Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
Firewall nejde zapnut
Moderátor: Moderátoři
Pravidla fóra
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
Firewall nejde zapnut
Ahojte,
znicoho nic po stahovani z torrentu som zistil ze mam vypnuty firewall a ked ho chcem zapnut tak vyhodi ze Brana firewall nemoze zmenit niektore nastavenia a kod chyby je 0x80070422...ksusal som cez services ho zapnut no ani tam nebol..nevie niekto niaku radu?
a virus tam nemam ziadny uz momentalne..
skusil som aj Repair.bat a nic :
sc config wuauserv start= auto
sc config bits start= auto
sc config DcomLaunch start= auto
net stop wuauserv
net start wuauserv
net stop bits
net start bits
net start DcomLaunch
znicoho nic po stahovani z torrentu som zistil ze mam vypnuty firewall a ked ho chcem zapnut tak vyhodi ze Brana firewall nemoze zmenit niektore nastavenia a kod chyby je 0x80070422...ksusal som cez services ho zapnut no ani tam nebol..nevie niekto niaku radu?
a virus tam nemam ziadny uz momentalne..
skusil som aj Repair.bat a nic :
sc config wuauserv start= auto
sc config bits start= auto
sc config DcomLaunch start= auto
net stop wuauserv
net start wuauserv
net stop bits
net start bits
net start DcomLaunch
I know HTML....(How To Meet Ladies )
Re: Firewall nejde zapnut
Vraj sa jedna asi o virus tak pridavam LOG z RSIT lebo mam aj ine problemy...tu na wx je toho viac a tam som dal log z HJT
Logfile of random's system information tool 1.09 (written by random/random)
Run by ASUS at 2012-08-29 17:37:48
Microsoft Windows 7 Ultimate
System drive C: has 71 GB (71%) free of 100 GB
Total RAM: 4061 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:51, on 29. 8. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ASUS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AMD Catalyst] C:\ProgramData\Catalyst\color.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Realtime Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9711 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-23a13d4e-3de2-4f75-b62f-f7c95cc8c4ea -SystemEventPortName:HostProcess-24c68cb6-5f7c-4f23-b0cc-7b12c41e0f5e -IoCancelEventPortName:HostProcess-8a7228e5-772e-422a-8c2e-8c18e12ccead -NonStateChangingEventPortName:HostProcess-2706c05b-d76a-4914-8434-87981a1247cf -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5fb416c2-c668-4ddb-a065-f22c30ffe9a1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "E:\Hudba\Laurent-Wolf-vs.-Johnny-Cash---Walk-The-Line-Remix.flac"
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" http://www.facebook.com/
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.0.1779010230\1847526334" /prefetch:3
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.1.1291439951\1087145016" /prefetch:3
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2676.3.191130176\579416891" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2676.4.278591561\9290456" --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-version=8.15.10.2021 --ignored=" --type=renderer " /prefetch:12
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.6.2128320373\2119063396" /prefetch:3
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.9.1350065411\1476174927" /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\ASUS\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-12-20 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-12-20 390680]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-12-20 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 116648]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-27 937360]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-12-27 21392]
"Facebook Update"=C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26 138096]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7M\ICQ.exe [2012-07-31 127040]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2008-07-18 104936]
"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2011-12-27 3508624]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"AMD Catalyst"=C:\ProgramData\Catalyst\color.exe [2012-08-28 21504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-12-14 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-08-29 17:37:48 ----D---- C:\rsit
2012-08-29 12:54:45 ----D---- C:\Program Files (x86)\UniOptimizer
2012-08-28 12:54:38 ----D---- C:\ProgramData\Catalyst
2012-08-28 12:46:42 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-08-28 12:46:34 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-08-28 12:46:12 ----D---- C:\Users\ASUS\AppData\Roaming\DAEMON Tools Lite
2012-08-28 12:46:10 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-08-26 09:15:55 ----D---- C:\Program Files (x86)\uTorrent
2012-08-26 09:15:13 ----D---- C:\Users\ASUS\AppData\Roaming\uTorrent
2012-08-23 14:12:02 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-08-19 08:37:51 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-08-19 08:37:50 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-08-19 08:37:44 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-08-19 08:37:43 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-08-19 08:37:41 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-08-19 08:37:37 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-08-19 08:37:37 ----A---- C:\Windows\system32\aswBoot.exe
2012-08-19 08:37:20 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-08-19 08:37:20 ----A---- C:\Windows\avastSS.scr
2012-08-19 08:37:07 ----D---- C:\ProgramData\AVAST Software
2012-08-19 08:37:07 ----D---- C:\Program Files\AVAST Software
2012-08-19 08:21:04 ----D---- C:\Users\ASUS\AppData\Roaming\Avira
2012-08-19 08:20:40 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-08-19 08:20:40 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-08-19 08:20:40 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-08-17 18:13:53 ----D---- C:\ProgramData\Avira
2012-08-17 18:13:53 ----D---- C:\Program Files (x86)\Avira
2012-08-12 10:33:37 ----D---- C:\Temp
2012-08-12 10:32:56 ----D---- C:\Users\ASUS\AppData\Roaming\Samsung
2012-08-12 10:31:22 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadserd.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2012-08-12 10:30:19 ----A---- C:\Windows\SYSWOW64\Redemption.dll
2012-08-12 10:30:09 ----D---- C:\Program Files (x86)\MarkAny
2012-08-12 10:30:09 ----A---- C:\Windows\SYSWOW64\dgderapi.dll
2012-08-12 10:29:45 ----D---- C:\ProgramData\Samsung
2012-08-12 10:29:45 ----D---- C:\Program Files (x86)\Samsung
2012-08-12 09:33:11 ----D---- C:\Users\ASUS\AppData\Roaming\vlc
2012-08-12 09:32:52 ----D---- C:\Program Files (x86)\VideoLAN
2012-07-31 17:57:26 ----D---- C:\Users\ASUS\AppData\Roaming\ICQ
2012-07-31 17:57:19 ----D---- C:\Program Files (x86)\ICQ7M
2012-07-30 11:35:59 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-30 11:35:58 ----D---- C:\Windows\SYSWOW64\Macromed
2012-07-30 11:35:55 ----D---- C:\Windows\system32\Macromed
======List of files/folders modified in the last 1 month======
2012-08-29 17:37:50 ----D---- C:\Program Files\trend micro
2012-08-29 17:37:49 ----D---- C:\Windows\Temp
2012-08-29 17:30:56 ----SHD---- C:\Windows\Installer
2012-08-29 12:54:45 ----RD---- C:\Program Files (x86)
2012-08-28 20:29:30 ----D---- C:\Windows\System32
2012-08-28 20:29:30 ----D---- C:\Windows\inf
2012-08-28 20:29:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-28 16:05:43 ----D---- C:\Windows
2012-08-28 14:04:30 ----D---- C:\Windows\system32\catroot
2012-08-28 12:54:38 ----HD---- C:\ProgramData
2012-08-28 12:47:01 ----D---- C:\Windows\system32\drivers
2012-08-28 12:46:59 ----D---- C:\Windows\system32\DriverStore
2012-08-28 12:46:50 ----SHD---- C:\System Volume Information
2012-08-28 12:45:48 ----RD---- C:\Program Files
2012-08-28 10:11:11 ----D---- C:\Windows\system32\catroot2
2012-08-26 18:16:08 ----D---- C:\Windows\Tasks
2012-08-26 18:16:08 ----D---- C:\Windows\system32\Tasks
2012-08-26 08:58:26 ----D---- C:\Windows\SysWOW64
2012-08-24 09:14:16 ----D---- C:\Windows\Prefetch
2012-08-23 12:38:49 ----D---- C:\Windows\system32\LogFiles
2012-08-23 09:12:27 ----D---- C:\Windows\SYSWOW64\LogFiles
2012-08-18 08:04:45 ----D---- C:\ProgramData\AVG2012
2012-08-17 18:05:38 ----D---- C:\ProgramData\MFAData
2012-08-17 18:04:54 ----HD---- C:\$AVG
2012-08-17 18:04:54 ----D---- C:\Windows\SYSWOW64\drivers
2012-08-14 13:08:13 ----D---- C:\Windows\system32\config
2012-08-12 10:30:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-12 09:50:37 ----SD---- C:\Users\ASUS\AppData\Roaming\Microsoft
2012-08-03 08:20:48 ----D---- C:\Windows\system32\wdi
2012-07-30 11:50:19 ----D---- C:\Windows\Panther
2012-07-30 11:50:19 ----D---- C:\Windows\debug
2012-07-30 11:36:07 ----D---- C:\Windows\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-08-21 54072]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-08-21 969200]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-08-21 359464]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-07-18 132832]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-08-21 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-28 283200]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-12-14 8034368]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-12-08 36328]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S4 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-07-18 98848]
S4 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [2012-05-13 22016]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [2012-04-19 9693696]
-----------------EOF-----------------
Kód: Vybrat vše
http://www.warxtreme.com/viewtopic.php?t=623448
Run by ASUS at 2012-08-29 17:37:48
Microsoft Windows 7 Ultimate
System drive C: has 71 GB (71%) free of 100 GB
Total RAM: 4061 MB (62% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:37:51, on 29. 8. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16385)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\VideoLAN\VLC\vlc.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\ASUS.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CLMLServer] "C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
O4 - HKLM\..\Run: [P2Go_Menu] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0"
O4 - HKLM\..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [AMD Catalyst] C:\ProgramData\Catalyst\color.exe
O4 - HKCU\..\Run: [Google Update] "C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s
O4 - HKCU\..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&oslať do programu OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe
O9 - Extra button: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: &Prepojené poznámky programu OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (file missing)
O23 - Service: Avira Realtime Protection (AntiVirService) - Unknown owner - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (file missing)
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: wampapache - Apache Software Foundation - c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe
O23 - Service: wampmysqld - Unknown owner - c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 9711 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"taskhost.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Windows\System32\igfxtray.exe"
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
C:\Windows\system32\igfxsrvc.exe -Embedding
"C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" -hidden
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe"
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-23a13d4e-3de2-4f75-b62f-f7c95cc8c4ea -SystemEventPortName:HostProcess-24c68cb6-5f7c-4f23-b0cc-7b12c41e0f5e -IoCancelEventPortName:HostProcess-8a7228e5-772e-422a-8c2e-8c18e12ccead -NonStateChangingEventPortName:HostProcess-2706c05b-d76a-4914-8434-87981a1247cf -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:5fb416c2-c668-4ddb-a065-f22c30ffe9a1
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\msiexec.exe /V
"C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file "E:\Hudba\Laurent-Wolf-vs.-Johnny-Cash---Walk-The-Line-Remix.flac"
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" http://www.facebook.com/
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.0.1779010230\1847526334" /prefetch:3
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --extension-process --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.1.1291439951\1087145016" /prefetch:3
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="2676.3.191130176\579416891" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="2676.4.278591561\9290456" --gpu-vendor-id=0x8086 --gpu-device-id=0x2a42 --gpu-driver-version=8.15.10.2021 --ignored=" --type=renderer " /prefetch:12
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.6.2128320373\2119063396" /prefetch:3
"C:\Users\ASUS\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/1/Prerender/ContentPrefetchPrerender2/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_25/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_11/UMA-Uniformity-Trial-50-Percent/group_01/WarmSocketImpact/last_accessed_socket/ --renderer-print-preview --disable-accelerated-2d-canvas --channel="2676.9.1350065411\1476174927" /prefetch:3
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
"C:\Users\ASUS\Downloads\RSITx64.exe"
======Scheduled tasks folder======
C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-410267264-3798748311-3344924693-1000UA.job
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-02-28 688528]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2010-09-22 75200]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-02-28 561552]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-08-21 1501776]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-08-21 1227224]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-12-20 166424]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2009-12-20 390680]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-12-20 410136]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Google Update"=C:\Users\ASUS\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-22 116648]
"LightScribe Control Panel"=C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2008-06-09 2363392]
"KiesHelper"=C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe [2011-12-27 937360]
"KiesPDLR"=C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe [2011-12-27 21392]
"Facebook Update"=C:\Users\ASUS\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-08-26 138096]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2012-01-24 3478336]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
C:\Program Files (x86)\ICQ7M\ICQ.exe [2012-07-31 127040]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"=C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [2010-03-13 91520]
"Adobe Reader Speed Launcher"=C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe [2010-09-23 35760]
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2010-09-20 932288]
"CLMLServer"=C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe [2008-07-18 104936]
"P2Go_Menu"=C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe [2008-06-13 210216]
"KiesTrayAgent"=C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [2011-12-27 3508624]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-08-21 4282728]
"AMD Catalyst"=C:\ProgramData\Catalyst\color.exe [2012-08-28 21504]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-12-14 268800]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL [2010-03-25 6722448]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2010-03-25 4222864]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2012-08-29 17:37:48 ----D---- C:\rsit
2012-08-29 12:54:45 ----D---- C:\Program Files (x86)\UniOptimizer
2012-08-28 12:54:38 ----D---- C:\ProgramData\Catalyst
2012-08-28 12:46:42 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-08-28 12:46:34 ----D---- C:\Program Files (x86)\DAEMON Tools Lite
2012-08-28 12:46:12 ----D---- C:\Users\ASUS\AppData\Roaming\DAEMON Tools Lite
2012-08-28 12:46:10 ----D---- C:\ProgramData\DAEMON Tools Lite
2012-08-26 09:15:55 ----D---- C:\Program Files (x86)\uTorrent
2012-08-26 09:15:13 ----D---- C:\Users\ASUS\AppData\Roaming\uTorrent
2012-08-23 14:12:02 ----A---- C:\Windows\system32\FNTCACHE.DAT
2012-08-19 08:37:51 ----A---- C:\Windows\system32\drivers\aswFsBlk.sys
2012-08-19 08:37:50 ----A---- C:\Windows\system32\drivers\aswSP.sys
2012-08-19 08:37:44 ----A---- C:\Windows\system32\drivers\aswRdr2.sys
2012-08-19 08:37:43 ----A---- C:\Windows\system32\drivers\aswTdi.sys
2012-08-19 08:37:41 ----A---- C:\Windows\system32\drivers\aswSnx.sys
2012-08-19 08:37:37 ----A---- C:\Windows\system32\drivers\aswMonFlt.sys
2012-08-19 08:37:37 ----A---- C:\Windows\system32\aswBoot.exe
2012-08-19 08:37:20 ----A---- C:\Windows\SYSWOW64\aswBoot.exe
2012-08-19 08:37:20 ----A---- C:\Windows\avastSS.scr
2012-08-19 08:37:07 ----D---- C:\ProgramData\AVAST Software
2012-08-19 08:37:07 ----D---- C:\Program Files\AVAST Software
2012-08-19 08:21:04 ----D---- C:\Users\ASUS\AppData\Roaming\Avira
2012-08-19 08:20:40 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2012-08-19 08:20:40 ----A---- C:\Windows\system32\drivers\avipbb.sys
2012-08-19 08:20:40 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2012-08-17 18:13:53 ----D---- C:\ProgramData\Avira
2012-08-17 18:13:53 ----D---- C:\Program Files (x86)\Avira
2012-08-12 10:33:37 ----D---- C:\Temp
2012-08-12 10:32:56 ----D---- C:\Users\ASUS\AppData\Roaming\Samsung
2012-08-12 10:31:22 ----A---- C:\Windows\system32\WdfCoInstaller01005.dll
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\WdfCoInstaller01005.dll
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadwhnt.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadwh.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadserd.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadmdm.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadmdfl.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadcmnt.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadcm.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadbus.sys
2012-08-12 10:31:22 ----A---- C:\Windows\system32\drivers\ssadadb.sys
2012-08-12 10:30:19 ----A---- C:\Windows\SYSWOW64\Redemption.dll
2012-08-12 10:30:09 ----D---- C:\Program Files (x86)\MarkAny
2012-08-12 10:30:09 ----A---- C:\Windows\SYSWOW64\dgderapi.dll
2012-08-12 10:29:45 ----D---- C:\ProgramData\Samsung
2012-08-12 10:29:45 ----D---- C:\Program Files (x86)\Samsung
2012-08-12 09:33:11 ----D---- C:\Users\ASUS\AppData\Roaming\vlc
2012-08-12 09:32:52 ----D---- C:\Program Files (x86)\VideoLAN
2012-07-31 17:57:26 ----D---- C:\Users\ASUS\AppData\Roaming\ICQ
2012-07-31 17:57:19 ----D---- C:\Program Files (x86)\ICQ7M
2012-07-30 11:35:59 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-07-30 11:35:58 ----D---- C:\Windows\SYSWOW64\Macromed
2012-07-30 11:35:55 ----D---- C:\Windows\system32\Macromed
======List of files/folders modified in the last 1 month======
2012-08-29 17:37:50 ----D---- C:\Program Files\trend micro
2012-08-29 17:37:49 ----D---- C:\Windows\Temp
2012-08-29 17:30:56 ----SHD---- C:\Windows\Installer
2012-08-29 12:54:45 ----RD---- C:\Program Files (x86)
2012-08-28 20:29:30 ----D---- C:\Windows\System32
2012-08-28 20:29:30 ----D---- C:\Windows\inf
2012-08-28 20:29:30 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-28 16:05:43 ----D---- C:\Windows
2012-08-28 14:04:30 ----D---- C:\Windows\system32\catroot
2012-08-28 12:54:38 ----HD---- C:\ProgramData
2012-08-28 12:47:01 ----D---- C:\Windows\system32\drivers
2012-08-28 12:46:59 ----D---- C:\Windows\system32\DriverStore
2012-08-28 12:46:50 ----SHD---- C:\System Volume Information
2012-08-28 12:45:48 ----RD---- C:\Program Files
2012-08-28 10:11:11 ----D---- C:\Windows\system32\catroot2
2012-08-26 18:16:08 ----D---- C:\Windows\Tasks
2012-08-26 18:16:08 ----D---- C:\Windows\system32\Tasks
2012-08-26 08:58:26 ----D---- C:\Windows\SysWOW64
2012-08-24 09:14:16 ----D---- C:\Windows\Prefetch
2012-08-23 12:38:49 ----D---- C:\Windows\system32\LogFiles
2012-08-23 09:12:27 ----D---- C:\Windows\SYSWOW64\LogFiles
2012-08-18 08:04:45 ----D---- C:\ProgramData\AVG2012
2012-08-17 18:05:38 ----D---- C:\ProgramData\MFAData
2012-08-17 18:04:54 ----HD---- C:\$AVG
2012-08-17 18:04:54 ----D---- C:\Windows\SYSWOW64\drivers
2012-08-14 13:08:13 ----D---- C:\Windows\system32\config
2012-08-12 10:30:06 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-12 09:50:37 ----SD---- C:\Users\ASUS\AppData\Roaming\Microsoft
2012-08-03 08:20:48 ----D---- C:\Windows\system32\wdi
2012-07-30 11:50:19 ----D---- C:\Windows\Panther
2012-07-30 11:50:19 ----D---- C:\Windows\debug
2012-07-30 11:36:07 ----D---- C:\Windows\Downloaded Program Files
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R1 aswRdr;aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [2012-08-21 54072]
R1 aswSnx;aswSnx; C:\Windows\system32\drivers\aswSnx.sys [2012-08-21 969200]
R1 aswSP;aswSP; C:\Windows\system32\drivers\aswSP.sys [2012-08-21 359464]
R1 aswTdi;avast! Network Shield Support; C:\Windows\system32\drivers\aswTdi.sys [2012-08-21 59728]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2012-07-18 132832]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 514048]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 aswFsBlk;aswFsBlk; C:\Windows\system32\drivers\aswFsBlk.sys [2012-08-21 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\Windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-06-20 1394688]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-28 283200]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2009-12-14 8034368]
R3 L1E;NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20); C:\Windows\system32\DRIVERS\L1E62x64.sys [2009-06-20 54272]
S3 androidusb;SAMSUNG Android Composite ADB Interface Driver; C:\Windows\System32\Drivers\ssadadb.sys [2011-12-08 36328]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 165376]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 6656]
S3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM); C:\Windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
S3 ssadmdfl;SAMSUNG Android USB Modem (Filter); C:\Windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
S3 ssadmdm;SAMSUNG Android USB Modem Drivers; C:\Windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
S3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM); C:\Windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 34896]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 200272]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 21760]
S4 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2012-07-18 98848]
S4 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-08-21 44808]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2008-06-09 73728]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe []
S2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe []
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 wampapache;wampapache; c:\wamp\bin\apache\apache2.2.22\bin\httpd.exe [2012-05-13 22016]
S3 wampmysqld;wampmysqld; c:\wamp\bin\mysql\mysql5.5.24\bin\mysqld.exe [2012-04-19 9693696]
-----------------EOF-----------------
I know HTML....(How To Meet Ladies )
Re: Firewall nejde zapnut
Zdravím
Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Stahněte MBAM http://www.viry.cz/forum/viewtopic.php?f=29&t=115222
-Nainstalujte,dejte úplný sken
NIC NEMAZAT
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Firewall nejde zapnut
Ahoj...dal som kontrolu len tych diskov ktore mam v pc, teda C a E a este mam 200gb na D ale ten mam ako operacnu pamet2:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Verzia databázy: v2012.08.31.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ASUS :: ASUS-PC [administrátor]
31. 8. 2012 8:51:05
mbam-log-2012-08-31 (09-18-00).txt
Typ kontroly: Úplná kontrola (C:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 283418
Uplynutý čas: 26 min, 25 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 1
C:\Users\ASUS\Downloads\KolaveriFBchat2_Chrome.exe (Adware.Onlinegames) -> Žiadna úloha nevykonaná.
(koniec)
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org
Verzia databázy: v2012.08.31.04
Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
ASUS :: ASUS-PC [administrátor]
31. 8. 2012 8:51:05
mbam-log-2012-08-31 (09-18-00).txt
Typ kontroly: Úplná kontrola (C:\|E:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 283418
Uplynutý čas: 26 min, 25 sek
Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)
Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)
Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)
Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)
Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)
Detegované priečinky: 0
(Škodlivé položky neboli zistené)
Detegované súbory: 1
C:\Users\ASUS\Downloads\KolaveriFBchat2_Chrome.exe (Adware.Onlinegames) -> Žiadna úloha nevykonaná.
(koniec)
I know HTML....(How To Meet Ladies )
Re: Firewall nejde zapnut
Smažte nález mbamu.
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Spusťte combofix podle tohoto návodu
http://www.bleepingcomputer.com/combofi ... t-combofix
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Firewall nejde zapnut
teraz mi pravdepodobne poviete nech odinstalujem combofix ...no dobre tak co dalej??
btw zaujimalo by ma preco tento proces bezi ked som tu aviru odinstaloval, vymazal registre atd..
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
btw zaujimalo by ma preco tento proces bezi ked som tu aviru odinstaloval, vymazal registre atd..
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
I know HTML....(How To Meet Ladies )
Re: Firewall nejde zapnut
Nepovím, teď bych ptořebovala vidět log z combofixu
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Firewall nejde zapnut
ja som to vedel tu je:
ComboFix 12-08-30.05 - ASUS . 08. 2012 16:34:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4061.2704 [GMT 2:00]
Running from: c:\users\ASUS\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Catalyst
c:\programdata\Catalyst\1.bat
c:\programdata\Catalyst\color.exe
c:\programdata\Catalyst\mnr.exe
c:\programdata\Catalyst\start.reg
c:\programdata\Catalyst\stop.bat
c:\programdata\Catalyst\upd.exe
c:\programdata\Catalyst\upd1.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 06:50 . 2012-08-31 06:50 -------- d-----w- c:\users\ASUS\AppData\Roaming\Malwarebytes
2012-08-31 06:50 . 2012-08-31 06:50 -------- d-----w- c:\programdata\Malwarebytes
2012-08-31 06:50 . 2012-08-31 06:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-31 06:50 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 06:25 . 2012-08-30 06:25 -------- d-----w- c:\users\ASUS\AppData\Local\Diagnostics
2012-08-29 18:56 . 2012-08-29 18:56 -------- d-----w- C:\_OTM
2012-08-29 15:37 . 2012-08-29 15:37 -------- d-----w- C:\rsit
2012-08-29 10:54 . 2012-08-29 10:54 -------- d-----w- c:\program files (x86)\UniOptimizer
2012-08-28 10:46 . 2012-08-28 10:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-28 10:46 . 2012-08-28 10:46 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-08-28 10:46 . 2012-08-28 10:48 -------- d-----w- c:\users\ASUS\AppData\Roaming\DAEMON Tools Lite
2012-08-28 10:46 . 2012-08-28 10:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-08-26 07:15 . 2012-08-26 07:15 -------- d-----w- c:\program files (x86)\uTorrent
2012-08-26 07:15 . 2012-08-28 12:04 -------- d-----w- c:\users\ASUS\AppData\Roaming\uTorrent
2012-08-19 06:37 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-19 06:37 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-19 06:37 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-19 06:37 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-19 06:37 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-19 06:37 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-19 06:37 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-19 06:37 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-19 06:37 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-19 06:37 . 2012-08-19 06:37 -------- d-----w- c:\programdata\AVAST Software
2012-08-19 06:37 . 2012-08-19 06:37 -------- d-----w- c:\program files\AVAST Software
2012-08-19 06:34 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70AE2AA3-20E0-46F6-B6BB-07AEE6B1D41C}\mpengine.dll
2012-08-19 06:21 . 2012-08-19 06:21 -------- d-----w- c:\users\ASUS\AppData\Roaming\Avira
2012-08-19 06:20 . 2012-07-18 16:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-19 06:20 . 2012-07-18 16:05 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-19 06:20 . 2012-07-18 16:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-12 08:33 . 2012-08-12 08:33 -------- d-----w- C:\Temp
2012-08-12 08:33 . 2012-08-12 08:33 -------- d-----w- c:\users\ASUS\AppData\Local\Samsung
2012-08-12 08:32 . 2012-08-12 08:32 -------- d-----w- c:\users\ASUS\AppData\Roaming\Samsung
2012-08-12 08:31 . 2011-12-08 04:22 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-08-12 08:31 . 2011-12-08 04:22 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-08-12 08:31 . 2011-12-08 04:22 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-08-12 08:31 . 2011-12-08 04:22 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-08-12 08:31 . 2011-12-08 04:22 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-08-12 08:31 . 2011-12-08 04:22 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-08-12 08:31 . 2011-12-08 04:22 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-08-12 08:31 . 2011-12-08 04:22 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-08-12 08:31 . 2011-12-08 04:22 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-08-12 08:31 . 2011-12-08 04:22 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-08-12 08:31 . 2011-12-08 04:22 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-08-12 08:30 . 2011-12-23 18:58 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-12 08:30 . 2012-08-12 08:30 -------- d-----w- c:\program files (x86)\MarkAny
2012-08-12 08:30 . 2011-12-23 18:58 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-12 08:29 . 2012-08-12 08:30 -------- d-----w- c:\program files (x86)\Samsung
2012-08-12 08:29 . 2012-08-12 08:30 -------- d-----w- c:\programdata\Samsung
2012-08-12 08:28 . 2012-08-12 08:28 -------- d-----w- c:\users\ASUS\AppData\Local\Downloaded Installations
2012-08-12 07:53 . 2012-08-12 07:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-08-12 07:53 . 2012-08-12 07:53 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-12 07:33 . 2012-08-31 14:31 -------- d-----w- c:\users\ASUS\AppData\Roaming\vlc
2012-08-12 07:32 . 2012-08-12 07:32 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:51 . 2012-07-30 09:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 10:51 . 2012-07-30 09:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-28 283200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 10:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 410136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-AMD Catalyst - c:\programdata\Catalyst\color.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-08-31 16:58:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 14:58
.
Pre-Run: 74 789 097 472 bytes free
Post-Run: 74 394 308 608 bytes free
.
- - End Of File - - 4CF785C6B50332662B6EEBC94524D138
ta avira ma uz fakt hneva kukni tam je ako running service
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
ComboFix 12-08-30.05 - ASUS . 08. 2012 16:34:26.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.4061.2704 [GMT 2:00]
Running from: c:\users\ASUS\Downloads\ComboFix.exe
AV: avast! Antivirus *Enabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Enabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Catalyst
c:\programdata\Catalyst\1.bat
c:\programdata\Catalyst\color.exe
c:\programdata\Catalyst\mnr.exe
c:\programdata\Catalyst\start.reg
c:\programdata\Catalyst\stop.bat
c:\programdata\Catalyst\upd.exe
c:\programdata\Catalyst\upd1.exe
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-28 to 2012-08-31 )))))))))))))))))))))))))))))))
.
.
2012-08-31 06:50 . 2012-08-31 06:50 -------- d-----w- c:\users\ASUS\AppData\Roaming\Malwarebytes
2012-08-31 06:50 . 2012-08-31 06:50 -------- d-----w- c:\programdata\Malwarebytes
2012-08-31 06:50 . 2012-08-31 06:50 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-31 06:50 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-30 06:25 . 2012-08-30 06:25 -------- d-----w- c:\users\ASUS\AppData\Local\Diagnostics
2012-08-29 18:56 . 2012-08-29 18:56 -------- d-----w- C:\_OTM
2012-08-29 15:37 . 2012-08-29 15:37 -------- d-----w- C:\rsit
2012-08-29 10:54 . 2012-08-29 10:54 -------- d-----w- c:\program files (x86)\UniOptimizer
2012-08-28 10:46 . 2012-08-28 10:46 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-28 10:46 . 2012-08-28 10:46 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2012-08-28 10:46 . 2012-08-28 10:48 -------- d-----w- c:\users\ASUS\AppData\Roaming\DAEMON Tools Lite
2012-08-28 10:46 . 2012-08-28 10:46 -------- d-----w- c:\programdata\DAEMON Tools Lite
2012-08-26 07:15 . 2012-08-26 07:15 -------- d-----w- c:\program files (x86)\uTorrent
2012-08-26 07:15 . 2012-08-28 12:04 -------- d-----w- c:\users\ASUS\AppData\Roaming\uTorrent
2012-08-19 06:37 . 2012-08-21 09:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-08-19 06:37 . 2012-08-21 09:13 359464 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-08-19 06:37 . 2012-08-21 09:13 54072 ----a-w- c:\windows\system32\drivers\aswRdr2.sys
2012-08-19 06:37 . 2012-08-21 09:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-08-19 06:37 . 2012-08-21 09:13 969200 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-08-19 06:37 . 2012-08-21 09:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-08-19 06:37 . 2012-08-21 09:12 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-08-19 06:37 . 2012-08-21 09:12 41224 ----a-w- c:\windows\avastSS.scr
2012-08-19 06:37 . 2012-08-21 09:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-08-19 06:37 . 2012-08-19 06:37 -------- d-----w- c:\programdata\AVAST Software
2012-08-19 06:37 . 2012-08-19 06:37 -------- d-----w- c:\program files\AVAST Software
2012-08-19 06:34 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{70AE2AA3-20E0-46F6-B6BB-07AEE6B1D41C}\mpengine.dll
2012-08-19 06:21 . 2012-08-19 06:21 -------- d-----w- c:\users\ASUS\AppData\Roaming\Avira
2012-08-19 06:20 . 2012-07-18 16:05 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-08-19 06:20 . 2012-07-18 16:05 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-08-19 06:20 . 2012-07-18 16:05 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-08-12 08:33 . 2012-08-12 08:33 -------- d-----w- C:\Temp
2012-08-12 08:33 . 2012-08-12 08:33 -------- d-----w- c:\users\ASUS\AppData\Local\Samsung
2012-08-12 08:32 . 2012-08-12 08:32 -------- d-----w- c:\users\ASUS\AppData\Roaming\Samsung
2012-08-12 08:31 . 2011-12-08 04:22 36328 ----a-w- c:\windows\system32\drivers\ssadadb.sys
2012-08-12 08:31 . 2011-12-08 04:22 1917416 ----a-w- c:\windows\system32\WdfCoInstaller01005.dll
2012-08-12 08:31 . 2011-12-08 04:22 1917416 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01005.dll
2012-08-12 08:31 . 2011-12-08 04:22 177640 ----a-w- c:\windows\system32\drivers\ssadmdm.sys
2012-08-12 08:31 . 2011-12-08 04:22 16872 ----a-w- c:\windows\system32\drivers\ssadmdfl.sys
2012-08-12 08:31 . 2011-12-08 04:22 157672 ----a-w- c:\windows\system32\drivers\ssadbus.sys
2012-08-12 08:31 . 2011-12-08 04:22 146920 ----a-w- c:\windows\system32\drivers\ssadserd.sys
2012-08-12 08:31 . 2011-12-08 04:22 13800 ----a-w- c:\windows\system32\drivers\ssadwhnt.sys
2012-08-12 08:31 . 2011-12-08 04:22 13800 ----a-w- c:\windows\system32\drivers\ssadwh.sys
2012-08-12 08:31 . 2011-12-08 04:22 13288 ----a-w- c:\windows\system32\drivers\ssadcmnt.sys
2012-08-12 08:31 . 2011-12-08 04:22 13288 ----a-w- c:\windows\system32\drivers\ssadcm.sys
2012-08-12 08:30 . 2011-12-23 18:58 4659712 ----a-w- c:\windows\SysWow64\Redemption.dll
2012-08-12 08:30 . 2012-08-12 08:30 -------- d-----w- c:\program files (x86)\MarkAny
2012-08-12 08:30 . 2011-12-23 18:58 821824 ----a-w- c:\windows\SysWow64\dgderapi.dll
2012-08-12 08:29 . 2012-08-12 08:30 -------- d-----w- c:\program files (x86)\Samsung
2012-08-12 08:29 . 2012-08-12 08:30 -------- d-----w- c:\programdata\Samsung
2012-08-12 08:28 . 2012-08-12 08:28 -------- d-----w- c:\users\ASUS\AppData\Local\Downloaded Installations
2012-08-12 07:53 . 2012-08-12 07:53 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-08-12 07:53 . 2012-08-12 07:53 458064 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-08-12 07:33 . 2012-08-31 14:31 -------- d-----w- c:\users\ASUS\AppData\Roaming\vlc
2012-08-12 07:32 . 2012-08-12 07:32 -------- d-----w- c:\program files (x86)\VideoLAN
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-15 10:51 . 2012-07-30 09:35 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-15 10:51 . 2012-07-30 09:35 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-06-09 2363392]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2011-12-27 937360]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2011-12-27 21392]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-01-24 3478336]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-09-23 35760]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-20 932288]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2008-07-18 104936]
"P2Go_Menu"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-13 210216]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2011-12-27 3508624]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-08-21 4282728]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-15 250056]
R3 androidusb;SAMSUNG Android Composite ADB Interface Driver;c:\windows\system32\Drivers\ssadadb.sys [2011-12-08 36328]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-24 116648]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2010-03-25 30969208]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [2011-12-08 157672]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [2011-12-08 16872]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [2011-12-08 177640]
R3 ssadserd;SAMSUNG Android USB Diagnostic Serial Port (WDM);c:\windows\system32\DRIVERS\ssadserd.sys [2011-12-08 146920]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-08-21 71600]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-28 283200]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2008-06-09 08:14 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-31 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-30 10:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-08-21 09:11 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-12-20 166424]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-12-20 390680]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-12-20 410136]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&oslať do programu OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.1.1
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-AMD Catalyst - c:\programdata\Catalyst\color.exe
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_271_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_271.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
.
**************************************************************************
.
Completion time: 2012-08-31 16:58:18 - machine was rebooted
ComboFix-quarantined-files.txt 2012-08-31 14:58
.
Pre-Run: 74 789 097 472 bytes free
Post-Run: 74 394 308 608 bytes free
.
- - End Of File - - 4CF785C6B50332662B6EEBC94524D138
ta avira ma uz fakt hneva kukni tam je ako running service
R2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [x]
I know HTML....(How To Meet Ladies )
Re: Firewall nejde zapnut
Zbytky po Aviře večer smáznu. Ted to vypadá s pc jak?
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Firewall nejde zapnut
fajne celkom...a co mi vtedy robilo pri starte ze rundll.exe daka chyba s openGL tak to uz nevyhadzuje...a inak je v dobrom stave
tak tu aviru vecer?
tak tu aviru vecer?
I know HTML....(How To Meet Ladies )
Re: Firewall nejde zapnut
Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka
Kód: Vybrat vše
Driver::
AntiVirSchedulerService
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:
-po aplikaci na Vás vypadne další log,vložte ho sem
Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Re: Firewall nejde zapnut
Dobrý den,
pro neaktivitu je toto téma uzamknuto.
Pokud ho budete chtít odemknout, kontaktujte mě na email nebo některého z mých kolegů.
Děkujeme za pochopení
pro neaktivitu je toto téma uzamknuto.
Pokud ho budete chtít odemknout, kontaktujte mě na email nebo některého z mých kolegů.
Děkujeme za pochopení
Nepoužívejte COMBOFIX bez doporučení rádce, může dojít k poškození systému!
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.
Vždy před odvirováním počítače zazálohujte důležitá data
Chcete podpořit naše forum? Informace zde
K zastižení jsem spíše v noci, mezi 21.-23. hodinou
Pokud máte nějaké dotazy, můžete mi napsat na email Motji(zavináč)forum.viry.cz.