC.txt
[15/09/2013 - 15:59:24 | RD ] C:\Users
[02/11/2013 - 19:35:39 | D ] C:\Windows
[23/09/2013 - 10:05:04 | N | 175067136] H:\letohratky-01.avi
################## | Vaccin |
F:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
G:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
H:\Autorun.inf -> Vaccine created by UsbFix (El Desaparecido)
################## | E.O.F | http://www.usbfix.net - http://www.sosvirus.net |
Re: vir na flešce
Poprosim o log z RSIT http://forum.viry.cz/viewtopic.php?f=24&t=130784
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
Logfile of random's system information tool 1.09 (written by random/random)
Run by Acer at 2013-11-03 10:14:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 74 GB (16%) free of 477 GB
Total RAM: 3956 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:34, on 3.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16502)
Boot mode: Normal
Running processes:
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Acer.exe
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O20 - AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\programy\avg\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5021 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
explorer.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6991509a-0349-457e-b3f4-431d94c50ca7 -SystemEventPortName:HostProcess-fba86146-3fc4-4064-b665-905ad274fd27 -IoCancelEventPortName:HostProcess-a20dc9b9-dc50-42e7-92a3-f22b7d353c4a -NonStateChangingEventPortName:HostProcess-8f4a092c-1cac-4826-a405-3cc6db8f4fad -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:cb79a6d2-92e3-4e40-b374-84c48fb680d0 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2896
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
taskeng.exe {139E4D1F-AB7C-42BF-868D-A108C35B0ABC}
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\schtasks.exe" /create /tn "AdobeFlashPlayerUpdate" /ru "SYSTEM" /sc hourly /mo 1 /tr "C:\Windows\SysWOW64\FlashPlayerUpdateService.exe /w" /st 00:00:00
\??\C:\Windows\system32\conhost.exe "-9417882132146639746-15668486956233149471453992909-666241813-12767102221040060200
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" -- "http://www.usbfix.net/faire-don/"
"C:\Windows\system32\NOTEPAD.EXE" C:\UsbFix [Clean 1] ACER-PC.txt
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3720.0.1360259933\992387879" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,24,26 --reduce-gpu-sandbox --gpu-vendor-id=0x1002 --gpu-device-id=0x68e0 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.741.1.5000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="3720.1.1405820952\589713593" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.3.1425704208\825911809" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.4.1830358431\1294838468" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.5.1525593328\1104044745" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.6.1249025359\1984569841" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManualResetProfile/Enable/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.8.519229956\1897511865" /prefetch:673131151
"C:\stah\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-10 9643552]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-22 323584]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs []
"rqcqyuxmeb"=wscript.exe //B C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs []
"pstfsvapsu"=wscript.exe //B C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=3
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-11-03 10:14:31 ----D---- C:\rsit
2013-11-03 10:14:31 ----D---- C:\Program Files\trend micro
2013-11-03 09:49:11 ----A---- C:\UsbFix [Clean 1] ACER-PC.txt
2013-11-03 09:48:45 ----D---- C:\UsbFix
2013-11-02 18:05:44 ----D---- C:\Program Files (x86)\Trend Micro
2013-11-01 20:46:05 ----D---- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 20:28:11 ----D---- C:\Program Files (x86)\Eidos
2013-10-29 16:29:35 ----D---- C:\Program Files (x86)\IObit Apps Toolbar
2013-10-20 11:39:00 ----D---- C:\Program Files (x86)\Vietcong2
2013-10-20 11:37:42 ----A---- C:\Windows\SYSWOW64\CmdLineExt.dll
2013-10-19 13:21:52 ----D---- C:\Program Files (x86)\LCP
2013-10-18 17:15:15 ----D---- C:\Program Files (x86)\Download.am
2013-10-18 14:58:17 ----D---- C:\Games
2013-10-12 16:43:40 ----D---- C:\Program Files (x86)\Cenega Czech
2013-10-12 12:41:07 ----D---- C:\Program Files (x86)\Prodigium Game Studios
======List of files/folders modified in the last 1 month======
2013-11-03 10:14:33 ----D---- C:\Windows\Temp
2013-11-03 10:14:31 ----D---- C:\Program Files
2013-11-03 10:14:23 ----D---- C:\stah
2013-11-03 09:49:39 ----A---- C:\Windows\SYSWOW64\log.txt
2013-11-03 09:48:48 ----D---- C:\Windows\System32
2013-11-03 09:48:48 ----D---- C:\Windows\inf
2013-11-03 09:48:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-03 09:38:18 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2013-11-02 19:35:39 ----D---- C:\Windows
2013-11-02 19:30:59 ----D---- C:\Program Files (x86)\PES 13
2013-11-02 18:10:16 ----D---- C:\Windows\system32\Tasks
2013-11-02 18:09:39 ----D---- C:\Program Files\Instair
2013-11-02 18:05:47 ----SHD---- C:\Windows\Installer
2013-11-02 18:05:44 ----D---- C:\Program Files (x86)
2013-11-02 18:05:32 ----SHD---- C:\System Volume Information
2013-11-02 16:55:59 ----D---- C:\Users\Acer\AppData\Roaming\Seznam.cz
2013-11-02 16:54:21 ----D---- C:\Program Files (x86)\Steam
2013-11-01 22:12:50 ----D---- C:\Users\Acer\AppData\Roaming\BitTorrent
2013-11-01 20:45:23 ----RSD---- C:\Windows\assembly
2013-11-01 20:28:45 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-29 17:12:05 ----D---- C:\Windows\system32\config
2013-10-29 16:29:35 ----D---- C:\Program Files (x86)\Application Updater
2013-10-28 08:30:38 ----D---- C:\ProgramData\BitGuard
2013-10-26 10:01:33 ----D---- C:\Windows\system32\wdi
2013-10-25 18:37:39 ----D---- C:\Windows\system32\catroot2
2013-10-20 11:44:28 ----D---- C:\Windows\SysWOW64
2013-10-18 14:58:24 ----HD---- C:\Windows\msdownld.tmp
2013-10-12 16:56:14 ----D---- C:\Windows\Prefetch
2013-10-12 12:43:49 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2013-10-12 12:43:49 ----A---- C:\Windows\system32\OpenAL32.dll
2013-10-12 09:57:09 ----D---- C:\Program Files (x86)\EA Sports
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-06-20 43168]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-25 264192]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-10-28 4716608]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-10 2222624]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-03-14 412712]
S1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-07-21 311968]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-03-15 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-03-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2013-03-15 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28 163328]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-25 203264]
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\programy\avg\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S2 tor;Tor Win32 Service; C:\Program Files (x86)\Tor\tor.exe [2013-09-06 3233806]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-08 1255736]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-09-22 72704]
S4 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-10-24 807800]
S4 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\programy\avg\avgidsagent.exe [2012-11-15 5814904]
S4 BitGuard;BitGuard; C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-10-22 2864096]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-09-24 76888]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S4 Windows Internet Name Service;Windows Internet Name Service; C:\Windows\syswow64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe [2013-09-06 2665472]
-----------------EOF-----------------
Run by Acer at 2013-11-03 10:14:31
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 74 GB (16%) free of 477 GB
Total RAM: 3956 MB (65% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 10:14:34, on 3.11.2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16502)
Boot mode: Normal
Running processes:
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\SysWOW64\NOTEPAD.EXE
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Acer.exe
F2 - REG:system.ini: UserInit=C:\Windows\SysWOW64\Userinit.exe,
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O20 - AppInit_DLLs: c:\progra~3\bitguard\271769~1.27\{c16c1~1\bitguard.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AVG WatchDog (avgwd) - AVG Technologies CZ, s.r.o. - C:\Program Files (x86)\programy\avg\avgwdsvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Tor Win32 Service (tor) - Unknown owner - C:\Program Files (x86)\Tor\tor.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 5021 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
winlogon.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Windows\system32\Dwm.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
explorer.exe
"C:\Windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-6991509a-0349-457e-b3f4-431d94c50ca7 -SystemEventPortName:HostProcess-fba86146-3fc4-4064-b665-905ad274fd27 -IoCancelEventPortName:HostProcess-a20dc9b9-dc50-42e7-92a3-f22b7d353c4a -NonStateChangingEventPortName:HostProcess-8f4a092c-1cac-4826-a405-3cc6db8f4fad -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:cb79a6d2-92e3-4e40-b374-84c48fb680d0 -DeviceGroupId:WpdFsGroup
C:\Windows\System32\rundll32.exe shell32.dll,SHCreateLocalServerRunDll {995C996E-D918-4a8c-A302-45719A6F4EA7} -Embedding
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2896
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
taskeng.exe {139E4D1F-AB7C-42BF-868D-A108C35B0ABC}
C:\Windows\System32\spoolsv.exe
"C:\Windows\system32\schtasks.exe" /create /tn "AdobeFlashPlayerUpdate" /ru "SYSTEM" /sc hourly /mo 1 /tr "C:\Windows\SysWOW64\FlashPlayerUpdateService.exe /w" /st 00:00:00
\??\C:\Windows\system32\conhost.exe "-9417882132146639746-15668486956233149471453992909-666241813-12767102221040060200
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" -- "http://www.usbfix.net/faire-don/"
"C:\Windows\system32\NOTEPAD.EXE" C:\UsbFix [Clean 1] ACER-PC.txt
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="3720.0.1360259933\992387879" --disable-image-transport-surface --disable-d3d11 --supports-dual-gpus=false --gpu-driver-bug-workarounds=0,9,18,24,26 --reduce-gpu-sandbox --gpu-vendor-id=0x1002 --gpu-device-id=0x68e0 --gpu-driver-vendor="ATI Technologies Inc." --gpu-driver-version=8.741.1.5000 --ignored=" --type=renderer " /prefetch:822062411
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --instant-process --enable-threaded-compositing --disable-html-notifications --channel="3720.1.1405820952\589713593" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.3.1425704208\825911809" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.4.1830358431\1294838468" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --extension-process --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.5.1525593328\1104044745" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.6.1249025359\1984569841" /prefetch:673131151
"C:\Users\Acer\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials="AutocompleteDynamicTrial_2/DefaultControl_R2_Stable/CookieRetentionPriorityStudy/ExperimentOn/ForceCompositingMode/thread/InfiniteCache/No/InstantExtended/Group2 pct:10a stable:pp1 use_remote_ntp_on_startup:1 espv:210 suppress_on_srp:1/ManualResetProfile/Enable/NewMenuStyle/Compact2/Prerender/PrerenderEnabled/PrerenderLocalPredictorSpec/LocalPredictor=Disabled/ShowAppLauncherPromo/ShowPromoUntilDismissed/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Dynamic-Uniformity-Trial/Group6/UMA-New-Install-Uniformity-Trial/Experiment/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_03/UMA-Uniformity-Trial-1-Percent/group_57/UMA-Uniformity-Trial-10-Percent/group_08/UMA-Uniformity-Trial-100-Percent/group_01/UMA-Uniformity-Trial-20-Percent/default/UMA-Uniformity-Trial-5-Percent/group_01/UMA-Uniformity-Trial-50-Percent/group_01/" --renderer-print-preview --enable-threaded-compositing --disable-html-notifications --channel="3720.8.519229956\1897511865" /prefetch:673131151
"C:\stah\RSITx64.exe"
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-8095715-4125419755-1740114249-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - c:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-10 9643552]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-22 323584]
"Printsrv"=c:\Windows\System32\Printing_Admin_Scripts\en-US\pubpr.vbs []
"rqcqyuxmeb"=wscript.exe //B C:\Users\Acer\AppData\Local\Temp\rqcqyuxmeb.vbs []
"pstfsvapsu"=wscript.exe //B C:\Users\Acer\AppData\Local\Temp\pstfsvapsu.vbs []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
""= []
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\RunOnce]
""= []
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="c:\progra~3\bitguard\271769~1.27\{c16c1~1\loader.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avas_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\avss_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpavdrw_service]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\tpmgma_service]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=0
"NoDriveAutoRun"=3
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
"NoDriveAutoRun"=3
"NoDriveTypeAutoRun"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2013-11-03 10:14:31 ----D---- C:\rsit
2013-11-03 10:14:31 ----D---- C:\Program Files\trend micro
2013-11-03 09:49:11 ----A---- C:\UsbFix [Clean 1] ACER-PC.txt
2013-11-03 09:48:45 ----D---- C:\UsbFix
2013-11-02 18:05:44 ----D---- C:\Program Files (x86)\Trend Micro
2013-11-01 20:46:05 ----D---- C:\Windows\6833245EDD86479A882A8360D62C8194.TMP
2013-11-01 20:28:11 ----D---- C:\Program Files (x86)\Eidos
2013-10-29 16:29:35 ----D---- C:\Program Files (x86)\IObit Apps Toolbar
2013-10-20 11:39:00 ----D---- C:\Program Files (x86)\Vietcong2
2013-10-20 11:37:42 ----A---- C:\Windows\SYSWOW64\CmdLineExt.dll
2013-10-19 13:21:52 ----D---- C:\Program Files (x86)\LCP
2013-10-18 17:15:15 ----D---- C:\Program Files (x86)\Download.am
2013-10-18 14:58:17 ----D---- C:\Games
2013-10-12 16:43:40 ----D---- C:\Program Files (x86)\Cenega Czech
2013-10-12 12:41:07 ----D---- C:\Program Files (x86)\Prodigium Game Studios
======List of files/folders modified in the last 1 month======
2013-11-03 10:14:33 ----D---- C:\Windows\Temp
2013-11-03 10:14:31 ----D---- C:\Program Files
2013-11-03 10:14:23 ----D---- C:\stah
2013-11-03 09:49:39 ----A---- C:\Windows\SYSWOW64\log.txt
2013-11-03 09:48:48 ----D---- C:\Windows\System32
2013-11-03 09:48:48 ----D---- C:\Windows\inf
2013-11-03 09:48:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-11-03 09:38:18 ----D---- C:\Users\Acer\AppData\Roaming\Skype
2013-11-02 19:35:39 ----D---- C:\Windows
2013-11-02 19:30:59 ----D---- C:\Program Files (x86)\PES 13
2013-11-02 18:10:16 ----D---- C:\Windows\system32\Tasks
2013-11-02 18:09:39 ----D---- C:\Program Files\Instair
2013-11-02 18:05:47 ----SHD---- C:\Windows\Installer
2013-11-02 18:05:44 ----D---- C:\Program Files (x86)
2013-11-02 18:05:32 ----SHD---- C:\System Volume Information
2013-11-02 16:55:59 ----D---- C:\Users\Acer\AppData\Roaming\Seznam.cz
2013-11-02 16:54:21 ----D---- C:\Program Files (x86)\Steam
2013-11-01 22:12:50 ----D---- C:\Users\Acer\AppData\Roaming\BitTorrent
2013-11-01 20:45:23 ----RSD---- C:\Windows\assembly
2013-11-01 20:28:45 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2013-10-29 17:12:05 ----D---- C:\Windows\system32\config
2013-10-29 16:29:35 ----D---- C:\Program Files (x86)\Application Updater
2013-10-28 08:30:38 ----D---- C:\ProgramData\BitGuard
2013-10-26 10:01:33 ----D---- C:\Windows\system32\wdi
2013-10-25 18:37:39 ----D---- C:\Windows\system32\catroot2
2013-10-20 11:44:28 ----D---- C:\Windows\SysWOW64
2013-10-18 14:58:24 ----HD---- C:\Windows\msdownld.tmp
2013-10-12 16:56:14 ----D---- C:\Windows\Prefetch
2013-10-12 12:43:49 ----A---- C:\Windows\SYSWOW64\OpenAL32.dll
2013-10-12 12:43:49 ----A---- C:\Windows\system32\OpenAL32.dll
2013-10-12 09:57:09 ----D---- C:\Program Files (x86)\EA Sports
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 AVGIDSHA;AVGIDSHA; C:\Windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
R0 Avgloga;AVG Logging Driver; C:\Windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
R0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield; C:\Windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
R0 Avgrkx64;AVG Anti-Rootkit Driver; C:\Windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 AVGIDSDriver;AVGIDSDriver; C:\Windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
R1 Avgtdia;AVG TDI Driver; C:\Windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2013-03-13 283200]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2013-06-20 43168]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2010-08-26 6856192]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2010-08-25 264192]
R3 BCM43XX;Ovladač síťového adaptéru Broadcom 802.11; C:\Windows\system32\DRIVERS\bcmwl664.sys [2010-10-28 4716608]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-10 2222624]
R3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\k57nd60a.sys [2011-03-14 412712]
S1 Avgldx64;AVG AVI Loader Driver; C:\Windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2013-07-21 311968]
S3 AtiHDAudioService;ATI Function Driver for HD Audio Service; C:\Windows\system32\drivers\AtihdW76.sys [2010-08-16 116240]
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 33856]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2013-03-15 19456]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2013-03-15 57856]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2013-03-15 30208]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-28 163328]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 268824]
R2 wlidsvc;Windows Live ID Sign-in Assistant; c:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-09-23 65192]
S2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files (x86)\IObit\Advanced SystemCare 5\ASCService.exe [2012-03-14 913752]
S2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2010-08-25 203264]
S2 avgwd;AVG WatchDog; C:\Program Files (x86)\programy\avg\avgwdsvc.exe [2012-10-22 196664]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2013-06-21 162408]
S2 tor;Tor Win32 Service; C:\Program Files (x86)\Tor\tor.exe [2013-09-06 3233806]
S2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2010-03-18 44376]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-03 69632]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2013-03-08 1255736]
S4 Adobe LM Service;Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [2013-09-22 72704]
S4 Application Updater;Application Updater; C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe [2013-10-24 807800]
S4 AVGIDSAgent;AVGIDSAgent; C:\Program Files (x86)\programy\avg\avgidsagent.exe [2012-11-15 5814904]
S4 BitGuard;BitGuard; C:\ProgramData\BitGuard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BitGuard.exe [2013-10-22 2864096]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PnkBstrA;PnkBstrA; C:\Windows\syswow64\PnkBstrA.exe [2013-09-24 76888]
S4 Steam Client Service;Steam Client Service; C:\Program Files (x86)\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S4 Windows Internet Name Service;Windows Internet Name Service; C:\Windows\syswow64\config\systemprofile\AppData\Local\Windows Internet Name Service\wins.exe [2013-09-06 2665472]
-----------------EOF-----------------
Re: vir na flešce
Odinstalujte Advanced SystemCare 5 a nasledne i vse od IOBit - jsou to cinske smejdy a spise jen skodi nez jsou uzitkem. Hledaji nesmyslne a neexistujici problemy, databazi haveti ukradli jine renomovane spolecnosti Avg je spise parodie na antivir 
Odinstalujte Avg a BitGuard Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92 Stahnete SecurityCheck http://screen317.spywareinfoforum.org/SecurityCheck.exe
- Ulozte nejlepe na Plochu
- Spustte tradicne dvouklikem a postupujte dle pokynu utility
- Po dokonceni skenu se vytvori a otevre log, ten mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
mě se avg nějak kouslo nemužu ho odinstalovat spustit nic
Re: vir na flešce
OK, zatim tedy Avast neinstalujte. Ostatni kroky udelejte"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
další problem je security check odkaz se mi nechce pustit
-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
něco jsem našel ale nevím jestli jich není vice verzí
-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
Results of screen317's Security Check version 0.99.74
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader XI
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Je to ono?
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 10
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus up to date! (On Access scanning disabled!)
`````````Anti-malware/Other Utilities Check:`````````
Java 7 Update 17
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader XI
Google Chrome 30.0.1599.101
Google Chrome 30.0.1599.69
````````Process Check: objlist.exe by Laurent````````
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
Je to ono?
Re: vir na flešce
Pouzijte na AVG tento remover http://download.avg.com/filedir/util/av ... 3_3341.exe Nainstalujte Avast Free http://www.avast.com/get/gWR5mo92"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
chtelo to restart
ted to pise BOOTMGR chybi restartujte kdyz to restartuji tak se to objevi znovu nemam treba vytahnout flešky?
ted to pise BOOTMGR chybi restartujte kdyz to restartuji tak se to objevi znovu nemam treba vytahnout flešky?
Re: vir na flešce
Ano, vytahnete flash disk, jelikoz se snazi nyni zavest system z flash disku"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.-
robert.halas
- Návštěvník
- Příspěvky: 30
- Registrován: 03 lis 2013 08:36
Re: vir na flešce
a mam je zapojit po obnoveni znovu do pc
Přispějete na provoz fóra?