Prosim o preventivku

[dex73r]

Zdravím, prosím o preventívku ale mam na to aj dôvod, kamoš ma cely PC Infektovany .. ked hral left 4 dead tak mu vyhodilo tabulku ze l4d je virus a nejde mu zapnut PC, tak ci to nahodol nemam aj ja.. dakujem


Logfile of random's system information tool 1.09 (written by random/random)
Run by dex73r ^^Ôwn at 2012-07-11 11:40:24
Microsoft Windows 7 Ultimate
System drive C: has 13 GB (24%) free of 53 GB
Total RAM: 2038 MB (43% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:41:08, on 11. 7. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe
C:\Program Files\DAEMON Tools Lite\DTLite.exe
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
C:\Windows\system32\notepad.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\rundll32.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\Downloads\RSIT.exe
C:\Program Files\trend micro\dex73r ^^Ôwn.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [BitTorrent] "C:\Program Files\BitTorrent\BitTorrent.exe" /MINIMIZED
O4 - HKCU\..\Run: [Advanced SystemCare 5] "C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe" /AutoStart
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Advanced SystemCare Service 5 (AdvancedSystemCareService5) - IObit - C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe
O23 - Service: Hotspot Shield Service (hshld) - Unknown owner - C:\Program Files\Hotspot Shield\bin\openvpnas.exe
O23 - Service: Hotspot Shield Routing Service (HssSrv) - AnchorFree Inc. - C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe
O23 - Service: Hotspot Shield Tray Service (HssTrayService) - Unknown owner - C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE
O23 - Service: Hotspot Shield Monitoring Service (HssWd) - Unknown owner - C:\Program Files\Hotspot Shield\bin\hsswd.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMWARE\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 8673 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"fiddlerhook@fiddler2.com"=C:\Program Files\Fiddler2\FiddlerHook


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.262 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.4]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
afurladvisor@anchorfree.com
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\extensions\
multisearchbox@multisearchbox.com

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\searchplugins\
askcom.xml
conduit.xml
mailru---.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-06-19 4014280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2012-05-16 233288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"AdobeAAMUpdater-1.0"=C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]
"APSDaemon"=C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2012-04-18 421888]
"AdobeCS6ServiceManager"=C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-03-09 1073312]
"SwitchBoard"=C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\steam.exe [2011-11-06 1242448]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-06-05 17345712]
"BitTorrent"=C:\Program Files\BitTorrent\BitTorrent.exe [2012-07-05 6077848]
"Advanced SystemCare 5"=C:\Program Files\IObit\Advanced SystemCare 5\ASCTray.exe [2012-05-28 288128]
"AdobeBridge"= []
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\BitTorrent.exe [2012-07-05 6077848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
c:\program files\divx\divx update\divxupdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-06-11 3905408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe [2012-03-28 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.OR~\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AmmyyAdmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open -

======List of files/folders created in the last 1 month======

2012-07-10 23:52:09 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\FileZilla
2012-07-10 23:51:50 ----D---- C:\Program Files\FileZilla FTP Client
2012-07-07 22:29:22 ----A---- C:\Windows\4StoryEG Setup Log.txt
2012-07-05 23:10:42 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-07-05 22:55:16 ----D---- C:\ProgramData\ALM
2012-07-05 15:22:31 ----A---- C:\Windows\system32\ff_vfw.dll
2012-07-05 15:22:27 ----D---- C:\Program Files\ffdshow
2012-07-05 12:12:33 ----AD---- C:\ProgramData\TEMP
2012-07-05 12:11:33 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Auslogics
2012-07-05 12:09:37 ----D---- C:\Program Files\Auslogics
2012-07-04 15:14:16 ----D---- C:\Program Files\Cheat Engine 6.2
2012-07-04 00:42:35 ----D---- C:\Windows\system32\Hotspot Shield
2012-07-03 09:46:15 ----D---- C:\Program Files\JDownloader
2012-07-01 23:13:38 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Apple Computer
2012-07-01 17:18:19 ----D---- C:\Program Files\QuickTime
2012-07-01 17:18:18 ----D---- C:\ProgramData\Apple Computer
2012-07-01 17:13:38 ----D---- C:\Program Files\Common Files\Apple
2012-07-01 17:12:35 ----D---- C:\ProgramData\Apple
2012-07-01 17:12:35 ----D---- C:\Program Files\Apple Software Update
2012-06-29 20:41:23 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Notepad++
2012-06-29 20:41:23 ----D---- C:\Program Files\Notepad++
2012-06-28 20:52:48 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\GRETECH
2012-06-27 21:53:44 ----D---- C:\Program Files\Microsoft
2012-06-27 20:48:41 ----D---- C:\ProgramData\Avira
2012-06-26 18:49:54 ----D---- C:\Program Files\GRETECH
2012-06-22 22:31:31 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\SUPERAntiSpyware.com
2012-06-22 22:30:35 ----D---- C:\ProgramData\SUPERAntiSpyware.com
2012-06-22 22:30:35 ----D---- C:\Program Files\SUPERAntiSpyware
2012-06-20 22:13:24 ----D---- C:\Program Files\Mythicsoft
2012-06-19 14:56:13 ----D---- C:\1
2012-06-17 19:23:51 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\PDAppFlex
2012-06-17 11:09:41 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-06-16 16:42:52 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\OpenOffice.org
2012-06-16 16:39:18 ----D---- C:\Program Files\OpenOffice.org 3
2012-06-15 19:38:35 ----D---- C:\Program Files\StAPH

======List of files/folders modified in the last 1 month======

2012-07-11 11:40:54 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Skype
2012-07-11 11:40:37 ----D---- C:\Windows\Prefetch
2012-07-11 11:40:29 ----D---- C:\Program Files\trend micro
2012-07-11 09:52:37 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\BitTorrent
2012-07-11 09:50:03 ----D---- C:\Program Files\Steam
2012-07-11 09:49:27 ----D---- C:\Windows\temp
2012-07-11 09:49:27 ----D---- C:\ProgramData\VMware
2012-07-10 23:51:50 ----RD---- C:\Program Files
2012-07-10 21:07:38 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.minecraft
2012-07-10 18:46:33 ----SHD---- C:\System Volume Information
2012-07-10 18:02:50 ----D---- C:\Windows\system32\config
2012-07-09 18:40:42 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-07-09 18:40:15 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Adobe
2012-07-09 18:39:16 ----D---- C:\Program Files\Adobe
2012-07-09 18:38:07 ----RSD---- C:\Windows\Fonts
2012-07-09 18:36:26 ----AD---- C:\Windows\System32
2012-07-09 18:35:47 ----D---- C:\Program Files\Common Files\Adobe
2012-07-09 18:35:32 ----SHD---- C:\Windows\Installer
2012-07-09 11:07:15 ----D---- C:\Windows\inf
2012-07-09 09:16:59 ----D---- C:\ProgramData
2012-07-08 09:06:04 ----D---- C:\Windows\system32\drivers
2012-07-07 22:29:22 ----D---- C:\Windows
2012-07-06 21:16:00 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Winamp
2012-07-06 18:21:29 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\DAEMON Tools Lite
2012-07-06 09:13:32 ----D---- C:\Boot
2012-07-05 22:52:02 ----D---- C:\ProgramData\Adobe
2012-07-05 22:13:31 ----D---- C:\Program Files\BitTorrent
2012-07-05 19:09:23 ----A---- C:\Windows\Sandboxie.ini
2012-07-05 15:28:33 ----D---- C:\Windows\system32\Tasks
2012-07-04 13:08:41 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.techniclauncher
2012-07-03 16:53:15 ----D---- C:\Program Files\CCleaner
2012-07-02 15:16:16 ----D---- C:\Program Files\Hotspot Shield
2012-07-01 17:19:30 ----D---- C:\Program Files\Internet Explorer
2012-07-01 17:13:38 ----D---- C:\Program Files\Common Files
2012-06-30 15:22:46 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-06-30 00:50:19 ----D---- C:\Windows\Tasks
2012-06-29 19:13:56 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\GarenaPlus
2012-06-29 19:13:56 ----D---- C:\ProgramData\GarenaMessenger
2012-06-27 21:55:13 ----SD---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Microsoft
2012-06-27 21:53:53 ----RSD---- C:\Windows\assembly
2012-06-27 20:49:15 ----D---- C:\Windows\system32\catroot
2012-06-26 22:52:27 ----D---- C:\Windows\system32\DriverStore
2012-06-25 18:22:40 ----D---- C:\Program Files\Garena Plus
2012-06-25 00:19:35 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\TS3Client
2012-06-23 23:15:41 ----D---- C:\Program Files\Nmap
2012-06-23 23:15:24 ----D---- C:\Windows\winsxs
2012-06-23 14:36:34 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Hamachi
2012-06-22 22:11:04 ----D---- C:\ProgramData\Skype
2012-06-22 21:58:28 ----RD---- C:\Program Files\Skype
2012-06-21 06:33:35 ----D---- C:\Windows\system32\catroot2
2012-06-19 22:38:44 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\gtk-2.0
2012-06-19 20:42:25 ----D---- C:\Windows\pss
2012-06-19 20:23:32 ----D---- C:\Windows\system32\NDF
2012-06-19 17:27:03 ----D---- C:\Program Files\Common Files\Steam
2012-06-17 16:38:58 ----D---- C:\Python27
2012-06-14 10:15:21 ----D---- C:\Windows\system
2012-06-14 10:15:21 ----D---- C:\Program Files\Common Files\microsoft shared

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-05 232512]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 TsVp;TsVp; C:\Windows\system32\DRIVERS\tsvp.sys [2010-06-15 27752]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 91992]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-11-25 229224]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-08-29 32496]
R2 npf;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35088]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2012-04-30 36464]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2012-04-30 25712]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2012-04-30 55664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-03-28 25280]
R3 HssDrv;Hotspot Shield Helper Miniport; C:\Windows\system32\DRIVERS\HssDrv.sys [2012-04-11 37376]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-02-08 133392]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-04-06 33512]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athw.sys [2011-09-05 1630056]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 104792]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2012-04-30 25584]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2012-04-30 16624]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 CEDRIVER60;CEDRIVER60; \??\C:\Program Files\Cheat Engine 6.2\dbk32.sys [2012-06-26 80288]
S3 CV2K1;CommView Network Monitor; C:\Windows\system32\DRIVERS\cv2k1.sys [2010-04-01 19560]
S3 EagleXNt;EagleXNt; C:\Windows\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; C:\Windows\system32\drivers\GGSAFERDriver.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TsVlb;TsVlb; C:\Windows\system32\DRIVERS\tsvlb.sys [2010-04-21 20072]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2011-08-29 31280]
S3 WinRing0_1_2_0;WinRing0_1_2_0; \??\C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys [2010-11-01 14416]
S3 WinUSB;Sony Ericsson USB Device sa0101 Driver; C:\Windows\system32\DRIVERS\WinUSB.sys [2009-07-14 34944]
S4 catchme;catchme; C:\Windows\system32\drivers\catchme.sys []
S4 EagleNT;EagleNT; C:\Windows\system32\drivers\EagleNT.sys []
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-07-11 18768]
S4 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-23 30600]
S4 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-23 19280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
R2 hshld;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2012-06-26 468848]
R2 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2011-11-15 363336]
R2 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2012-06-20 384880]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-02-08 74512]
R2 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-06-19 3048136]
R2 VMAuthdService;VMware Authorization Service; D:\VMWARE\vmware-authd.exe [2012-04-30 79872]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2012-04-30 354416]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2012-04-30 433264]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2011-03-28 1713536]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-06-19 529232]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-06-05 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2012-06-20 78072]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-05-22 129976]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1343400]
S4 AmmyyAdmin;Ammyy Admin; C:\INSTALL\ammyy\AA_v3.exe [2012-04-10 722736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S4 Iprip;DCOM+ Server Process; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S4 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]

-----------------EOF-----------------

[Roli]

Zdravím, tohle fixni v HJT :

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2475029
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O4 - HKLM\..\Run: [AdobeAAMUpdater-1.0] "C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AdobeCS6ServiceManager] "C:\Program Files\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O9 - Extra button: (no name) - AutorunsDisabled - (no file)

HJT najdeš zde :

C:\Program Files\trend micro\dex73r ^^Ôwn.exe

Fix znamená že spustíš HJT jako admin

v okně které se ti otevře klikneš na Do a system scan only

v dalším okně najdeš řádky které jsem ti vypsal,

vedle nich je čtvereček do kterého uděláš zatržítko,

pak klikneš na Fix checked které je vlevo dole,

program se ti zeptá zda opravdu ANO s tím samozřejmě souhlasíš a je hotovo.


Přes Odebrat programy odinstaluj Advanced System Care


Smaž nepotřebné soubory

pomocí CCleaneru

návod :

Čistič - tady vyčistíš PC od nepotřebných souborů a vysypeš Koš

Registry - tady vyčistíš registry (před použitím doporučuji udělat jejich zálohu kterou CCleaner nabízí)

čištění registru je třeba několikrát zopakovat !

Nástroje - tady lze odinstalovat programy, upravit co se spustí po Startu systému a obnovit systém


Pak použij Mbam z mého podpisu a dej mi sem z něj log, předem nic nemazat !!!

[dex73r]

Ahoj, prepac za to ze som nedokoncil preventivku, ale potom som sa to uz jaksi ukludnilo a zabudol som na vas

Spravil som co som mal, este idem vycistit CCLeanerom registry.. davam najnovsi RSIT


Logfile of random's system information tool 1.09 (written by random/random)
Run by dex73r ^^Ôwn at 2012-08-22 16:08:53
Microsoft Windows 7 Ultimate
System drive C: has 7 GB (14%) free of 53 GB
Total RAM: 2038 MB (31% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 16:09:20, on 22. 8. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\COMODO\COMODO Internet Security\cfp.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\Sandboxie\SbieCtrl.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\dex73r ^^Ôwn\Downloads\RSIT.exe
C:\Program Files\trend micro\dex73r ^^Ôwn.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.122.240.45:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.0.3 www.anchorfree.net
O1 - Hosts: 127.0.0.2 www.mefeedia.com
O2 - BHO: (no name) - AutorunsDisabled - (no file)
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [COMODO Internet Security] "C:\Program Files\COMODO\COMODO Internet Security\cfp.exe" -h
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: (no name) - AutorunsDisabled - (no file)
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\flyvpn\flyvpnbind.dll
O10 - Unknown file in Winsock LSP: c:\program files\flyvpn\flyvpnbind.dll
O10 - Unknown file in Winsock LSP: c:\program files\flyvpn\flyvpnbind.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A410738-5435-4E57-B2AB-959251F29F69}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E763905-D486-4A8C-AC65-1D62827611DC}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O20 - AppInit_DLLs: C:\Windows\system32\guard32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: Adobe SwitchBoard (SwitchBoard) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMWARE\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 7305 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"fiddlerhook@fiddler2.com"=C:\Program Files\Fiddler2\FiddlerHook


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@comodo.com/EasyvpnLvn]
"Description"=comodo VpnLVN 1.0
"Path"=C:\Program Files\COMODO\Unite\npEasyVpnLVN.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@comodo.com/EasyvpnRdp]
"Description"=comodo rdp 1.0
"Path"=C:\Program Files\COMODO\Unite\NpRdpView.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@comodo.com/EasyvpnVnc]
"Description"=comodo vnc 1.0
"Path"=C:\Program Files\COMODO\Unite\NpVncView.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.4]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
afurladvisor@anchorfree.com
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\extensions\
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\searchplugins\
askcom.xml
conduit.xml
mailru---.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\AutorunsDisabled]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2012-08-01 233288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 3117344]
"COMODO Internet Security"=C:\Program Files\COMODO\COMODO Internet Security\cfp.exe [2012-03-11 6749512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\steam.exe [2012-08-04 1353080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17420464]
"AdobeBridge"= []
"Clownfish"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\BitTorrent.exe [2012-07-05 6077848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
c:\program files\divx\divx update\divxupdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent]
C:\Program Files\OkayFreedom\OkayFreedomClient.exe [2012-07-20 4153560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-06-11 3905408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN4ALL]
C:\Program Files\VPN4ALL\VPN4ALL.exe [2012-04-23 2395648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe [2012-03-28 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.OR~\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
C:\PROGRA~1\PACKET~1\vpncmgr.exe [2008-05-15 2682880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" C:\Windows\system32\guard32.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AmmyyAdmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\CLPSLS]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open -

======List of files/folders created in the last 1 month======

2012-08-16 14:54:32 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\ExpressVPN
2012-08-16 14:53:40 ----D---- C:\Program Files\ExpressVPN
2012-08-15 17:15:56 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Steganos VPN
2012-08-15 17:14:41 ----D---- C:\Program Files\Common Files\Steganos
2012-08-15 17:14:40 ----D---- C:\Program Files\OkayFreedom
2012-08-15 17:13:13 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Steganos
2012-08-13 06:38:27 ----D---- C:\ProgramData\CPA_VA
2012-08-12 18:49:28 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-12 18:49:06 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-12 18:47:00 ----D---- C:\Windows\system32\RsFx
2012-08-12 18:45:42 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2012-08-12 18:45:27 ----D---- C:\Windows\system32\1033
2012-08-12 18:36:43 ----D---- C:\Windows\symbols
2012-08-12 18:36:35 ----D---- C:\Program Files\Common Files\Merge Modules
2012-08-12 13:03:51 ----D---- C:\ProgramData\IPProtector
2012-08-12 13:02:08 ----A---- C:\Windows\system32\wodVPN.dll
2012-08-12 13:02:06 ----D---- C:\Windows\system32\Driver
2012-08-12 13:00:56 ----D---- C:\Program Files\RiccoVPN
2012-08-12 12:34:19 ----A---- C:\Windows\system32\drivers\cmdatp.sys
2012-08-12 12:33:50 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\COMODO
2012-08-12 12:33:50 ----D---- C:\Program Files\COMODO
2012-08-12 12:31:43 ----D---- C:\ProgramData\COMODO
2012-08-12 09:20:07 ----SHD---- C:\Windows\system32\AI_RecycleBin
2012-08-12 09:19:03 ----D---- C:\Program Files\spotflux
2012-08-12 09:19:02 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.spotflux
2012-08-11 22:35:44 ----A---- C:\Windows\system32\drivers\Neo_0003.sys
2012-08-11 22:34:31 ----A---- C:\Windows\system32\vpncmd.exe
2012-08-11 22:33:58 ----D---- C:\Program Files\PacketiX VPN Client English
2012-08-10 15:28:26 ----D---- C:\Program Files\proXPN
2012-08-09 13:37:36 ----D---- C:\ProgramData\FlyVPN
2012-08-09 13:37:34 ----D---- C:\Program Files\FlyVPN
2012-08-09 11:53:43 ----D---- C:\Program Files\1st Mass Mailer
2012-08-09 10:33:11 ----D---- C:\Program Files\VPN4ALL
2012-08-04 19:36:03 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Microsoft Corporation
2012-08-04 13:39:49 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\UBot Studio
2012-08-03 22:19:33 ----A---- C:\Windows\system32\MFCN42D.DLL
2012-08-03 22:19:33 ----A---- C:\Windows\system32\MFC42D.DLL
2012-08-03 22:19:32 ----A---- C:\Windows\system32\nmapwin.exe
2012-08-03 22:19:32 ----A---- C:\Windows\system32\nmapserv.exe
2012-08-03 22:19:31 ----A---- C:\Windows\system32\nmap.exe
2012-08-03 22:19:31 ----A---- C:\Windows\system32\CCGNU32.dll
2012-08-03 22:19:28 ----A---- C:\Windows\system32\msvcr71d.dll
2012-08-03 22:19:27 ----A---- C:\Windows\system32\aamd532.dll
2012-08-03 22:19:25 ----A---- C:\Windows\system32\MSDERUN.DLL
2012-08-03 22:19:25 ----A---- C:\Windows\system32\MSDBRPTR.DLL
2012-08-03 22:19:25 ----A---- C:\Windows\system32\dao360.dll
2012-08-03 22:19:23 ----D---- C:\Program Files\Net Tools
2012-08-02 23:48:52 ----D---- C:\Program Files\ESET
2012-08-02 23:48:51 ----D---- C:\ProgramData\ESET
2012-07-27 00:38:05 ----D---- C:\Program Files\RocketDock
2012-07-24 22:11:54 ----A---- C:\Windows\system32\drivers\hssdrv6.sys
2012-07-23 17:38:05 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Sony Creative Software Inc
2012-07-23 16:45:28 ----D---- C:\Program Files\Socketsoft
2012-07-23 16:45:28 ----D---- C:\Program Files\Common Files\SocketSecure

======List of files/folders modified in the last 1 month======

2012-08-22 16:08:59 ----D---- C:\Program Files\trend micro
2012-08-22 16:08:09 ----D---- C:\Windows\temp
2012-08-22 16:07:07 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Skype
2012-08-22 16:01:55 ----D---- C:\Windows\system32\config
2012-08-22 15:56:28 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Winamp
2012-08-22 15:56:28 ----D---- C:\Program Files\Steam
2012-08-22 15:55:47 ----D---- C:\Windows\Prefetch
2012-08-22 15:55:46 ----D---- C:\Windows\inf
2012-08-22 15:55:02 ----D---- C:\Windows
2012-08-22 15:45:22 ----D---- C:\Program Files\Common Files\Steam
2012-08-22 15:41:49 ----D---- C:\ProgramData\VMware
2012-08-22 15:40:02 ----D---- C:\Program Files\Microsoft Silverlight
2012-08-22 14:00:24 ----SHD---- C:\Windows\Installer
2012-08-22 14:00:24 ----SD---- C:\ProgramData\Microsoft
2012-08-22 11:08:03 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.techniclauncher
2012-08-22 11:04:26 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.minecraft
2012-08-21 20:20:19 ----D---- C:\ProgramData\hssff
2012-08-20 19:38:18 ----D---- C:\Windows\system32\drivers\etc
2012-08-20 09:14:37 ----D---- C:\Program Files\Hotspot Shield
2012-08-20 06:37:48 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-19 19:47:03 ----D---- C:\Program Files\Mozilla Firefox
2012-08-16 14:53:40 ----RD---- C:\Program Files
2012-08-15 21:31:05 ----D---- C:\Program Files\JDownloader
2012-08-15 18:48:09 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\BitTorrent
2012-08-15 17:15:18 ----D---- C:\Windows\system32\drivers
2012-08-15 17:14:41 ----D---- C:\Program Files\Common Files
2012-08-15 15:31:46 ----A---- C:\Windows\Sandboxie.ini
2012-08-13 08:08:14 ----SHD---- C:\System Volume Information
2012-08-13 06:38:27 ----D---- C:\ProgramData
2012-08-13 00:19:08 ----D---- C:\Windows\system32\catroot
2012-08-13 00:19:01 ----D---- C:\Windows\system32\DriverStore
2012-08-13 00:14:11 ----AD---- C:\Windows\System32
2012-08-12 20:00:23 ----D---- C:\Windows\Microsoft.NET
2012-08-12 19:59:34 ----RSD---- C:\Windows\assembly
2012-08-12 18:49:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-12 18:47:15 ----D---- C:\Program Files\Microsoft SQL Server
2012-08-12 18:45:39 ----D---- C:\Program Files\Common Files\microsoft shared
2012-08-12 18:45:10 ----D---- C:\Program Files\Microsoft.NET
2012-08-12 18:43:36 ----D---- C:\Windows\winsxs
2012-08-12 18:39:29 ----SD---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Microsoft
2012-08-12 18:36:35 ----D---- C:\Program Files\MSBuild
2012-08-12 18:36:35 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2012-08-12 14:39:10 ----D---- C:\Windows\pss
2012-08-12 12:34:19 ----DC---- C:\Windows\system32\DRVSTORE
2012-08-10 15:29:52 ----A---- C:\Windows\win.ini
2012-08-09 10:34:33 ----D---- C:\Windows\system32\catroot2
2012-08-08 16:34:24 ----D---- C:\Windows\system32\NDF
2012-08-08 14:07:52 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\gtk-2.0
2012-08-08 13:59:28 ----RSD---- C:\Windows\Fonts
2012-08-04 10:41:13 ----D---- C:\Program Files\Sandboxie
2012-08-03 22:20:51 ----D---- C:\Program Files\WinPcap
2012-08-02 22:59:31 ----D---- C:\Windows\Logs
2012-08-02 19:02:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-08-01 23:40:40 ----D---- C:\Windows\system32\directx
2012-08-01 18:52:53 ----SHD---- C:\$RECYCLE.BIN
2012-08-01 06:29:27 ----D---- C:\Windows\system32\Tasks
2012-07-28 11:07:58 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Sony
2012-07-27 00:07:04 ----A---- C:\Windows\system32\uxtheme.dll
2012-07-27 00:07:01 ----A---- C:\Windows\system32\themeui.dll
2012-07-27 00:06:59 ----A---- C:\Windows\system32\themeservice.dll
2012-07-25 21:25:46 ----D---- C:\ProgramData\PMB Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 50624]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
R1 cmdGuard;COMODO Internet Security Sandbox Driver; C:\Windows\System32\DRIVERS\cmdguard.sys [2012-03-11 491816]
R1 cmdHlp;COMODO Internet Security Helper Driver; C:\Windows\System32\DRIVERS\cmdhlp.sys [2012-03-11 39640]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-05 232512]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 33656]
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 35560]
R1 inspect;COMODO Internet Security Firewall Driver; C:\Windows\system32\DRIVERS\inspect.sys [2012-02-03 82400]
R1 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
R1 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
R1 TsVp;TsVp; C:\Windows\system32\DRIVERS\tsvp.sys [2010-06-15 27752]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 91992]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-11-25 229224]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 148504]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-08-29 32496]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2012-04-30 36464]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2012-04-30 25712]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2012-04-30 55664]
R3 ATP;Comodo Unite Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys [2011-04-14 17816]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-03-28 25280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 Neo_Packetix;VPN Client Device Driver - Packetix; C:\Windows\system32\DRIVERS\Neo_0003.sys [2012-08-11 22000]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-06-17 137488]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2012-02-14 26624]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-04-06 33512]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athw.sys [2011-09-05 1630056]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 104792]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2012-04-30 25584]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2012-04-30 16624]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 CEDRIVER60;CEDRIVER60; \??\C:\Program Files\Cheat Engine 6.2\dbk32.sys [2012-06-26 80288]
S3 CV2K1;CommView Network Monitor; C:\Windows\system32\DRIVERS\cv2k1.sys [2010-04-01 19560]
S3 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [2012-07-13 22112]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35088]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TsVlb;TsVlb; C:\Windows\system32\DRIVERS\tsvlb.sys [2010-04-21 20072]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2011-08-29 31280]
S4 catchme;catchme; C:\Windows\system32\drivers\catchme.sys []
S4 EagleNT;EagleNT; C:\Windows\system32\drivers\EagleNT.sys []
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-07-11 18768]
S4 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-23 30600]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S4 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-23 19280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-06-17 75536]
R2 VMAuthdService;VMware Authorization Service; D:\VMWARE\vmware-authd.exe [2012-04-30 79872]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2012-04-30 354416]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2012-04-30 433264]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-08-22 529744]
R4 cmdAgent;COMODO Internet Security Helper Service; C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe [2012-03-11 1983232]
R4 hshld;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2012-08-03 476016]
R4 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2012-08-03 408944]
R4 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2012-08-03 387440]
R4 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\VPNService.exe [2012-07-20 295664]
R4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
R4 vpnclient;PacketiX VPN Client; C:\Program Files\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2011-02-11 117264]
S3 SwitchBoard;Adobe SwitchBoard; C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1343400]
S4 AdvancedSystemCareService5;Advanced SystemCare Service 5; C:\Program Files\IObit\Advanced SystemCare 5\ASCService.exe [2012-05-26 913792]
S4 AmmyyAdmin;Ammyy Admin; C:\INSTALL\ammyy\AA_v3.exe [2012-04-10 722736]
S4 CLPSLS;COMODO livePCsupport Service; C:\Program Files\COMODO\COMODO GeekBuddy\CLPSLS.exe [2011-11-23 1052472]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 EzVpnSvc;COMODO Unite MultiLogin Service; C:\Program Files\COMODO\Unite\EzVpnSvc.exe [2011-08-22 360752]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2012-08-03 78072]
S4 Iprip;DCOM+ Server Process; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-19 113120]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 OpenVPNService;OpenVPN Service; C:\Program Files\VPN4ALL\Connect\openvpnserv.exe [2012-02-14 14848]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S4 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]

-----------------EOF-----------------


-- idem spravit malware bytes a dam ich do new postu lebo by sa to sem asi nemestilo.

[dex73r]

Malwarebytes Anti-Malware (Skúšobná verzia) 1.62.0.1300
www.malwarebytes.org

Verzia databázy: v2012.08.22.04

Windows 7 x86 NTFS
Internet Explorer 8.0.7600.16385
dex73r ^^Ôwn :: DEX73RÔWN-PC [administrátor]

Ochrana: Zapnuté

22. 8. 2012 17:18:28
mbam-log-2012-08-22 (17-36-09).txt

Typ kontroly: Rýchla kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 200535
Uplynutý čas: 15 min, 44 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 7
HKCR\CLSID\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755} (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.
HKCR\TypeLib\{68A9B0ED-9615-4F62-8B2A-3026C0063232} (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.
HKCR\Interface\{6C21E753-381F-4430-9E5D-1EFC696EBE88} (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.
HKCR\WTBPlugin.WTBAddon.1 (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.
HKCR\WTBPlugin.WTBAddon (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755} (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1630669F-9D0C-4F0B-8AA9-10DE8BEE1755} (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 2
C:\Program Files\MyBrowserCash\WTBPlugin.dll (PUP.MultiSearchBox) -> Žiadna úloha nevykonaná.
C:\Users\dex73r ^^Ôwn\Downloads\Skype IP Resolver.exe (Backdoor.Bot.HPWGen) -> Žiadna úloha nevykonaná.

(koniec)

dufam ze staci rychla kontrola, nemam naladu cely den cakat nato :/

[Roli]

To co Mbam našel nech smazat.

Jen máme trošku problém, ESET Smart Security a COMODO Internet Security na jednom systému není dobré.

Nech jen jeden bezpečnostní balík a druhý odinstaluj a pak mi sem dej aktuální log z Rsit.

[dex73r]

zdravím, ponechal som eset, smazal tie subory z mbam

rsit:


Logfile of random's system information tool 1.09 (written by random/random)
Run by dex73r ^^Ôwn at 2012-08-23 08:48:19
Microsoft Windows 7 Ultimate
System drive C: has 8 GB (14%) free of 53 GB
Total RAM: 2038 MB (42% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 8:48:38, on 23. 8. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\Steam\Steam.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Users\dex73r ^^Ôwn\Downloads\RSIT.exe
C:\Program Files\trend micro\dex73r ^^Ôwn.exe
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Chrome\Application\chrome.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 69.122.240.45:8118
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 127.0.0.3 www.anchorfree.net
O1 - Hosts: 127.0.0.2 www.mefeedia.com
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: Hotspot Shield Class - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [Malwarebytes' Anti-Malware] "C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
O4 - HKCU\..\Run: [Steam] "C:\Program Files\Steam\steam.exe" -silent
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MIF5BA~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Se&nd to OneNote - res://C:\PROGRA~1\MIF5BA~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\flyvpn\flyvpnbind.dll
O10 - Unknown file in Winsock LSP: c:\program files\flyvpn\flyvpnbind.dll
O10 - Unknown file in Winsock LSP: c:\program files\flyvpn\flyvpnbind.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\vsocklib.dll
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{1A410738-5435-4E57-B2AB-959251F29F69}: NameServer = 8.26.56.26,156.154.70.22
O17 - HKLM\System\CCS\Services\Tcpip\..\{8E763905-D486-4A8C-AC65-1D62827611DC}: NameServer = 8.26.56.26,156.154.70.22
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\Program Files\Sandboxie\SbieSvc.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: VMware Authorization Service (VMAuthdService) - VMware, Inc. - D:\VMWARE\vmware-authd.exe
O23 - Service: VMware DHCP Service (VMnetDHCP) - VMware, Inc. - C:\Windows\system32\vmnetdhcp.exe
O23 - Service: VMware USB Arbitration Service (VMUSBArbService) - VMware, Inc. - C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe
O23 - Service: VMware NAT Service - VMware, Inc. - C:\Windows\system32\vmnat.exe

--
End of file - 7122 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3437577185-1627907297-3700836042-1002UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default

prefs.js - "browser.search.useDBForOrder" - true
prefs.js - "browser.startup.homepage" - "www.google.sk"

"{23fcfd51-4958-4f00-80a3-ae97e717ed8b}"=C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5
"fiddlerhook@fiddler2.com"=C:\Program Files\Fiddler2\FiddlerHook


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.3.300.270 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0]
"Description"=DivX Plus Web Player
"Path"=C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0]
"Description"=DivX VOD Helper Plug-in
"Path"=C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.1]
"Description"=
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/wpi,version=1.4]
"Description"=
"Path"=C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
afurladvisor@anchorfree.com
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
avg-secure-search.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\extensions\
{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}

C:\Users\dex73r ^^Ôwn\AppData\Roaming\Mozilla\Firefox\Profiles\141uqjcr.default\searchplugins\
askcom.xml
conduit.xml
mailru---.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-04-04 453504]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MIF5BA~1\Office14\URLREDIR.DLL [2010-01-16 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-04-04 157576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files\Hotspot Shield\HssIE\HssIE.dll [2012-08-01 233288]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2009-09-23 141848]
"Persistence"=C:\Windows\system32\igfxpers.exe [2009-09-23 150552]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-03-07 3117344]
"Malwarebytes' Anti-Malware"=C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe [2012-07-03 462920]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"=C:\Program Files\Steam\steam.exe [2012-08-04 1353080]
"Skype"=C:\Program Files\Skype\Phone\Skype.exe [2012-07-13 17420464]
"AdobeBridge"= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-04-04 446392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
C:\Program Files\BitTorrent\BitTorrent.exe [2012-07-05 6077848]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-08-02 4910912]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
c:\program files\divx\divx update\divxupdate.exe [2011-07-29 1259376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\dex73r ^^Ôwn\AppData\Local\Google\Update\GoogleUpdate.exe [2011-11-04 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent]
C:\Program Files\OkayFreedom\OkayFreedomClient.exe [2012-07-20 4153560]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files\Common Files\Java\Java Update\jusched.exe [2012-01-17 252296]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [2012-06-11 3905408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
[]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN4ALL]
C:\Program Files\VPN4ALL\VPN4ALL.exe [2012-04-23 2395648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files\Winamp\winampa.exe [2011-12-09 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
C:\PROGRA~1\Hamachi\hamachi.exe [2012-03-28 624416]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
C:\PROGRA~1\OPENOF~1.OR~\program\QUICKS~1.EXE [2010-06-07 1195520]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
C:\PROGRA~1\PACKET~1\vpncmgr.exe [2008-05-15 2682880]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2009-09-23 218112]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\system32\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\IMFservice]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\!SASCORE]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AmmyyAdmin]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Hamachi2Svc]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsvid.dll
"vidc.DIVX"=DivX.dll
"vidc.yv12"=DivX.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.VMnc"=vmnc.dll
"msacm.divxa32"=msaud32_divx.acm
"VIDC.FFDS"=ff_vfw.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open -

======List of files/folders created in the last 1 month======

2012-08-23 08:38:48 ----SHD---- C:\Config.Msi
2012-08-22 17:12:04 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Malwarebytes
2012-08-22 17:11:49 ----D---- C:\ProgramData\Malwarebytes
2012-08-22 17:11:47 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2012-08-22 17:11:47 ----A---- C:\Windows\system32\drivers\mbam.sys
2012-08-16 14:54:32 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\ExpressVPN
2012-08-16 14:53:40 ----D---- C:\Program Files\ExpressVPN
2012-08-15 17:15:56 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Steganos VPN
2012-08-15 17:14:41 ----D---- C:\Program Files\Common Files\Steganos
2012-08-15 17:14:40 ----D---- C:\Program Files\OkayFreedom
2012-08-15 17:13:13 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Steganos
2012-08-13 06:38:27 ----D---- C:\ProgramData\CPA_VA
2012-08-12 18:49:28 ----A---- C:\Windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-12 18:49:06 ----A---- C:\Windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-12 18:47:00 ----D---- C:\Windows\system32\RsFx
2012-08-12 18:45:42 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2012-08-12 18:45:27 ----D---- C:\Windows\system32\1033
2012-08-12 18:36:43 ----D---- C:\Windows\symbols
2012-08-12 18:36:35 ----D---- C:\Program Files\Common Files\Merge Modules
2012-08-12 13:03:51 ----D---- C:\ProgramData\IPProtector
2012-08-12 13:02:08 ----A---- C:\Windows\system32\wodVPN.dll
2012-08-12 13:02:06 ----D---- C:\Windows\system32\Driver
2012-08-12 13:00:56 ----D---- C:\Program Files\RiccoVPN
2012-08-12 12:31:43 ----D---- C:\ProgramData\COMODO
2012-08-12 09:20:07 ----SHD---- C:\Windows\system32\AI_RecycleBin
2012-08-12 09:19:03 ----D---- C:\Program Files\spotflux
2012-08-12 09:19:02 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.spotflux
2012-08-11 22:35:44 ----A---- C:\Windows\system32\drivers\Neo_0003.sys
2012-08-11 22:34:31 ----A---- C:\Windows\system32\vpncmd.exe
2012-08-11 22:33:58 ----D---- C:\Program Files\PacketiX VPN Client English
2012-08-10 15:28:26 ----D---- C:\Program Files\proXPN
2012-08-09 13:37:36 ----D---- C:\ProgramData\FlyVPN
2012-08-09 13:37:34 ----D---- C:\Program Files\FlyVPN
2012-08-09 11:53:43 ----D---- C:\Program Files\1st Mass Mailer
2012-08-09 10:33:11 ----D---- C:\Program Files\VPN4ALL
2012-08-04 19:36:03 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Microsoft Corporation
2012-08-04 13:39:49 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\UBot Studio
2012-08-03 22:19:33 ----A---- C:\Windows\system32\MFCN42D.DLL
2012-08-03 22:19:33 ----A---- C:\Windows\system32\MFC42D.DLL
2012-08-03 22:19:32 ----A---- C:\Windows\system32\nmapwin.exe
2012-08-03 22:19:32 ----A---- C:\Windows\system32\nmapserv.exe
2012-08-03 22:19:31 ----A---- C:\Windows\system32\nmap.exe
2012-08-03 22:19:31 ----A---- C:\Windows\system32\CCGNU32.dll
2012-08-03 22:19:28 ----A---- C:\Windows\system32\msvcr71d.dll
2012-08-03 22:19:27 ----A---- C:\Windows\system32\aamd532.dll
2012-08-03 22:19:25 ----A---- C:\Windows\system32\MSDERUN.DLL
2012-08-03 22:19:25 ----A---- C:\Windows\system32\MSDBRPTR.DLL
2012-08-03 22:19:25 ----A---- C:\Windows\system32\dao360.dll
2012-08-03 22:19:23 ----D---- C:\Program Files\Net Tools
2012-08-02 23:48:52 ----D---- C:\Program Files\ESET
2012-08-02 23:48:51 ----D---- C:\ProgramData\ESET
2012-07-27 00:38:05 ----D---- C:\Program Files\RocketDock
2012-07-24 22:11:54 ----A---- C:\Windows\system32\drivers\hssdrv6.sys

======List of files/folders modified in the last 1 month======

2012-08-23 08:48:24 ----D---- C:\Program Files\trend micro
2012-08-23 08:45:19 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Skype
2012-08-23 08:43:50 ----D---- C:\Program Files\Steam
2012-08-23 08:43:43 ----D---- C:\Windows\temp
2012-08-23 08:42:46 ----RD---- C:\Program Files
2012-08-23 08:42:46 ----D---- C:\Windows\system32\Tasks
2012-08-23 08:42:44 ----D---- C:\ProgramData\VMware
2012-08-23 08:40:37 ----SHD---- C:\Windows\Installer
2012-08-23 08:40:21 ----D---- C:\Windows\system32\drivers
2012-08-23 08:40:19 ----AD---- C:\Windows\System32
2012-08-23 08:40:01 ----D---- C:\Windows\inf
2012-08-23 08:37:49 ----DC---- C:\Windows\system32\DRVSTORE
2012-08-23 08:37:49 ----D---- C:\Windows\system32\catroot
2012-08-23 08:37:48 ----D---- C:\Windows\system32\DriverStore
2012-08-23 08:36:23 ----SHD---- C:\System Volume Information
2012-08-23 08:24:43 ----D---- C:\Windows
2012-08-23 08:24:38 ----D---- C:\Windows\CSC
2012-08-23 08:12:14 ----D---- C:\Windows\system32\config
2012-08-23 08:08:56 ----D---- C:\Program Files\Common Files\Steam
2012-08-22 22:44:15 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.minecraft
2012-08-22 22:41:27 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\.techniclauncher
2012-08-22 21:55:51 ----D---- C:\Windows\Prefetch
2012-08-22 20:24:25 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Winamp
2012-08-22 17:11:49 ----D---- C:\ProgramData
2012-08-22 17:07:11 ----D---- C:\Program Files\Common Files\Adobe
2012-08-22 17:06:39 ----D---- C:\ProgramData\Adobe
2012-08-22 17:06:06 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Adobe
2012-08-22 17:05:46 ----D---- C:\Program Files\Adobe
2012-08-22 15:40:02 ----D---- C:\Program Files\Microsoft Silverlight
2012-08-22 14:00:24 ----SD---- C:\ProgramData\Microsoft
2012-08-21 20:20:19 ----D---- C:\ProgramData\hssff
2012-08-20 19:38:18 ----D---- C:\Windows\system32\drivers\etc
2012-08-20 09:14:37 ----D---- C:\Program Files\Hotspot Shield
2012-08-20 06:37:48 ----D---- C:\Program Files\Mozilla Maintenance Service
2012-08-19 19:47:03 ----D---- C:\Program Files\Mozilla Firefox
2012-08-15 21:31:05 ----D---- C:\Program Files\JDownloader
2012-08-15 18:48:09 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\BitTorrent
2012-08-15 17:14:41 ----D---- C:\Program Files\Common Files
2012-08-15 15:31:46 ----A---- C:\Windows\Sandboxie.ini
2012-08-12 20:00:23 ----D---- C:\Windows\Microsoft.NET
2012-08-12 19:59:34 ----RSD---- C:\Windows\assembly
2012-08-12 18:49:29 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-08-12 18:47:15 ----D---- C:\Program Files\Microsoft SQL Server
2012-08-12 18:45:39 ----D---- C:\Program Files\Common Files\microsoft shared
2012-08-12 18:45:10 ----D---- C:\Program Files\Microsoft.NET
2012-08-12 18:43:36 ----D---- C:\Windows\winsxs
2012-08-12 18:39:29 ----SD---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Microsoft
2012-08-12 18:36:35 ----D---- C:\Program Files\MSBuild
2012-08-12 18:36:35 ----D---- C:\Program Files\Microsoft Visual Studio 10.0
2012-08-12 14:39:10 ----D---- C:\Windows\pss
2012-08-10 15:29:52 ----A---- C:\Windows\win.ini
2012-08-09 10:34:33 ----D---- C:\Windows\system32\catroot2
2012-08-08 16:34:24 ----D---- C:\Windows\system32\NDF
2012-08-08 14:07:52 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\gtk-2.0
2012-08-08 13:59:28 ----RSD---- C:\Windows\Fonts
2012-08-04 10:41:13 ----D---- C:\Program Files\Sandboxie
2012-08-03 22:20:51 ----D---- C:\Program Files\WinPcap
2012-08-02 22:59:31 ----D---- C:\Windows\Logs
2012-08-02 19:02:35 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2012-08-01 23:40:40 ----D---- C:\Windows\system32\directx
2012-08-01 18:52:53 ----SHD---- C:\$RECYCLE.BIN
2012-07-28 11:07:58 ----D---- C:\Users\dex73r ^^Ôwn\AppData\Roaming\Sony
2012-07-27 00:07:04 ----A---- C:\Windows\system32\uxtheme.dll
2012-07-27 00:07:01 ----A---- C:\Windows\system32\themeui.dll
2012-07-27 00:06:59 ----A---- C:\Windows\system32\themeservice.dll
2012-07-25 21:25:46 ----D---- C:\ProgramData\PMB Files

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-03-14 50624]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2009-07-14 173648]
R0 SmartDefragDriver;SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [2010-11-26 15672]
R0 vmci;VMware VMCI Bus Driver; C:\Windows\system32\DRIVERS\vmci.sys [2011-08-08 98928]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2009-07-14 387584]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2011-11-05 232512]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 169080]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 120152]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-03-14 33656]
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 35560]
R1 TsVp;TsVp; C:\Windows\system32\DRIVERS\tsvp.sys [2010-06-15 27752]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2012-05-22 158552]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2012-05-22 91992]
R1 vmm;Virtual Machine Monitor; \??\C:\Windows\system32\Drivers\vmm.sys [2011-11-25 229224]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-03-14 148504]
R2 hcmon;VMware hcmon; \??\C:\Windows\system32\drivers\hcmon.sys [2011-08-29 32496]
R2 VMnetBridge;VMware Bridge Protocol; C:\Windows\system32\DRIVERS\vmnetbridge.sys [2012-04-30 36464]
R2 VMnetuserif;VMware Network Application Interface; \??\C:\Windows\system32\drivers\vmnetuserif.sys [2012-04-30 25712]
R2 vmx86;VMware vmx86; \??\C:\Windows\system32\Drivers\vmx86.sys [2012-04-30 55664]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-14 229888]
R3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2012-03-28 25280]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd32.sys [2009-09-23 4808192]
R3 MBAMProtector;MBAMProtector; \??\C:\Windows\system32\drivers\mbam.sys [2012-07-03 22344]
R3 Neo_Packetix;VPN Client Device Driver - Packetix; C:\Windows\system32\DRIVERS\Neo_0003.sys [2012-08-11 22000]
R3 SbieDrv;SbieDrv; \??\C:\Program Files\Sandboxie\SbieDrv.sys [2012-06-17 137488]
R3 tap0901;TAP-Win32 Adapter V9; C:\Windows\system32\DRIVERS\tap0901.sys [2012-02-14 26624]
R3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-04-06 33512]
R3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7; C:\Windows\system32\DRIVERS\ts_athw.sys [2011-09-05 1630056]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2012-05-22 104792]
R3 vmkbd;VMware kbd; \??\C:\Windows\system32\drivers\VMkbd.sys [2012-04-30 25584]
R3 VMnetAdapter;VMware Virtual Ethernet Adapter Driver; C:\Windows\system32\DRIVERS\vmnetadapter.sys [2012-04-30 16624]
R3 VPCNetS2;Virtual Machine Network Services Driver; C:\Windows\system32\DRIVERS\VMNetSrv.sys [2008-02-05 59960]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 aic78xx;aic78xx; C:\Windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\DRIVERS\amdagp.sys [2009-07-14 53312]
S3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athr.sys [2009-07-14 1096704]
S3 ATP;Comodo Unite Miniport Driver; C:\Windows\system32\DRIVERS\cmdatp.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 CEDRIVER60;CEDRIVER60; \??\C:\Program Files\Cheat Engine 6.2\dbk32.sys [2012-06-26 80288]
S3 CV2K1;CommView Network Monitor; C:\Windows\system32\DRIVERS\cv2k1.sys [2010-04-01 19560]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys [2012-07-13 22112]
S3 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2011-02-11 35088]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver; \??\C:\Windows\system32\NSNDIS5.SYS [2004-03-24 17280]
S3 pciide;pciide; C:\Windows\system32\DRIVERS\pciide.sys [2009-07-14 12368]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2009-07-14 133120]
S3 s3cap;s3cap; C:\Windows\system32\DRIVERS\vms3cap.sys [2009-07-14 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\DRIVERS\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\DRIVERS\storvsc.sys [2009-07-14 28224]
S3 TsVlb;TsVlb; C:\Windows\system32\DRIVERS\tsvlb.sys [2010-04-21 20072]
S3 viaagp;VIA AGP Bus Filter; C:\Windows\system32\DRIVERS\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\Windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]
S3 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\DRIVERS\vmbus.sys [2009-07-14 175824]
S3 VMBusHID;VMBusHID; C:\Windows\system32\DRIVERS\VMBusHID.sys [2009-07-14 17920]
S3 vmusb;VMware USB Client Driver; C:\Windows\System32\Drivers\vmusb.sys [2011-08-29 31280]
S4 catchme;catchme; C:\Windows\system32\drivers\catchme.sys []
S4 EagleNT;EagleNT; C:\Windows\system32\drivers\EagleNT.sys []
S4 EagleXNt;EagleXNt; \??\C:\Windows\system32\drivers\EagleXNt.sys []
S4 FileMonitor;FileMonitor; \??\C:\Program Files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [2011-07-11 18768]
S4 RegFilter;RegFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [2011-03-23 30600]
S4 RsFx0103;RsFx0103 Driver; C:\Windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 239336]
S4 SASDIFSV;SASDIFSV; \??\C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS [2011-07-22 12880]
S4 SASKUTIL;SASKUTIL; \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS [2011-07-12 67664]
S4 UrlFilter;UrlFilter; \??\C:\Program Files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [2011-03-23 19280]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 !SASCORE;SAS Core Service; C:\Program Files\SUPERAntiSpyware\SASCORE.EXE [2011-08-12 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-03-07 913144]
R2 MBAMService;MBAMService; C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
R2 SbieSvc;Sandboxie Service; C:\Program Files\Sandboxie\SbieSvc.exe [2012-06-17 75536]
R2 VMAuthdService;VMware Authorization Service; D:\VMWARE\vmware-authd.exe [2012-04-30 79872]
R2 VMnetDHCP;VMware DHCP Service; C:\Windows\system32\vmnetdhcp.exe [2012-04-30 354416]
R2 VMUSBArbService;VMware USB Arbitration Service; C:\Program Files\Common Files\VMware\USB\vmware-usbarbitrator.exe [2011-08-29 665200]
R2 VMware NAT Service;VMware NAT Service; C:\Windows\system32\vmnat.exe [2012-04-30 433264]
R3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-08-22 529744]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-02 250056]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4640000]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2011-02-11 117264]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-11-08 1343400]
S4 AmmyyAdmin;Ammyy Admin; C:\INSTALL\ammyy\AA_v3.exe [2012-04-10 722736]
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine; C:\Program Files\LogMeIn Hamachi\hamachi-2.exe [2012-02-28 1373576]
S4 hshld;Hotspot Shield Service; C:\Program Files\Hotspot Shield\bin\openvpnas.exe [2012-08-03 476016]
S4 HssSrv;Hotspot Shield Routing Service; C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe [2012-08-03 408944]
S4 HssTrayService;Hotspot Shield Tray Service; C:\Program Files\Hotspot Shield\bin\HssTrayService.EXE [2012-08-03 78072]
S4 HssWd;Hotspot Shield Monitoring Service; C:\Program Files\Hotspot Shield\bin\hsswd.exe [2012-08-03 387440]
S4 Iprip;DCOM+ Server Process; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 McComponentHostService;McAfee Security Scan Component Host Service; C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-19 113120]
S4 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [2009-03-30 43010392]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service; C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-23 47128]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service; C:\Program Files\OkayFreedom\VPNService.exe [2012-07-20 295664]
S4 OpenVPNService;OpenVPN Service; C:\Program Files\VPN4ALL\Connect\openvpnserv.exe [2012-02-14 14848]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 Skype C2C Service;Skype C2C Service; C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-07-05 3048136]
S4 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-07-13 160944]
S4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion; C:\Program Files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [2011-06-29 155344]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS); C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 366936]
S4 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2009-03-30 254808]
S4 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2008-07-10 98840]
S4 TeamViewer7;TeamViewer 7; C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe [2012-02-23 2886528]
S4 vpnclient;PacketiX VPN Client; C:\Program Files\PacketiX VPN Client English\vpnclient.exe [2008-05-15 2478080]

-----------------EOF-----------------


vdaka

[Roli]

Stáhni a ulož na plochu ComboFix,

spusť aplikaci jako Administrátor a povol instalaci Konzole pro zotavení - Recovery Console.

Poté se zobrazí okno s licenčními podmínkami které potvrdíš kliknutím na ANO,

pak ještě jednou klik na ANO a už to jede.

Celá akce trvá okolo 10 minut ale může i déle, během skenu se nepokoušej spouštět nic jiného.

Při skenovaní může být PC i restartováno nelekat se.

Upozornění: po dobu skenu vypni rezidentní štít Antiviru a AntiSpy programu,

protože Combofix se pokouší napadené soubory smazat a tyto programy mu můžou bránit.

Po dokončení skenu nebo následném restartu aplikace vytvoří log, uložený na C:/Combofix.txt

(při opakovaném použití jsou logy číslovány Combofix2.txt atd.), jeho obsah zkopíruj sem.


V případě nejasností je ZDE obrázkový návod.

[dex73r]

ComboFix 12-08-22.03 - dex73r ^^Ôwn . 08. 2012 9:20.2.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2038.1133 [GMT 2:00]
Running from: c:\users\dex73r ^^ďwn\Downloads\ComboFix.exe
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
ADS - system32: deleted 24 bytes in 2 streams.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\AMMYY
c:\programdata\AMMYY\hr
c:\programdata\AMMYY\hr3
c:\programdata\AMMYY\settings3.bin
c:\windows\XSxS
D:\install.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-07-24 to 2012-08-24 )))))))))))))))))))))))))))))))
.
.
2012-08-24 07:32 . 2012-08-24 07:32 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\temp
2012-08-24 07:32 . 2012-08-24 07:32 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-24 07:32 . 2012-08-24 07:32 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-23 08:41 . 2012-08-23 08:41 -------- d-----w- c:\windows\system32\oodag
2012-08-23 08:37 . 2012-08-23 08:37 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\O&O
2012-08-23 08:36 . 2012-08-23 08:36 -------- d-----w- c:\program files\OO Software
2012-08-22 15:12 . 2012-08-22 15:12 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Malwarebytes
2012-08-22 15:11 . 2012-08-22 15:11 -------- d-----w- c:\programdata\Malwarebytes
2012-08-22 15:11 . 2012-08-22 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-22 15:11 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 10:02 . 2012-08-22 10:02 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\Temporary Projects
2012-08-20 06:49 . 2012-08-20 06:49 565616 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll
2012-08-19 17:47 . 2012-08-19 17:47 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-19 17:47 . 2012-08-19 17:47 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-16 12:54 . 2012-08-16 12:54 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\ExpressVPN
2012-08-16 12:53 . 2012-08-16 12:54 -------- d-----w- c:\program files\ExpressVPN
2012-08-15 15:15 . 2012-08-15 15:17 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Steganos VPN
2012-08-15 15:14 . 2012-08-15 15:14 -------- d-----w- c:\program files\Common Files\Steganos
2012-08-15 15:14 . 2012-08-15 15:16 -------- d-----w- c:\program files\OkayFreedom
2012-08-15 15:13 . 2012-08-15 15:16 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Steganos
2012-08-13 04:38 . 2012-08-23 06:40 -------- d-----w- c:\programdata\CPA_VA
2012-08-12 16:49 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-12 16:49 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-12 16:47 . 2012-08-12 16:47 -------- d-----w- c:\windows\system32\RsFx
2012-08-12 16:45 . 2012-08-12 16:45 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-08-12 16:45 . 2012-08-12 16:45 -------- d-----w- c:\windows\system32\1033
2012-08-12 16:39 . 2012-08-12 16:39 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-08-12 16:36 . 2012-08-12 16:36 -------- d-----w- c:\windows\symbols
2012-08-12 16:36 . 2012-08-12 16:36 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-08-12 11:03 . 2012-08-12 11:14 -------- d-----w- c:\programdata\IPProtector
2012-08-12 11:02 . 2012-08-12 11:02 458056 ----a-w- c:\windows\system32\wodVPN.ocx
2012-08-12 11:02 . 2012-08-12 11:02 420680 ----a-w- c:\windows\system32\wodVPN.dll
2012-08-12 11:02 . 2012-08-12 11:02 -------- d-----w- c:\windows\system32\Driver
2012-08-12 11:00 . 2012-08-12 11:04 -------- d-----w- c:\program files\RiccoVPN
2012-08-12 10:31 . 2012-08-23 06:42 -------- d-----w- c:\programdata\COMODO
2012-08-12 07:20 . 2012-08-12 07:20 -------- d-----w- c:\users\dex73r ^^Ôwn\.swt
2012-08-12 07:20 . 2012-08-12 07:20 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-08-12 07:19 . 2012-08-12 07:20 -------- d-----w- c:\program files\spotflux
2012-08-12 07:19 . 2012-08-20 06:31 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\.spotflux
2012-08-11 20:35 . 2012-08-11 20:35 22000 ----a-w- c:\windows\system32\drivers\Neo_0003.sys
2012-08-11 20:34 . 2012-08-11 20:34 81920 ----a-w- c:\windows\system32\vpncmd.exe
2012-08-11 20:33 . 2012-08-22 13:42 -------- d-----w- c:\program files\PacketiX VPN Client English
2012-08-10 13:28 . 2012-08-10 13:29 -------- d-----w- c:\program files\proXPN
2012-08-09 11:37 . 2012-08-20 06:51 -------- d-----w- c:\programdata\FlyVPN
2012-08-09 11:37 . 2012-08-09 11:37 -------- d-----w- c:\program files\FlyVPN
2012-08-09 09:53 . 2012-08-09 09:53 -------- d-----w- c:\program files\1st Mass Mailer
2012-08-09 08:33 . 2012-08-09 08:39 -------- d-----w- c:\program files\VPN4ALL
2012-08-04 17:36 . 2012-08-04 17:36 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft Corporation
2012-08-04 11:39 . 2012-08-04 11:40 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\UBot Studio
2012-08-02 21:48 . 2012-08-02 21:48 -------- d-----w- c:\program files\ESET
2012-08-01 17:10 . 2012-08-01 17:10 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\Jackaroo
2012-07-26 22:38 . 2012-07-26 22:38 -------- d-----w- c:\program files\RocketDock
2012-07-26 22:07 . 2009-07-14 01:16 249856 ----a-w- c:\windows\system32\uxtheme.dll.backup
2012-07-26 22:07 . 2009-07-14 01:16 2755072 ----a-w- c:\windows\system32\themeui.dll.backup
2012-07-26 22:06 . 2009-07-14 01:16 37376 ----a-w- c:\windows\system32\themeservice.dll.backup
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:02 . 2012-06-17 09:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 17:02 . 2011-11-06 09:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 22:07 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-07-26 22:07 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-07-26 22:06 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-07-24 20:11 . 2012-07-24 20:11 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-07-20 09:15 . 2012-07-20 09:15 98304 ----a-r- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Installer\{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFD}\python_icon.exe
2012-07-20 09:15 . 2012-07-20 09:15 98304 ----a-r- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Installer\{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFD}\python_icon.exe
2012-06-07 11:04 . 2012-06-07 11:04 4176896 ----a-w- c:\windows\system32\LS3Renderer.dll
2012-06-06 16:55 . 2012-06-06 16:55 1632624 ----a-w- c:\windows\system32\ooscrsav.scr
2012-06-06 16:53 . 2012-06-06 16:53 277872 ----a-w- c:\windows\system32\oodbs.exe
2012-06-06 16:52 . 2012-06-06 16:52 536432 ----a-w- c:\windows\system32\oodssrs.dll
2012-06-06 16:52 . 2012-06-06 16:52 10096 ----a-w- c:\windows\system32\oodbsrs.dll
2010-02-10 03:18 . 2011-12-26 08:22 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2012-08-19 17:47 . 2011-12-10 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-05-09 176936]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-06-06 2774384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
path=c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PacketiX VPN Client Task Tray.lnk
backup=c:\windows\pss\PacketiX VPN Client Task Tray.lnk.Startup
backupExtension=.Startup
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2012-07-05 20:13 6077848 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-04 19:18 136176 ----atw- c:\users\dex73r ^^Ôwn\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]
[BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent]
2012-07-20 11:44 4153560 ----a-w- c:\program files\OkayFreedom\OkayFreedomClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-11 16:26 3905408 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN4ALL]
2012-04-23 17:34 2395648 ----a-w- c:\program files\VPN4ALL\vpn4all.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]
R3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
R4 AmmyyAdmin;Ammyy Admin;c:\install\ammyy\AA_v3.exe [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
R4 Iprip;DCOM+ Server Process;c:\windows\System32\svchost.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;c:\program files\OkayFreedom\VPNService.exe [x]
R4 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R4 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R4 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R4 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client English\vpnclient.exe [x]
R4 XDva375;XDva375; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Neo_Packetix;VPN Client Device Driver - Packetix;c:\windows\system32\DRIVERS\Neo_0003.sys [x]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athw.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Iprip
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 17:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 69.122.240.45:8118
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\FlyVPN\FlyVPNBind.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: DhcpNameServer = 217.119.113.244 217.119.113.245
TCP: Interfaces\{1A410738-5435-4E57-B2AB-959251F29F69}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{8E763905-D486-4A8C-AC65-1D62827611DC}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath -
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - (no file)
HKCU-Run-AdobeBridge - (no file)
SafeBoot-IMFservice
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3437577185-1627907297-3700836042-1002\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**‚Öôަ>]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f69d400
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-24 09:37:01
ComboFix-quarantined-files.txt 2012-08-24 07:37
ComboFix2.txt 2012-02-02 14:11
.
Pre-Run: 7 542 738 944 bytes free
Post-Run: 7 502 802 944 bytes free
.
- - End Of File - - 6A0B48F469D12385B0F4160CDDD63C03



vdaka

[Roli]

Pokud jsi tak ještě neučinil, přesuň Combofix na plochu

otevři si Poznámkový blok

do něj zkopíruj skript z následujícího okna:

Kód: Vybrat vše

File::  
c:\program files\Common Files\AskToolbarInstaller.exe

Folder::
c:\programdata\COMODO
c:\program files\Ask.com

Registry::
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"=-
[-HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[-HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[-HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
[-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Guard.Mail.ru.gui]

Driver::
XDva375

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

ulož Tebou vytvořený TXT soubor jako CFScript.txt na plochu,

po uložení uchop vytvořený skript levým myšítkem a přesuň ho nad ikonu Combofixu, kde ho upustíš:



Po aplikaci na Tebe vypadne další log, zkopíruj ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou,

v tom případě znovu restartuj a přitom mačkej F8 poté zvol Poslední známou funkční konfiguraci

[dex73r]

ComboFix 12-08-22.03 - dex73r ^^Ôwn . 08. 2012 7:57.3.1 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1250.421.1051.18.2038.1084 [GMT 2:00]
Running from: c:\users\dex73r ^^ďwn\Desktop\ComboFix.exe
Command switches used :: c:\users\dex73r ^^ďwn\Desktop\CFScript.txt
AV: ESET Smart Security 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
FW: ESET personal firewall *Disabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: IObit Malware Fighter *Disabled/Outdated* {A751AC20-3B48-5237-898A-78C4436BB78D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
.
((((((((((((((((((((((((( Files Created from 2012-07-26 to 2012-08-26 )))))))))))))))))))))))))))))))
.
.
2012-08-26 06:12 . 2012-08-26 06:12 -------- d-----w- c:\users\Public\AppData\Local\temp
2012-08-26 06:12 . 2012-08-26 06:12 -------- d-----w- c:\users\dex73r ^^ďwn\AppData\Local\temp
2012-08-26 06:12 . 2012-08-26 06:12 -------- d-----w- c:\users\dex73r ^^âwn\AppData\Local\temp
2012-08-26 06:12 . 2012-08-26 06:12 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-08-25 07:05 . 2012-08-26 05:37 56200 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3A41D111-5D85-48E2-B80A-D42C60CD9938}\offreg.dll
2012-08-24 13:41 . 2012-08-24 13:41 -------- d-----w- c:\program files\HD Tune
2012-08-24 07:37 . 2012-08-26 06:12 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\temp
2012-08-23 08:41 . 2012-08-23 08:41 -------- d-----w- c:\windows\system32\oodag
2012-08-23 08:37 . 2012-08-23 08:37 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\O&O
2012-08-23 08:36 . 2012-08-23 08:36 -------- d-----w- c:\program files\OO Software
2012-08-22 15:12 . 2012-08-22 15:12 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Malwarebytes
2012-08-22 15:11 . 2012-08-22 15:11 -------- d-----w- c:\programdata\Malwarebytes
2012-08-22 15:11 . 2012-08-22 15:11 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-08-22 15:11 . 2012-07-03 11:46 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-22 10:02 . 2012-08-22 10:02 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\Temporary Projects
2012-08-20 06:49 . 2012-08-20 06:49 565616 ----a-w- c:\program files\Mozilla Firefox\extensions\afurladvisor@anchorfree.com\components\afurladvisor14.dll
2012-08-19 17:47 . 2012-08-19 17:47 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-08-19 17:47 . 2012-08-19 17:47 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-08-16 12:54 . 2012-08-16 12:54 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\ExpressVPN
2012-08-16 12:53 . 2012-08-16 12:54 -------- d-----w- c:\program files\ExpressVPN
2012-08-15 15:15 . 2012-08-15 15:17 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Steganos VPN
2012-08-15 15:14 . 2012-08-15 15:14 -------- d-----w- c:\program files\Common Files\Steganos
2012-08-15 15:14 . 2012-08-15 15:16 -------- d-----w- c:\program files\OkayFreedom
2012-08-15 15:13 . 2012-08-15 15:16 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Steganos
2012-08-13 22:37 . 2012-08-14 22:32 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\hitleap
2012-08-13 04:38 . 2012-08-23 06:40 -------- d-----w- c:\programdata\CPA_VA
2012-08-12 16:49 . 2009-07-23 03:08 50200 ----a-w- c:\windows\system32\perf-SQLAgent$SQLEXPRESS-sqlagtctr10.1.2531.0.dll
2012-08-12 16:49 . 2009-07-23 03:08 79896 ----a-w- c:\windows\system32\perf-MSSQL$SQLEXPRESS-sqlctr10.1.2531.0.dll
2012-08-12 16:47 . 2012-08-12 16:47 -------- d-----w- c:\windows\system32\RsFx
2012-08-12 16:45 . 2012-08-12 16:45 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-08-12 16:45 . 2012-08-12 16:45 -------- d-----w- c:\windows\system32\1033
2012-08-12 16:39 . 2012-08-12 16:39 112832 ----a-w- c:\programdata\Microsoft\VCExpress\10.0\1033\ResourceCache.dll
2012-08-12 16:36 . 2012-08-12 16:36 -------- d-----w- c:\windows\symbols
2012-08-12 16:36 . 2012-08-12 16:36 -------- d-----w- c:\program files\Common Files\Merge Modules
2012-08-12 11:03 . 2012-08-12 11:14 -------- d-----w- c:\programdata\IPProtector
2012-08-12 11:02 . 2012-08-12 11:02 458056 ----a-w- c:\windows\system32\wodVPN.ocx
2012-08-12 11:02 . 2012-08-12 11:02 420680 ----a-w- c:\windows\system32\wodVPN.dll
2012-08-12 11:02 . 2012-08-12 11:02 -------- d-----w- c:\windows\system32\Driver
2012-08-12 11:00 . 2012-08-12 11:04 -------- d-----w- c:\program files\RiccoVPN
2012-08-12 10:31 . 2012-08-23 06:42 -------- d-----w- c:\programdata\COMODO
2012-08-12 07:20 . 2012-08-12 07:20 -------- d-----w- c:\users\dex73r ^^Ôwn\.swt
2012-08-12 07:20 . 2012-08-12 07:20 -------- d-sh--w- c:\windows\system32\AI_RecycleBin
2012-08-12 07:19 . 2012-08-12 07:20 -------- d-----w- c:\program files\spotflux
2012-08-12 07:19 . 2012-08-20 06:31 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\.spotflux
2012-08-11 20:35 . 2012-08-11 20:35 22000 ----a-w- c:\windows\system32\drivers\Neo_0003.sys
2012-08-11 20:34 . 2012-08-11 20:34 81920 ----a-w- c:\windows\system32\vpncmd.exe
2012-08-11 20:33 . 2012-08-22 13:42 -------- d-----w- c:\program files\PacketiX VPN Client English
2012-08-10 13:28 . 2012-08-10 13:29 -------- d-----w- c:\program files\proXPN
2012-08-09 11:37 . 2012-08-20 06:51 -------- d-----w- c:\programdata\FlyVPN
2012-08-09 11:37 . 2012-08-09 11:37 -------- d-----w- c:\program files\FlyVPN
2012-08-09 09:53 . 2012-08-09 09:53 -------- d-----w- c:\program files\1st Mass Mailer
2012-08-09 08:33 . 2012-08-09 08:39 -------- d-----w- c:\program files\VPN4ALL
2012-08-04 17:36 . 2012-08-04 17:36 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft Corporation
2012-08-04 11:39 . 2012-08-04 11:40 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Roaming\UBot Studio
2012-08-02 21:48 . 2012-08-02 21:48 -------- d-----w- c:\program files\ESET
2012-08-01 17:10 . 2012-08-01 17:10 -------- d-----w- c:\users\dex73r ^^Ôwn\AppData\Local\Jackaroo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-02 17:02 . 2012-06-17 09:09 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-08-02 17:02 . 2011-11-06 09:42 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-26 22:07 . 2009-07-13 23:40 249856 ----a-w- c:\windows\system32\uxtheme.dll
2012-07-26 22:07 . 2009-07-13 23:39 2755072 ----a-w- c:\windows\system32\themeui.dll
2012-07-26 22:06 . 2009-07-13 23:39 37376 ----a-w- c:\windows\system32\themeservice.dll
2012-07-24 20:11 . 2012-07-24 20:11 35560 ----a-w- c:\windows\system32\drivers\hssdrv6.sys
2012-07-20 09:15 . 2012-07-20 09:15 98304 ----a-r- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Installer\{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFD}\python_icon.exe
2012-07-20 09:15 . 2012-07-20 09:15 98304 ----a-r- c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Installer\{4CDE3168-D060-4B7C-BC74-4D8F9BB01AFD}\python_icon.exe
2012-06-07 11:04 . 2012-06-07 11:04 4176896 ----a-w- c:\windows\system32\LS3Renderer.dll
2012-06-06 16:55 . 2012-06-06 16:55 1632624 ----a-w- c:\windows\system32\ooscrsav.scr
2012-06-06 16:53 . 2012-06-06 16:53 277872 ----a-w- c:\windows\system32\oodbs.exe
2012-06-06 16:52 . 2012-06-06 16:52 536432 ----a-w- c:\windows\system32\oodssrs.dll
2012-06-06 16:52 . 2012-06-06 16:52 10096 ----a-w- c:\windows\system32\oodbsrs.dll
2010-02-10 03:18 . 2011-12-26 08:22 2131336 ----a-w- c:\program files\Common Files\AskToolbarInstaller.exe
2012-08-19 17:47 . 2011-12-10 09:54 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-05-09 176936]
"{88c7f2aa-f93f-432c-8f0e-b7d85967a527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{88C7F2AA-F93F-432C-8F0E-B7D85967A527}"= "c:\program files\BitTorrentBar\prxtbBitT.dll" [2011-05-09 176936]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-01-03 1514152]
"{A1E75A0E-4397-4BA8-BB50-E19FB66890F4}"= "c:\program files\MyAshampoo\prxtbMyA0.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{88c7f2aa-f93f-432c-8f0e-b7d85967a527}]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{a1e75a0e-4397-4ba8-bb50-e19fb66890f4}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="c:\program files\Steam\steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-07-13 17420464]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-03-07 3117344]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2012-06-06 2774384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0OODBS
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\!SASCORE]
@=""
.
[HKLM\~\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^hamachi.lnk]
backup=c:\windows\pss\hamachi.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.2.lnk]
path=c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk
backup=c:\windows\pss\OpenOffice.org 3.2.lnk.Startup
backupExtension=.Startup
.
[HKLM\~\startupfolder\C:^Users^dex73r ^^Ôwn^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^PacketiX VPN Client Task Tray.lnk]
path=c:\users\dex73r ^^Ôwn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\PacketiX VPN Client Task Tray.lnk
backup=c:\windows\pss\PacketiX VPN Client Task Tray.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
2012-04-04 04:09 446392 ------w- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BitTorrent]
2012-07-05 20:13 6077848 ----a-w- c:\program files\BitTorrent\BitTorrent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-08-02 07:33 4910912 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-07-28 23:08 1259376 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
2011-11-04 19:18 136176 ----atw- c:\users\dex73r ^^Ôwn\AppData\Local\Google\Update\GoogleUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\OKAYFREEDOM_Agent]
2012-07-20 11:44 4153560 ----a-w- c:\program files\OkayFreedom\OkayFreedomClient.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2012-01-17 09:07 252296 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SUPERAntiSpyware]
2012-06-11 16:26 3905408 ----a-w- c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VPN4ALL]
2012-04-23 17:34 2395648 ----a-w- c:\program files\VPN4ALL\vpn4all.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2011-12-09 17:22 74752 ----a-w- c:\program files\Winamp\winampa.exe
.
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 ATP;Comodo Unite Miniport Driver;c:\windows\system32\DRIVERS\cmdatp.sys [x]
R3 CEDRIVER60;CEDRIVER60;c:\program files\Cheat Engine 6.2\dbk32.sys [x]
R3 CV2K1;CommView Network Monitor;c:\windows\system32\DRIVERS\cv2k1.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
R3 TsVlb;TsVlb;c:\windows\system32\DRIVERS\tsvlb.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 WinRing0_1_2_0;WinRing0_1_2_0;c:\program files\IObit\Game Booster 3\Driver\WinRing0.sys [x]
R4 AmmyyAdmin;Ammyy Admin;c:\install\ammyy\AA_v3.exe [x]
R4 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R4 FileMonitor;FileMonitor;c:\program files\IObit\IObit Malware Fighter\Drivers\win7_x86\FileMonitor.sys [x]
R4 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\LogMeIn Hamachi\hamachi-2.exe [x]
R4 hshld;Hotspot Shield Service;c:\program files\Hotspot Shield\bin\openvpnas.exe [x]
R4 HssWd;Hotspot Shield Monitoring Service;c:\program files\Hotspot Shield\bin\hsswd.exe [x]
R4 Iprip;DCOM+ Server Process;c:\windows\System32\svchost.exe [x]
R4 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\2.0.181\McCHSvc.exe [x]
R4 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [x]
R4 OkayFreedom VPN Starter Service;OkayFreedom VPN Starter Service;c:\program files\OkayFreedom\VPNService.exe [x]
R4 RegFilter;RegFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\regfilter.sys [x]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [x]
R4 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [x]
R4 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [x]
R4 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R4 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R4 Sony Ericsson PCCompanion;Sony Ericsson PCCompanion;c:\program files\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe [x]
R4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [x]
R4 TeamViewer7;TeamViewer 7;c:\program files\TeamViewer\Version7\TeamViewer_Service.exe [x]
R4 UrlFilter;UrlFilter;c:\program files\IObit\IObit Malware Fighter\drivers\win7_x86\UrlFilter.sys [x]
R4 vpnclient;PacketiX VPN Client;c:\program files\PacketiX VPN Client English\vpnclient.exe [x]
R4 XDva375;XDva375; [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 SmartDefragDriver;SmartDefragDriver;c:\windows\System32\Drivers\SmartDefragDriver.sys [x]
S0 vmci;VMware VMCI Bus Driver;c:\windows\system32\DRIVERS\vmci.sys [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [x]
S1 TsVp;TsVp;c:\windows\system32\DRIVERS\tsvp.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 !SASCORE;SAS Core Service;c:\program files\SUPERAntiSpyware\SASCORE.EXE [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
S2 OODefragAgent;O&O Defrag Agent;c:\program files\OO Software\Defrag\oodag.exe [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 Neo_Packetix;VPN Client Device Driver - Packetix;c:\windows\system32\DRIVERS\Neo_0003.sys [x]
S3 TS_AR5416;[CommView] Atheros AR5008 Wireless Network Adapter Service 7.7;c:\windows\system32\DRIVERS\ts_athw.sys [x]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Iprip
.
Contents of the 'Scheduled Tasks' folder
.
2012-08-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-17 17:02]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = 69.122.240.45:8118
IE: E&xport to Microsoft Excel - c:\progra~1\MIF5BA~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - c:\progra~1\MIF5BA~1\Office14\ONBttnIE.dll/105
LSP: c:\program files\FlyVPN\FlyVPNBind.dll
LSP: %SystemRoot%\system32\vsocklib.dll
TCP: Interfaces\{1A410738-5435-4E57-B2AB-959251F29F69}: NameServer = 8.26.56.26,156.154.70.22
TCP: Interfaces\{8E763905-D486-4A8C-AC65-1D62827611DC}: NameServer = 8.26.56.26,156.154.70.22
FF - ProfilePath -
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3437577185-1627907297-3700836042-1002\Software\AppDataLow\Software\Conduit\Community Alerts\Settings\Locales\e*n**‚Öôަ>]
@Allowed: (Read) (RestrictedCode)
@SACL=(02 0001)
"LP_LastUpdateTime"="0"
"LP_LastCheckTime"=dword:4f69d400
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-08-26 08:18:10
ComboFix-quarantined-files.txt 2012-08-26 06:18
ComboFix2.txt 2012-08-24 07:37
ComboFix3.txt 2012-02-02 14:11
.
Pre-Run: 7 725 486 080 bytes free
Post-Run: 7 667 511 296 bytes free
.
- - End Of File - - AD432B4F7BEA9B9AA75CC93D7987CAD4

[Roli]

Tak tudy cesta nevede, přesuň ComboFix i skript na Místní disk C: a proveď ještě jednou



pak mi sem dej znovu log který na tebe vypadne.

[motji]

Jak to tu vypadá?

[motji]

Dobrý den,
pro neaktivitu je toto téma uzamknuto.
Pokud ho budete chtít odemknout, kontaktujte mě na email nebo některého z mých kolegů.
Děkujeme za pochopení

[motji]

Na žádost odemknuto