prosim kontrolu logu

[gold611]

ahojte, poprosim o kontrolu logu. system je pod ochranou ESET Smart Security 7, predpokladam ze by namal byt nijak infikovany. kazdopadne v poslednej dobe je cely system dost spomaleny, pamat takmer permanentne cela vytazena. najviac z nej berie svchost.exe (netsvcs), vacsinou prekonava aj firefox s desiatkou aktivnych tabov

vopred velka vdaka



Logfile of random's system information tool 1.10 (written by random/random)
Run by VX6 at 2014-06-18 21:50:36
Microsoft Windows 7 Home Premium Service Pack 1
System drive C: has 40 GB (39%) free of 102 GB
Total RAM: 2038 MB (18% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:50:56, on 18. 6. 2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v11.0 (11.00.9600.17126)
Boot mode: Normal

Running processes:
C:\windows\System32\smss.exe
C:\windows\system32\csrss.exe
C:\windows\system32\wininit.exe
C:\windows\system32\csrss.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\winlogon.exe
C:\windows\system32\svchost.exe
C:\windows\system32\nvvsvc.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\system32\svchost.exe
C:\windows\servicing\TrustedInstaller.exe
C:\windows\system32\svchost.exe
C:\windows\system32\WLANExt.exe
C:\windows\system32\conhost.exe
C:\windows\System32\spoolsv.exe
C:\windows\system32\taskeng.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Windows\System32\AsusService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
C:\Program Files\ESET\ESET Smart Security\ekrn.exe
C:\windows\System32\svchost.exe
C:\windows\System32\svchost.exe
C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
C:\Program Files\CyberLink\Shared files\RichVideo.exe
C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtWlan.exe
C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
C:\windows\system32\svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\windows\system32\atwtusb.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
C:\windows\system32\svchost.exe
C:\windows\system32\sppsvc.exe
C:\windows\system32\nvvsvc.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\atwtusb.exe
C:\windows\system32\taskhost.exe
C:\windows\SYSTEM32\WISPTIS.EXE
C:\windows\system32\Dwm.exe
C:\windows\Explorer.EXE
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe
C:\Windows\AsScrPro.exe
C:\Program Files\Adobe\Reader 9.0\Reader\reader_sl.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
C:\Program Files\ASUS\Eee Docking\Eee Docking.exe
C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe
C:\Program Files\EeePC\CapsHook\CapsHook.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe
C:\windows\system32\igfxsrvc.exe
C:\Windows\System32\WTMKM.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe
C:\Program Files\BatteryCare\BatteryCare.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\GIGABYTE\U8300 Utilities\CONRCtl.exe
C:\windows\system32\SearchIndexer.exe
C:\Program Files\Sony\Sony PC Companion\PCCompanionInfo.exe
D:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
C:\Users\VX6\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\windows\system32\svchost.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\windows\system32\svchost.exe
C:\windows\System32\svchost.exe
C:\windows\system32\DllHost.exe
C:\windows\system32\wbem\wmiprvse.exe
C:\windows\system32\wuauclt.exe
D:\RSIT.exe
C:\Program Files\trend micro\VX6.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://asus.msn.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Search Helper - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Windows Live Messenger Companion Helper - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files\Windows Live\Companion\companioncore.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SynAsusAcpi] %ProgramFiles%\Synaptics\SynTP\SynAsusAcpi.exe
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\windows\AsScrPro.exe
O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [HotkeyMon] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe
O4 - HKLM\..\Run: [HotkeyService] AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe
O4 - HKLM\..\Run: [SuperHybridEngine] AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [CapsHook] AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe
O4 - HKLM\..\Run: [Eee Docking] C:\Program Files\ASUS\Eee Docking\Eee Docking.exe autorun
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\ASUSWSDashBoard.exe /S
O4 - HKLM\..\Run: [GraphicsSwitch] AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe
O4 - HKLM\..\Run: [IgfxTray] C:\windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [iSeriesCharge] C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe
O4 - HKLM\..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
O4 - HKLM\..\Run: [ASUSPRP] C:\Program Files\ASUS\APRP\APRP.EXE
O4 - HKLM\..\Run: [MacrokeyManager] WTMKM.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [EEESplendidAR] AsusSender.exe C:\Program Files\ASUS\EeeSplendid\AutoRun.exe
O4 - HKLM\..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [TiVme Agent] C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe srec
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [BatteryCare] C:\Program Files\BatteryCare\BatteryCare.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = VX6\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: Facebook Messenger.lnk = VX6\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Remote Control.lnk = C:\Program Files\GIGABYTE\U8300 Utilities\CONRCtl.exe
O4 - Global Startup: TMMonitor.lnk = D:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://D:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Program Files\Windows Live\Companion\companioncore.dll
O9 - Extra button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files\ICQ7.4\ICQ.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: PokerStars.net - {FA9B9510-9FCB-4ca0-818C-5D0987B47C4D} - C:\Program Files\PokerStars.NET\PokerStarsUpdate.exe
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: C:\windows\system32\nvinit.dll
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Asus Launcher Service (AsusService) - Unknown owner - C:\Windows\System32\AsusService.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\windows\system32\nvvsvc.exe
O23 - Service: Realtek87B - Realtek - C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files\Sony\Sony PC Companion\PCCService.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - StarWind Software - C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: WTService - Unknown owner - C:\windows\system32\atwtusb.exe

--
End of file - 15198 bytes

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job - C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
C:\windows\tasks\GoogleUpdateTaskMachineCore.job - C:\Program Files\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskMachineUA.job - C:\Program Files\Google\Update\GoogleUpdate.exe /ua /installsource scheduler
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3542167979-770001462-871478402-1001Core.job - C:\Users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe /c
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-3542167979-770001462-871478402-1001UA.job - C:\Users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe /ua /installsource scheduler

=========Mozilla firefox=========

ProfilePath - C:\Users\VX6\AppData\Roaming\Mozilla\Firefox\Profiles\i611erfa.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 13.0.0.214 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_13_0_0_214.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\windows\system32\Adobe\Director\np32dsw_1166636.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@idsoftware.com/QuakeLive]
"Description"=
"Path"=C:\ProgramData\id Software\QuakeLive\npquakezero.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.51.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.30214.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.24.7\npGoogleUpdate3.dll


C:\Users\VX6\AppData\Roaming\Mozilla\Firefox\Profiles\i611erfa.default\extensions\
2020Player_IKEA@2020Technologies.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-02-27 75128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6EBF7485-159F-4bff-A14F-B9E3AAC4465B}]
Search Helper - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll [2010-09-22 191792]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2014-03-08 462760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9FDDE16B-836F-4806-AB1F-1455CBEFF289}]
Windows Live Messenger Companion Helper - C:\Program Files\Windows Live\Companion\companioncore.dll [2010-11-10 393600]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-03-08 171944]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-06-05 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2009-11-19 1594664]
"SynAsusAcpi"=C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe [2009-11-19 83240]
"ASUS Screen Saver Protector"=C:\windows\AsScrPro.exe [2010-09-29 3058304]
"UCam_Menu"=C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe [2009-05-20 222504]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-02-28 35696]
"HotkeyMon"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotKeyMon.exe []
"HotkeyService"=AsusSender.exe C:\Program Files\EeePC\HotkeyService\HotkeyService.exe []
"SuperHybridEngine"=AsusSender.exe C:\Program Files\EeePC\SHE\SuperHybridEngine.exe []
"LiveUpdate"=AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto []
"CapsHook"=AsusSender.exe C:\Program Files\EeePC\CapsHook\CapsHook.exe []
"Eee Docking"=C:\Program Files\ASUS\Eee Docking\Eee Docking.exe [2010-06-10 414384]
"ASUSWebStorage"=C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\ASUSWSDashBoard.exe [2010-09-01 5096784]
"GraphicsSwitch"=AsusSender.exe C:\Program Files\Asus\GraphicsSwitch\GPUStatusMonitor.exe []
"IgfxTray"=C:\windows\system32\igfxtray.exe [2010-05-10 141848]
"HotKeysCmds"=C:\windows\system32\hkcmd.exe [2010-05-10 173592]
"Persistence"=C:\windows\system32\igfxpers.exe [2010-05-10 150552]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2010-08-24 9722472]
"iSeriesCharge"=C:\Program Files\ASUS\USBChargeSetting\iSeriesCharge.exe [2010-08-18 96176]
"OOBESetup"=C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe [2009-12-11 334848]
"ASUSPRP"=C:\Program Files\ASUS\APRP\APRP.EXE [2010-09-29 2018032]
"MacrokeyManager"=C:\windows\system32\WTMKM.exe [2009-08-11 5586664]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-03-15 499608]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"AdobeCS5.5ServiceManager"=C:\Program Files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"UpdatePPShortCut"=C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe [2010-09-17 222504]
"UpdatePDRShortCut"=C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [2009-05-19 222504]
"EEESplendidAR"=AsusSender.exe C:\Program Files\ASUS\EeeSplendid\AutoRun.exe []
"ArcSoft Connection Service"=C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe [2010-10-27 207424]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2013-09-12 5110672]
"SunJavaUpdateSched"=C:\Program Files\Common Files\Java\Java Update\jusched.exe [2013-07-02 254336]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-04 116648]
"TiVme Agent"=C:\Program Files\GIGABYTE\vivoTV\ScheduleAgent.exe [2011-04-18 131584]
"AlcoholAutomount"=C:\Program Files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2010-08-20 33120]
"Sony PC Companion"=C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe [2014-04-01 466144]
"BatteryCare"=C:\Program Files\BatteryCare\BatteryCare.exe [2013-10-28 752128]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
Remote Control.lnk - C:\Program Files\GIGABYTE\U8300 Utilities\CONRCtl.exe
TMMonitor.lnk - D:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe

C:\Users\VX6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\VX6\AppData\Roaming\Dropbox\bin\Dropbox.exe
Facebook Messenger.lnk - C:\Users\VX6\AppData\Local\Facebook\Messenger\2.1.4814.0\FacebookMessenger.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\windows\system32\nvinit.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\windows\system32\igfxdev.dll [2010-05-10 218112]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
"HideSCAPower"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"vidc.XVID"=xvidvfw.dll
"wave6"=wdmaud.drv
"wave7"=wdmaud.drv
"wave8"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - %SystemRoot%\System32\CScript.exe "%1" %*
.vbs - open - %SystemRoot%\System32\CScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2014-06-18 21:28:05 ----A---- C:\windows\system32\JavaScriptCollectionAgent.dll
2014-06-18 21:28:05 ----A---- C:\windows\system32\ieetwproxystub.dll
2014-06-18 21:28:05 ----A---- C:\windows\system32\ieetwcollector.exe
2014-06-18 21:28:04 ----A---- C:\windows\system32\MsSpellCheckingFacility.exe
2014-06-18 21:28:03 ----A---- C:\windows\system32\urlmon.dll
2014-06-18 21:28:02 ----A---- C:\windows\system32\jsproxy.dll
2014-06-18 21:28:01 ----A---- C:\windows\system32\msfeeds.dll
2014-06-18 21:28:01 ----A---- C:\windows\system32\ieUnatt.exe
2014-06-18 21:28:01 ----A---- C:\windows\system32\iernonce.dll
2014-06-18 21:28:01 ----A---- C:\windows\system32\dxtmsft.dll
2014-06-18 21:27:59 ----A---- C:\windows\system32\msrating.dll
2014-06-18 21:27:58 ----A---- C:\windows\system32\iesetup.dll
2014-06-18 21:27:58 ----A---- C:\windows\system32\ie4uinit.exe
2014-06-18 21:27:57 ----A---- C:\windows\system32\ieetwcollectorres.dll
2014-06-18 21:27:56 ----A---- C:\windows\system32\wininet.dll
2014-06-18 21:27:56 ----A---- C:\windows\system32\ieapfltr.dll
2014-06-18 21:27:54 ----A---- C:\windows\system32\dxtrans.dll
2014-06-18 21:27:53 ----A---- C:\windows\system32\ieui.dll
2014-06-18 21:27:52 ----A---- C:\windows\system32\ieframe.dll
2014-06-18 21:27:50 ----A---- C:\windows\system32\mshtmled.dll
2014-06-18 21:27:49 ----A---- C:\windows\system32\mshtmlmedia.dll
2014-06-18 21:27:48 ----A---- C:\windows\system32\iertutil.dll
2014-06-18 21:27:46 ----A---- C:\windows\system32\jscript9diag.dll
2014-06-18 21:27:45 ----A---- C:\windows\system32\mshtml.dll
2014-06-18 21:27:43 ----A---- C:\windows\system32\vbscript.dll
2014-06-18 21:27:42 ----A---- C:\windows\system32\jscript9.dll
2014-06-18 21:27:33 ----A---- C:\windows\system32\msxml6.dll
2014-06-18 21:27:32 ----A---- C:\windows\system32\msxml6r.dll
2014-06-18 21:27:32 ----A---- C:\windows\system32\msxml3r.dll
2014-06-18 21:27:32 ----A---- C:\windows\system32\msxml3.dll
2014-06-18 21:27:24 ----A---- C:\windows\system32\drivers\tcpip.sys
2014-06-18 21:27:24 ----A---- C:\windows\system32\drivers\FWPKCLNT.SYS
2014-06-18 21:27:19 ----A---- C:\windows\system32\aepdu.dll
2014-06-18 21:27:19 ----A---- C:\windows\system32\aeinv.dll
2014-06-18 21:25:35 ----A---- C:\windows\system32\usp10.dll
2014-06-18 21:03:52 ----D---- C:\Program Files\trend micro
2014-06-18 21:03:51 ----D---- C:\rsit
2014-06-11 21:23:48 ----A---- C:\Users\VX6\AppData\Roaming\CrashRpt1402.dll
2014-06-09 20:52:02 ----SD---- C:\windows\system32\CompatTel
2014-06-09 20:34:59 ----D---- C:\Program Files\Common Files\DESIGNER
2014-06-09 20:16:05 ----A---- C:\windows\system32\drivers\ntfs.sys
2014-06-09 20:15:40 ----A---- C:\windows\system32\ntkrnlpa.exe
2014-06-09 20:15:39 ----A---- C:\windows\system32\ntoskrnl.exe
2014-06-09 20:15:39 ----A---- C:\windows\system32\lsasrv.dll
2014-06-09 20:15:39 ----A---- C:\windows\system32\kerberos.dll
2014-06-09 20:15:38 ----A---- C:\windows\system32\winlogon.exe
2014-06-09 20:15:38 ----A---- C:\windows\system32\msv1_0.dll
2014-06-09 20:15:37 ----A---- C:\windows\system32\wdigest.dll
2014-06-09 20:15:37 ----A---- C:\windows\system32\TSpkg.dll
2014-06-09 20:15:37 ----A---- C:\windows\system32\schannel.dll
2014-06-09 20:15:37 ----A---- C:\windows\system32\objsel.dll
2014-06-09 20:15:37 ----A---- C:\windows\system32\KernelBase.dll
2014-06-09 20:15:37 ----A---- C:\windows\system32\drivers\ksecpkg.sys
2014-06-09 20:15:37 ----A---- C:\windows\system32\dimsroam.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\wincredprovider.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\sspisrv.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\sspicli.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\secur32.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\lsass.exe
2014-06-09 20:15:36 ----A---- C:\windows\system32\drivers\ksecdd.sys
2014-06-09 20:15:36 ----A---- C:\windows\system32\dpapiprovider.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\credssp.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\cngprovider.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\capiprovider.dll
2014-06-09 20:15:36 ----A---- C:\windows\system32\adprovider.dll
2014-06-09 20:15:05 ----A---- C:\windows\system32\wer.dll
2014-06-09 20:15:03 ----A---- C:\windows\system32\wwansvc.dll
2014-06-09 20:14:55 ----A---- C:\windows\system32\drivers\storport.sys
2014-06-09 20:14:55 ----A---- C:\windows\system32\drivers\msiscsi.sys
2014-06-09 20:14:55 ----A---- C:\windows\system32\drivers\Diskdump.sys
2014-06-09 20:14:54 ----A---- C:\windows\system32\iologmsg.dll
2014-06-09 20:14:44 ----A---- C:\windows\system32\qedit.dll
2014-06-09 20:14:42 ----A---- C:\windows\system32\win32k.sys
2014-06-09 20:14:39 ----A---- C:\windows\system32\shell32.dll
2014-06-09 20:14:11 ----A---- C:\windows\system32\WindowsCodecs.dll
2014-06-09 20:13:05 ----A---- C:\windows\system32\kernel32.dll
2014-05-30 20:06:12 ----A---- C:\windows\system32\xactengine2_8.dll
2014-05-30 20:06:12 ----A---- C:\windows\system32\x3daudio1_2.dll
2014-05-30 20:06:12 ----A---- C:\windows\system32\d3dx10_34.dll
2014-05-30 20:06:12 ----A---- C:\windows\system32\D3DCompiler_34.dll
2014-05-30 20:06:11 ----A---- C:\windows\system32\xinput1_3.dll
2014-05-30 20:06:11 ----A---- C:\windows\system32\xactengine2_7.dll
2014-05-30 20:06:11 ----A---- C:\windows\system32\d3dx9_34.dll
2014-05-30 20:06:10 ----A---- C:\windows\system32\d3dx9_33.dll
2014-05-30 20:06:10 ----A---- C:\windows\system32\d3dx10_33.dll
2014-05-30 20:06:10 ----A---- C:\windows\system32\D3DCompiler_33.dll
2014-05-30 20:06:08 ----A---- C:\windows\system32\xactengine2_6.dll
2014-05-30 20:06:07 ----A---- C:\windows\system32\xactengine2_5.dll
2014-05-30 20:06:07 ----A---- C:\windows\system32\d3dx10.dll
2014-05-30 20:06:06 ----A---- C:\windows\system32\xactengine2_4.dll
2014-05-30 20:06:06 ----A---- C:\windows\system32\x3daudio1_1.dll
2014-05-30 20:06:05 ----A---- C:\windows\system32\xactengine2_3.dll
2014-05-30 20:06:05 ----A---- C:\windows\system32\d3dx9_31.dll
2014-05-30 20:06:04 ----A---- C:\windows\system32\xinput1_2.dll
2014-05-30 20:06:04 ----A---- C:\windows\system32\xactengine2_2.dll
2014-05-30 20:06:03 ----A---- C:\windows\system32\xinput1_1.dll
2014-05-30 20:06:03 ----A---- C:\windows\system32\xactengine2_1.dll
2014-05-30 20:05:53 ----A---- C:\windows\system32\d3dx9_30.dll
2014-05-30 20:05:52 ----A---- C:\windows\system32\xactengine2_0.dll
2014-05-30 20:05:52 ----A---- C:\windows\system32\x3daudio1_0.dll
2014-05-30 20:05:51 ----A---- C:\windows\system32\d3dx9_29.dll
2014-05-30 20:05:51 ----A---- C:\windows\system32\d3dx9_28.dll
2014-05-30 20:05:50 ----A---- C:\windows\system32\d3dx9_27.dll
2014-05-30 20:05:49 ----A---- C:\windows\system32\d3dx9_26.dll
2014-05-30 20:05:49 ----A---- C:\windows\system32\d3dx9_25.dll
2014-05-30 20:05:48 ----A---- C:\windows\system32\d3dx9_24.dll
2014-05-30 19:57:04 ----D---- C:\Program Files\FlatOut2

======List of files/folders modified in the last 1 month======

2014-06-18 21:48:12 ----D---- C:\Users\VX6\AppData\Roaming\Dropbox
2014-06-18 21:47:54 ----D---- C:\Users\VX6\AppData\Roaming\DropboxMaster
2014-06-18 21:46:45 ----D---- C:\windows\Prefetch
2014-06-18 21:46:06 ----A---- C:\windows\win.ini
2014-06-18 21:46:04 ----D---- C:\windows\Temp
2014-06-18 21:46:00 ----D---- C:\windows\winsxs
2014-06-18 21:45:19 ----D---- C:\windows\system32\config
2014-06-18 21:42:37 ----D---- C:\windows\system32\en-US
2014-06-18 21:42:37 ----D---- C:\windows\System32
2014-06-18 21:42:37 ----D---- C:\windows\PolicyDefinitions
2014-06-18 21:42:36 ----D---- C:\Program Files\Internet Explorer
2014-06-18 21:42:34 ----AD---- C:\windows\system32\drivers
2014-06-18 21:42:33 ----D---- C:\windows\system32\DriverStore
2014-06-18 21:41:51 ----SHD---- C:\windows\Installer
2014-06-18 21:41:50 ----D---- C:\ProgramData\Microsoft Help
2014-06-18 21:33:24 ----D---- C:\windows\system32\MRT
2014-06-18 21:33:17 ----A---- C:\windows\system32\MRT.exe
2014-06-18 21:29:24 ----SHD---- C:\System Volume Information
2014-06-18 21:27:08 ----D---- C:\windows\system32\catroot
2014-06-18 21:26:43 ----D---- C:\windows\system32\catroot2
2014-06-18 21:03:52 ----RD---- C:\Program Files
2014-06-18 19:58:00 ----D---- C:\windows\inf
2014-06-10 23:37:26 ----D---- C:\windows\rescache
2014-06-09 22:29:13 ----D---- C:\windows\Microsoft.NET
2014-06-09 22:27:12 ----RSD---- C:\windows\assembly
2014-06-09 21:04:23 ----D---- C:\Users\VX6\AppData\Roaming\ICQ
2014-06-09 20:53:24 ----D---- C:\Program Files\Microsoft Silverlight
2014-06-09 20:35:56 ----D---- C:\windows\debug
2014-06-09 20:34:59 ----D---- C:\Program Files\Common Files
2014-06-09 20:24:09 ----A---- C:\windows\system32\PerfStringBackup.INI
2014-05-30 20:03:13 ----D---- C:\Windows
2014-05-27 19:01:55 ----HD---- C:\Program Files\InstallShield Installation Information
2014-05-19 22:06:43 ----D---- C:\windows\panther
2014-05-19 22:06:43 ----D---- C:\windows\ModemLogs
2014-05-19 22:06:36 ----D---- C:\windows\Logs
2014-05-19 22:06:35 ----D---- C:\windows\Minidump

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AiDriver;ASUS Charger Driver; C:\windows\system32\DRIVERS\AiDriver.sys [2010-05-20 13224]
R0 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-06-05 330264]
R0 nvpciflt;nvpciflt; C:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-04 19656]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-04-17 44944]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2013-05-11 436792]
R1 AsUpIO;AsUpIO; C:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
R1 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 ACEDRV07;ACEDRV07; \??\C:\windows\system32\drivers\ACEDRV07.sys [2012-06-14 101376]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2013-09-17 174400]
R3 Afc;PPdus ASPI Shell; C:\windows\system32\drivers\Afc.sys [2006-11-10 18688]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-05-08 2710592]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-08-13 72576]
R3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2010-05-10 4806144]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\windows\system32\drivers\RTKVHDA.sys [2010-08-24 3178472]
R3 kbfiltr;Keyboard Filter; C:\windows\system32\DRIVERS\kbfiltr.sys [2009-07-20 13880]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller; C:\windows\system32\DRIVERS\L1C62x86.sys [2010-07-29 68208]
R3 moufiltr;Tablet Mouse Filter Driver; C:\windows\system32\DRIVERS\moufiltr.sys [2009-03-08 6144]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 59904]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 139648]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2009-11-19 230448]
R3 vhidmini;Generic Virtual HID Driver; C:\windows\system32\DRIVERS\walvhid.sys [2009-04-16 6144]
R3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\BatteryCare\WinRing0.sys [2008-07-26 14416]
S2 CXIR;Conexant Polaris IR Transceiver; C:\windows\system32\drivers\cxcir.sys [2011-05-03 33792]
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-05-21 88104]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\drivers\btwavdt.sys [2010-05-21 111144]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-05-21 18728]
S3 CXPOLARIS;Conexant Polaris Video Capture; C:\windows\system32\drivers\cxpolaris.sys [2011-05-03 405248]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-08-13 102784]
S3 fssfltr;FssFltr; C:\windows\system32\DRIVERS\fssfltr.sys [2010-09-23 39272]
S3 ggflt;SEMC USB Flash Driver Filter; C:\windows\system32\DRIVERS\ggflt.sys [2013-11-27 12400]
S3 ggsemc;SEMC USB Flash Driver; C:\windows\system32\DRIVERS\ggsemc.sys [2013-11-27 25200]
S3 huawei_cdcacm;huawei_cdcacm; C:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-08-13 85248]
S3 IT9135BDA;IT9135 BDA Devices; C:\windows\System32\Drivers\IT9135BDA.sys [2013-05-05 145664]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver; C:\windows\system32\drivers\nvhda32v.sys [2010-08-04 105576]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter; C:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2010-11-20 35968]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ACDaemon;ArcSoft Connect Daemon; C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
R2 AsusService;Asus Launcher Service; C:\Windows\System32\AsusService.exe [2009-08-19 219136]
R2 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-05-21 652576]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-06-05 354840]
R2 Net Driver HPZ12;Net Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 nvsvc;NVIDIA Display Driver Service; C:\windows\system32\nvvsvc.exe [2010-07-30 129640]
R2 Pml Driver HPZ12;Pml Driver HPZ12; C:\windows\System32\svchost.exe [2009-07-14 20992]
R2 Realtek87B;Realtek87B; C:\Program Files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2011-05-03 247152]
R2 SeaPort;SeaPort; C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe [2010-09-22 249136]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2009-12-23 370688]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2010-09-21 1710464]
R2 WTService;WTService; C:\windows\system32\atwtusb.exe [2009-08-06 397032]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2013-09-11 105144]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-04 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2014-05-13 257712]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2013-09-11 46688]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-05-16 654848]
S3 fsssvc;Windows Live Family Safety Service; C:\Program Files\Windows Live\Family Safety\fsssvc.exe [2010-09-23 1493352]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-04-04 116648]
S3 IEEtwCollectorService;@%SystemRoot%\system32\ieetwcollectorres.dll,-1000; C:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2014-05-11 119408]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
S3 SwitchBoard;SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-03-14 1343400]
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2013-09-11 139856]
S4 wlcrasvc;Windows Live Mesh remote connections service; C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

O4 - HKLM\..\Run: [UCam_Menu] "C:\Program Files\CyberLink\YouCam\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\YouCam" UpdateWithCreateOnce "Software\CyberLink\YouCam\2.0"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [LiveUpdate] AsusSender.exe C:\Program Files\Asus\LiveUpdate\LiveUpdate.exe auto
O4 - HKLM\..\Run: [ASUSWebStorage] C:\Program Files\ASUS\ASUS WebStorage\2.2.56.108\ASUSWSDashBoard.exe /S
O4 - HKLM\..\Run: [OOBESetup] C:\Program Files\asus\OOBERegBackup\OOBERegBackup.exe /restore -"C:\Program Files\asus\OOBERegBackup\OOBEReg.ini"
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [UpdatePPShortCut] "C:\Program Files\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerProducer" UpdateWithCreateOnce "Software\CyberLink\PowerProducer\5.0"
O4 - HKLM\..\Run: [UpdatePDRShortCut] "C:\Program Files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\8.0"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe" /c

HJT najdeš zde :

C:\Program Files\trend micro\VX6.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[gold611]

ComboFix 14-06-21.02 - VX6 . 06. 2014 20:43:45.2.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2038.652 [GMT 2:00]
Running from: D:\ComboFix.exe
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-05-21 to 2014-06-21 )))))))))))))))))))))))))))))))
.
.
2014-06-21 19:53 . 2014-06-21 19:53 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-21 19:53 . 2014-06-21 19:53 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-18 19:25 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 19:03 . 2014-06-21 14:01 -------- d-----w- c:\program files\trend micro
2014-06-18 19:03 . 2014-06-18 19:04 -------- d-----w- C:\rsit
2014-06-11 19:23 . 2014-06-11 19:23 159200 ----a-w- c:\users\VX6\AppData\Roaming\CrashRpt1402.dll
2014-06-11 19:23 . 2014-06-11 19:23 -------- d-----w- c:\users\VX6\AppData\Local\CrashRpt
2014-06-09 18:52 . 2014-06-18 19:42 -------- d-s---w- c:\windows\system32\CompatTel
2014-06-09 18:16 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-06-09 18:14 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-06-09 18:14 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-06-09 18:14 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-06-09 18:14 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-06-09 18:14 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-09 18:14 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-06-09 18:14 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-30 18:05 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2014-05-30 17:57 . 2014-05-30 18:07 -------- d-----w- c:\program files\FlatOut2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 19:20 . 2012-06-08 05:32 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 19:20 . 2011-06-12 16:23 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-11 20:43 . 2014-04-09 05:03 3113272 ----a-w- c:\windows\system32\MetaViewer.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"="c:\program files\GIGABYTE\vivoTV\ScheduleAgent.exe" [2011-04-18 131584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2014-04-01 466144]
"BatteryCare"="c:\program files\BatteryCare\BatteryCare.exe" [2013-10-28 752128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-09-29 3058304]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"GraphicsSwitch"="AsusSender.exe" [2010-03-03 29184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"iSeriesCharge"="c:\program files\ASUS\USBChargeSetting\iSeriesCharge.exe" [2010-08-18 96176]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-09-29 2018032]
"MacrokeyManager"="WTMKM.exe" [2009-08-11 5586664]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"EEESplendidAR"="AsusSender.exe" [2010-03-03 29184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
c:\users\VX6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\VX6\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
Remote Control.lnk - c:\program files\GIGABYTE\U8300 Utilities\CONRCtl.exe [2012-12-18 114688]
TMMonitor.lnk - d:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-5-6 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 CXIR;Conexant Polaris IR Transceiver;c:\windows\system32\drivers\cxcir.sys [2011-05-03 33792]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
R3 CXPOLARIS;Conexant Polaris Video Capture;c:\windows\system32\drivers\cxpolaris.sys [2011-05-03 405248]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-08-13 102784]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-11-27 12400]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-08-13 85248]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2013-05-05 145664]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-14 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [2010-05-20 13224]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-04 19656]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-05-11 436792]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
S2 Realtek87B;Realtek87B;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-08-06 397032]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-08-13 72576]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-07-29 68208]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 59904]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 139648]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [2008-07-26 14416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 19:20]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:58]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:58]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3542167979-770001462-871478402-1001Core.job
- c:\users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 18:58]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3542167979-770001462-871478402-1001UA.job
- c:\users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\VX6\AppData\Roaming\Mozilla\Firefox\Profiles\i611erfa.default\
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3542167979-770001462-871478402-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3542167979-770001462-871478402-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1616)
c:\progra~1\ASUS\ASUSWE~1\2256~1.108\ASUSWS~1.DLL
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2014-06-21 21:58:02
ComboFix-quarantined-files.txt 2014-06-21 19:58
ComboFix2.txt 2014-06-21 16:54
.
Pre-Run: 40 011 976 704 bytes free
Post-Run: 41 743 347 712 bytes free
.
- - End Of File - - AF3A6FBDAD24F051B3A97D0CF07CE80D
A36C5E4F47E84449FF07ED3517B43A31

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

RegLock:: 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[gold611]

ComboFix 14-06-21.02 - VX6 . 06. 2014 23:38:57.3.4 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.2038.1001 [GMT 2:00]
Running from: c:\users\VX6\Desktop\ComboFix.exe
Command switches used :: c:\users\VX6\Desktop\CFScript.txt
AV: ESET Smart Security 7.0 *Disabled/Updated* {19259FAE-8396-A113-46DB-15B0E7DFA289}
FW: ESET personal firewall *Disabled* {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}
SP: ESET Smart Security 7.0 *Disabled/Updated* {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2014-05-22 to 2014-06-22 )))))))))))))))))))))))))))))))
.
.
2014-06-22 22:52 . 2014-06-22 22:52 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2014-06-22 22:52 . 2014-06-22 22:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2014-06-18 19:25 . 2014-04-25 02:06 626688 ----a-w- c:\windows\system32\usp10.dll
2014-06-18 19:03 . 2014-06-21 14:01 -------- d-----w- c:\program files\trend micro
2014-06-18 19:03 . 2014-06-18 19:04 -------- d-----w- C:\rsit
2014-06-11 19:23 . 2014-06-11 19:23 159200 ----a-w- c:\users\VX6\AppData\Roaming\CrashRpt1402.dll
2014-06-11 19:23 . 2014-06-11 19:23 -------- d-----w- c:\users\VX6\AppData\Local\CrashRpt
2014-06-09 18:52 . 2014-06-18 19:42 -------- d-s---w- c:\windows\system32\CompatTel
2014-06-09 18:16 . 2014-01-24 02:18 1212352 ----a-w- c:\windows\system32\drivers\ntfs.sys
2014-06-09 18:14 . 2014-02-04 02:07 149440 ----a-w- c:\windows\system32\drivers\storport.sys
2014-06-09 18:14 . 2014-02-04 02:07 234432 ----a-w- c:\windows\system32\drivers\msiscsi.sys
2014-06-09 18:14 . 2014-02-04 02:07 27072 ----a-w- c:\windows\system32\drivers\Diskdump.sys
2014-06-09 18:14 . 2014-02-04 02:00 2048 ----a-w- c:\windows\system32\iologmsg.dll
2014-06-09 18:14 . 2014-02-04 02:04 509440 ----a-w- c:\windows\system32\qedit.dll
2014-06-09 18:14 . 2014-02-07 01:07 2349056 ----a-w- c:\windows\system32\win32k.sys
2014-06-09 18:14 . 2014-02-04 02:04 1230336 ----a-w- c:\windows\system32\WindowsCodecs.dll
2014-05-30 18:05 . 2005-05-26 13:34 2297552 ----a-w- c:\windows\system32\d3dx9_26.dll
2014-05-30 17:57 . 2014-05-30 18:07 -------- d-----w- c:\program files\FlatOut2
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-05-13 19:20 . 2012-06-08 05:32 692400 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2014-05-13 19:20 . 2011-06-12 16:23 70832 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2014-05-11 20:43 . 2014-04-09 05:03 3113272 ----a-w- c:\windows\system32\MetaViewer.dll
2014-03-31 20:46 . 2014-03-31 20:46 130712 ----a-w- c:\windows\system32\MSSTDFMT.DLL
2014-03-31 20:46 . 2014-03-31 20:46 1070232 ----a-w- c:\windows\system32\MSCOMCTL.OCX
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}"
[HKEY_CLASSES_ROOT\CLSID\{CC5FC992-B0AA-47CD-9DC2-83445083CBB8}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{618A47A2-528B-4D9A-AFC8-97D3233511E2}"
[HKEY_CLASSES_ROOT\CLSID\{618A47A2-528B-4D9A-AFC8-97D3233511E2}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-09-10 23:54 131248 ----a-w- c:\users\VX6\AppData\Roaming\Dropbox\bin\DropboxExt.22.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TiVme Agent"="c:\program files\GIGABYTE\vivoTV\ScheduleAgent.exe" [2011-04-18 131584]
"AlcoholAutomount"="c:\program files\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe" [2010-08-20 33120]
"Sony PC Companion"="c:\program files\Sony\Sony PC Companion\PCCompanion.exe" [2014-04-01 466144]
"BatteryCare"="c:\program files\BatteryCare\BatteryCare.exe" [2013-10-28 752128]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-05 186904]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-11-19 1594664]
"SynAsusAcpi"="c:\program files\Synaptics\SynTP\SynAsusAcpi.exe" [2009-11-19 83240]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2010-09-29 3058304]
"HotkeyMon"="AsusSender.exe" [2010-03-03 29184]
"HotkeyService"="AsusSender.exe" [2010-03-03 29184]
"SuperHybridEngine"="AsusSender.exe" [2010-03-03 29184]
"CapsHook"="AsusSender.exe" [2010-03-03 29184]
"Eee Docking"="c:\program files\ASUS\Eee Docking\Eee Docking.exe" [2010-06-10 414384]
"GraphicsSwitch"="AsusSender.exe" [2010-03-03 29184]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-05-10 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-05-10 173592]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-05-10 150552]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-08-24 9722472]
"iSeriesCharge"="c:\program files\ASUS\USBChargeSetting\iSeriesCharge.exe" [2010-08-18 96176]
"ASUSPRP"="c:\program files\ASUS\APRP\APRP.EXE" [2010-09-29 2018032]
"MacrokeyManager"="WTMKM.exe" [2009-08-11 5586664]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5.5ServiceManager"="c:\program files\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 1523360]
"EEESplendidAR"="AsusSender.exe" [2010-03-03 29184]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2013-09-12 5110672]
.
c:\users\VX6\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\VX6\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2014-5-20 33322312]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-5-21 828704]
Remote Control.lnk - c:\program files\GIGABYTE\U8300 Utilities\CONRCtl.exe [2012-12-18 114688]
TMMonitor.lnk - d:\program files\ArcSoft\TotalMedia 3.5\TMMonitor.exe [2013-5-6 258048]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"HideSCAPower"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\nvinit.dll
.
R2 AsusService;Asus Launcher Service;c:\windows\System32\AsusService.exe [2009-08-19 219136]
R2 CXIR;Conexant Polaris IR Transceiver;c:\windows\system32\drivers\cxcir.sys [2011-05-03 33792]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-05-21 293928]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-05-21 33320]
R3 CXPOLARIS;Conexant Polaris Video Capture;c:\windows\system32\drivers\cxpolaris.sys [2011-05-03 405248]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2011-08-13 102784]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2013-11-27 12400]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2011-08-13 85248]
R3 IEEtwCollectorService;Internet Explorer ETW Collector Service;c:\windows\system32\IEEtwCollector.exe [2014-05-30 108032]
R3 IT9135BDA;IT9135 BDA Devices;c:\windows\system32\Drivers\IT9135BDA.sys [2013-05-05 145664]
R3 RTL8187;Realtek RTL8187 Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtl8187.sys [2010-01-07 375808]
R3 Sony PC Companion;Sony PC Companion;c:\program files\Sony\Sony PC Companion\PCCService.exe [2013-02-04 155824]
R3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-03-14 1343400]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 51040]
S0 AiDriver;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiDriver.sys [2010-05-20 13224]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [2013-09-17 49240]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-08-04 19656]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2013-05-11 436792]
S1 AsUpIO;AsUpIO;c:\windows\system32\drivers\AsUpIO.sys [2010-03-31 11520]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2013-09-17 188808]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2013-09-17 134248]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [2013-09-17 37416]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [2013-09-12 1337752]
S2 Realtek87B;Realtek87B;c:\program files\Realtek\RTL8187 Wireless LAN Utility\RtlService.exe [2009-12-07 40960]
S2 WTService;WTService;c:\windows\system32\atwtusb.exe [2009-08-06 397032]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2011-08-13 72576]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x86.sys [2010-07-29 68208]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-01-22 59904]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-01-22 139648]
S3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\BatteryCare\WinRing0.sys [2008-07-26 14416]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WINRING0_1_2_0
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
.
Contents of the 'Scheduled Tasks' folder
.
2014-06-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-08 19:20]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:58]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-04 18:58]
.
2014-06-21 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3542167979-770001462-871478402-1001Core.job
- c:\users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 18:58]
.
2014-06-22 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3542167979-770001462-871478402-1001UA.job
- c:\users\VX6\AppData\Local\Google\Update\GoogleUpdate.exe [2012-05-20 18:58]
.
.
------- Supplementary Scan -------
.
uStart Page = about:blank
uInternet Settings,ProxyOverride = *.local
IE: E&xportovať do programu Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 195.34.133.21 192.168.1.1
FF - ProfilePath - c:\users\VX6\AppData\Roaming\Mozilla\Firefox\Profiles\i611erfa.default\
.
.
**************************************************************************
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 6.1.7601
.
CreateFile("\\.\PHYSICALDRIVE0"): Proces nemôže získať prístup k súboru, pretože daný súbor práve používa iný proces.
device: opened successfully
user: error reading MBR
kernel: MBR read successfully
user != kernel MBR !!!
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3542167979-770001462-871478402-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-3542167979-770001462-871478402-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3760)
c:\progra~1\ASUS\ASUSWE~1\2256~1.108\ASUSWS~1.DLL
c:\program files\WIDCOMM\Bluetooth Software\btmmhook.dll
.
Completion time: 2014-06-23 00:57:23
ComboFix-quarantined-files.txt 2014-06-22 22:57
ComboFix2.txt 2014-06-21 19:58
ComboFix3.txt 2014-06-21 16:54
.
Pre-Run: 41 911 988 224 bytes free
Post-Run: 41 847 304 192 bytes free
.
- - End Of File - - 174E28E889A12EEF5B2E21764E715E48
A36C5E4F47E84449FF07ED3517B43A31

[gold611]

neviem na kolko ma na to vplyv vcerajsi run combofixu ale po restarte mi pribudol vo win user "zgpfonadz" wtf?

[Roli]

neviem na kolko ma na to vplyv vcerajsi run combofixu ale po restarte mi pribudol vo win user "zgpfonadz" wtf?

No to by se dít nemělo, tak ho raději smázni.


Přes Start >> Spustit zkopíruj do okna:

ComboFix /Uninstall

a stiskni Enter

To odinstaluje ComboFix a smaže s ním související soubory a složky.


Použij T-Cleaner, který smaže případné zbytky po aplikacích které jsme použili.

Jen před jeho stažením a při použití stopni antivir, protože ho muže detekovat jako vir ale není tomu tak.


Spusť skener Cure It podle TOHOTO návodu

po skončení skenu chci sem výsledky.

(Upozornění je úchylně pomalý a je zapotřebí ho sledovat občas se na něco ptá)

[gold611]

user zgpfonadz som vymazal, po par restartoch to aj vydrzalo. ale pri predoslom spusteni trvalo par minut kym sa spustil eset smart security, ze nebezi ma upozornil uz aj sam win. po dalsom restarte som uz mal usera zgpfonadz spat, opat som ho vymazal tak uvidime ci to vydrzi.

nechal som zbehnut CURE IT, ale uz mi stiahlo nejaku novsiu verziu kde som si nevedel vybrat kompletny scan, iba custom kde som zaskrtol vsetky moznosti kde ma skenovat. sken ale trval len pol hodinku. povodne som sem chcel hodit log po castiach ale aj tak je priliz dlhy preto som ho hodil na dropbox: https://www.dropbox.com/s/zspllnz69og2z3p/cureit.log

[Roli]

pri predoslom spusteni trvalo par minut kym sa spustil eset smart security, ze nebezi ma upozornil uz aj sam win. po dalsom restarte som uz mal usera zgpfonadz spat

Zkus tam ještě pustit Kaspersky Scan

[gold611]

podarilo sa mi zistit co stoji za userom zgpfonadz, neviem ako k tomu doslo ale je to nejaky bug v eset anti theft. v nastaveniach sa mi zmenil nazov fantomoveho uctu, tym padom mi zostal moj klasicky admin ucet, prvy fantomovy a potom sa zacal vytvarat tento novy. ale aj tak nechapem ako k tomu doslo v nastaveniach esetu. ale vysvetluje to preco pri zadani toho nazvu ani google nic nenasiel.

log z nocneho scanu od kaspersky:

--------

Detailed report
Problems found

Scanning date: 06/25/2014 05:21 AM
Database update date: 06/24/2014 08:40 PM
Product version: 12.0.1.340

Computer protection (1)
Anti-virus is disabled.

Malware (0)

Vulnerabilities (2)
C:\Program Files\Java\jre7\bin\java.exe
C:\Program Files\Opera\opera.exe

Other issues (13)
"Autorun from hard drives is allowed"
"Autorun from network drives is enabled"
"CD/DVD autorun is enabled"
"Removable media autorun is enabled"
"Windows Explorer - show extensions of known file types"
"Microsoft Internet Explorer: clear history of typed URLs"
"Microsoft Internet Explorer - disable caching data received via protected channel"
"Microsoft Internet Explorer: disable sending error reports"
"Microsoft Internet Explorer: delete cookies"
"Microsoft Internet Explorer: clear list of pop-up blocker exceptions"
"Microsoft Internet Explorer: enable cache autocleanup on browser closing"
"Windows Explorer: display of known file types extensions is disabled"
"Microsoft Internet Explorer: start page reset"

[Roli]

podarilo sa mi zistit co stoji za userom zgpfonadz, neviem ako k tomu doslo ale je to nejaky bug v eset anti theft. v nastaveniach sa mi zmenil nazov fantomoveho uctu, tym padom mi zostal moj klasicky admin ucet, prvy fantomovy a potom sa zacal vytvarat tento novy. ale aj tak nechapem ako k tomu doslo v nastaveniach esetu.

Aha tak to by mě nenapadlo, zkusil bych kontaktovat jejich podporu ať poradí jak se toho zbavit.

Jinak šmejdi tam již nejsou žádní.

[gold611]

no uvidim co bude ten teraz ten antitheft robit, spat som ho nastavil na hodnoty ako som ho mal predtym, keby to zasa blbne tak to budem s esetom riesit. kazdopadne stale mam pocit ze tento system zaziva postupny downgrade. dokonca co som si nedavno kupil hru flatout2 ze zaspominam na stare casy tak uz aj tam kleslo FPS na nehratelne hodnoty a to este pred tyzdnom to slo uplne v poriadku

kazdopadne dakujem za rady a za vynalozeny cas

[Roli]

kazdopadne stale mam pocit ze tento system zaziva postupny downgrade. dokonca co som si nedavno kupil hru flatout2 ze zaspominam na stare casy tak uz aj tam kleslo FPS na nehratelne hodnoty a to este pred tyzdnom to slo uplne v poriadku

Aktualizoval bych ovladače grafiky a pokud by to nezabralo můžeme v rámci možností testnout hardware, co Ty na to ?

[gold611]

keby sa dal hw testnut to by bolo uplne super. idem pozriet aktualizacie na ovladace, urcite aj windows update zasa bude mat nieco pre mna

[Roli]

Stáhni HD Tune a otestuj HDD.

Benchmark - Test disku Klikni na tlačítko Start a vyčkej dokud se nezaplní celý graf. Poté se dozvíš přenosovou rychlost a přístupový čas pevného disku.

Info Přesná kapacita, souborový systém, podporované funkce, verze firmware, sériové číslo a typ zapojení disků.

Health - Kondice Seznam důležitých parametrů a jejich hodnoty. Ideální je mít všude OK.

Když je nějaká položka žlutá pravděpodobně brzy změní status na failed. Když je červená má status failed, to by znamenalo výměnu disku.

Error Scan - Hledání chyb Klikni na tlačítko Start a program prozkoumá disk zda na něm nejsou vadné bloky.

Pokud na konci testu jsou všechny zelené, je vše v pořádku. Když je byť jeden z nich červený, doporučuji zazálohovat data a počítat s výměnou disku.

Teplota Teploměr nahoře a číslo vedle něj znázorňují teplotu disku. Normální hodnota je pod 50°C. Teplota ale nesmí přesáhnout 60°C, program upozorní když dosáhne hranice 55°C.


Stáhni MEMTEST

soubor rozbal a spusť exe soubor.

Připoj flashdisk pozor vše co na něm je bude smazáno !,

v okénku Select your USB Flash Drive vyber tento disk a dej Create.

Během chvilky se Memtest nainstaluje.

Flashdisk nech v USB, restartuj PC a nabootuj z něj.

Před tím samozřemě musíš v Bios Setup do kterého se dostaneš při restartu mačkáním klávesy :

* DEL
* F2
* F1
* F10

záleží na PC, ale vždy je to na monitoru napsáno,

otevři nabídku ADVANCED BIOS FEATURES a vyhledej Boot Devices 0 až 4 nebo Boot Sequence.

Na první místo nastav Flashdisk,

na druhé pevný disk HDD, u obou položek bývá napsán i výrobce.

Stisknutím Save většinou je to F10 a potvrzením Entrem uložíš nastavení,

pak ještě stisknutím Save and Exit se dostaneš z Biosu.

Test nech projet minimálně jednou, ideálně však několikrát třeba přes noc a s každým RAM modulem zvlášť.


Pak dej vědět jak to všechno dopadlo.