Nejde smazat trojan

Zpráva

eboy666 · #1 Příspěvek od **eboy666** » 20 čer 2012 22:56

Ahoj,Eset Smart Security 5 mi detekoval Win64\Patched.B.Gen (screen prikladam).Kdyz dam vymazat,vypise mi chyba pri mazani.Za chvili zase vyskoci upozorneni o infiltraci,zase dam smazat a opet to nejde....a stale dokola.Poradi nekdo jak se zbavit toho trojana?Diky

#2 Příspěvek od **vyosek** » 20 čer 2012 22:58

Zdravim, pekny pozdni vecer preji a vitam vas u nas na foru

Jelikoz nevime o Vasem PC nic a z kristalove koule se spatne vesti, navic je noc a v Brne neni nic videt

Ale dosti legracek, kouknem na to

Dejte log z RSIT dle tohoto navodu http://forum.viry.cz/viewtopic.php?f=13&t=105895

eboy666 · #3 Příspěvek od **eboy666** » 21 čer 2012 18:00

Dekuji za vrele privitani

zde je tedy log,prosim o kontrolu.dekuji

Logfile of random's system information tool 1.09 (written by random/random)
Run by Mato at 2012-06-21 18:33:38
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 101 GB (51%) free of 200 GB
Total RAM: 3951 MB (29% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:33:46, on 21.6.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16446)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\TRANSLAT\WDICT32.EXE
C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
D:\Program files portable\ArsClipv401\ArsClip.exe
C:\Program Files (x86)\Translate Client\translateclient.exe
C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe
C:\Users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe
D:\Program files portable\PNotesPortable\App\PNotes\PNotes.exe
C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe
C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
D:\Program files portable\ThunderbirdPortable\ThunderbirdPortable.exe
D:\Program files portable\ThunderbirdPortable\App\thunderbird\thunderbird.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe
C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe
C:\Program Files\trend micro\Mato.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: (no name) - {00A6FAF6-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
F2 - REG:system.ini: UserInit=userinit.exe
O1 - Hosts: 60.12.193.37 auto.search.msn.com
O1 - Hosts: 60.12.193.37 auto.search.msn.es
O1 - Hosts: 60.12.193.37 ie.search.msn.com
O2 - BHO: MyWebSearch Search Assistant BHO - {00A6FAF1-072E-44cf-8957-5838F569A31D} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
O2 - BHO: mwsBar BHO - {07B18EA1-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\ProgramData\LangSoft\WebIE.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: My Web Search - {07B18EA9-A523-4961-B6BB-170DE4475CCA} - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\ProgramData\LangSoft\WebIE.dll
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [IMSS] "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe"
O4 - HKLM\..\Run: [CloneCDTray] "C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
O4 - HKLM\..\Run: [AdobeCS5.5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [UnlockerAssistant] "D:\Software\unlocker1.8.8-portable\UnlockerAssistant.exe"
O4 - HKCU\..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe /c
O4 - HKCU\..\Run: [MyWebSearch Email Plugin] C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe
O4 - HKCU\..\Run: [WDICT32] C:\TRANSLAT\WDICT32.EXE /l
O4 - HKCU\..\Run: [OfficeSyncProcess] "C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Global Startup: ArsClip.lnk = D:\Program files portable\ArsClipv401\ArsClip.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: GoogleTranslator.lnk = D:\Program files portable\TranslateClientPortable6.0.exe
O4 - Global Startup: PNotes.lnk = D:\Program files portable\PNotesPortable\PNotesPortable.exe
O4 - Global Startup: Snagit 11.lnk = C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra 'Tools' menuitem: @C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: WebTran - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Nastavit překladač - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra 'Tools' menuitem: Přeložit &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Active File Monitor V10 (AdobeActiveFileMonitor10.0) - Adobe Systems Incorporated - C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe
O23 - Service: EPSON V5 Service4(01) (EPSON_EB_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE
O23 - Service: EPSON V3 Service4(01) (EPSON_PM_RPCV4_01) - SEIKO EPSON CORPORATION - C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Unknown owner - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (file missing)
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: My Web Search Service (MyWebSearchService) - MyWebSearch.com - C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
O23 - Service: Nero BackItUp Scheduler 3 - Nero AG - C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: NMIndexingService - Nero AG - C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe
O23 - Service: PACE License Services (PaceLicenseDServices) - PACE Anti-Piracy, Inc. - C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 19719 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
winlogon.exe
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
C:\windows\system32\svchost.exe -k GPSvcGroup
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
atieclxx
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\WLANExt.exe 24673312
\??\C:\windows\system32\conhost.exe "1836395607-2097947293-506318291-2013138440-1615290828-168972635810572741911080574735
C:\windows\System32\spoolsv.exe
"C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
C:\windows\Explorer.EXE
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\windows\System32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe"
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE"
"C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE"
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe
"C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe"
"C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE"
"C:\TRANSLAT\WDICT32.EXE" /l
"C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE"
"D:\Program files portable\ArsClipv401\ArsClip.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
"D:\Program files portable\TranslateClientPortable6.0.exe"
"C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe"
"C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe" /s
"C:\Users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"D:\Program files portable\PNotesPortable\App\PNotes\PNotes.exe" "" -conf "D:\Program files portable\PNotesPortable\Data\settings" "D:\Program files portable\PNotesPortable\Data\settings" "D:\Program files portable\PNotesPortable\PNotesPortable.exe" "D:\Program files portable\PNotesPortable\Data\settings" "D:\Program files portable\PNotesPortable\App\PNotes\skins" "D:\Program files portable\PNotesPortable\Data\settings\backup"
C:\windows\splwow64.exe 8192
C:\windows\SysWOW64\svchost.exe -k netsvcs
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
"C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe"
WLIDSvcM.exe 3120
"C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe" -Embedding
"C:\Program Files (x86)\TechSmith\Snagit 11\TSCHelp.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
C:\windows\system32\wbem\wmiprvse.exe
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE"
C:\windows\system32\svchost.exe -k bthsvcs
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\TechSmith\Snagit 11\SnagPriv.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe" -startup
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\TechSmith\Snagit 11\snagiteditor.exe" /X
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Bluetooth®: On
WLAN: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>2127055477</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe"
"D:\Program files portable\ThunderbirdPortable\ThunderbirdPortable.exe"
"D:\Program files portable\ThunderbirdPortable\App\thunderbird\thunderbird.exe" -profile "D:\Program files portable\ThunderbirdPortable\Data\profile"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /secondary /username=sally3163 /password=black1234 /minimized
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=1680.c1a8100.1552582851 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 1680 "\\.\pipe\gecko-crash-server-pipe.1680" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe" --proxy-stub-channel=Flash4104.5C159128.41 --host-broker-channel=Flash4104.5C159128.18467 --host-pid=4104 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe" --channel=3248.005BF448.1524047967 --proxy-stub-channel=Flash4104.5C159128.41 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll" --host-npapi-version=27 --type=renderer
"taskhost.exe"
taskmgr.exe /2
"C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe" /c
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe101_ Global\UsGthrCtrlFltPipeMssGthrPipe101 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 520 524 532 65536 528
"D:\Downloaded\RSITx64(1).exe"

======Scheduled tasks folder======

C:\windows\tasks\AutoKMS.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003UA.job
C:\windows\tasks\HPCeeScheduleForMato.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.New

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "http://mystart.incredimail.com/?a=1eyonc7RKTZ"
prefs.js - "extensions.enabledItems" - "{b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.3, {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.1.4, {20a82645-c095-46ed-80e3-08825760534b}:1.2.1, {1280606b-2510-4fe0-97ef-9b5a22eafe30}:0.7.5, toolbar@alexa.com:2.13, {ca526f8b-9e0a-4756-9077-19d6f3e64ea8}:2011.3.22.01, {53A03D43-5363-4669-8190-99061B2DEBA5}:1.4.5, {E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}:7.4, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3"
prefs.js - "keyword.URL" - "http://mystart.incredimail.com//?loc=ff ... TZ&search="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@mywebsearch.com/Plugin]
"Description"=My Web Search Plugin
"Path"=C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMyWebS.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Nero.com/KM]
"Description"=
"Path"=C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.257 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npdeployJava1.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.New\extensions\
foxyproxy@eric.h.jung
support@lastpass.com
{1018e4d6-728f-4b20-ad56-37578a4de76b}
{20a82645-c095-46ed-80e3-08825760534b}
{4BBDD651-70CF-4821-84F8-2B918CF89CA3}
{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
{ca526f8b-9e0a-4756-9077-19d6f3e64ea8}
{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}

C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.New\searchplugins\
aim-search.xml
askcom.xml
bing.xml
daemon-search.xml
hledejcenycz.xml
icqplugin.xml
MyStart Search.xml
web-search-powered-by-google.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00A6FAF1-072E-44cf-8957-5838F569A31D}]
MyWebSearch Search Assistant BHO - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL [2012-04-28 58800]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{07B18EA1-A523-4961-B6BB-170DE4475CCA}]
mwsBar BHO - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL [2012-04-28 833032]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\ProgramData\LangSoft\WebIE.dll [2012-04-28 798771]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-04-30 325408]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-04-30 42272]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{07B18EA9-A523-4961-B6BB-170DE4475CCA} - My Web Search - C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL [2012-04-28 833032]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\ProgramData\LangSoft\WebIE.dll [2012-04-28 798771]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"=C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe [2010-01-08 186904]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 2174760]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-04 196648]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-04 483880]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-17 487424]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"=C:\Program Files (x86)\IncrediMail\bin\IncMail.exe [2012-05-21 439752]
"MyWebSearch Email Plugin"=C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwsoemon.exe [2012-04-28 38408]
"WDICT32"=C:\TRANSLAT\WDICT32.EXE [2012-04-28 3366912]
"AdobeBridge"= []
"OfficeSyncProcess"=C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [2011-07-21 718720]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisorDock]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-10 1712184]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-04-21 98304]
"IMSS"=C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe [2010-03-04 111640]
"CloneCDTray"=C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe [2009-01-30 57344]
"AdobeCS5.5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe [2011-01-12 1523360]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"UnlockerAssistant"=D:\Software\unlocker1.8.8-portable\UnlockerAssistant.exe [2010-02-20 15872]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
ArsClip.lnk - D:\Program files portable\ArsClipv401\ArsClip.exe
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
GoogleTranslator.lnk - D:\Program files portable\TranslateClientPortable6.0.exe
PNotes.lnk - D:\Program files portable\PNotesPortable\PNotesPortable.exe
Snagit 11.lnk - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe

C:\Users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~1\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 6721936]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL [2011-06-12 4221328]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-06-21 18:33:39 ----D---- C:\Program Files\trend micro
2012-06-21 18:33:38 ----D---- C:\rsit
2012-06-20 12:25:16 ----A---- C:\ecls.txt
2012-06-20 01:09:18 ----D---- C:\Alkid
2012-06-19 16:41:06 ----A---- C:\windows\system32\wups2.dll
2012-06-19 16:41:06 ----A---- C:\windows\system32\wucltux.dll
2012-06-19 16:41:06 ----A---- C:\windows\system32\wuaueng.dll
2012-06-19 16:41:06 ----A---- C:\windows\system32\wuauclt.exe
2012-06-19 16:40:55 ----A---- C:\windows\system32\wups.dll
2012-06-19 16:40:55 ----A---- C:\windows\system32\wudriver.dll
2012-06-19 16:40:55 ----A---- C:\windows\system32\wuapi.dll
2012-06-19 16:40:51 ----A---- C:\windows\system32\wuwebv.dll
2012-06-19 16:40:51 ----A---- C:\windows\system32\wuapp.exe
2012-06-16 21:09:25 ----D---- C:\Users\Mato\AppData\Roaming\Thunderbird
2012-06-15 08:51:59 ----D---- C:\Users\Mato\AppData\Roaming\TrustPort
2012-06-15 01:33:33 ----SHD---- C:\RECYCLER
2012-06-14 23:18:05 ----A---- C:\windows\ntbtlog.txt
2012-06-14 08:21:30 ----A---- C:\windows\system32\mshtmled.dll
2012-06-14 08:21:29 ----A---- C:\windows\SYSWOW64\urlmon.dll
2012-06-14 08:21:29 ----A---- C:\windows\SYSWOW64\url.dll
2012-06-14 08:21:29 ----A---- C:\windows\SYSWOW64\mshtmled.dll
2012-06-14 08:21:29 ----A---- C:\windows\system32\urlmon.dll
2012-06-14 08:21:29 ----A---- C:\windows\system32\url.dll
2012-06-14 08:21:28 ----A---- C:\windows\SYSWOW64\ieUnatt.exe
2012-06-14 08:21:28 ----A---- C:\windows\SYSWOW64\ieui.dll
2012-06-14 08:21:28 ----A---- C:\windows\SYSWOW64\iertutil.dll
2012-06-14 08:21:28 ----A---- C:\windows\system32\ieUnatt.exe
2012-06-14 08:21:28 ----A---- C:\windows\system32\ieui.dll
2012-06-14 08:21:28 ----A---- C:\windows\system32\iertutil.dll
2012-06-14 08:21:27 ----A---- C:\windows\SYSWOW64\wininet.dll
2012-06-14 08:21:27 ----A---- C:\windows\system32\wininet.dll
2012-06-14 08:21:26 ----A---- C:\windows\SYSWOW64\jscript9.dll
2012-06-14 08:21:26 ----A---- C:\windows\SYSWOW64\jscript.dll
2012-06-14 08:21:26 ----A---- C:\windows\system32\jsproxy.dll
2012-06-14 08:21:26 ----A---- C:\windows\system32\jscript9.dll
2012-06-14 08:21:25 ----A---- C:\windows\SYSWOW64\jsproxy.dll
2012-06-14 08:21:25 ----A---- C:\windows\system32\jscript.dll
2012-06-14 08:21:24 ----A---- C:\windows\SYSWOW64\mshtml.dll
2012-06-14 08:21:23 ----A---- C:\windows\system32\mshtml.dll
2012-06-14 08:21:22 ----A---- C:\windows\SYSWOW64\ieframe.dll
2012-06-14 08:21:22 ----A---- C:\windows\system32\ieframe.dll
2012-06-13 20:57:54 ----A---- C:\windows\system32\rdrmemptylst.exe
2012-06-13 20:57:54 ----A---- C:\windows\system32\rdpwsx.dll
2012-06-13 20:57:54 ----A---- C:\windows\system32\rdpcorekmts.dll
2012-06-13 20:57:43 ----A---- C:\windows\system32\profsvc.dll
2012-06-13 20:57:40 ----A---- C:\windows\system32\ntoskrnl.exe
2012-06-13 20:57:37 ----A---- C:\windows\SYSWOW64\ntoskrnl.exe
2012-06-13 20:57:36 ----A---- C:\windows\SYSWOW64\ntkrnlpa.exe
2012-06-13 20:57:20 ----A---- C:\windows\system32\win32k.sys
2012-06-13 20:57:16 ----A---- C:\windows\system32\drivers\rdpwd.sys
2012-06-13 20:57:12 ----A---- C:\windows\system32\msi.dll
2012-06-13 20:57:11 ----A---- C:\windows\SYSWOW64\msi.dll
2012-06-13 20:57:04 ----A---- C:\windows\system32\crypt32.dll
2012-06-13 20:57:03 ----A---- C:\windows\SYSWOW64\cryptsvc.dll
2012-06-13 20:57:03 ----A---- C:\windows\SYSWOW64\cryptnet.dll
2012-06-13 20:57:03 ----A---- C:\windows\SYSWOW64\crypt32.dll
2012-06-13 20:57:03 ----A---- C:\windows\system32\cryptsvc.dll
2012-06-13 20:57:03 ----A---- C:\windows\system32\cryptnet.dll
2012-06-13 09:28:25 ----D---- C:\Program Files (x86)\Adobe Story
2012-06-13 05:51:35 ----D---- C:\Program Files (x86)\SlySoft
2012-06-12 22:17:31 ----A---- C:\windows\system32\ElbyCDIO.dll
2012-06-11 22:56:10 ----D---- C:\Users\Mato\AppData\Roaming\Avid
2012-06-11 22:24:16 ----D---- C:\Program Files\Common Files\Avid
2012-06-11 22:21:11 ----D---- C:\windows\SYSWOW64\MEDIA
2012-06-11 22:20:26 ----D---- C:\Program Files\Avid
2012-06-11 22:19:45 ----D---- C:\ProgramData\PACE
2012-06-11 22:18:11 ----A---- C:\windows\system32\drivers\sentinel64.sys
2012-06-11 22:18:04 ----D---- C:\windows\Downloaded Installations
2012-06-11 22:17:50 ----D---- C:\Program Files\Java
2012-06-11 22:15:19 ----D---- C:\Program Files (x86)\Licenses
2012-06-11 21:20:38 ----D---- C:\Program Files (x86)\Alcohol Soft
2012-06-11 21:08:50 ----A---- C:\windows\system32\drivers\sptd.sys
2012-06-11 13:28:43 ----A---- C:\windows\SYSWOW64\iplw7.dll
2012-06-11 13:12:14 ----A---- C:\windows\SYSWOW64\msvcr71d.dll
2012-06-11 13:12:05 ----A---- C:\windows\SYSWOW64\mmclient.dll
2012-06-11 12:46:59 ----A---- C:\windows\SYSWOW64\Cpuinf32.dll
2012-06-11 12:08:25 ----A---- C:\windows\SYSWOW64\Dac32.dll
2012-06-11 11:29:42 ----A---- C:\windows\SYSWOW64\msvcp71d.dll
2012-06-11 11:29:40 ----A---- C:\windows\system32\AvOmfToolkit.dll
2012-06-11 10:56:28 ----A---- C:\windows\SYSWOW64\iplM6.dll
2012-06-11 10:24:40 ----A---- C:\windows\SYSWOW64\iplPX.dll
2012-06-11 10:19:21 ----A---- C:\windows\SYSWOW64\iplP6.dll
2012-06-11 09:35:43 ----A---- C:\windows\SYSWOW64\iplM5.dll
2012-06-11 09:33:12 ----A---- C:\windows\SYSWOW64\iplA6.dll
2012-06-11 09:33:06 ----A---- C:\windows\SYSWOW64\MFC71ud.dll
2012-06-11 09:30:58 ----A---- C:\windows\SYSWOW64\ipl.dll
2012-06-11 09:30:36 ----A---- C:\windows\SYSWOW64\AvidQTUpdaterVC7.dll
2012-06-11 09:18:40 ----A---- C:\windows\SYSWOW64\MFC71d.dll
2012-06-11 09:09:25 ----A---- C:\windows\SYSWOW64\ntrights.exe
2012-06-11 09:09:25 ----A---- C:\windows\system32\ntrights.exe
2012-06-11 09:09:15 ----A---- C:\windows\SYSWOW64\libjpegV4.dll
2012-06-11 09:08:59 ----A---- C:\windows\system32\libjpegV4.dll
2012-06-11 09:04:44 ----A---- C:\windows\SYSWOW64\Mspdb50.dll
2012-06-11 08:49:32 ----A---- C:\windows\SYSWOW64\msvcp50.dll
2012-06-10 23:56:59 ----D---- C:\Users\Mato\AppData\Roaming\GHISLER
2012-06-10 23:56:59 ----D---- C:\totalcmd
2012-06-10 23:56:59 ----A---- C:\windows\UC.PIF
2012-06-10 23:56:59 ----A---- C:\windows\RAR.PIF
2012-06-10 23:56:59 ----A---- C:\windows\PKZIP.PIF
2012-06-10 23:56:59 ----A---- C:\windows\PKUNZIP.PIF
2012-06-10 23:56:59 ----A---- C:\windows\LHA.PIF
2012-06-10 23:56:59 ----A---- C:\windows\ARJ.PIF
2012-06-10 19:19:55 ----D---- C:\Users\Mato\AppData\Roaming\Roxio
2012-06-10 10:11:54 ----A---- C:\windows\SYSWOW64\mgxoschk.dll
2012-06-10 10:07:47 ----D---- C:\Program Files (x86)\MAGIX
2012-06-07 16:06:22 ----D---- C:\Users\Mato\AppData\Roaming\Topaz Moment
2012-06-06 15:40:49 ----D---- C:\ProgramData\MAGIX
2012-06-06 15:40:48 ----D---- C:\Users\Mato\AppData\Roaming\MAGIX
2012-06-06 15:38:27 ----D---- C:\ProgramData\Xara
2012-06-06 15:38:27 ----D---- C:\Program Files\Common Files\MAGIX Services
2012-06-06 15:38:27 ----D---- C:\Program Files (x86)\Xara
2012-06-01 18:22:19 ----AD---- C:\ProgramData\TEMP
2012-06-01 18:20:57 ----D---- C:\Program Files (x86)\AKVIS
2012-06-01 17:45:59 ----D---- C:\windows\SYSWOW64\spool
2012-06-01 17:45:58 ----D---- C:\Program Files (x86)\Sony
2012-06-01 16:21:24 ----D---- C:\Users\Mato\AppData\Roaming\VS Revo Group
2012-06-01 08:02:08 ----SHD---- C:\windows\system32\%APPDATA%
2012-05-30 12:45:12 ----D---- C:\Users\Mato\AppData\Roaming\NeatImage SL
2012-05-30 12:45:03 ----D---- C:\Program Files (x86)\Neat Image
2012-05-30 10:38:32 ----D---- C:\Program Files (x86)\PictureCode
2012-05-28 18:06:56 ----A---- C:\windows\SYSWOW64\mprdin.dll
2012-05-26 10:11:57 ----D---- C:\Users\Mato\AppData\Roaming\avidemux
2012-05-25 08:47:39 ----D---- C:\Users\Mato\AppData\Roaming\Publish Providers
2012-05-25 08:40:15 ----D---- C:\ProgramData\Sony
2012-05-24 22:30:28 ----D---- C:\Program Files (x86)\LooksBuilderSE
2012-05-24 21:58:44 ----A---- C:\Users\Mato\AppData\Roaming\HP6550B-PC.MTBF.txt
2012-05-24 21:55:21 ----D---- C:\Program Files (x86)\Avid
2012-05-24 21:51:28 ----D---- C:\ProgramData\Avid
2012-05-24 18:53:50 ----D---- C:\Users\Mato\AppData\Roaming\PACE Anti-Piracy
2012-05-24 18:53:50 ----D---- C:\ProgramData\PACE Anti-Piracy
2012-05-24 18:38:10 ----D---- C:\Program Files (x86)\My Company Name
2012-05-24 17:47:45 ----D---- C:\Users\Mato\AppData\Roaming\Sony
2012-05-24 15:02:14 ----D---- C:\Users\Mato\AppData\Roaming\PDAppFlex
2012-05-24 14:58:21 ----D---- C:\Users\Mato\AppData\Roaming\Apple Computer
2012-05-24 14:46:46 ----D---- C:\Program Files (x86)\SmartSound Software
2012-05-24 14:46:45 ----D---- C:\ProgramData\SmartSound Software Inc
2012-05-24 13:31:29 ----A---- C:\windows\SYSWOW64\D3DX9_43.dll
2012-05-24 13:31:29 ----A---- C:\windows\SYSWOW64\d3dx11_43.dll
2012-05-24 13:31:29 ----A---- C:\windows\SYSWOW64\d3dx10_43.dll
2012-05-24 13:31:29 ----A---- C:\windows\SYSWOW64\d3dcsx_43.dll
2012-05-24 13:31:29 ----A---- C:\windows\SYSWOW64\D3DCompiler_43.dll
2012-05-23 22:23:10 ----D---- C:\ProgramData\Apple Computer
2012-05-23 22:23:10 ----D---- C:\Program Files (x86)\QuickTime
2012-05-23 22:22:23 ----D---- C:\Program Files (x86)\Apple Software Update
2012-05-23 22:22:22 ----D---- C:\ProgramData\Apple
2012-05-22 21:04:38 ----A---- C:\windows\system32\GDIPFONTCACHEV1.DAT

======List of files/folders modified in the last 1 month======

2012-06-21 18:33:46 ----D---- C:\windows\Prefetch
2012-06-21 18:33:39 ----RD---- C:\Program Files
2012-06-21 18:32:36 ----D---- C:\Users\Mato\AppData\Roaming\Skype
2012-06-21 17:49:48 ----D---- C:\windows\Temp
2012-06-21 11:19:53 ----D---- C:\windows\system32\config
2012-06-21 06:40:39 ----D---- C:\windows\System32
2012-06-21 06:40:39 ----D---- C:\windows\inf
2012-06-21 06:40:39 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-06-21 06:02:24 ----AD---- C:\Windows
2012-06-21 06:02:12 ----D---- C:\Users\Mato\AppData\Roaming\Dropbox
2012-06-21 06:02:09 ----A---- C:\LOGFILE.TXT
2012-06-21 06:01:49 ----D---- C:\ProgramData\HPQLOG
2012-06-21 06:01:00 ----A---- C:\windows\SYSWOW64\log.txt
2012-06-21 06:00:10 ----D---- C:\windows\system32\catroot2
2012-06-21 05:43:04 ----A---- C:\windows\NeroDigital.ini
2012-06-20 11:21:08 ----D---- C:\windows\rescache
2012-06-20 09:31:17 ----D---- C:\ProgramData\PDFC
2012-06-20 09:27:58 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-06-19 19:32:14 ----D---- C:\windows\SysWOW64
2012-06-19 16:41:26 ----D---- C:\windows\winsxs
2012-06-19 16:41:25 ----D---- C:\windows\system32\sk-SK
2012-06-19 16:41:11 ----D---- C:\windows\system32\catroot
2012-06-17 16:14:29 ----D---- C:\Users\Mato\AppData\Roaming\FireShot
2012-06-17 16:11:07 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-06-15 07:11:49 ----D---- C:\windows\Microsoft.NET
2012-06-15 07:11:27 ----RSD---- C:\windows\assembly
2012-06-14 22:40:46 ----D---- C:\windows\SYSWOW64\sk-SK
2012-06-14 22:40:46 ----D---- C:\windows\system32\drivers
2012-06-14 22:40:45 ----D---- C:\windows\SYSWOW64\migration
2012-06-14 22:40:45 ----D---- C:\windows\system32\migration
2012-06-14 22:40:45 ----D---- C:\Program Files\Internet Explorer
2012-06-14 22:40:45 ----D---- C:\Program Files (x86)\Internet Explorer
2012-06-14 08:32:25 ----SHD---- C:\windows\Installer
2012-06-14 08:32:21 ----D---- C:\ProgramData\Microsoft Help
2012-06-14 08:26:49 ----A---- C:\windows\system32\MRT.exe
2012-06-13 09:44:39 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-06-13 09:30:25 ----D---- C:\Users\Mato\AppData\Roaming\Adobe
2012-06-13 09:29:37 ----D---- C:\Program Files (x86)\Adobe
2012-06-13 09:29:16 ----D---- C:\Program Files\Adobe
2012-06-13 09:28:41 ----D---- C:\Program Files\Common Files\Adobe
2012-06-13 09:28:25 ----RD---- C:\Program Files (x86)
2012-06-13 09:27:31 ----D---- C:\ProgramData\Adobe
2012-06-13 09:18:53 ----D---- C:\windows\system32\drivers\etc
2012-06-13 05:54:49 ----HD---- C:\ProgramData
2012-06-13 05:51:37 ----D---- C:\windows\SYSWOW64\drivers
2012-06-13 05:42:24 ----SD---- C:\Users\Mato\AppData\Roaming\Microsoft
2012-06-13 05:41:20 ----D---- C:\windows\Tasks
2012-06-13 05:41:20 ----D---- C:\windows\system32\Tasks
2012-06-13 05:40:47 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2012-06-13 05:25:23 ----D---- C:\Users\Mato\AppData\Roaming\vlc
2012-06-12 20:01:26 ----D---- C:\windows\system32\LogFiles
2012-06-11 22:24:51 ----D---- C:\windows\system32\DriverStore
2012-06-11 22:24:16 ----D---- C:\Program Files\Common Files
2012-06-11 22:20:59 ----RSD---- C:\windows\Fonts
2012-06-11 22:20:26 ----D---- C:\Program Files (x86)\Common Files
2012-06-11 22:19:55 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-06-10 20:47:39 ----D---- C:\ProgramData\Skype
2012-06-08 18:05:52 ----D---- C:\ProgramData\Sonic
2012-06-06 20:37:14 ----D---- C:\windows\system32\NDF
2012-06-06 16:03:13 ----A---- C:\windows\SYSWOW64\DLLDEV32i.dll
2012-06-06 15:38:20 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-06-04 10:32:36 ----A---- C:\windows\system32\HP_ActiveX_Patch_NOT_DETECTED.txt
2012-06-04 09:47:30 ----D---- C:\windows\ModemLogs
2012-06-01 16:19:50 ----D---- C:\Users\Mato\AppData\Roaming\Audacity
2012-05-24 18:31:50 ----RD---- C:\Program Files (x86)\Skype
2012-05-24 13:43:14 ----D---- C:\Users\Mato\AppData\Roaming\Nero
2012-05-24 13:34:48 ----D---- C:\windows\Cursors
2012-05-24 13:34:39 ----D---- C:\Program Files (x86)\Nero
2012-05-24 13:32:00 ----D---- C:\ProgramData\Nero

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\windows\system32\DRIVERS\epfwwfp.sys [2011-08-04 62496]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 iaStor;Intel AHCI Controller; C:\windows\system32\DRIVERS\iaStor.sys [2010-01-08 409112]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-02-02 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-02-02 15688]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2012-06-11 503352]
R0 Tpkd;Tpkd; C:\windows\system32\drivers\Tpkd.sys [2011-06-28 105592]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 ElbyCDIO;ElbyCDIO Driver; C:\windows\System32\Drivers\ElbyCDIO.sys [2009-02-17 31400]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\windows\system32\DRIVERS\EpfwLWF.sys [2011-08-04 38288]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-02-02 58184]
R1 vpcnfltr;Virtual PC Network Filter Driver; C:\windows\system32\DRIVERS\vpcnfltr.sys [2010-11-20 59392]
R1 vpcvmm;@%SystemRoot%\system32\drivers\vpcvmm.sys,-100; C:\windows\system32\drivers\vpcvmm.sys [2010-11-20 360832]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfw;epfw; C:\windows\system32\DRIVERS\epfw.sys [2011-08-04 187632]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-27 61952]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-29 79360]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-12 55808]
R2 Sentinel64;Sentinel64; C:\windows\System32\Drivers\Sentinel64.sys [2007-04-27 142120]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-21 1209856]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-04-08 124944]
R3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-04-22 6101504]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-01-21 3058168]
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-01-07 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
R3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K; C:\windows\system32\DRIVERS\e1k62x64.sys [2010-01-07 295088]
R3 ElbyCDFL;ElbyCDFL; C:\windows\System32\Drivers\ElbyCDFL.sys [2007-02-16 40648]
R3 HECIx64;Intel(R) Management Engine Interface; C:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 Impcd;Impcd; C:\windows\system32\DRIVERS\Impcd.sys [2010-02-27 158976]
R3 MarvinBus;Pinnacle Marvin Bus 64; C:\windows\system32\DRIVERS\MarvinBus64.sys [2005-09-23 261120]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-01-30 89344]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1379376]
R3 tapoas;TAP-Win32 Adapter OAS; C:\windows\system32\DRIVERS\tapoas.sys [2011-08-19 30720]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
R3 vpcbus;Virtual PC Host Bus Service; C:\windows\system32\DRIVERS\vpchbus.sys [2010-11-20 194944]
R3 vpcusb;USB Virtualization Connector Service; C:\windows\system32\DRIVERS\vpcusb.sys [2010-11-20 95232]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 Aspi32;Aspi32; C:\windows\system32\drivers\Aspi32.sys []
S1 VD_FileDisk;VD_FileDisk; C:\windows\system32\drivers\VD_FileDisk.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552960]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit; C:\windows\system32\DRIVERS\NETw5s64.sys [2010-02-01 7675392]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pwdrvio;pwdrvio; \??\C:\windows\syswow64\pwdrvio.sys []
S3 pwdspio;pwdspio; \??\C:\windows\syswow64\pwdspio.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 Revoflt;Revoflt; C:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 tap0901;TAP-Win32 Adapter V9; C:\windows\system32\DRIVERS\tap0901.sys [2010-02-25 29696]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VMBusHID;VMBusHID; C:\windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
R2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10; C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2010-01-21 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-04-21 202752]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-30 873248]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-03-31 462088]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
R2 EPSON_EB_RPCV4_01;EPSON V5 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE [2007-12-17 163840]
R2 EPSON_PM_RPCV4_01;EPSON V3 Service4(01); C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE [2007-01-11 126464]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-05-13 30520]
R2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2010-01-08 354840]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-02-22 73728]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2010-03-04 268824]
R2 MyWebSearchService;My Web Search Service; C:\PROGRA~2\MYWEBS~1\bar\1.bin\mwssvc.exe [2012-04-28 34320]
R2 Nero BackItUp Scheduler 3;Nero BackItUp Scheduler 3; C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe [2007-08-08 836904]
R2 PaceLicenseDServices;PACE License Services; C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [2010-03-17 244736]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-04 2320920]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-09-01 991288]
R3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 160944]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-19 2045232]
S3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service; C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
S3 NMIndexingService;NMIndexingService; C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexingService.exe [2007-08-03 382248]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-10-16 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-02-24 1255736]

-----------------EOF-----------------

#4 Příspěvek od **vyosek** » 21 čer 2012 18:48

Stahnete RogueKiller http://www.sur-la-toile.com/RogueKiller/RogueKiller.exe

Ukoncete vsechny programy
Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Pockejte na dokonceni PreScanu
Zvolte moznost Prohledat (scan)
Po dokonceni skenu kliknete na Zpráva (Report)- otevre se log, ten sem vlozte

Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe

Kliknete na volbu Change parametrs
V obou oknech (Objects to scan i Additional Option) zakliknete vsechny moznosti - ve vsech ctvereccich musi mit fajecka
Kliknete na OK
Utilite prikazte, at skenuje - klik na Start Scan
Po dokonceni skenu se objevi okno, zkontrolujte, zda-li je vsude moznost Skip
Pokud moznost Skip nebude primarne nastavena, prekliknete ji na Skip
Pokud mate vsude Skip, kliknete na Continue
Na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt bude log - jeho obsah sem vlozte

eboy666 · #5 Příspěvek od **eboy666** » 21 čer 2012 20:06

to je teda rychlost

tady jsou logy:

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ: Mato [Práva Správcu]
Režim: Kontrola -- Dátum: 06/21/2012 20:51:56

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.nero.com
127.0.0.1 nero.com
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com
127.0.0.1 support.nero.com
127.0.0.1 www.registernero.com
127.0.0.1 registernero.com
60.12.193.37 auto.search.msn.com
60.12.193.37 auto.search.msn.es
60.12.193.37 ie.search.msn.com

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] ff63010ff273f61ec50bff45ec5eeb82
[BSP] 39552f7680a1579c42ea35ec646c2a5a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 616448 | Size: 199993 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 410203710 | Size: 276644 Mo
User = LL1 ... OK!
User = LL2 ... OK!

+++++ PhysicalDrive1: FUJITSU MHW2120BH USB Device +++++
--- User ---
[MBR] 81966ba4e552751633dcebabdb401c01
[BSP] 232d299a8a320f2524369f54458429d1 : Windows XP MBR Code
Partition table:
1 - [ACTIVE] EXTEN (0x05) [VISIBLE] Offset (sectors): 16065 | Size: 114463 Mo
User = LL1 ... OK!
Error reading LL2 MBR!

Dokončené : << RKreport[1].txt >>
RKreport[1].txt

TDSSKiller nenasel nic a asi proto se nikde neobjevilo Skip,nicmene tady je log

21:03:21.0549 318692 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
21:03:21.0656 318692 ============================================================
21:03:21.0656 318692 Current date / time: 2012/06/21 21:03:21.0656
21:03:21.0656 318692 SystemInfo:
21:03:21.0656 318692
21:03:21.0656 318692 OS Version: 6.1.7601 ServicePack: 1.0
21:03:21.0656 318692 Product type: Workstation
21:03:21.0656 318692 ComputerName: HP6550B-PC
21:03:21.0657 318692 UserName: Mato
21:03:21.0657 318692 Windows directory: C:\windows
21:03:21.0657 318692 System windows directory: C:\windows
21:03:21.0657 318692 Running under WOW64
21:03:21.0657 318692 Processor architecture: Intel x64
21:03:21.0657 318692 Number of processors: 4
21:03:21.0657 318692 Page size: 0x1000
21:03:21.0657 318692 Boot type: Normal boot
21:03:21.0657 318692 ============================================================
21:03:22.0184 318692 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
21:03:22.0189 318692 ============================================================
21:03:22.0189 318692 \Device\Harddisk0\DR0:
21:03:22.0189 318692 MBR partitions:
21:03:22.0189 318692 Initialize success
21:03:22.0189 318692 ============================================================
21:03:29.0853 318912 ============================================================
21:03:29.0853 318912 Scan started
21:03:29.0853 318912 Mode: Manual; SigCheck; TDLFS;
21:03:29.0853 318912 ============================================================
21:03:29.0910 318912 1394ohci - ok
21:03:29.0921 318912 ac.sharedstore - ok
21:03:29.0941 318912 Accelerometer - ok
21:03:29.0948 318912 ACPI - ok
21:03:29.0952 318912 AcpiPmi - ok
21:03:29.0969 318912 AdobeActiveFileMonitor10.0 - ok
21:03:29.0973 318912 adp94xx - ok
21:03:29.0977 318912 adpahci - ok
21:03:29.0981 318912 adpu320 - ok
21:03:29.0987 318912 AeLookupSvc - ok
21:03:29.0992 318912 AESTFilters - ok
21:03:30.0008 318912 AFD - ok
21:03:30.0016 318912 AgereModemAudio - ok
21:03:30.0030 318912 AgereSoftModem - ok
21:03:30.0034 318912 agp440 - ok
21:03:30.0037 318912 ALG - ok
21:03:30.0040 318912 aliide - ok
21:03:30.0052 318912 AMD External Events Utility - ok
21:03:30.0057 318912 amdide - ok
21:03:30.0061 318912 AmdK8 - ok
21:03:30.0064 318912 AmdPPM - ok
21:03:30.0069 318912 amdsata - ok
21:03:30.0074 318912 amdsbs - ok
21:03:30.0080 318912 amdxata - ok
21:03:30.0084 318912 AppID - ok
21:03:30.0089 318912 AppIDSvc - ok
21:03:30.0092 318912 Appinfo - ok
21:03:30.0096 318912 AppMgmt - ok
21:03:30.0100 318912 arc - ok
21:03:30.0103 318912 arcsas - ok
21:03:30.0107 318912 Aspi32 - ok
21:03:30.0110 318912 AsyncMac - ok
21:03:30.0114 318912 atapi - ok
21:03:30.0128 318912 AtiHdmiService - ok
21:03:30.0143 318912 atikmdag - ok
21:03:30.0147 318912 AudioEndpointBuilder - ok
21:03:30.0151 318912 AudioSrv - ok
21:03:30.0161 318912 AxInstSV - ok
21:03:30.0173 318912 b06bdrv - ok
21:03:30.0177 318912 b57nd60a - ok
21:03:30.0193 318912 BBSvc - ok
21:03:30.0199 318912 BCM43XX - ok
21:03:30.0204 318912 BDESVC - ok
21:03:30.0213 318912 Beep - ok
21:03:30.0217 318912 BITS - ok
21:03:30.0222 318912 blbdrive - ok
21:03:30.0228 318912 bowser - ok
21:03:30.0232 318912 BrFiltLo - ok
21:03:30.0236 318912 BrFiltUp - ok
21:03:30.0240 318912 Browser - ok
21:03:30.0243 318912 Brserid - ok
21:03:30.0247 318912 BrSerWdm - ok
21:03:30.0251 318912 BrUsbMdm - ok
21:03:30.0256 318912 BrUsbSer - ok
21:03:30.0267 318912 BthEnum - ok
21:03:30.0271 318912 BTHMODEM - ok
21:03:30.0276 318912 BthPan - ok
21:03:30.0279 318912 BTHPORT - ok
21:03:30.0283 318912 bthserv - ok
21:03:30.0288 318912 BTHUSB - ok
21:03:30.0297 318912 btwaudio - ok
21:03:30.0301 318912 btwavdt - ok
21:03:30.0313 318912 btwdins - ok
21:03:30.0317 318912 btwl2cap - ok
21:03:30.0322 318912 btwrchid - ok
21:03:30.0327 318912 cdfs - ok
21:03:30.0333 318912 cdrom - ok
21:03:30.0348 318912 CertPropSvc - ok
21:03:30.0350 318912 circlass - ok
21:03:30.0355 318912 CLFS - ok
21:03:30.0359 318912 clr_optimization_v2.0.50727_32 - ok
21:03:30.0363 318912 clr_optimization_v2.0.50727_64 - ok
21:03:30.0367 318912 clr_optimization_v4.0.30319_32 - ok
21:03:30.0372 318912 clr_optimization_v4.0.30319_64 - ok
21:03:30.0377 318912 CmBatt - ok
21:03:30.0381 318912 cmdide - ok
21:03:30.0386 318912 CNG - ok
21:03:30.0393 318912 Compbatt - ok
21:03:30.0399 318912 CompositeBus - ok
21:03:30.0407 318912 COMSysApp - ok
21:03:30.0414 318912 crcdisk - ok
21:03:30.0423 318912 CryptSvc - ok
21:03:30.0430 318912 CSC - ok
21:03:30.0435 318912 CscService - ok
21:03:30.0441 318912 DAMDrv - ok
21:03:30.0446 318912 DcomLaunch - ok
21:03:30.0451 318912 DEBridge - ok
21:03:30.0457 318912 defragsvc - ok
21:03:30.0462 318912 DfsC - ok
21:03:30.0466 318912 Dhcp - ok
21:03:30.0472 318912 discache - ok
21:03:30.0477 318912 Disk - ok
21:03:30.0482 318912 Dnscache - ok
21:03:30.0487 318912 dot3svc - ok
21:03:30.0493 318912 DpHost - ok
21:03:30.0497 318912 DPS - ok
21:03:30.0509 318912 drmkaud - ok
21:03:30.0513 318912 DXGKrnl - ok
21:03:30.0530 318912 e1kexpress - ok
21:03:30.0534 318912 eamonm - ok
21:03:30.0540 318912 EapHost - ok
21:03:30.0544 318912 ebdrv - ok
21:03:30.0549 318912 EFS - ok
21:03:30.0554 318912 ehdrv - ok
21:03:30.0560 318912 ehRecvr - ok
21:03:30.0565 318912 ehSched - ok
21:03:30.0570 318912 ekrn - ok
21:03:30.0593 318912 ElbyCDFL - ok
21:03:30.0608 318912 ElbyCDIO - ok
21:03:30.0612 318912 elxstor - ok
21:03:30.0618 318912 epfw - ok
21:03:30.0625 318912 EpfwLWF - ok
21:03:30.0630 318912 epfwwfp - ok
21:03:30.0644 318912 EPSON_EB_RPCV4_01 - ok
21:03:30.0656 318912 EPSON_PM_RPCV4_01 - ok
21:03:30.0661 318912 ErrDev - ok
21:03:30.0671 318912 EventSystem - ok
21:03:30.0675 318912 exfat - ok
21:03:30.0679 318912 fastfat - ok
21:03:30.0685 318912 Fax - ok
21:03:30.0691 318912 fdc - ok
21:03:30.0697 318912 fdPHost - ok
21:03:30.0702 318912 FDResPub - ok
21:03:30.0707 318912 FileInfo - ok
21:03:30.0711 318912 Filetrace - ok
21:03:30.0715 318912 FLCDLOCK - ok
21:03:30.0719 318912 flpydisk - ok
21:03:30.0724 318912 FltMgr - ok
21:03:30.0730 318912 FontCache - ok
21:03:30.0736 318912 FontCache3.0.0.0 - ok
21:03:30.0741 318912 FsDepends - ok
21:03:30.0745 318912 Fs_Rec - ok
21:03:30.0750 318912 fvevol - ok
21:03:30.0756 318912 gagp30kx - ok
21:03:30.0761 318912 gpsvc - ok
21:03:30.0765 318912 hcw85cir - ok
21:03:30.0769 318912 HdAudAddService - ok
21:03:30.0774 318912 HDAudBus - ok
21:03:30.0777 318912 HECIx64 - ok
21:03:30.0781 318912 HidBatt - ok
21:03:30.0784 318912 HidBth - ok
21:03:30.0790 318912 HidIr - ok
21:03:30.0794 318912 hidserv - ok
21:03:30.0798 318912 HidUsb - ok
21:03:30.0802 318912 hkmsvc - ok
21:03:30.0807 318912 HomeGroupListener - ok
21:03:30.0811 318912 HomeGroupProvider - ok
21:03:30.0817 318912 HP Power Assistant Service - ok
21:03:30.0822 318912 HP ProtectTools Service - ok
21:03:30.0827 318912 HP Support Assistant Service - ok
21:03:30.0831 318912 HP Wireless Assistant Service - ok
21:03:30.0838 318912 HPDayStarterService - ok
21:03:30.0842 318912 HPDrvMntSvc.exe - ok
21:03:30.0846 318912 hpdskflt - ok
21:03:30.0849 318912 HpFkCryptService - ok
21:03:30.0851 318912 HPFSService - ok
21:03:30.0860 318912 hpHotkeyMonitor - ok
21:03:30.0863 318912 HpqKbFiltr - ok
21:03:30.0867 318912 hpqwmiex - ok
21:03:30.0871 318912 HpSAMD - ok
21:03:30.0876 318912 hpsrv - ok
21:03:30.0884 318912 HTTP - ok
21:03:30.0889 318912 hwpolicy - ok
21:03:30.0901 318912 i8042prt - ok
21:03:30.0908 318912 IAANTMON - ok
21:03:30.0912 318912 iaStor - ok
21:03:30.0915 318912 iaStorV - ok
21:03:30.0919 318912 IDriverT - ok
21:03:30.0925 318912 idsvc - ok
21:03:30.0929 318912 iirsp - ok
21:03:30.0933 318912 IKEEXT - ok
21:03:30.0937 318912 Impcd - ok
21:03:30.0943 318912 intelide - ok
21:03:30.0947 318912 intelppm - ok
21:03:30.0950 318912 IPBusEnum - ok
21:03:30.0955 318912 IpFilterDriver - ok
21:03:30.0961 318912 IPMIDRV - ok
21:03:30.0964 318912 IPNAT - ok
21:03:30.0967 318912 IRENUM - ok
21:03:30.0972 318912 isapnp - ok
21:03:30.0976 318912 iScsiPrt - ok
21:03:30.0979 318912 kbdclass - ok
21:03:30.0983 318912 kbdhid - ok
21:03:30.0988 318912 KeyIso - ok
21:03:30.0993 318912 KSecDD - ok
21:03:30.0997 318912 KSecPkg - ok
21:03:31.0000 318912 ksthunk - ok
21:03:31.0006 318912 KtmRm - ok
21:03:31.0010 318912 LanmanServer - ok
21:03:31.0013 318912 LanmanWorkstation - ok
21:03:31.0026 318912 LightScribeService - ok
21:03:31.0031 318912 lltdio - ok
21:03:31.0034 318912 lltdsvc - ok
21:03:31.0040 318912 lmhosts - ok
21:03:31.0048 318912 LMS - ok
21:03:31.0054 318912 LSI_FC - ok
21:03:31.0060 318912 LSI_SAS - ok
21:03:31.0065 318912 LSI_SAS2 - ok
21:03:31.0068 318912 LSI_SCSI - ok
21:03:31.0074 318912 luafv - ok
21:03:31.0077 318912 MarvinBus - ok
21:03:31.0081 318912 Mcx2Svc - ok
21:03:31.0084 318912 megasas - ok
21:03:31.0090 318912 MegaSR - ok
21:03:31.0097 318912 Microsoft SharePoint Workspace Audit Service - ok
21:03:31.0102 318912 MMCSS - ok
21:03:31.0106 318912 Modem - ok
21:03:31.0109 318912 monitor - ok
21:03:31.0113 318912 mouclass - ok
21:03:31.0116 318912 mouhid - ok
21:03:31.0120 318912 mountmgr - ok
21:03:31.0126 318912 MozillaMaintenance - ok
21:03:31.0132 318912 mpio - ok
21:03:31.0136 318912 mpsdrv - ok
21:03:31.0139 318912 MRxDAV - ok
21:03:31.0143 318912 mrxsmb - ok
21:03:31.0147 318912 mrxsmb10 - ok
21:03:31.0150 318912 mrxsmb20 - ok
21:03:31.0153 318912 msahci - ok
21:03:31.0157 318912 msdsm - ok
21:03:31.0160 318912 MSDTC - ok
21:03:31.0170 318912 Msfs - ok
21:03:31.0177 318912 mshidkmdf - ok
21:03:31.0182 318912 msisadrv - ok
21:03:31.0187 318912 MSiSCSI - ok
21:03:31.0193 318912 msiserver - ok
21:03:31.0202 318912 MSKSSRV - ok
21:03:31.0208 318912 MSPCLOCK - ok
21:03:31.0212 318912 MSPQM - ok
21:03:31.0215 318912 MsRPC - ok
21:03:31.0220 318912 mssmbios - ok
21:03:31.0226 318912 MSTEE - ok
21:03:31.0231 318912 MTConfig - ok
21:03:31.0234 318912 Mup - ok
21:03:31.0240 318912 MyWebSearchService - ok
21:03:31.0244 318912 napagent - ok
21:03:31.0249 318912 NativeWifiP - ok
21:03:31.0253 318912 NDIS - ok
21:03:31.0258 318912 NdisCap - ok
21:03:31.0261 318912 NdisTapi - ok
21:03:31.0265 318912 Ndisuio - ok
21:03:31.0268 318912 NdisWan - ok
21:03:31.0274 318912 NDProxy - ok
21:03:31.0279 318912 Nero BackItUp Scheduler 3 - ok
21:03:31.0284 318912 NetBIOS - ok
21:03:31.0289 318912 NetBT - ok
21:03:31.0293 318912 Netlogon - ok
21:03:31.0298 318912 Netman - ok
21:03:31.0302 318912 netprofm - ok
21:03:31.0308 318912 NetTcpPortSharing - ok
21:03:31.0322 318912 NETw5s64 - ok
21:03:31.0326 318912 nfrd960 - ok
21:03:31.0330 318912 NlaSvc - ok
21:03:31.0333 318912 NMIndexingService - ok
21:03:31.0338 318912 Npfs - ok
21:03:31.0344 318912 nsi - ok
21:03:31.0349 318912 nsiproxy - ok
21:03:31.0355 318912 Ntfs - ok
21:03:31.0360 318912 Null - ok
21:03:31.0363 318912 nvraid - ok
21:03:31.0366 318912 nvstor - ok
21:03:31.0370 318912 nv_agp - ok
21:03:31.0377 318912 odserv - ok
21:03:31.0382 318912 ohci1394 - ok
21:03:31.0386 318912 ose - ok
21:03:31.0391 318912 osppsvc - ok
21:03:31.0397 318912 p2pimsvc - ok
21:03:31.0400 318912 p2psvc - ok
21:03:31.0410 318912 PaceLicenseDServices - ok
21:03:31.0415 318912 Parport - ok
21:03:31.0418 318912 partmgr - ok
21:03:31.0423 318912 PcaSvc - ok
21:03:31.0427 318912 pci - ok
21:03:31.0430 318912 pciide - ok
21:03:31.0434 318912 pcmcia - ok
21:03:31.0438 318912 pcw - ok
21:03:31.0444 318912 pdfcDispatcher - ok
21:03:31.0449 318912 PEAUTH - ok
21:03:31.0453 318912 PeerDistSvc - ok
21:03:31.0459 318912 PerfHost - ok
21:03:31.0467 318912 pla - ok
21:03:31.0472 318912 PlugPlay - ok
21:03:31.0478 318912 PNRPAutoReg - ok
21:03:31.0484 318912 PNRPsvc - ok
21:03:31.0489 318912 PolicyAgent - ok
21:03:31.0496 318912 Power - ok
21:03:31.0507 318912 PptpMiniport - ok
21:03:31.0511 318912 Processor - ok
21:03:31.0514 318912 ProfSvc - ok
21:03:31.0517 318912 ProtectedStorage - ok
21:03:31.0528 318912 Psched - ok
21:03:31.0533 318912 pwdrvio - ok
21:03:31.0540 318912 pwdspio - ok
21:03:31.0545 318912 PxHlpa64 - ok
21:03:31.0548 318912 ql2300 - ok
21:03:31.0552 318912 ql40xx - ok
21:03:31.0557 318912 QWAVE - ok
21:03:31.0563 318912 QWAVEdrv - ok
21:03:31.0566 318912 RasAcd - ok
21:03:31.0571 318912 RasAgileVpn - ok
21:03:31.0576 318912 RasAuto - ok
21:03:31.0580 318912 Rasl2tp - ok
21:03:31.0583 318912 RasMan - ok
21:03:31.0587 318912 RasPppoe - ok
21:03:31.0594 318912 RasSstp - ok
21:03:31.0598 318912 rdbss - ok
21:03:31.0601 318912 rdpbus - ok
21:03:31.0605 318912 RDPCDD - ok
21:03:31.0612 318912 RDPDR - ok
21:03:31.0615 318912 RDPENCDD - ok
21:03:31.0622 318912 RDPREFMP - ok
21:03:31.0627 318912 RDPWD - ok
21:03:31.0631 318912 rdyboost - ok
21:03:31.0634 318912 RemoteAccess - ok
21:03:31.0640 318912 RemoteRegistry - ok
21:03:31.0646 318912 Revoflt - ok
21:03:31.0651 318912 RFCOMM - ok
21:03:31.0657 318912 rimspci - ok
21:03:31.0662 318912 risdpcie - ok
21:03:31.0667 318912 rixdpcie - ok
21:03:31.0672 318912 RoxMediaDB10 - ok
21:03:31.0677 318912 RpcEptMapper - ok
21:03:31.0681 318912 RpcLocator - ok
21:03:31.0684 318912 RpcSs - ok
21:03:31.0689 318912 rspndr - ok
21:03:31.0694 318912 RsvLock - ok
21:03:31.0707 318912 rtsuvc - ok
21:03:31.0711 318912 s3cap - ok
21:03:31.0714 318912 SafeBoot - ok
21:03:31.0717 318912 SamSs - ok
21:03:31.0722 318912 SbAlg - ok
21:03:31.0727 318912 SbFsLock - ok
21:03:31.0731 318912 sbp2port - ok
21:03:31.0735 318912 SCardSvr - ok
21:03:31.0740 318912 scfilter - ok
21:03:31.0745 318912 Schedule - ok
21:03:31.0748 318912 SCPolicySvc - ok
21:03:31.0752 318912 sdbus - ok
21:03:31.0757 318912 SDRSVC - ok
21:03:31.0764 318912 SeaPort - ok
21:03:31.0773 318912 secdrv - ok
21:03:31.0779 318912 seclogon - ok
21:03:31.0782 318912 SENS - ok
21:03:31.0793 318912 SensrSvc - ok
21:03:31.0797 318912 Sentinel64 - ok
21:03:31.0800 318912 Serenum - ok
21:03:31.0806 318912 Serial - ok
21:03:31.0820 318912 sermouse - ok
21:03:31.0830 318912 SessionEnv - ok
21:03:31.0833 318912 sffdisk - ok
21:03:31.0837 318912 sffp_mmc - ok
21:03:31.0843 318912 sffp_sd - ok
21:03:31.0848 318912 sfloppy - ok
21:03:31.0855 318912 ShellHWDetection - ok
21:03:31.0860 318912 SiSRaid2 - ok
21:03:31.0864 318912 SiSRaid4 - ok
21:03:31.0874 318912 SkypeUpdate - ok
21:03:31.0879 318912 Smb - ok
21:03:31.0885 318912 SNMPTRAP - ok
21:03:31.0890 318912 spldr - ok
21:03:31.0895 318912 Spooler - ok
21:03:31.0899 318912 sppsvc - ok
21:03:31.0902 318912 sppuinotify - ok
21:03:31.0908 318912 sptd - ok
21:03:31.0913 318912 srv - ok
21:03:31.0917 318912 srv2 - ok
21:03:31.0922 318912 srvnet - ok
21:03:31.0932 318912 SSDPSRV - ok
21:03:31.0935 318912 SstpSvc - ok
21:03:31.0941 318912 STacSV - ok
21:03:31.0946 318912 stexstor - ok
21:03:31.0951 318912 STHDA - ok
21:03:31.0956 318912 stisvc - ok
21:03:31.0960 318912 stllssvr - ok
21:03:31.0963 318912 storflt - ok
21:03:31.0966 318912 StorSvc - ok
21:03:31.0970 318912 storvsc - ok
21:03:31.0977 318912 swenum - ok
21:03:31.0990 318912 SwitchBoard - ok
21:03:31.0994 318912 swprv - ok
21:03:32.0007 318912 SynTP - ok
21:03:32.0011 318912 SysMain - ok
21:03:32.0014 318912 TabletInputService - ok
21:03:32.0018 318912 tap0901 - ok
21:03:32.0022 318912 TapiSrv - ok
21:03:32.0027 318912 tapoas - ok
21:03:32.0031 318912 TBS - ok
21:03:32.0034 318912 Tcpip - ok
21:03:32.0039 318912 TCPIP6 - ok
21:03:32.0048 318912 tcpipreg - ok
21:03:32.0054 318912 TDPIPE - ok
21:03:32.0060 318912 TDTCP - ok
21:03:32.0065 318912 tdx - ok
21:03:32.0069 318912 TermDD - ok
21:03:32.0074 318912 TermService - ok
21:03:32.0079 318912 Themes - ok
21:03:32.0082 318912 THREADORDER - ok
21:03:32.0085 318912 Tpkd - ok
21:03:32.0094 318912 TPM - ok
21:03:32.0098 318912 TrkWks - ok
21:03:32.0102 318912 TrustedInstaller - ok
21:03:32.0109 318912 tssecsrv - ok
21:03:32.0114 318912 TsUsbFlt - ok
21:03:32.0134 318912 tunnel - ok
21:03:32.0139 318912 uagp35 - ok
21:03:32.0144 318912 udfs - ok
21:03:32.0153 318912 UI0Detect - ok
21:03:32.0158 318912 uliagpkx - ok
21:03:32.0163 318912 umbus - ok
21:03:32.0167 318912 UmPass - ok
21:03:32.0171 318912 UmRdpService - ok
21:03:32.0176 318912 UnlockerDriver5 - ok
21:03:32.0180 318912 UNS - ok
21:03:32.0184 318912 upnphost - ok
21:03:32.0187 318912 usbccgp - ok
21:03:32.0193 318912 usbcir - ok
21:03:32.0197 318912 usbehci - ok
21:03:32.0201 318912 usbhub - ok
21:03:32.0207 318912 usbohci - ok
21:03:32.0211 318912 usbprint - ok
21:03:32.0214 318912 usbscan - ok
21:03:32.0217 318912 USBSTOR - ok
21:03:32.0221 318912 usbuhci - ok
21:03:32.0227 318912 usbvideo - ok
21:03:32.0232 318912 UxSms - ok
21:03:32.0236 318912 VaultSvc - ok
21:03:32.0242 318912 vcsFPService - ok
21:03:32.0257 318912 vdrvroot - ok
21:03:32.0261 318912 vds - ok
21:03:32.0265 318912 VD_FileDisk - ok
21:03:32.0268 318912 vga - ok
21:03:32.0274 318912 VgaSave - ok
21:03:32.0280 318912 vhdmp - ok
21:03:32.0284 318912 viaide - ok
21:03:32.0289 318912 vmbus - ok
21:03:32.0294 318912 VMBusHID - ok
21:03:32.0297 318912 volmgr - ok
21:03:32.0301 318912 volmgrx - ok
21:03:32.0307 318912 volsnap - ok
21:03:32.0312 318912 vpcbus - ok
21:03:32.0317 318912 vpcnfltr - ok
21:03:32.0321 318912 vpcusb - ok
21:03:32.0326 318912 vpcvmm - ok
21:03:32.0329 318912 vsmraid - ok
21:03:32.0333 318912 VSS - ok
21:03:32.0336 318912 vwifibus - ok
21:03:32.0343 318912 vwififlt - ok
21:03:32.0348 318912 vwifimp - ok
21:03:32.0352 318912 W32Time - ok
21:03:32.0359 318912 WacomPen - ok
21:03:32.0363 318912 WANARP - ok
21:03:32.0366 318912 Wanarpv6 - ok
21:03:32.0371 318912 WatAdminSvc - ok
21:03:32.0377 318912 wbengine - ok
21:03:32.0382 318912 WbioSrvc - ok
21:03:32.0385 318912 wcncsvc - ok
21:03:32.0390 318912 WcsPlugInService - ok
21:03:32.0395 318912 Wd - ok
21:03:32.0399 318912 Wdf01000 - ok
21:03:32.0402 318912 WdiServiceHost - ok
21:03:32.0408 318912 WdiSystemHost - ok
21:03:32.0412 318912 WebClient - ok
21:03:32.0416 318912 Wecsvc - ok
21:03:32.0421 318912 wercplsupport - ok
21:03:32.0426 318912 WerSvc - ok
21:03:32.0430 318912 WfpLwf - ok
21:03:32.0433 318912 WIMMount - ok
21:03:32.0440 318912 WinHttpAutoProxySvc - ok
21:03:32.0446 318912 Winmgmt - ok
21:03:32.0451 318912 WinRM - ok
21:03:32.0468 318912 WinUSB - ok
21:03:32.0473 318912 Wlansvc - ok
21:03:32.0479 318912 wlcrasvc - ok
21:03:32.0484 318912 wlidsvc - ok
21:03:32.0488 318912 WmiAcpi - ok
21:03:32.0496 318912 wmiApSrv - ok
21:03:32.0499 318912 WMPNetworkSvc - ok
21:03:32.0504 318912 WPCSvc - ok
21:03:32.0510 318912 WPDBusEnum - ok
21:03:32.0513 318912 ws2ifsl - ok
21:03:32.0516 318912 WSearch - ok
21:03:32.0523 318912 wuauserv - ok
21:03:32.0529 318912 WudfPf - ok
21:03:32.0557 318912 WUDFRd - ok
21:03:32.0563 318912 wudfsvc - ok
21:03:32.0567 318912 WwanSvc - ok
21:03:32.0593 318912 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:03:32.0861 318912 \Device\Harddisk0\DR0 - ok
21:03:32.0861 318912 ============================================================
21:03:32.0861 318912 Scan finished
21:03:32.0861 318912 ============================================================
21:03:32.0870 318904 Detected object count: 0
21:03:32.0870 318904 Actual detected object count: 0

#6 Příspěvek od **vyosek** » 21 čer 2012 20:30

Spustte znovu RogueKiller

Pokud pouzivate Win Vista ci W7, kliknete na RogueKiller pravym a dejte Run As Administrator ci Spustit jako spravce
Zvolte moznost Prohledat a pote Smazat a nasledne Zprava - otevre se log, ten sem vlozte
Pak kliknete na Oprava Host a Zprava - otevre se log, ten sem vlozte

PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK

Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe

Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
Pokud mate Win XP spustte pod uctem Spravce\Administratora
Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix

eboy666 · #7 Příspěvek od **eboy666** » 22 čer 2012 08:54

ok,zda se,ze ComboFix opravil problem.dekuji moc
samozrejme prikladam logy z leceni

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ: Mato [Práva Správcu]
Režim: Odebrať -- Dátum: 06/22/2012 05:54:44

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Záznamy Registrov: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> REPLACED (1)
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> REPLACED (0)
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> REPLACED (0)

¤¤¤ Zvláštne súbory / Adresáre: ¤¤¤

¤¤¤ Ovládač: [NENAHRATÉ] ¤¤¤

¤¤¤ Nákaza : ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.nero.com
127.0.0.1 nero.com
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com
127.0.0.1 support.nero.com
127.0.0.1 www.registernero.com
127.0.0.1 registernero.com
60.12.193.37 auto.search.msn.com
60.12.193.37 auto.search.msn.es
60.12.193.37 ie.search.msn.com

¤¤¤ Kontrola MBR: ¤¤¤

+++++ PhysicalDrive0: Hitachi HTS725050A9A364 +++++
--- User ---
[MBR] ff63010ff273f61ec50bff45ec5eeb82
[BSP] 39552f7680a1579c42ea35ec646c2a5a : Windows 7 MBR Code
Partition table:
0 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 63 | Size: 0 Mo
1 - [ACTIVE] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 2048 | Size: 300 Mo
2 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 616448 | Size: 199993 Mo
3 - [XXXXXX] LINUX-SWP (0x42) [VISIBLE] Offset (sectors): 410203710 | Size: 276644 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Dokončené : << RKreport[3].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt

RogueKiller V7.5.4 [06/07/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: http://www.geekstogo.com/forum/files/fi ... guekiller/
Blog: http://tigzyrk.blogspot.com

Operačný systém: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Spustené v : Normálny režim
Užívateľ: Mato [Práva Správcu]
Režim: Oprava HOSTS -- Dátum: 06/22/2012 06:00:06

¤¤¤ Škodlivé procesy: 0 ¤¤¤

¤¤¤ Ovládač: [NENAHRATÉ] ¤¤¤

¤¤¤ Súbor HOSTS: ¤¤¤
127.0.0.1 localhost
127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com
127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com
127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com
127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com
127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com
127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net
127.0.0.1 www.nero.com
127.0.0.1 nero.com
127.0.0.1 my.nero.com
127.0.0.1 secure.nero.com
127.0.0.1 support.nero.com
127.0.0.1 www.registernero.com
127.0.0.1 registernero.com
60.12.193.37 auto.search.msn.com
60.12.193.37 auto.search.msn.es
60.12.193.37 ie.search.msn.com

¤¤¤ Resetovaný HOSTS: ¤¤¤
127.0.0.1 localhost

Dokončené : << RKreport[4].txt >>
RKreport[1].txt ; RKreport[2].txt ; RKreport[3].txt ; RKreport[4].txt

ComboFix 12-06-21.02 - Mato 22.06.2012 6:17:12.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3951.1746 [GMT 2:00]
Running from: D:\Downloaded\ComboFix.exe
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point

ADS - windows: deleted 24 bytes in 1 streams.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

C:\Program Files (x86)\FunWebProducts
C:\Program Files (x86)\MyWebSearch
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
C:\Program Files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
C:\Program Files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
C:\Program Files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
C:\Program Files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
C:\Program Files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
C:\Program Files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
C:\Program Files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game\CHESS.F3S
C:\Program Files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
C:\Program Files (x86)\MyWebSearch\bar\gen1\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\icons\CM.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\MFC.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\PSS.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\WB.ICO
C:\Program Files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
C:\Program Files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Message\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
C:\Program Files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
C:\Program Files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
C:\Program Files (x86)\MyWebSearch\bar\Settings\s_pid.dat
C:\Program Files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S
C:\Users\Administrator\AppData\Local\assembly\tmp
C:\Users\Mato\AppData\Local\assembly\tmp
C:\Users\Mato\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E18D5DBF-9C57-4670-A798-AD8D72DC4395}.xps
C:\windows\Installer\{20f4c385-c48d-8d4d-4526-ad82e6d59dfb}\@
C:\windows\Installer\{20f4c385-c48d-8d4d-4526-ad82e6d59dfb}\U\00000001.@
C:\windows\iun6002.exe
C:\windows\msxml4-KB973685-enu.LOG
C:\windows\pkunzip.pif
C:\windows\pkzip.pif
C:\windows\system32\drivers\etc\hosts.ics
C:\windows\SysWow64\f3PSSavr.scr
C:\windows\SysWow64\tmpAEB6.tmp
C:\windows\SysWow64\tmpAEB7.tmp

Infected copy of C:\windows\system32\services.exe was found and disinfected
Restored copy from - C:\windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe

((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_MyWebSearchService

((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))

2012-06-22 04:43:20 . 2012-06-22 04:43:20 -------- d-----w- C:\Users\Default\AppData\Local\temp
2012-06-22 04:43:19 . 2012-06-22 04:43:19 -------- d-----w- C:\Users\Administrator\AppData\Local\temp
2012-06-21 16:33:39 . 2012-06-21 16:33:46 -------- d-----w- C:\Program Files\trend micro
2012-06-21 16:33:38 . 2012-06-21 16:33:53 -------- d-----w- C:\rsit
2012-06-19 23:09:18 . 2012-06-19 23:09:18 -------- d-----w- C:\Alkid
2012-06-19 14:41:06 . 2012-06-02 22:19:43 2428952 ----a-w- C:\windows\system32\wuaueng.dll
2012-06-19 14:41:06 . 2012-06-02 22:19:42 57880 ----a-w- C:\windows\system32\wuauclt.exe
2012-06-19 14:41:06 . 2012-06-02 22:19:42 44056 ----a-w- C:\windows\system32\wups2.dll
2012-06-19 14:41:06 . 2012-06-02 22:15:31 2622464 ----a-w- C:\windows\system32\wucltux.dll
2012-06-19 14:40:55 . 2012-06-02 22:19:46 38424 ----a-w- C:\windows\system32\wups.dll
2012-06-19 14:40:55 . 2012-06-02 22:19:23 701976 ----a-w- C:\windows\system32\wuapi.dll
2012-06-19 14:40:55 . 2012-06-02 22:15:08 99840 ----a-w- C:\windows\system32\wudriver.dll
2012-06-19 14:40:51 . 2012-06-02 13:19:42 186752 ----a-w- C:\windows\system32\wuwebv.dll
2012-06-19 14:40:51 . 2012-06-02 13:15:12 36864 ----a-w- C:\windows\system32\wuapp.exe
2012-06-16 19:09:25 . 2012-06-22 03:53:47 -------- d-----w- C:\Users\Mato\AppData\Roaming\Thunderbird
2012-06-16 19:09:25 . 2012-06-16 19:09:25 -------- d-----w- C:\Users\Mato\AppData\Local\Thunderbird
2012-06-15 06:51:59 . 2012-06-20 07:27:58 -------- d-----w- C:\Users\Mato\AppData\Roaming\TrustPort
2012-06-13 18:57:54 . 2012-04-26 05:41:56 77312 ----a-w- C:\windows\system32\rdpwsx.dll
2012-06-13 07:28:25 . 2012-06-13 07:28:26 -------- d-----w- C:\Program Files (x86)\Adobe Story
2012-06-13 03:42:24 . 2012-06-13 03:42:24 -------- d-----w- C:\Users\Mato\AppData\Local\Macromedia
2012-06-12 20:17:31 . 2009-02-17 13:33:16 89256 ----a-w- C:\windows\system32\ElbyCDIO.dll
2012-06-11 20:56:10 . 2012-06-11 20:56:10 -------- d-----w- C:\Users\Mato\AppData\Roaming\Avid
2012-06-11 20:24:16 . 2012-06-11 20:24:16 -------- d-----w- C:\Program Files\Common Files\Avid
2012-06-11 20:21:11 . 2012-06-11 20:21:11 -------- d-----w- C:\windows\SysWow64\MEDIA
2012-06-11 20:20:26 . 2012-06-11 20:23:21 -------- d-----w- C:\Program Files\Avid
2012-06-11 20:20:26 . 2012-06-11 20:21:49 -------- d-----w- C:\Program Files (x86)\Common Files\Digidesign
2012-06-11 20:20:04 . 2012-06-11 20:20:04 -------- d-----w- C:\Program Files (x86)\Common Files\Avid
2012-06-11 20:19:45 . 2012-06-11 20:19:45 -------- d-----w- C:\ProgramData\PACE
2012-06-11 20:19:44 . 2012-06-11 20:19:44 -------- d-----w- C:\Program Files (x86)\Common Files\PACE
2012-06-11 20:18:11 . 2007-04-27 05:40:00 142120 ----a-w- C:\windows\system32\drivers\sentinel64.sys
2012-06-11 20:18:06 . 2012-06-11 20:18:06 -------- d-----w- C:\Program Files (x86)\Common Files\SafeNet Sentinel
2012-06-11 20:18:04 . 2012-06-11 20:18:04 -------- d-----w- C:\windows\Downloaded Installations
2012-06-11 20:17:50 . 2012-06-11 20:17:50 -------- d-----w- C:\Program Files\Java
2012-06-11 20:17:48 . 2012-06-11 20:17:49 -------- d-----w- C:\Users\Mato\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160060}
2012-06-11 20:15:19 . 2012-06-11 20:15:19 -------- d-----w- C:\Program Files (x86)\Licenses
2012-06-11 19:20:38 . 2012-06-11 19:20:38 -------- d-----w- C:\Program Files (x86)\Alcohol Soft
2012-06-11 19:08:50 . 2012-06-11 19:08:50 503352 ----a-w- C:\windows\system32\drivers\sptd.sys
2012-06-11 11:28:43 . 2012-06-11 11:28:43 2981888 ----a-w- C:\windows\SysWow64\iplw7.dll
2012-06-11 11:12:14 . 2012-06-11 11:12:14 544768 ----a-w- C:\windows\SysWow64\msvcr71d.dll
2012-06-11 11:12:05 . 2012-06-11 11:12:05 550248 ----a-w- C:\windows\SysWow64\mmclient.dll
2012-06-11 10:46:59 . 2012-06-11 10:46:59 19968 ----a-w- C:\windows\SysWow64\Cpuinf32.dll
2012-06-11 10:08:25 . 2012-06-11 10:08:25 108096 ----a-w- C:\windows\SysWow64\Dac32.dll
2012-06-11 09:29:42 . 2012-06-11 09:29:42 765952 ----a-w- C:\windows\SysWow64\msvcp71d.dll
2012-06-11 09:29:40 . 2012-06-11 09:29:40 761416 ----a-w- C:\windows\system32\AvOmfToolkit.dll
2012-06-11 08:56:28 . 2012-06-11 08:56:28 2785280 ----a-w- C:\windows\SysWow64\iplM6.dll
2012-06-11 08:24:40 . 2012-06-11 08:24:40 2502656 ----a-w- C:\windows\SysWow64\iplPX.dll
2012-06-11 08:19:21 . 2012-06-11 08:19:21 2531328 ----a-w- C:\windows\SysWow64\iplP6.dll
2012-06-11 07:35:43 . 2012-06-11 07:35:43 2686976 ----a-w- C:\windows\SysWow64\iplM5.dll
2012-06-11 07:33:12 . 2012-06-11 07:33:12 2973696 ----a-w- C:\windows\SysWow64\iplA6.dll
2012-06-11 07:33:06 . 2012-06-11 07:33:06 2174464 ----a-w- C:\windows\SysWow64\MFC71ud.dll
2012-06-11 07:30:58 . 2012-06-11 07:30:58 53248 ----a-w- C:\windows\SysWow64\ipl.dll
2012-06-11 07:30:36 . 2012-06-11 07:30:36 38480 ----a-w- C:\windows\SysWow64\AvidQTUpdaterVC7.dll
2012-06-11 07:18:40 . 2012-06-11 07:18:40 2179072 ----a-w- C:\windows\SysWow64\MFC71d.dll
2012-06-11 07:09:25 . 2012-06-11 07:09:25 66560 ----a-w- C:\windows\SysWow64\ntrights.exe
2012-06-11 07:09:25 . 2012-06-11 07:09:25 66560 ----a-w- C:\windows\system32\ntrights.exe
2012-06-11 07:09:15 . 2012-06-11 07:09:15 56904 ----a-w- C:\windows\SysWow64\libjpegV4.dll
2012-06-11 07:08:59 . 2012-06-11 07:08:59 72264 ----a-w- C:\windows\system32\libjpegV4.dll
2012-06-11 07:04:44 . 2012-06-11 07:04:44 180276 ----a-w- C:\windows\SysWow64\Mspdb50.dll
2012-06-11 06:49:32 . 2012-06-11 06:49:32 565760 ----a-w- C:\windows\SysWow64\msvcp50.dll
2012-06-10 21:56:59 . 2012-06-10 21:58:03 -------- d-----w- C:\totalcmd
2012-06-10 21:56:59 . 2012-06-10 21:56:59 -------- d-----w- C:\Users\Mato\AppData\Roaming\GHISLER
2012-06-10 21:56:59 . 2012-05-23 06:00:00 545 ----a-w- C:\windows\UC.PIF
2012-06-10 21:56:59 . 2012-05-23 06:00:00 545 ----a-w- C:\windows\RAR.PIF
2012-06-10 21:56:59 . 2012-05-23 06:00:00 545 ----a-w- C:\windows\LHA.PIF
2012-06-10 21:56:59 . 2012-05-23 06:00:00 545 ----a-w- C:\windows\ARJ.PIF
2012-06-10 21:35:45 . 2012-06-10 21:35:45 -------- d-----w- C:\Users\Mato\AppData\Local\GHISLER
2012-06-10 17:19:55 . 2012-06-10 17:20:52 -------- d-----w- C:\Users\Mato\AppData\Roaming\Roxio
2012-06-10 08:11:54 . 2007-01-04 10:02:18 663552 ----a-w- C:\windows\SysWow64\mgxoschk.dll
2012-06-10 08:10:12 . 2012-06-10 08:10:12 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Shared
2012-06-10 08:07:47 . 2012-06-11 19:47:35 -------- d-----w- C:\Program Files (x86)\MAGIX
2012-06-07 14:06:22 . 2012-06-07 14:12:17 -------- d-----w- C:\Users\Mato\AppData\Roaming\Topaz Moment
2012-06-06 13:40:49 . 2012-06-10 08:16:55 -------- d-----w- C:\ProgramData\MAGIX
2012-06-06 13:40:48 . 2012-06-10 08:16:55 -------- d-----w- C:\Users\Mato\AppData\Roaming\MAGIX
2012-06-06 13:38:37 . 2012-06-10 08:10:30 -------- d-----w- C:\Users\Mato\AppData\Local\Xara
2012-06-06 13:38:27 . 2012-06-11 19:39:15 -------- d-----w- C:\Program Files (x86)\Common Files\MAGIX Services
2012-06-06 13:38:27 . 2012-06-06 14:03:03 -------- d-----w- C:\ProgramData\Xara
2012-06-06 13:38:27 . 2012-06-06 14:03:03 -------- d-----w- C:\Program Files (x86)\Xara
2012-06-06 13:38:27 . 2012-06-06 13:38:27 -------- d-----w- C:\Program Files\Common Files\MAGIX Services
2012-06-06 13:38:27 . 2012-06-06 13:38:27 -------- d-----w- C:\Program Files (x86)\Common Files\Xara Services
2012-06-06 09:13:32 . 2012-06-06 09:13:32 770384 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 09:13:32 . 2012-06-06 09:13:32 421200 ----a-w- C:\Program Files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-01 16:20:57 . 2012-06-01 16:20:57 -------- d-----w- C:\Program Files (x86)\AKVIS
2012-06-01 15:45:59 . 2012-06-01 15:45:59 -------- d-----w- C:\windows\SysWow64\spool
2012-06-01 15:45:58 . 2012-06-01 15:45:59 -------- d-----w- C:\Program Files (x86)\Sony
2012-06-01 14:21:24 . 2012-06-01 14:21:24 -------- d-----w- C:\Users\Mato\AppData\Roaming\VS Revo Group
2012-06-01 06:02:08 . 2012-06-01 06:02:08 -------- d-sh--w- C:\windows\system32\%APPDATA%
2012-05-30 10:45:12 . 2012-05-30 10:45:12 -------- d-----w- C:\Users\Mato\AppData\Roaming\NeatImage SL
2012-05-30 10:45:03 . 2012-05-30 10:45:03 -------- d-----w- C:\Program Files (x86)\Neat Image
2012-05-30 08:38:32 . 2012-05-30 08:38:32 -------- d-----w- C:\Program Files (x86)\PictureCode
2012-05-29 06:13:38 . 2012-05-08 17:02:23 8955792 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BDE956EE-085D-4202-8FA7-3FA2ECF82CAC}\mpengine.dll
2012-05-28 16:06:56 . 2012-05-28 16:06:56 1791488 ----a-w- C:\windows\SysWow64\mprdin.dll
2012-05-26 09:37:22 . 2012-05-26 09:37:22 -------- d-----w- C:\Users\Mato\AppData\Local\Configure
2012-05-26 09:37:20 . 2012-06-01 14:12:47 -------- d-----w- C:\Users\Mato\AppData\Local\Maker3D
2012-05-26 08:11:57 . 2012-05-26 08:24:32 -------- d-----w- C:\Users\Mato\AppData\Roaming\avidemux
2012-05-25 06:47:39 . 2012-05-25 06:47:39 -------- d-----w- C:\Users\Mato\AppData\Roaming\Publish Providers
2012-05-25 06:40:15 . 2012-05-25 06:40:15 -------- d-----w- C:\ProgramData\Sony
2012-05-24 20:35:15 . 2012-05-24 20:35:15 -------- d-----w- C:\Users\Mato\AppData\Local\LooksBuilder
2012-05-24 20:34:39 . 2012-05-25 06:15:14 -------- d-----w- C:\Users\Mato\temp
2012-05-24 20:30:28 . 2012-05-24 20:30:32 -------- d-----w- C:\Program Files (x86)\LooksBuilderSE
2012-05-24 19:58:42 . 2012-06-10 14:48:32 -------- d-----w- C:\Users\Mato\AppData\Local\Avid
2012-05-24 19:55:21 . 2012-06-11 20:20:04 -------- d-----w- C:\Program Files (x86)\Avid
2012-05-24 19:51:28 . 2012-06-12 05:52:45 -------- d-----w- C:\ProgramData\Avid
2012-05-24 16:53:50 . 2012-06-11 20:55:12 -------- d-----w- C:\Users\Mato\AppData\Roaming\PACE Anti-Piracy
2012-05-24 16:53:50 . 2012-06-11 20:55:12 -------- d-----w- C:\ProgramData\PACE Anti-Piracy
2012-05-24 16:53:50 . 2012-05-24 16:53:50 -------- d-----w- C:\Users\Mato\AppData\Local\PACE Anti-Piracy
2012-05-24 16:38:10 . 2012-05-24 16:38:10 -------- d-----w- C:\Program Files (x86)\My Company Name
2012-05-24 15:48:33 . 2012-05-25 06:44:13 -------- d-----w- C:\Users\Mato\AppData\Local\Sony
2012-05-24 15:47:45 . 2012-06-07 14:39:41 -------- d-----w- C:\Users\Mato\AppData\Roaming\Sony
2012-05-24 13:02:14 . 2012-05-24 13:02:14 -------- d-----w- C:\Users\Mato\AppData\Roaming\PDAppFlex
2012-05-24 12:58:21 . 2012-05-24 12:58:21 -------- d-----w- C:\Users\Mato\AppData\Roaming\Apple Computer
2012-05-24 12:46:46 . 2012-05-24 12:46:53 -------- d-----w- C:\Program Files (x86)\SmartSound Software
2012-05-24 12:46:45 . 2012-05-24 12:47:00 -------- d-----w- C:\ProgramData\SmartSound Software Inc
2012-05-24 12:46:17 . 2012-05-24 16:35:02 -------- d-----w- C:\Program Files (x86)\Common Files\Adobe AIR
2012-05-24 11:43:28 . 2012-05-24 11:48:12 -------- d-----w- C:\Users\Mato\AppData\Local\Nero
2012-05-24 11:31:29 . 2010-05-26 09:41:02 470880 ----a-w- C:\windows\SysWow64\d3dx10_43.dll
2012-05-24 11:31:29 . 2010-05-26 09:41:02 248672 ----a-w- C:\windows\SysWow64\d3dx11_43.dll
2012-05-24 11:31:29 . 2010-05-26 09:41:02 2106216 ----a-w- C:\windows\SysWow64\D3DCompiler_43.dll
2012-05-24 11:31:29 . 2010-05-26 09:41:02 1998168 ----a-w- C:\windows\SysWow64\D3DX9_43.dll
2012-05-24 11:31:29 . 2010-05-26 09:41:02 1868128 ----a-w- C:\windows\SysWow64\d3dcsx_43.dll
2012-05-24 07:16:03 . 2012-05-24 07:16:03 163048 ----a-w- C:\ProgramData\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-23 20:25:22 . 2012-05-23 20:25:22 -------- d-----w- C:\Users\Mato\AppData\Local\Apple Computer
2012-05-23 20:22:47 . 2012-05-23 20:22:47 -------- d-----w- C:\Program Files (x86)\Common Files\Apple
2012-05-23 20:22:27 . 2012-05-23 20:22:27 -------- d-----w- C:\Users\Mato\AppData\Local\Apple
2012-05-23 20:22:23 . 2012-05-23 20:22:23 -------- d-----w- C:\Program Files (x86)\Apple Software Update
2012-05-23 20:22:22 . 2012-05-23 20:22:22 -------- d-----w- C:\ProgramData\Apple

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2012-06-13 03:40:47 . 2012-04-24 20:03:50 426184 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 03:40:46 . 2012-04-24 20:03:50 70344 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 14:03:13 . 2007-04-27 07:43:58 120200 ----a-w- C:\windows\SysWow64\DLLDEV32i.dll
2012-05-11 11:00:48 . 2012-05-11 11:00:48 86528 ----a-w- C:\windows\SysWow64\iesysprep.dll
2012-05-11 11:00:48 . 2012-05-11 11:00:48 76800 ----a-w- C:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-11 11:00:48 . 2012-05-11 11:00:48 74752 ----a-w- C:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-11 11:00:48 . 2012-05-11 11:00:48 63488 ----a-w- C:\windows\SysWow64\tdc.ocx
2012-05-11 11:00:48 . 2012-05-11 11:00:48 48640 ----a-w- C:\windows\SysWow64\mshtmler.dll
2012-05-11 11:00:48 . 2012-05-11 11:00:48 367104 ----a-w- C:\windows\SysWow64\html.iec
2012-05-11 11:00:48 . 2012-05-11 11:00:48 161792 ----a-w- C:\windows\SysWow64\msls31.dll
2012-05-11 11:00:48 . 2012-05-11 11:00:48 110592 ----a-w- C:\windows\SysWow64\IEAdvpack.dll
2012-05-11 11:00:47 . 2012-05-11 11:00:47 74752 ----a-w- C:\windows\SysWow64\iesetup.dll
2012-05-11 11:00:47 . 2012-05-11 11:00:47 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-05-11 11:00:47 . 2012-05-11 11:00:47 23552 ----a-w- C:\windows\SysWow64\licmgr10.dll
2012-05-11 11:00:47 . 2012-05-11 11:00:47 152064 ----a-w- C:\windows\SysWow64\wextract.exe
2012-05-11 11:00:47 . 2012-05-11 11:00:47 150528 ----a-w- C:\windows\SysWow64\iexpress.exe
2012-05-11 11:00:47 . 2012-05-11 11:00:47 11776 ----a-w- C:\windows\SysWow64\mshta.exe
2012-05-11 11:00:47 . 2012-05-11 11:00:47 101888 ----a-w- C:\windows\SysWow64\admparse.dll
2012-05-11 11:00:46 . 2012-05-11 11:00:46 91648 ----a-w- C:\windows\system32\SetIEInstalledDate.exe
2012-05-11 11:00:46 . 2012-05-11 11:00:46 89088 ----a-w- C:\windows\system32\RegisterIEPKEYs.exe
2012-05-11 11:00:46 . 2012-05-11 11:00:46 76800 ----a-w- C:\windows\system32\tdc.ocx
2012-05-11 11:00:46 . 2012-05-11 11:00:46 49664 ----a-w- C:\windows\system32\imgutil.dll
2012-05-11 11:00:46 . 2012-05-11 11:00:46 48640 ----a-w- C:\windows\system32\mshtmler.dll
2012-05-11 11:00:46 . 2012-05-11 11:00:46 448512 ----a-w- C:\windows\system32\html.iec
2012-05-11 11:00:46 . 2012-05-11 11:00:46 35840 ----a-w- C:\windows\SysWow64\imgutil.dll
2012-05-11 11:00:46 . 2012-05-11 11:00:46 222208 ----a-w- C:\windows\system32\msls31.dll
2012-05-11 11:00:46 . 2012-05-11 11:00:46 135168 ----a-w- C:\windows\system32\IEAdvpack.dll
2012-05-11 11:00:46 . 2012-05-11 11:00:46 12288 ----a-w- C:\windows\system32\mshta.exe
2012-05-11 11:00:46 . 2012-05-11 11:00:46 114176 ----a-w- C:\windows\system32\admparse.dll
2012-05-11 11:00:46 . 2012-05-11 11:00:46 111616 ----a-w- C:\windows\system32\iesysprep.dll
2012-05-11 11:00:44 . 2012-05-11 11:00:44 85504 ----a-w- C:\windows\system32\iesetup.dll
2012-05-11 11:00:44 . 2012-05-11 11:00:44 603648 ----a-w- C:\windows\system32\vbscript.dll
2012-05-11 11:00:44 . 2012-05-11 11:00:44 30720 ----a-w- C:\windows\system32\licmgr10.dll
2012-05-11 11:00:44 . 2012-05-11 11:00:44 165888 ----a-w- C:\windows\system32\iexpress.exe
2012-05-11 11:00:44 . 2012-05-11 11:00:44 160256 ----a-w- C:\windows\system32\wextract.exe
2012-05-04 20:13:14 . 2012-05-04 19:13:14 8744608 ----a-w- C:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-30 15:36:26 . 2012-04-30 15:36:30 472808 ----a-w- C:\windows\SysWow64\deployJava1.dll
2012-04-27 03:24:40 . 2012-04-27 03:24:40 614400 ----a-w- C:\windows\AutoKMS.exe
2012-04-26 15:59:00 . 2011-03-28 16:36:46 19352 ----a-w- C:\ProgramData\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-26 14:01:42 . 2012-04-26 14:01:42 65536 ----a-r- C:\Users\Mato\AppData\Roaming\Microsoft\Installer\{9B8A821E-1FCE-45D1-8BEC-738F5AAB20D8}\ARPPRODUCTICON.exe
2012-04-18 18:56:30 . 2012-04-18 18:56:30 94208 ----a-w- C:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56:30 . 2012-04-18 18:56:30 69632 ----a-w- C:\windows\SysWow64\QuickTime.qts
2012-03-30 11:35:47 . 2012-05-10 07:50:56 1918320 ----a-w- C:\windows\system32\drivers\tcpip.sys

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58:16 94208 ----a-w- C:\Users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58:16 94208 ----a-w- C:\Users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58:16 94208 ----a-w- C:\Users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="C:\Program Files (x86)\IncrediMail\bin\IncMail.exe" [2012-05-21 16:11:40 439752]
"WDICT32"="C:\TRANSLAT\WDICT32.EXE" [2012-04-28 14:43:56 3366912]
"OfficeSyncProcess"="C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 21:07:38 718720]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 20:35:16 98304]
"IMSS"="C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 23:46:48 111640]
"AdobeCS5.5ServiceManager"="C:\Program Files (x86)\Common Files\Adobe\CS5.5ServiceManager\CS5.5ServiceManager.exe" [2011-01-12 05:08:56 1523360]
"SwitchBoard"="C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 11:37:14 517096]
"UnlockerAssistant"="D:\Software\unlocker1.8.8-portable\UnlockerAssistant.exe" [2010-02-20 15:28:05 15872]

C:\Users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - C:\Users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
ArsClip.lnk - D:\Program files portable\ArsClipv401\ArsClip.exe [2012-4-28 1517056]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 1082656]
GoogleTranslator.lnk - D:\Program files portable\TranslateClientPortable6.0.exe [2012-4-28 2504256]
PNotes.lnk - D:\Program files portable\PNotesPortable\PNotesPortable.exe [2012-4-25 132856]
Snagit 11.lnk - C:\Program Files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-1-23 8873376]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36:02 75320 ----a-w- C:\Windows\System32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp

R1 VD_FileDisk;VD_FileDisk; [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-05 13:17:44 160944]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\system32\vcsFPService.exe [2010-02-18 22:52:30 2045232]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 16:44:14 183560]
R3 DAMDrv;DAMDrv;C:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 18:36:10 362040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;C:\Program Files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 09:15:00 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 14:11:06 113120]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 pwdrvio;pwdrvio;C:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;C:\windows\system32\pwdspio.sys [x]
R3 Revoflt;Revoflt;C:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 18:08:10 1120752]
R3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 11:37:14 517096]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;C:\windows\system32\Wat\WatAdminSvc.exe [x]
R4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 16:10:10 57184]
S0 epfwwfp;epfwwfp;C:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 sptd;sptd;C:\windows\System32\Drivers\sptd.sys [x]
S1 ehdrv;ehdrv;C:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;C:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;C:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 23:38:36 277032]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 00:22:18 169624]
S2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 10:42:58 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;C:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;C:\Program Files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 11:03:30 974944]
S2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 18:15:22 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 00:37:08 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 15:10:28 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 18:12:00 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 12:39:06 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 15:06:50 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 00:09:48 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 18:17:10 297984]
S2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe [x]
S2 PaceLicenseDServices;PACE License Services;C:\Program Files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 00:36:12 2932224]
S2 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 21:39:08 635416]
S2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys [x]
S2 Sentinel64;Sentinel64;C:\windows\System32\Drivers\Sentinel64.sys [x]
S2 UNS;Intel(R) Management & Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 23:46:56 2320920]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 00:05:52 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;C:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;C:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;C:\windows\system32\DRIVERS\Impcd.sys [x]
S3 osppsvc;Office Software Protection Platform;C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 19:34:24 4925184]
S3 rtsuvc;HP Webcam [2 MP Fixed];C:\windows\system32\DRIVERS\rtsuvc.sys [x]
S3 tapoas;TAP-Win32 Adapter OAS;C:\windows\system32\DRIVERS\tapoas.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\windows\system32\DRIVERS\vwifimp.sys [x]

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38:32 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Contents of the 'Scheduled Tasks' folder

2012-06-22 C:\windows\Tasks\AutoKMS.job
- C:\windows\AutoKMS.exe [2012-04-27 03:24:40 . 2012-04-27 03:24:40]

2012-06-22 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003Core.job
- C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 04:02:53 . 2012-04-25 04:02:52]

2012-06-22 C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003UA.job
- C:\Users\Mato\AppData\Local\Google\Update\GoogleUpdate.exe [2012-04-25 04:02:53 . 2012-04-25 04:02:52]

2012-06-01 C:\windows\Tasks\HPCeeScheduleForMato.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-09-13 20:15:40 . 2010-09-13 20:15:40]

--------- X64 Entries -----------

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58:16 97792 ----a-w- C:\Users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58:16 97792 ----a-w- C:\Users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58:16 97792 ----a-w- C:\Users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58:16 97792 ----a-w- C:\Users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 21:56:26 186904]
"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 18:11:54 8192]
"acevents"="C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 23:38:32 196648]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 23:36:22 483880]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2010-03-17 12:48:42 487424]
"egui"="C:\Program Files\ESET\ESET Smart Security\egui.exe" [2011-09-22 11:03:04 4035152]
"AdobeAAMUpdater-1.0"="C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 04:09:46 446392]
"combofix"="C:\ComboFix\CF28023.3XE" [2010-11-20 13:24:33 345088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0

------- Supplementary Scan -------

uStart Page = hxxp://yahoo.com/
uLocal Page = C:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = C:\Windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - C:\ProgramData\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - C:\ProgramData\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\ProgramData\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\ProgramData\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\ProgramData\LangSoft\WebIE.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 195.146.128.60 195.146.132.59
FF - ProfilePath - C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.New\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/?a=1eyonc7RKTZ
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff_address_bar&a=1eyonc7RKTZ&search=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62808
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-AdobeBridge - (no file)
HKLM-Run-SynTPEnh - C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
HKLM-Run-(Default) - (no file)
AddRemove-Cool's_Codec_pack_4.12 - C:\windows\iun6002.exe
AddRemove-PC Translator - C:\Users\Mato\AppData\Local\Temp\UN32.EXE
AddRemove-{6F44AF95-3CDE-4513-AD3F-6D45F17BF324} - C:\Program Files (x86)\InstallShield Installation Information\{6F44AF95-3CDE-4513-AD3F-6D45F17BF324}\setup.exe

#8 Příspěvek od **vyosek** » 22 čer 2012 12:16

Pokud nemate, tak presunte Combofix na plochu

Spustte poznamkovy blok (Start-spustit-notepad)
Zkopirujte skript nize

Kód: Vybrat vše

KillAll::

Folder::
C:\Users\Mato\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160060}

Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AdobeCS5.5ServiceManager"=-
"SwitchBoard"=-

Driver::
SafeBoot
SbAlg
SbFsLock
RsvLock

File::
C:\windows\Tasks\AutoKMS.job
C:\windows\AutoKMS.exe
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003Core.job
C:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003UA.job
C:\windows\Tasks\HPCeeScheduleForMato.job

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AdobeAAMUpdater-1.0"=-
"combofix"=-

DDS::
uStart Page = hxxp://yahoo.com/
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www

Firefox::
FF - ProfilePath - C:\Users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.New\
FF - prefs.js: browser.search.defaulturl - hxxp://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us
FF - prefs.js: browser.startup.homepage - hxxp://mystart.incredimail.com/?a=1eyonc7RKTZ
FF - prefs.js: keyword.URL - hxxp://mystart.incredimail.com//?loc=ff ... TZ&search=
FF - prefs.js: network.proxy.http - 127.0.0.1
FF - prefs.js: network.proxy.http_port - 62808
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.http.max-connections-per-server - 8
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: content.switch.threshold - 600000

Reboot::

Ulozte vytvoreny TXT jako CFScript.txt
Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte

Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci

eboy666 · #9 Příspěvek od **eboy666** » 22 čer 2012 17:49

tak tady je zatim posledni log.okna s upozornenim na virus uz nevyskakuji

ComboFix 12-06-21.03 - Mato 22.06.2012 17:53:13.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3951.1742 [GMT 2:00]
Running from: d:\downloaded\ComboFix.exe
Command switches used :: c:\users\Mato\Desktop\CFScript.txt
AV: ESET Smart Security 5.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\AutoKMS.exe"
"c:\windows\Tasks\AutoKMS.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003Core.job"
"c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003UA.job"
"c:\windows\Tasks\HPCeeScheduleForMato.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Mato\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160060}
c:\users\Mato\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160060}\1033.MST
c:\users\Mato\AppData\Local\{6448F0A6-6813-11D6-A77B-00B0D0160060}\Java(TM) SE Runtime Environment 6 Update 6.msi
c:\users\Mato\AppData\Local\Temp\nsbF03D.tmp\newadvsplash.dll
c:\users\Mato\AppData\Local\Temp\nsbF03D.tmp\registry.dll
c:\users\Mato\AppData\Local\Temp\nsbF03D.tmp\System.dll
c:\windows\AutoKMS.exe
c:\windows\Tasks\AutoKMS.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003Core.job
c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1703495836-3579572607-3173122003-1003UA.job
c:\windows\Tasks\HPCeeScheduleForMato.job
.
---- Previous Run -------
.
c:\program files (x86)\MyWebSearch\bar\1.bin\F3BKGERR.JPG
c:\program files (x86)\MyWebSearch\bar\1.bin\F3CJPEG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3DTACTL.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HISTSW.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HKSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTMLMU.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3HTTPCT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3IMSTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3POPSWT.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3PSSAVR.SCR
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3REPROX.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3RESTUB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCRCTR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SCHMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\F3SPACER.WMV
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WALLPP.DAT
c:\program files (x86)\MyWebSearch\bar\1.bin\F3WPHOOK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\FWPBUDDY.PNG
c:\program files (x86)\MyWebSearch\bar\1.bin\CHROME.MANIFEST
c:\program files (x86)\MyWebSearch\bar\1.bin\chrome\M3FFXTBR.JAR
c:\program files (x86)\MyWebSearch\bar\1.bin\INSTALL.RDF
c:\program files (x86)\MyWebSearch\bar\1.bin\M3AUXSTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3DLGHK.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HIGHIN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3HTML.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IDLE.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IEOVR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3IMPIPE.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MEDINT.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3MSG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3OUTLCN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3PLUGIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKIN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKNLCR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SKPLAY.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SLSRCH.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3SRCHMN.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\M3TPINST.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSBAR.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSMLBTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEMON.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOEPLG.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSOESTB.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSRCAS.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSSVC.EXE
c:\program files (x86)\MyWebSearch\bar\1.bin\MWSUABTN.DLL
c:\program files (x86)\MyWebSearch\bar\1.bin\NPMYWEBS.DLL
c:\program files (x86)\MyWebSearch\bar\Avatar\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHECKERS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\CHESS.F3S
c:\program files (x86)\MyWebSearch\bar\Game\REVERSI.F3S
c:\program files (x86)\MyWebSearch\bar\gen1\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\icons\CM.ICO
c:\program files (x86)\MyWebSearch\bar\icons\MFC.ICO
c:\program files (x86)\MyWebSearch\bar\icons\PSS.ICO
c:\program files (x86)\MyWebSearch\bar\icons\SMILEY.ICO
c:\program files (x86)\MyWebSearch\bar\icons\WB.ICO
c:\program files (x86)\MyWebSearch\bar\icons\ZWINKY.ICO
c:\program files (x86)\MyWebSearch\bar\IE9Mesg\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\jsifb\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Message\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\DOG.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\FISH.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\KUNGFU.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\LIFEGARD.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAID.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\MAILBOX.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\OPERA.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\ROBOT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SEDUCT.F3S
c:\program files (x86)\MyWebSearch\bar\Notifier\SURFER.F3S
c:\program files (x86)\MyWebSearch\bar\Overlay\COMMON.F3S
c:\program files (x86)\MyWebSearch\bar\Settings\s_pid.dat
c:\program files (x86)\MyWebSearch\bar\wbnotify\COMMON.F3S
c:\users\Mato\AppData\Local\Microsoft\Windows\Temporary Internet Files\{E18D5DBF-9C57-4670-A798-AD8D72DC4395}.xps
c:\windows\Installer\{20f4c385-c48d-8d4d-4526-ad82e6d59dfb}\@
c:\windows\Installer\{20f4c385-c48d-8d4d-4526-ad82e6d59dfb}\U\00000001.@
c:\windows\iun6002.exe
c:\windows\msxml4-KB973685-enu.LOG
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\SysWow64\f3PSSavr.scr
c:\windows\SysWow64\tmpAEB6.tmp
c:\windows\SysWow64\tmpAEB7.tmp
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_MyWebSearchService
-------\Legacy_RSVLOCK
-------\Legacy_SBALG
-------\Legacy_SBFSLOCK
-------\Service_RsvLock
-------\Service_SafeBoot
-------\Service_SbAlg
-------\Service_SbFsLock
.
.
((((((((((((((((((((((((( Files Created from 2012-05-22 to 2012-06-22 )))))))))))))))))))))))))))))))
.
.
2012-06-22 16:10 . 2012-06-22 16:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-22 16:10 . 2012-06-22 16:10 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2012-06-21 16:33 . 2012-06-21 16:33 -------- d-----w- c:\program files\trend micro
2012-06-21 16:33 . 2012-06-21 16:33 -------- d-----w- C:\rsit
2012-06-19 23:09 . 2012-06-19 23:09 -------- d-----w- C:\Alkid
2012-06-19 14:41 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 14:41 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 14:41 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 14:41 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 14:40 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-19 14:40 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 14:40 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 14:40 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 14:40 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 19:09 . 2012-06-22 08:13 -------- d-----w- c:\users\Mato\AppData\Roaming\Thunderbird
2012-06-16 19:09 . 2012-06-16 19:09 -------- d-----w- c:\users\Mato\AppData\Local\Thunderbird
2012-06-15 06:51 . 2012-06-20 07:27 -------- d-----w- c:\users\Mato\AppData\Roaming\TrustPort
2012-06-13 18:57 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 07:28 . 2012-06-13 07:28 -------- d-----w- c:\program files (x86)\Adobe Story
2012-06-13 03:42 . 2012-06-13 03:42 -------- d-----w- c:\users\Mato\AppData\Local\Macromedia
2012-06-12 20:17 . 2009-02-17 13:33 89256 ----a-w- c:\windows\system32\ElbyCDIO.dll
2012-06-11 20:56 . 2012-06-11 20:56 -------- d-----w- c:\users\Mato\AppData\Roaming\Avid
2012-06-11 20:24 . 2012-06-11 20:24 -------- d-----w- c:\program files\Common Files\Avid
2012-06-11 20:21 . 2012-06-11 20:21 -------- d-----w- c:\windows\SysWow64\MEDIA
2012-06-11 20:20 . 2012-06-11 20:23 -------- d-----w- c:\program files\Avid
2012-06-11 20:20 . 2012-06-11 20:21 -------- d-----w- c:\program files (x86)\Common Files\Digidesign
2012-06-11 20:20 . 2012-06-11 20:20 -------- d-----w- c:\program files (x86)\Common Files\Avid
2012-06-11 20:19 . 2012-06-11 20:19 -------- d-----w- c:\programdata\PACE
2012-06-11 20:19 . 2012-06-11 20:19 -------- d-----w- c:\program files (x86)\Common Files\PACE
2012-06-11 20:18 . 2007-04-27 05:40 142120 ----a-w- c:\windows\system32\drivers\sentinel64.sys
2012-06-11 20:18 . 2012-06-11 20:18 -------- d-----w- c:\program files (x86)\Common Files\SafeNet Sentinel
2012-06-11 20:18 . 2012-06-11 20:18 -------- d-----w- c:\windows\Downloaded Installations
2012-06-11 20:17 . 2012-06-11 20:17 -------- d-----w- c:\program files\Java
2012-06-11 20:15 . 2012-06-11 20:15 -------- d-----w- c:\program files (x86)\Licenses
2012-06-11 19:20 . 2012-06-11 19:20 -------- d-----w- c:\program files (x86)\Alcohol Soft
2012-06-11 19:08 . 2012-06-11 19:08 503352 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-06-11 11:28 . 2012-06-11 11:28 2981888 ----a-w- c:\windows\SysWow64\iplw7.dll
2012-06-11 11:12 . 2012-06-11 11:12 544768 ----a-w- c:\windows\SysWow64\msvcr71d.dll
2012-06-11 11:12 . 2012-06-11 11:12 550248 ----a-w- c:\windows\SysWow64\mmclient.dll
2012-06-11 10:46 . 2012-06-11 10:46 19968 ----a-w- c:\windows\SysWow64\Cpuinf32.dll
2012-06-11 10:08 . 2012-06-11 10:08 108096 ----a-w- c:\windows\SysWow64\Dac32.dll
2012-06-11 09:29 . 2012-06-11 09:29 765952 ----a-w- c:\windows\SysWow64\msvcp71d.dll
2012-06-11 09:29 . 2012-06-11 09:29 761416 ----a-w- c:\windows\system32\AvOmfToolkit.dll
2012-06-11 08:56 . 2012-06-11 08:56 2785280 ----a-w- c:\windows\SysWow64\iplM6.dll
2012-06-11 08:24 . 2012-06-11 08:24 2502656 ----a-w- c:\windows\SysWow64\iplPX.dll
2012-06-11 08:19 . 2012-06-11 08:19 2531328 ----a-w- c:\windows\SysWow64\iplP6.dll
2012-06-11 07:35 . 2012-06-11 07:35 2686976 ----a-w- c:\windows\SysWow64\iplM5.dll
2012-06-11 07:33 . 2012-06-11 07:33 2973696 ----a-w- c:\windows\SysWow64\iplA6.dll
2012-06-11 07:33 . 2012-06-11 07:33 2174464 ----a-w- c:\windows\SysWow64\MFC71ud.dll
2012-06-11 07:30 . 2012-06-11 07:30 53248 ----a-w- c:\windows\SysWow64\ipl.dll
2012-06-11 07:30 . 2012-06-11 07:30 38480 ----a-w- c:\windows\SysWow64\AvidQTUpdaterVC7.dll
2012-06-11 07:18 . 2012-06-11 07:18 2179072 ----a-w- c:\windows\SysWow64\MFC71d.dll
2012-06-11 07:09 . 2012-06-11 07:09 66560 ----a-w- c:\windows\SysWow64\ntrights.exe
2012-06-11 07:09 . 2012-06-11 07:09 66560 ----a-w- c:\windows\system32\ntrights.exe
2012-06-11 07:09 . 2012-06-11 07:09 56904 ----a-w- c:\windows\SysWow64\libjpegV4.dll
2012-06-11 07:08 . 2012-06-11 07:08 72264 ----a-w- c:\windows\system32\libjpegV4.dll
2012-06-11 07:04 . 2012-06-11 07:04 180276 ----a-w- c:\windows\SysWow64\Mspdb50.dll
2012-06-11 06:49 . 2012-06-11 06:49 565760 ----a-w- c:\windows\SysWow64\msvcp50.dll
2012-06-10 21:56 . 2012-06-10 21:58 -------- d-----w- C:\totalcmd
2012-06-10 21:56 . 2012-06-10 21:56 -------- d-----w- c:\users\Mato\AppData\Roaming\GHISLER
2012-06-10 21:56 . 2012-05-23 06:00 545 ----a-w- c:\windows\UC.PIF
2012-06-10 21:56 . 2012-05-23 06:00 545 ----a-w- c:\windows\RAR.PIF
2012-06-10 21:56 . 2012-05-23 06:00 545 ----a-w- c:\windows\LHA.PIF
2012-06-10 21:56 . 2012-05-23 06:00 545 ----a-w- c:\windows\ARJ.PIF
2012-06-10 21:35 . 2012-06-10 21:35 -------- d-----w- c:\users\Mato\AppData\Local\GHISLER
2012-06-10 17:19 . 2012-06-10 17:20 -------- d-----w- c:\users\Mato\AppData\Roaming\Roxio
2012-06-10 08:11 . 2007-01-04 10:02 663552 ----a-w- c:\windows\SysWow64\mgxoschk.dll
2012-06-10 08:10 . 2012-06-10 08:10 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Shared
2012-06-10 08:07 . 2012-06-11 19:47 -------- d-----w- c:\program files (x86)\MAGIX
2012-06-07 14:06 . 2012-06-07 14:12 -------- d-----w- c:\users\Mato\AppData\Roaming\Topaz Moment
2012-06-06 13:40 . 2012-06-10 08:16 -------- d-----w- c:\programdata\MAGIX
2012-06-06 13:40 . 2012-06-10 08:16 -------- d-----w- c:\users\Mato\AppData\Roaming\MAGIX
2012-06-06 13:38 . 2012-06-10 08:10 -------- d-----w- c:\users\Mato\AppData\Local\Xara
2012-06-06 13:38 . 2012-06-11 19:39 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2012-06-06 13:38 . 2012-06-06 14:03 -------- d-----w- c:\programdata\Xara
2012-06-06 13:38 . 2012-06-06 14:03 -------- d-----w- c:\program files (x86)\Xara
2012-06-06 13:38 . 2012-06-06 13:38 -------- d-----w- c:\program files\Common Files\MAGIX Services
2012-06-06 13:38 . 2012-06-06 13:38 -------- d-----w- c:\program files (x86)\Common Files\Xara Services
2012-06-06 09:13 . 2012-06-06 09:13 770384 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-06 09:13 . 2012-06-06 09:13 421200 ----a-w- c:\program files (x86)\Mozilla Firefox\msvcp100.dll
2012-06-01 16:20 . 2012-06-01 16:20 -------- d-----w- c:\program files (x86)\AKVIS
2012-06-01 15:45 . 2012-06-01 15:45 -------- d-----w- c:\windows\SysWow64\spool
2012-06-01 15:45 . 2012-06-01 15:45 -------- d-----w- c:\program files (x86)\Sony
2012-06-01 14:21 . 2012-06-01 14:21 -------- d-----w- c:\users\Mato\AppData\Roaming\VS Revo Group
2012-06-01 06:02 . 2012-06-01 06:02 -------- d-sh--w- c:\windows\system32\%APPDATA%
2012-05-30 10:45 . 2012-05-30 10:45 -------- d-----w- c:\users\Mato\AppData\Roaming\NeatImage SL
2012-05-30 10:45 . 2012-05-30 10:45 -------- d-----w- c:\program files (x86)\Neat Image
2012-05-30 08:38 . 2012-05-30 08:38 -------- d-----w- c:\program files (x86)\PictureCode
2012-05-29 06:13 . 2012-05-08 17:02 8955792 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{BDE956EE-085D-4202-8FA7-3FA2ECF82CAC}\mpengine.dll
2012-05-28 16:06 . 2012-05-28 16:06 1791488 ----a-w- c:\windows\SysWow64\mprdin.dll
2012-05-26 09:37 . 2012-05-26 09:37 -------- d-----w- c:\users\Mato\AppData\Local\Configure
2012-05-26 09:37 . 2012-06-01 14:12 -------- d-----w- c:\users\Mato\AppData\Local\Maker3D
2012-05-26 08:11 . 2012-05-26 08:24 -------- d-----w- c:\users\Mato\AppData\Roaming\avidemux
2012-05-25 06:47 . 2012-05-25 06:47 -------- d-----w- c:\users\Mato\AppData\Roaming\Publish Providers
2012-05-25 06:40 . 2012-05-25 06:40 -------- d-----w- c:\programdata\Sony
2012-05-24 20:35 . 2012-05-24 20:35 -------- d-----w- c:\users\Mato\AppData\Local\LooksBuilder
2012-05-24 20:34 . 2012-05-25 06:15 -------- d-----w- c:\users\Mato\temp
2012-05-24 20:30 . 2012-05-24 20:30 -------- d-----w- c:\program files (x86)\LooksBuilderSE
2012-05-24 19:58 . 2012-06-10 14:48 -------- d-----w- c:\users\Mato\AppData\Local\Avid
2012-05-24 19:55 . 2012-06-11 20:20 -------- d-----w- c:\program files (x86)\Avid
2012-05-24 19:51 . 2012-06-12 05:52 -------- d-----w- c:\programdata\Avid
2012-05-24 16:53 . 2012-06-11 20:55 -------- d-----w- c:\users\Mato\AppData\Roaming\PACE Anti-Piracy
2012-05-24 16:53 . 2012-06-11 20:55 -------- d-----w- c:\programdata\PACE Anti-Piracy
2012-05-24 16:53 . 2012-05-24 16:53 -------- d-----w- c:\users\Mato\AppData\Local\PACE Anti-Piracy
2012-05-24 16:38 . 2012-05-24 16:38 -------- d-----w- c:\program files (x86)\My Company Name
2012-05-24 15:48 . 2012-05-25 06:44 -------- d-----w- c:\users\Mato\AppData\Local\Sony
2012-05-24 15:47 . 2012-06-07 14:39 -------- d-----w- c:\users\Mato\AppData\Roaming\Sony
2012-05-24 13:02 . 2012-05-24 13:02 -------- d-----w- c:\users\Mato\AppData\Roaming\PDAppFlex
2012-05-24 12:58 . 2012-05-24 12:58 -------- d-----w- c:\users\Mato\AppData\Roaming\Apple Computer
2012-05-24 12:46 . 2012-05-24 12:46 -------- d-----w- c:\program files (x86)\SmartSound Software
2012-05-24 12:46 . 2012-05-24 12:47 -------- d-----w- c:\programdata\SmartSound Software Inc
2012-05-24 12:46 . 2012-05-24 16:35 -------- d-----w- c:\program files (x86)\Common Files\Adobe AIR
2012-05-24 11:43 . 2012-05-24 11:48 -------- d-----w- c:\users\Mato\AppData\Local\Nero
2012-05-24 11:31 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-05-24 11:31 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-05-24 11:31 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-05-24 11:31 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-05-24 11:31 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-05-24 07:16 . 2012-05-24 07:16 163048 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10141.bin
2012-05-23 20:25 . 2012-05-23 20:25 -------- d-----w- c:\users\Mato\AppData\Local\Apple Computer
2012-05-23 20:22 . 2012-05-23 20:22 -------- d-----w- c:\program files (x86)\Common Files\Apple
2012-05-23 20:22 . 2012-05-23 20:22 -------- d-----w- c:\users\Mato\AppData\Local\Apple
2012-05-23 20:22 . 2012-05-23 20:22 -------- d-----w- c:\program files (x86)\Apple Software Update
2012-05-23 20:22 . 2012-05-23 20:22 -------- d-----w- c:\programdata\Apple
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-13 03:40 . 2012-04-24 20:03 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-13 03:40 . 2012-04-24 20:03 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-06 14:03 . 2007-04-27 07:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2012-05-11 11:00 . 2012-05-11 11:00 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-05-11 11:00 . 2012-05-11 11:00 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-05-11 11:00 . 2012-05-11 11:00 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-05-11 11:00 . 2012-05-11 11:00 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-05-11 11:00 . 2012-05-11 11:00 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-05-11 11:00 . 2012-05-11 11:00 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-05-11 11:00 . 2012-05-11 11:00 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-05-11 11:00 . 2012-05-11 11:00 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-05-11 11:00 . 2012-05-11 11:00 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-05-11 11:00 . 2012-05-11 11:00 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-05-11 11:00 . 2012-05-11 11:00 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-05-11 11:00 . 2012-05-11 11:00 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-05-11 11:00 . 2012-05-11 11:00 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-05-11 11:00 . 2012-05-11 11:00 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-05-11 11:00 . 2012-05-11 11:00 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-05-11 11:00 . 2012-05-11 11:00 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-05-11 11:00 . 2012-05-11 11:00 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-05-11 11:00 . 2012-05-11 11:00 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-05-11 11:00 . 2012-05-11 11:00 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-05-11 11:00 . 2012-05-11 11:00 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-05-11 11:00 . 2012-05-11 11:00 448512 ----a-w- c:\windows\system32\html.iec
2012-05-11 11:00 . 2012-05-11 11:00 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-05-11 11:00 . 2012-05-11 11:00 222208 ----a-w- c:\windows\system32\msls31.dll
2012-05-11 11:00 . 2012-05-11 11:00 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-05-11 11:00 . 2012-05-11 11:00 12288 ----a-w- c:\windows\system32\mshta.exe
2012-05-11 11:00 . 2012-05-11 11:00 114176 ----a-w- c:\windows\system32\admparse.dll
2012-05-11 11:00 . 2012-05-11 11:00 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-05-11 11:00 . 2012-05-11 11:00 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-05-11 11:00 . 2012-05-11 11:00 603648 ----a-w- c:\windows\system32\vbscript.dll
2012-05-11 11:00 . 2012-05-11 11:00 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-05-11 11:00 . 2012-05-11 11:00 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-05-11 11:00 . 2012-05-11 11:00 160256 ----a-w- c:\windows\system32\wextract.exe
2012-05-04 20:13 . 2012-05-04 19:13 8744608 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
2012-04-30 15:36 . 2012-04-30 15:36 472808 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-04-26 15:59 . 2011-03-28 16:36 19352 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-04-26 14:01 . 2012-04-26 14:01 65536 ----a-r- c:\users\Mato\AppData\Roaming\Microsoft\Installer\{9B8A821E-1FCE-45D1-8BEC-738F5AAB20D8}\ARPPRODUCTICON.exe
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-03-30 11:35 . 2012-05-10 07:50 1918320 ----a-w- c:\windows\system32\drivers\tcpip.sys
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-22_05.42.35 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-07-14 05:10 . 2012-06-22 16:17 44054 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-24 11:48 . 2012-06-22 16:17 12854 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-1703495836-3579572607-3173122003-1003_UserData.bin
+ 2012-06-22 16:15 . 2012-06-22 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-22 04:47 . 2012-06-22 04:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-22 16:15 . 2012-06-22 16:15 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-22 04:47 . 2012-06-22 04:47 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-02-24 16:41 . 2012-06-22 15:38 369780 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
+ 2009-07-14 05:01 . 2012-06-22 16:12 677436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-06-22 04:46 677436 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2010-09-16 18:17 . 2012-06-22 16:12 5523048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2010-09-16 18:17 . 2012-06-21 21:21 5523048 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
- 2011-02-24 12:06 . 2012-06-22 04:46 19156256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1703495836-3579572607-3173122003-1003-8192.dat
+ 2011-02-24 12:06 . 2012-06-22 16:12 19156256 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-1703495836-3579572607-3173122003-1003-8192.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 94208 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-05-21 439752]
"WDICT32"="c:\translat\WDICT32.EXE" [2012-04-28 3366912]
"AdobeBridge"="" [BU]
"OfficeSyncProcess"="c:\program files (x86)\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-21 98304]
"IMSS"="c:\program files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe" [2010-03-03 111640]
"UnlockerAssistant"="d:\software\unlocker1.8.8-portable\UnlockerAssistant.exe" [2010-02-20 15872]
.
c:\users\Mato\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Mato\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
ArsClip.lnk - d:\program files portable\ArsClipv401\ArsClip.exe [2012-4-28 1517056]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-30 1082656]
GoogleTranslator.lnk - d:\program files portable\TranslateClientPortable6.0.exe [2012-4-28 2504256]
PNotes.lnk - d:\program files portable\PNotesPortable\PNotesPortable.exe [2012-4-25 132856]
Snagit 11.lnk - c:\program files (x86)\TechSmith\Snagit 11\Snagit32.exe [2012-1-23 8873376]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [x]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files (x86)\Microsoft Office\Office14\GROOVE.EXE [2011-06-12 31125880]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-17 113120]
R3 NETw5s64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 pwdrvio;pwdrvio;c:\windows\system32\pwdrvio.sys [x]
R3 pwdspio;pwdspio;c:\windows\system32\pwdspio.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AdobeActiveFileMonitor10.0;Adobe Active File Monitor V10;c:\program files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe [2011-09-01 169624]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\x86\ekrn.exe [2011-09-22 974944]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-09-09 86072]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-06-14 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 PaceLicenseDServices;PACE License Services;c:\program files (x86)\Common Files\PACE\Services\LicenseServices\LDSvc.exe [2011-07-09 2932224]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-03-06 635416]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [x]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [x]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Mcx2Svc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-02-22 18:38 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-01-18 18:58 97792 ----a-w- c:\users\Mato\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2010-01-08 186904]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"(Default)"="" [BU]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2011-09-22 4035152]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"combofix"="c:\combofix\CF1461.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{7E6A20FB-153F-402c-A84B-1A64E1955D3D} - {7E6A20FB-153F-402c-A84B-1A64E1955D3D} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748449} - {CC963627-B1DC-40E0-B52A-CF21EE748449} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\programdata\LangSoft\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\programdata\LangSoft\WebIE.dll
TCP: DhcpNameServer = 195.146.128.60 195.146.132.59
FF - ProfilePath - c:\users\Mato\AppData\Roaming\Mozilla\Firefox\Profiles\febeprof.New\
FF - prefs.js: browser.search.selectedEngine - Google
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,cf,d6,3d,a8,bf,50,4e,b7,82,d7,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,27,cf,d6,3d,a8,bf,50,4e,b7,82,d7,\
.
[HKEY_USERS\S-1-5-21-1703495836-3579572607-3173122003-1003\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
"??"=hex:73,ef,d6,d2,b7,f5,7d,3b,ce,f2,5b,0b,b5,ef,1d,fb,e2,6f,5b,c2,fb,c9,13,
0c,0b,cc,5d,df,33,4c,51,2b,04,d8,06,3c,12,2f,c9,74,1d,ae,b1,c7,72,20,2a,c1,\
"??"=hex:93,f1,76,3d,53,83,8c,d3,42,db,51,5d,62,86,70,e3
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
c:\program files (x86)\Translate Client\translateclient.exe
d:\program files portable\PNotesPortable\App\PNotes\PNotes.exe
c:\program files (x86)\TechSmith\Snagit 11\TSCHelp.exe
c:\program files (x86)\IncrediMail\Bin\ImApp.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\TechSmith\Snagit 11\SnagPriv.exe
c:\program files (x86)\TechSmith\Snagit 11\snagiteditor.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Completion time: 2012-06-22 18:41:53 - machine was rebooted
ComboFix-quarantined-files.txt 2012-06-22 16:41
.
Pre-Run: 113 014 571 008 bytes free
Post-Run: 112 847 597 568 bytes free
.
- - End Of File - - BEE0EE9417D72C69E6C0D4E6476DA3AC

#10 Příspěvek od **vyosek** » 22 čer 2012 19:26

Tak jeste uklidime

Odinstalujte Combofix

Prejmenujte ComboFix na Uninstall
Spustte jej
Tohle smaze Combofix a jeho slozky

T-Cleaner http://vyosek.ic.cz/pro_usery/T-Cleaner.exe

Stahnete a spustte
Pro potvrzeni volby mackejte A, Enter
Po pouziti utilitu smazte
Antiviry touhou utilitu chybne oznacit jako vir - jedna se o falesny poplach - takze v pohode stahnete (pripadne vypnete pri stahovani antivir)

OTC http://oldtimer.geekstogo.com/OTC.exe

Stahnete a spustte
Kliknete na CleanUp a potvrdte YES
Program uklidi a restartuje PC

TFC http://oldtimer.geekstogo.com/TFC.exe

Stahnete a spustte
Kliknete na Start a potvrdte OK
Program uklidi a restartuje pc
Po pouziti utilitu smazte

Stahnete Ccleaner http://forum.viry.cz/viewtopic.php?t=7478
Panel čistič

Vse nechte jak je, jen dejte Analyzovat a pote Spustit CCleaner

Panel registry

dejte Hledej problémy
nasledne Opravit problémy - zalohu registru doporucuji udelat, opravte vsechny problemy
postup opakujte dokud nebude bez problemu - vetsinou cca 3x

Panel nástroje

Zde muzete odinstalovat nepotrebne programy

CCleaner doporucuji pouzivat cca jednou za tyden

A pokud nejsou problemy ci dotazy, je to z me strany vse

eboy666 · #11 Příspěvek od **eboy666** » 22 čer 2012 21:58

vse provedeno podle instrukci,dotazu by byla cela kopa,ale nejdriv se poohlednu na foru,urcite aspon na cast otazek najdu odpoved.diky jeste jednou,posilam prispevek 100Kc pres PayPal(nejak jsem tam ale nestacil vlozit svuj nick,poslano je to z emailu myhouse37....)

#12 Příspěvek od **vyosek** » 23 čer 2012 00:12

Klidne se ptejte, pokud budu vedet tak odpovim ci zkusim dohledat

Za prispevek jmenem tymu fora dekuji, info o platbe predam kolegyni motji, ktera ma podporu na starost

Jinak nemate zac, rado se stalo

eboy666 · #13 Příspěvek od **eboy666** » 23 čer 2012 14:16

tak hlavne se chci zeptat proc ESET nezabranil infiltraci a ani nedokazal virus smazat.mel bych zmenit antivirus?
dale pak, jakou ma vlastne funkci soubor hosts ,ktery je casto v logu zminovan
taky jsem si vsimnul,ze to vlastne vylecil ComboFix vymenou infikovaneho souboru services.exe za nezavadny,mam pravdu?

#14 Příspěvek od **vyosek** » 23 čer 2012 15:13

ESET paqtri ke kvalitnim AV, nad zmenou bych uvazoval az Vam vyprsi zaplacena licence

Byla tam mrcha v podobe ZeroAccesu, zatim zadny z antiviru ji nedokaze zabranit - je proste silna s hodne zasahy do OS, kterym AV neumi zabranit

Ano, CF provedl nahrazeni infikovaneho (patchnuteho) souboru - to je dusledek cinnosti ZA - infikuje tento soubor aby mohl mit lepsi pristup do systemu...

VIRY.CZ

Nejde smazat trojan

Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan

Re: Nejde smazat trojan