VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Virus nebol uplne zniceny, utoci silnejsie

https://forum.viry.cz:443/viewtopic.php?t=124455

Stránka 1 z 2

Virus nebol uplne zniceny, utoci silnejsie

Napsal: 22 zář 2012 10:16
od GAMELASTER
Dobry den,
pred cca tyzdnom mi admin Rudy pomohol vymazat virus ktory sa mi do pc neako carovne dostal... Zrejme je to znova on, zas mi nezobrazuje dolne ikonky, ale teraz vo silnejsej variante... Kasperskymu rusi stahovanie aktulizacie, a RSIT sa nacitaval cca 6 minut. Pocitac ide o trocha pomalsie... Teraz mam uz zapnuty kaspersky tak ako ma, a ten nic nenasiel.... Co som si vsimol tak sa mi tam pustal neaky iTroll ci co, nasiel som to i v registroch, tak nwm co to za havet muze byt...
Obrazok blbnutia formov:
http://prntscr.com/g015o

HJT Log:
Logfile of random's system information tool 1.09 (written by random/random)
Run by GAMELASTER at 2012-09-22 11:07:37
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 7 GB (17%) free of 41 GB
Total RAM: 1789 MB (12% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:07:57, on 22. 9. 2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v8.00 (8.00.7601.17514)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe
C:\Windows\PixArt\PAC207\Monitor.exe
C:\Program Files (x86)\Skype\Phone\Skype.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe
D:\Program Files (x86)\WebcamMax\wcmmon.exe
D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe
C:\Users\GAMELASTER\AppData\Local\Skillbrains\lightshot\3.0.0.0\LightShot.exe
C:\Users\GAMELASTER\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
C:\Program Files (x86)\Winamp\winampa.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
D:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Winamp\winamp.exe
C:\Program Files (x86)\Altap Salamander\salamand.exe
D:\hammer\hammer.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe
C:\Program Files\trend micro\GAMELASTER.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: IEVkbdBHO - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll
O2 - BHO: Microsoft Web Test Recorder 10.0 Helper - {876d9f09-c6d6-4324-a2cc-04dd9a4de12f} - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll
O2 - BHO: link filter bho - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O4 - HKLM\..\Run: [WinampAgent] "C:\Program Files (x86)\Winamp\winampa.exe"
O4 - HKLM\..\Run: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AdobeCS5ServiceManager] "C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" -launchedbylogin
O4 - HKLM\..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [QuickTime Task] "D:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [Skype] "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [Sony PC Companion] "C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
O4 - HKCU\..\Run: [DAEMON Tools Pro Agent] "C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe" -autorun
O4 - HKCU\..\Run: [WebcamMaxAutoRun] "D:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
O4 - HKCU\..\Run: [LightShot] C:\Users\GAMELASTER\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
O4 - HKCU\..\Run: [PC Suite Tray] "D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Startup: Dropbox.lnk = GAMELASTER\AppData\Roaming\Dropbox\bin\Dropbox.exe
O4 - Startup: OpenOffice.org 3.3.lnk = D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
O4 - Startup: PdaNet Desktop.lnk = C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\GAMELASTER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O9 - Extra button: &Virtual Keyboard - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll
O9 - Extra button: URLs c&heck - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Unknown owner - C:\Windows\system32\AEADISRV.EXE (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Apache2.2 - Apache Software Foundation - D:\xampp\apache\bin\httpd.exe
O23 - Service: Kaspersky Anti-Virus Service (AVP) - Kaspersky Lab ZAO - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: mysql - Unknown owner - D:\xampp\mysql\bin\mysqld.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Photon Socket Server: LoadBalancing - Unknown owner - C:\Users\GAMELASTER\Desktop\CspServer\deploy\bin_Win64\PhotonSocketServer.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: Sony PC Companion - Avanquest Software - C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 10081 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\AUDIODG.EXE 0x250
C:\Windows\system32\svchost.exe -k LocalService
atieclxx
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\AEADISRV.EXE
"D:\xampp\apache\bin\httpd.exe" -k runservice
C:\Windows\system32\svchost.exe -k apphost
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" -r
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe" -sSQLEXPRESS
D:\xampp\mysql\bin\mysqld.exe --defaults-file=D:\xampp\mysql\bin\my.ini mysql
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
D:\xampp\apache\bin\httpd.exe -d D:/xampp/apache
"C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k iissvcs
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"taskhost.exe"
"C:\Program Files (x86)\DAEMON Tools Pro\DTShellHlp.exe"
"C:\Windows\PixArt\PAC207\Monitor.exe"
"C:\Program Files\Windows Sidebar\sidebar.exe" /autoRun
"C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe" /Background
"D:\Program Files (x86)\WebcamMax\wcmmon.exe" -a
"D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray
"C:\Users\GAMELASTER\AppData\Local\Skillbrains\lightshot\3.0.0.0\LightShot.exe" Flags: uninsdeletevalue
"C:\Users\GAMELASTER\AppData\Roaming\Dropbox\bin\Dropbox.exe" /systemstartup
"C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe"
"C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe"
"C:\Program Files (x86)\Winamp\winampa.exe"
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe"
"D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" -quickstart
"D:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe" "-quickstart" "-env:OOO_CWD=2D:\\Program Files (x86)\\OpenOffice.org 3\\program"
"C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
{50B532F0-E9EE-4F93-B47E-53A722B7D4C1}
{99E30E72-27F6-482E-9507-C8D2BAC70048}
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
C:\Windows\System32\svchost.exe -k secsvcs
"C:\Program Files (x86)\Winamp\winamp.exe"
"C:\Program Files (x86)\Altap Salamander\salamand.exe"
"D:\hammer\hammer.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=196.6fbec60.651151499 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 196 "\\.\pipe\gecko-crash-server-pipe.196" plugin
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe" --proxy-stub-channel=Flash2240.6BD0F168.41 --host-broker-channel=Flash2240.6BD0F168.18467 --host-pid=2240 --host-npapi-version=27 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll"
"C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe" --channel=2972.0037F794.192065715 --proxy-stub-channel=Flash2240.6BD0F168.41 --plugin-path="C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" -host
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe6_ Global\UsGthrCtrlFltPipeMssGthrPipe6 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
"C:\Users\GAMELASTER\Downloads\RSITx64(1).exe"
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job

=========Mozilla firefox=========

ProfilePath - C:\Users\GAMELASTER\AppData\Roaming\Mozilla\Firefox\Profiles\k33cm9pq.default

prefs.js - "browser.startup.homepage" - "http://google.sk"
prefs.js - "keyword.URL" - "http://search.conduit.com/ResultsExt.as ... ource=2&q="

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1]
"Description"=
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\dtplugin\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

C:\Users\GAMELASTER\AppData\Roaming\Mozilla\Firefox\Profiles\k33cm9pq.default\extensions\
sk@dictionaries.addons.mozilla.org

C:\Users\GAMELASTER\AppData\Roaming\Mozilla\Firefox\Profiles\k33cm9pq.default\searchplugins\
conduit.xml
sweetim.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\ievkbd.dll [2011-04-24 91536]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-01 537576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-01 193512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\x64\klwtbbho.dll [2011-04-24 292752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
Hotspot Shield Class - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}]
IEVkbdBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\ievkbd.dll [2011-04-24 86416]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll [2012-07-05 453544]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{876d9f09-c6d6-4324-a2cc-04dd9a4de12f}]
Microsoft Web Test Recorder 10.0 Helper - D:\Program Files (x86)\Microsoft Visual Studio 11.0\Common7\IDE\PrivateAssemblies\Microsoft.VisualStudio.QualityTools.RecorderBarBHO100.dll [2012-07-26 74888]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll [2012-07-05 157616]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}]
FilterBHO Class - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\klwtbbho.dll [2011-04-24 229776]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"Monitor"=C:\Windows\PixArt\PAC207\Monitor.exe [2006-11-03 319488]
"AdobeAAMUpdater-1.0"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
"SoundMAX"=C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-21 1475584]
"Skype"=C:\Program Files (x86)\Skype\Phone\Skype.exe [2012-07-13 17418928]
"Sony PC Companion"=C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe [2012-05-31 445624]
"DAEMON Tools Pro Agent"=C:\Program Files (x86)\DAEMON Tools Pro\DTAgent.exe [2012-04-26 3111744]
"WebcamMaxAutoRun"=D:\Program Files (x86)\WebcamMax\wcmmon.exe [2011-07-17 1038848]
"LightShot"=C:\Users\GAMELASTER\AppData\Local\Skillbrains\lightshot\LightShot.exe [2012-02-02 220160]
"PC Suite Tray"=D:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2012-06-26 1516632]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"=C:\Program Files (x86)\Winamp\winampa.exe [2012-06-28 74752]
"AVP"=C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-24 202296]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2009-08-04 98304]
"AdobeCS5ServiceManager"=C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
"SwitchBoard"=C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
"SoundMAXPnP"=C:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]
"QuickTime Task"=D:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]

C:\Users\GAMELASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Dropbox.lnk - C:\Users\GAMELASTER\AppData\Roaming\Dropbox\bin\Dropbox.exe
OpenOffice.org 3.3.lnk - D:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe
PdaNet Desktop.lnk - C:\Program Files (x86)\PdaNet for Android\PdaNetPC.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\klogon]
C:\Windows\System32\klogon.dll [2011-04-24 234896]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"vidc.tscc"=C:\Windows\SysWOW64\tsccvid64.dll
"vidc.tsc2"=C:\Windows\SysWOW64\tsc2_codec64.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"VIDC.FPS1"=frapsv64.dll
"vidc.x264"=D:\PROGRA~2\X264VF~1\X264VF~1.DLL

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - "D:\Adoobe\Adobe Dreamweaver CS5\Dreamweaver.exe","%1"

======List of files/folders created in the last 3 months======

2012-09-22 11:07:37 ----D---- C:\rsit
2012-09-18 16:40:45 ----D---- C:\ProgramData\MTA San Andreas All
2012-09-18 16:40:45 ----D---- C:\Program Files (x86)\MTA San Andreas 1.3
2012-09-17 19:08:56 ----D---- C:\Users\GAMELASTER\AppData\Roaming\PC Suite
2012-09-17 19:08:56 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Nokia
2012-09-17 19:08:55 ----D---- C:\ProgramData\PC Suite
2012-09-17 19:07:24 ----A---- C:\Windows\system32\drivers\pccsmcfdx64.sys
2012-09-17 19:07:17 ----DC---- C:\Windows\system32\DRVSTORE
2012-09-17 19:06:57 ----D---- C:\Program Files (x86)\PC Connectivity Solution
2012-09-17 19:06:13 ----A---- C:\Windows\system32\nmwcdclsX64.dll
2012-09-17 19:05:15 ----D---- C:\ProgramData\Installations
2012-09-17 17:59:11 ----D---- C:\Program Files (x86)\PdaNet for Android
2012-09-17 17:59:11 ----A---- C:\Windows\system32\drivers\pneteth.sys
2012-09-15 14:12:25 ----A---- C:\Windows\SYSWOW64\xinput1_3.dll
2012-09-15 14:12:25 ----A---- C:\Windows\SYSWOW64\XAudio2_6.dll
2012-09-15 14:12:25 ----A---- C:\Windows\SYSWOW64\XAPOFX1_4.dll
2012-09-15 14:12:25 ----A---- C:\Windows\SYSWOW64\xactengine3_6.dll
2012-09-15 14:12:25 ----A---- C:\Windows\SYSWOW64\X3DAudio1_7.dll
2012-09-15 14:12:25 ----A---- C:\Windows\SYSWOW64\D3DX9_41.dll
2012-09-15 14:12:24 ----A---- C:\Windows\SYSWOW64\d3dx9_33.dll
2012-09-15 14:12:17 ----D---- C:\Program Files (x86)\Microsoft XNA
2012-09-14 18:33:04 ----A---- C:\madafaka.txt
2012-09-13 21:08:01 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Microsoft FxCop
2012-09-13 20:45:45 ----A---- C:\myfile.txt
2012-09-13 16:42:54 ----D---- C:\ProgramData\Blizzard
2012-09-09 22:08:15 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Pamela
2012-09-09 22:08:10 ----D---- C:\Program Files (x86)\Pamela RichMood Editor
2012-09-07 22:49:27 ----D---- C:\Users\GAMELASTER\AppData\Roaming\DVDVideoSoftIEHelpers
2012-09-07 22:48:13 ----D---- C:\Users\GAMELASTER\AppData\Roaming\DVDVideoSoft
2012-09-07 22:44:10 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Youtube to MP3 Converter
2012-09-07 21:45:33 ----D---- C:\Program Files (x86)\Skillbrains
2012-09-07 19:42:53 ----A---- C:\Windows\SYSWOW64\BASSMOD.dll
2012-09-07 17:31:42 ----A---- C:\Windows\SYSWOW64\ionenshi.dll
2012-09-05 19:04:39 ----D---- C:\ProgramData\Microsoft Visual Studio
2012-09-05 18:15:25 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2012-09-05 18:12:46 ----D---- C:\Program Files\Microsoft SQL Server Compact Edition
2012-09-05 18:10:47 ----D---- C:\Program Files\Application Verifier
2012-09-05 18:10:47 ----D---- C:\Program Files (x86)\Application Verifier
2012-09-05 18:10:37 ----D---- C:\ProgramData\Windows App Certification Kit
2012-09-05 18:04:20 ----D---- C:\Program Files (x86)\Microsoft ASP.NET
2012-09-05 18:03:38 ----D---- C:\Program Files (x86)\Microsoft Web Tools
2012-09-05 18:02:59 ----D---- C:\Program Files\Microsoft
2012-09-05 18:02:11 ----D---- C:\Program Files\IIS Express
2012-09-05 18:02:11 ----D---- C:\Program Files (x86)\IIS Express
2012-09-05 18:00:45 ----D---- C:\Program Files (x86)\NuGet
2012-09-05 18:00:32 ----D---- C:\Program Files (x86)\Microsoft WCF Data Services
2012-09-05 18:00:22 ----D---- C:\Program Files\IIS
2012-09-05 18:00:21 ----D---- C:\Program Files (x86)\IIS
2012-09-05 17:57:35 ----A---- C:\Windows\SYSWOW64\D3DX9_43.dll
2012-09-05 17:56:34 ----D---- C:\Program Files (x86)\Windows Kits
2012-09-05 17:46:23 ----D---- C:\Program Files (x86)\Microsoft Help Viewer
2012-09-05 17:36:02 ----D---- C:\Windows\system32\1033
2012-09-05 17:35:49 ----D---- C:\Program Files\Microsoft Visual Studio 11.0
2012-09-05 17:04:53 ----D---- C:\ProgramData\regid.1991-06.com.microsoft
2012-09-05 17:04:51 ----D---- C:\ProgramData\Package Cache
2012-09-04 21:58:30 ----D---- C:\Program Files (x86)\NVIDIA Corporation
2012-09-03 13:54:54 ----D---- C:\Users\GAMELASTER\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-09-03 08:14:25 ----D---- C:\Program Files\Microsoft SDKs
2012-09-03 08:13:51 ----D---- C:\Program Files\Business Objects
2012-09-03 08:11:18 ----A---- C:\Windows\ODBC.INI
2012-09-03 08:10:12 ----D---- C:\Program Files (x86)\Business Objects
2012-09-03 08:03:46 ----D---- C:\Windows\PCHEALTH
2012-09-03 08:03:24 ----D---- C:\Program Files\Microsoft SQL Server
2012-09-03 08:03:12 ----D---- C:\Program Files (x86)\Microsoft SQL Server
2012-09-03 08:02:51 ----D---- C:\Program Files\Microsoft Device Emulator
2012-09-03 08:02:51 ----D---- C:\Program Files (x86)\Microsoft Device Emulator
2012-09-03 08:01:36 ----D---- C:\Program Files (x86)\Windows Mobile 5.0 SDK R2
2012-09-03 08:00:55 ----D---- C:\Program Files (x86)\Microsoft Synchronization Services
2012-09-03 08:00:55 ----D---- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2012-09-03 07:50:40 ----D---- C:\ProgramData\PreEmptive Solutions
2012-09-03 07:46:46 ----D---- C:\Program Files (x86)\Microsoft Office
2012-09-03 07:45:25 ----D---- C:\Windows\symbols
2012-09-03 07:44:56 ----D---- C:\Windows\SYSWOW64\1033
2012-09-03 07:42:41 ----D---- C:\Program Files (x86)\Microsoft SDKs
2012-09-03 07:42:41 ----D---- C:\Program Files (x86)\HTML Help Workshop
2012-09-03 07:42:41 ----D---- C:\Program Files (x86)\CE Remote Tools
2012-09-03 07:39:45 ----D---- C:\Program Files (x86)\Microsoft Web Designer Tools
2012-09-03 07:39:16 ----RHD---- C:\MSOCache
2012-09-03 07:37:10 ----D---- C:\ProgramData\Microsoft Help
2012-09-03 07:36:55 ----D---- C:\Program Files\Microsoft Visual Studio 9.0
2012-09-02 21:39:19 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Thinstall
2012-09-01 11:19:17 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Dropbox
2012-09-01 10:02:59 ----A---- C:\Windows\system32\javaws.exe
2012-09-01 10:02:33 ----A---- C:\Windows\system32\WindowsAccessBridge-64.dll
2012-09-01 10:02:33 ----A---- C:\Windows\system32\javaw.exe
2012-09-01 10:02:33 ----A---- C:\Windows\system32\java.exe
2012-08-27 20:44:45 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Audacity
2012-08-27 08:37:02 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Image-Line
2012-08-27 08:28:16 ----D---- C:\Program Files (x86)\ASIO4ALL v2
2012-08-27 08:28:10 ----D---- C:\Program Files (x86)\VstPlugins
2012-08-27 08:28:10 ----A---- C:\Windows\SYSWOW64\rewire.dll
2012-08-27 08:28:02 ----D---- C:\Program Files (x86)\Image-Line
2012-08-27 08:27:31 ----D---- C:\Program Files (x86)\Outsim
2012-08-26 21:18:32 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Unleashed Games
2012-08-26 10:18:00 ----D---- C:\zaloha
2012-08-25 18:52:43 ----D---- C:\Users\GAMELASTER\AppData\Roaming\GameMaker-Studio
2012-08-24 21:47:56 ----D---- C:\kubo
2012-08-23 11:23:04 ----D---- C:\Users\GAMELASTER\AppData\Roaming\MTE
2012-08-22 18:21:34 ----D---- C:\Users\GAMELASTER\AppData\Roaming\WebcamMax
2012-08-22 18:21:34 ----D---- C:\ProgramData\WebcamMax
2012-08-18 12:18:18 ----A---- C:\Windows\system32\drivers\dtsoftbus01.sys
2012-08-18 12:18:06 ----D---- C:\Users\GAMELASTER\AppData\Roaming\DAEMON Tools Pro
2012-08-18 12:18:01 ----D---- C:\Program Files (x86)\DAEMON Tools Pro
2012-08-18 12:12:28 ----D---- C:\ProgramData\DAEMON Tools Pro
2012-08-16 22:11:35 ----D---- C:\Users\GAMELASTER\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2012-08-16 22:07:52 ----A---- C:\Windows\SurCode.INI
2012-08-16 22:07:51 ----D---- C:\Users\GAMELASTER\AppData\Roaming\PACE Anti-Piracy
2012-08-16 22:07:51 ----D---- C:\ProgramData\PACE Anti-Piracy
2012-08-16 22:07:51 ----D---- C:\Program Files\Common Files\PACE Anti-Piracy
2012-08-16 20:36:47 ----A---- C:\Windows\SYSWOW64\ff_vfw.dll
2012-08-16 20:36:46 ----D---- C:\Program Files (x86)\ffdshow
2012-08-16 17:07:15 ----D---- C:\Windows\Sun
2012-08-16 16:21:03 ----D---- C:\Program Files (x86)\FreeTime
2012-08-15 15:55:11 ----D---- C:\Users\GAMELASTER\AppData\Roaming\OpenOffice.org
2012-08-15 15:50:09 ----A---- C:\Windows\SYSWOW64\javaws.exe
2012-08-15 15:50:09 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-08-15 15:50:09 ----A---- C:\Windows\SYSWOW64\java.exe
2012-08-15 14:52:56 ----D---- C:\Users\GAMELASTER\AppData\Roaming\TeamViewer
2012-08-14 10:20:13 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Apple Computer
2012-08-13 15:51:26 ----D---- C:\ProgramData\Apple Computer
2012-08-13 15:49:40 ----D---- C:\ProgramData\Apple
2012-08-13 15:49:40 ----D---- C:\Program Files (x86)\Apple Software Update
2012-08-12 21:14:29 ----A---- C:\Windows\SYSWOW64\adidrm.dll
2012-08-12 21:14:26 ----A---- C:\Windows\SYSWOW64\SFFXComm.dll
2012-08-12 21:13:35 ----D---- C:\ProgramData\SonicFocus
2012-08-12 21:13:33 ----D---- C:\Program Files (x86)\Analog Devices
2012-08-12 21:12:32 ----D---- C:\Users\GAMELASTER\AppData\Roaming\InstallShield
2012-08-11 21:26:14 ----D---- C:\Users\GAMELASTER\AppData\Roaming\.GMSKF
2012-08-11 14:37:30 ----D---- C:\ProgramData\regid.1986-12.com.adobe
2012-08-11 14:01:34 ----D---- C:\Program Files\Common Files\Adobe
2012-08-11 14:01:31 ----D---- C:\Program Files\Adobe
2012-08-11 14:00:03 ----D---- C:\Program Files (x86)\Adobe
2012-08-11 13:52:16 ----D---- C:\ProgramData\Adobe
2012-08-11 10:25:32 ----D---- C:\Windows\PixArt
2012-08-11 10:25:32 ----D---- C:\Program Files (x86)\Trust
2012-08-11 10:24:31 ----D---- C:\Windows\Downloaded Installations
2012-08-09 12:22:34 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Sml-f
2012-08-09 11:14:42 ----D---- C:\Windows\Minidump
2012-08-09 09:20:11 ----D---- C:\Users\GAMELASTER\AppData\Roaming\ATI
2012-08-09 09:20:11 ----D---- C:\ProgramData\ATI
2012-08-08 19:37:40 ----D---- C:\Program Files (x86)\ATI Technologies
2012-08-08 19:36:16 ----D---- C:\Program Files\ATI Technologies
2012-08-08 19:35:56 ----D---- C:\Program Files\ATI
2012-08-08 19:32:17 ----D---- C:\SwSetup
2012-08-08 17:29:07 ----D---- C:\Users\GAMELASTER\AppData\Roaming\MOBILedit
2012-08-07 21:59:19 ----HD---- C:\Program Files (x86)\InstallShield Installation Information
2012-08-07 21:59:19 ----D---- C:\ProgramData\Sony
2012-08-07 21:59:19 ----D---- C:\Program Files (x86)\Sony
2012-08-07 21:53:45 ----D---- C:\Program Files\DIFX
2012-08-07 21:33:03 ----D---- C:\Program Files (x86)\Sony Ericsson
2012-08-07 19:55:47 ----D---- C:\Program Files\Paint.NET
2012-08-07 18:57:35 ----D---- C:\Android
2012-08-06 17:38:41 ----D---- C:\ProgramData\Sun
2012-08-06 17:38:11 ----D---- C:\Program Files (x86)\Oracle
2012-08-06 17:37:32 ----A---- C:\Windows\SYSWOW64\npDeployJava1.dll
2012-08-06 17:37:32 ----A---- C:\Windows\SYSWOW64\deployJava1.dll
2012-08-06 17:37:07 ----D---- C:\Program Files (x86)\Java
2012-08-06 17:27:11 ----D---- C:\Program Files\Oracle
2012-08-06 17:25:21 ----A---- C:\Windows\system32\npDeployJava1.dll
2012-08-06 17:25:21 ----A---- C:\Windows\system32\deployJava1.dll
2012-08-06 17:23:12 ----D---- C:\Program Files\Java
2012-08-06 16:42:04 ----A---- C:\Windows\system32\drivers\klin.dat
2012-08-06 16:42:04 ----A---- C:\Windows\system32\drivers\klick.dat
2012-08-06 16:40:29 ----D---- C:\ProgramData\Kaspersky Lab
2012-08-06 16:40:29 ----D---- C:\Program Files (x86)\Kaspersky Lab
2012-08-06 16:40:12 ----A---- C:\Windows\system32\drivers\klif.sys
2012-08-06 15:25:41 ----A---- C:\Windows\SYSWOW64\PerfStringBackup.INI
2012-08-06 15:24:53 ----A---- C:\Windows\system32\perfh01B.dat
2012-08-06 15:24:53 ----A---- C:\Windows\system32\perfc01B.dat
2012-08-06 15:24:26 ----D---- C:\Windows\SYSWOW64\BestPractices
2012-08-06 15:24:25 ----D---- C:\Windows\system32\BestPractices
2012-08-06 15:24:25 ----D---- C:\inetpub
2012-08-06 15:08:09 ----D---- C:\Program Files (x86)\Conduit
2012-08-06 15:07:22 ----D---- C:\Program Files (x86)\uTorrent
2012-08-06 15:06:41 ----D---- C:\Users\GAMELASTER\AppData\Roaming\uTorrent
2012-08-06 14:50:52 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Unity
2012-08-06 14:07:35 ----D---- C:\Program Files (x86)\Resource Hacker
2012-08-06 14:01:05 ----D---- C:\Program Files (x86)\Cheat Engine 6.2
2012-08-06 10:52:18 ----D---- C:\Users\GAMELASTER\AppData\Roaming\TechSmith
2012-08-06 10:49:07 ----D---- C:\Program Files (x86)\QuickTime
2012-08-06 10:48:32 ----D---- C:\ProgramData\TechSmith
2012-08-06 10:48:32 ----D---- C:\Program Files (x86)\TechSmith
2012-08-06 10:38:34 ----D---- C:\Program Files (x86)\Microsoft.NET
2012-08-05 23:09:09 ----D---- C:\Program Files (x86)\Critical-Strike Portable
2012-08-05 23:01:03 ----D---- C:\Users\GAMELASTER\AppData\Roaming\WinRAR
2012-08-05 22:59:48 ----D---- C:\Program Files (x86)\WinRAR
2012-08-05 22:59:22 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Notepad++
2012-08-05 22:59:22 ----D---- C:\Program Files (x86)\Notepad++
2012-08-05 22:42:40 ----D---- C:\Program Files (x86)\WinSCP
2012-08-05 22:27:25 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Winamp
2012-08-05 22:23:55 ----D---- C:\Program Files (x86)\Altap Salamander
2012-08-05 22:16:17 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Skype
2012-08-05 22:16:08 ----RD---- C:\Program Files (x86)\Skype
2012-08-05 22:16:02 ----SHD---- C:\Windows\Installer
2012-08-05 22:16:01 ----D---- C:\ProgramData\Skype
2012-08-05 22:13:59 ----A---- C:\Windows\SYSWOW64\D3DX9_42.dll
2012-08-05 22:13:58 ----A---- C:\Windows\SYSWOW64\d3dx9_31.dll
2012-08-05 22:13:14 ----D---- C:\Program Files (x86)\Winamp
2012-08-05 22:05:23 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Macromedia
2012-08-05 22:05:23 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Adobe
2012-08-05 22:02:28 ----D---- C:\Windows\SYSWOW64\Macromed
2012-08-05 22:02:28 ----A---- C:\Windows\SYSWOW64\FlashPlayerApp.exe
2012-08-05 22:02:27 ----D---- C:\Windows\system32\Macromed
2012-08-05 22:00:03 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Mozilla
2012-08-05 21:59:56 ----D---- C:\ProgramData\Mozilla
2012-08-05 21:59:55 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2012-08-05 21:59:52 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-08-05 21:50:02 ----D---- C:\Windows\SYSWOW64\Wat
2012-08-05 21:50:02 ----D---- C:\Windows\system32\Wat
2012-08-05 21:26:28 ----D---- C:\Windows\Panther
2012-08-05 21:26:16 ----RASH---- C:\BOOTSECT.BAK
2012-08-05 21:26:13 ----SHD---- C:\Boot
2012-08-05 21:15:11 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Identities
2012-08-05 21:14:57 ----SD---- C:\Users\GAMELASTER\AppData\Roaming\Microsoft
2012-08-05 21:14:57 ----D---- C:\Users\GAMELASTER\AppData\Roaming\Media Center Programs
2012-08-05 21:14:42 ----SHD---- C:\Recovery
2012-08-05 20:30:33 ----D---- C:\Windows\SoftwareDistribution
2012-08-05 20:28:17 ----D---- C:\Windows\Prefetch
2012-08-05 20:27:20 ----ASH---- C:\pagefile.sys
2012-08-05 20:27:19 ----ASH---- C:\hiberfil.sys
2012-08-05 20:27:18 ----SHD---- C:\System Volume Information
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\VSPerf110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\vsjitdebugger.exe
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\VsGraphicsHelper.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\VSCover110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\vcomp110d.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\vcomp110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\vccorlib110d.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\vccorlib110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\vcamp110d.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\vcamp110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\msvcr110d.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\msvcr110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\msvcp110d.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\msvcp110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfcm110ud.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfcm110u.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfcm110d.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfcm110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110ud.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110u.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110rus.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110kor.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110jpn.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110ita.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110cht.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110chs.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110fra.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110esn.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110enu.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110deu.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110d.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\mfc110.dll
2012-07-26 19:08:06 ----A---- C:\Windows\SYSWOW64\atl110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\VSPerf110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\vsjitdebugger.exe
2012-07-26 15:22:10 ----A---- C:\Windows\system32\VSCover110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\vcomp110d.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\vcomp110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\vccorlib110d.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\vccorlib110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\vcamp110d.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\vcamp110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\msvcr110d.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\msvcr110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\msvcp110d.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\msvcp110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfcm110ud.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfcm110u.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfcm110d.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfcm110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110ud.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110u.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110rus.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110kor.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110jpn.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110ita.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110cht.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110chs.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110fra.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110esn.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110enu.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110deu.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110d.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\mfc110.dll
2012-07-26 15:22:10 ----A---- C:\Windows\system32\atl110.dll
2012-07-25 20:32:00 ----A---- C:\Windows\SYSWOW64\vrfcore.dll
2012-07-25 20:32:00 ----A---- C:\Windows\SYSWOW64\vfrdvcompat.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfprintpthelper.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfprint.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfnws.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfntlmless.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfnet.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfluapriv.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfcuzz.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfcompat.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\vfbasics.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\cuzzapi.dll
2012-07-25 20:31:56 ----A---- C:\Windows\SYSWOW64\appverif.exe
2012-07-25 20:25:44 ----A---- C:\Windows\SYSWOW64\VSD3DRefDebug.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\dxgidebug.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\dxcpl.exe
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\d3dref9.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\d3d11sdklayers.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\d3d11ref.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\d3d11_1sdklayers.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\d3d10sdklayers.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\d3d10ref.dll
2012-07-25 20:25:28 ----A---- C:\Windows\SYSWOW64\d2d1debug1.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vrfcore.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfrdvcompat.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfprintpthelper.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfprint.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfnws.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfntlmless.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfnet.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfluapriv.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfcuzz.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfcompat.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\vfbasics.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\cuzzapi.dll
2012-07-25 20:16:00 ----A---- C:\Windows\system32\appverif.exe
2012-07-25 20:12:12 ----A---- C:\Windows\system32\microsoft.windows.softwarelogo.showdesktop.exe
2012-07-25 20:10:44 ----A---- C:\Windows\system32\VSD3DRefDebug.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\dxgidebug.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\d3dref9.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\d3d11sdklayers.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\d3d11ref.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\d3d11_1sdklayers.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\d3d10sdklayers.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\d3d10ref.dll
2012-07-25 20:10:32 ----A---- C:\Windows\system32\d2d1debug1.dll
2012-07-25 20:10:30 ----A---- C:\Windows\system32\dxcpl.exe
2012-07-24 22:11:54 ----A---- C:\Windows\system32\drivers\hssdrv6.sys
2012-07-24 22:11:52 ----A---- C:\Windows\system32\drivers\taphss.sys
2012-07-09 00:40:10 ----A---- C:\Windows\SYSWOW64\msvcr110_clr0400.dll
2012-07-09 00:40:10 ----A---- C:\Windows\SYSWOW64\msvcr100_clr0400.dll
2012-07-09 00:40:10 ----A---- C:\Windows\SYSWOW64\msvcp110_clr0400.dll
2012-07-09 00:40:10 ----A---- C:\Windows\SYSWOW64\aspnet_counters.dll
2012-07-08 23:24:30 ----A---- C:\Windows\system32\msvcr110_clr0400.dll
2012-07-08 23:24:30 ----A---- C:\Windows\system32\msvcr100_clr0400.dll
2012-07-08 23:24:30 ----A---- C:\Windows\system32\msvcp110_clr0400.dll
2012-07-08 23:24:30 ----A---- C:\Windows\system32\aspnet_counters.dll

======List of files/folders modified in the last 3 months======

2012-09-22 11:07:56 ----D---- C:\Windows\Temp
2012-09-22 11:07:46 ----D---- C:\Program Files\trend micro
2012-09-22 10:45:55 ----D---- C:\Windows\System32
2012-09-22 10:45:55 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-09-22 10:45:54 ----D---- C:\Windows\inf
2012-09-21 15:37:26 ----D---- C:\Windows\system32\config
2012-09-21 14:35:07 ----D---- C:\Windows\SysWOW64
2012-09-18 16:40:45 ----RD---- C:\Program Files (x86)
2012-09-18 16:40:45 ----HD---- C:\ProgramData
2012-09-17 19:13:22 ----D---- C:\Windows\system32\drivers
2012-09-17 19:13:17 ----D---- C:\Windows\system32\drivers\UMDF
2012-09-17 19:08:29 ----D---- C:\Windows\system32\DriverStore
2012-09-17 19:08:29 ----D---- C:\Windows\system32\catroot
2012-09-17 19:07:50 ----D---- C:\Program Files (x86)\Common Files
2012-09-17 17:38:40 ----A---- C:\Windows\win.ini
2012-09-15 14:12:28 ----RSD---- C:\Windows\assembly
2012-09-12 19:47:51 ----D---- C:\Windows\Tasks
2012-09-07 21:45:37 ----D---- C:\Windows\system32\Tasks
2012-09-05 22:56:04 ----D---- C:\Windows\Microsoft.NET
2012-09-05 19:50:52 ----D---- C:\Windows
2012-09-05 18:16:26 ----ASD---- C:\ProgramData\Microsoft
2012-09-05 18:13:26 ----D---- C:\Windows\winsxs
2012-09-05 18:12:18 ----D---- C:\Program Files\Common Files\Microsoft Shared
2012-09-05 18:07:40 ----D---- C:\Program Files\MSBuild
2012-09-05 17:56:41 ----RSD---- C:\Windows\Fonts
2012-09-05 17:46:27 ----D---- C:\Program Files (x86)\MSBuild
2012-09-05 17:20:12 ----D---- C:\Windows\SYSWOW64\en-US
2012-09-05 17:20:12 ----D---- C:\Windows\system32\en-US
2012-09-03 08:04:29 ----D---- C:\Windows\Registration
2012-08-25 15:10:50 ----D---- C:\Windows\system32\catroot2
2012-08-19 15:34:05 ----D---- C:\Windows\rescache
2012-08-19 15:10:20 ----D---- C:\Windows\Logs
2012-08-16 22:07:52 ----AD---- C:\Program Files\Common Files\System
2012-08-16 22:07:51 ----D---- C:\Program Files\Common Files
2012-08-13 15:51:48 ----D---- C:\Program Files (x86)\Internet Explorer
2012-08-11 12:07:57 ----D---- C:\Windows\system32\sk-SK
2012-08-11 10:26:22 ----D---- C:\Windows\twain_32
2012-08-08 22:06:10 ----RD---- C:\Users
2012-08-06 23:03:23 ----D---- C:\Windows\system32\wdi
2012-08-06 18:00:22 ----D---- C:\Windows\system32\LogFiles
2012-08-06 15:42:25 ----D---- C:\Windows\system32\oobe
2012-08-06 15:42:05 ----D---- C:\Windows\SYSWOW64\oobe
2012-08-06 15:24:26 ----D---- C:\Windows\SYSWOW64\migration
2012-08-06 15:24:26 ----D---- C:\Windows\SYSWOW64\inetsrv
2012-08-06 15:24:26 ----D---- C:\Windows\system32\migration
2012-08-06 15:24:25 ----D---- C:\Windows\system32\inetsrv
2012-08-05 21:50:12 ----A---- C:\Windows\SYSWOW64\slwga.dll
2012-08-05 21:50:12 ----A---- C:\Windows\system32\systemcpl.dll
2012-08-05 21:50:12 ----A---- C:\Windows\system32\slwga.dll
2012-08-05 21:50:11 ----A---- C:\Windows\SYSWOW64\user32.dll
2012-08-05 21:50:11 ----A---- C:\Windows\system32\user32.dll
2012-08-05 21:49:37 ----D---- C:\Windows\system32\restore
2012-08-05 21:15:07 ----SHD---- C:\$Recycle.Bin
2012-08-05 21:13:18 ----D---- C:\Windows\debug
2012-08-05 20:42:54 ----D---- C:\Windows\system32\CodeIntegrity
2012-08-05 20:31:11 ----D---- C:\Windows\system32\sysprep
2012-08-05 20:28:11 ----D---- C:\Windows\CSC

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\Windows\system32\DRIVERS\AtiPcie.sys [2009-05-04 16440]
R0 KL1;kl1; C:\Windows\system32\DRIVERS\kl1.sys [2011-03-04 460888]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\Windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-18 283200]
R1 HssDRV6;Hotspot Shield Routing Driver 6; C:\Windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 41704]
R1 kl2;kl2; C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
R1 KLIF;Kaspersky Lab Driver; C:\Windows\system32\DRIVERS\klif.sys [2012-08-06 615728]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter; C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 WCMVCAM;WebcamMax, WDM Video Capture; C:\Windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\Windows\system32\drivers\ADIHdAud.sys [2009-05-18 497152]
R3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2009-08-04 6037504]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-06-10 1311232]
R3 klmouflt;Kaspersky Lab KLMOUFLT; C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
R3 pneteth;PdaNet Broadband; C:\Windows\system32\DRIVERS\pneteth.sys [2011-11-25 15360]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 ggflt;SEMC USB Flash Driver Filter; C:\Windows\system32\DRIVERS\ggflt.sys [2008-09-24 11104]
S3 ggsemc;SEMC USB Flash Driver; C:\Windows\system32\DRIVERS\ggsemc.sys [2008-09-24 23904]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 PAC207;Trust WB-1400T Webcam; C:\Windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-11 26112]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-21 88960]
S3 taphss;Anchorfree HSS Adapter; C:\Windows\system32\DRIVERS\taphss.sys [2012-07-24 38632]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]
S3 VSPerfDrv110;Performance Tools Driver 11.0; \??\D:\Program Files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
S3 WinUsb;Sony Ericsson USB Device sa0101 Driver; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-21 41984]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\Windows\system32\AEADISRV.EXE [2008-07-15 111616]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2009-08-04 203264]
R2 Apache2.2;Apache2.2; D:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
R2 AppHostSvc;@%windir%\system32\inetsrv\iisres.dll,-30011; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R2 AVP;Kaspersky Anti-Virus Service; C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe [2011-04-24 202296]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 MSSQL$SQLEXPRESS;SQL Server (SQLEXPRESS); C:\Program Files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2007-02-10 29178224]
R2 mysql;mysql; D:\xampp\mysql\bin\mysqld.exe [2011-09-09 8158720]
R2 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
R2 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2012-02-11 129624]
R2 W3SVC;@%windir%\system32\inetsrv\iisres.dll,-30003; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-06-11 724376]
R3 WAS;@%windir%\system32\inetsrv\iisres.dll,-30001; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-07-09 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
S2 Photon Socket Server: LoadBalancing;Photon Socket Server: LoadBalancing; C:\Users\GAMELASTER\Desktop\CspServer\deploy\bin_Win64\PhotonSocketServer.exe /service LoadBalancing []
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 fussvc;Windows App Certification Kit Fast User Switching Utility Service; C:\Program Files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 Sony PC Companion;Sony PC Companion; C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 Te.Service;Te.Service; C:\Program Files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]
S4 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe [2012-07-08 51648]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2005-10-14 45272]
S4 msvsmon90;Visual Studio 2008 Remote Debugger; C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe [2007-11-07 4466688]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework64\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe [2012-07-09 139680]
S4 SQLBrowser;SQL Server Browser; C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2007-02-10 242544]

-----------------EOF-----------------

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 22 zář 2012 18:43
od Rudy
Zdravím!
Poprosím o log ComboFix.
Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 08:30
od GAMELASTER
Mala poznamka: Ja sem to neechal delat cez noc, tedy nevim, ci tam virak byl... A jeste jedna vec, bracha mi uspal ntb akurat vtedy ked sa ukladal log combofixu.. Ale nic by stym nemalo byt...
Log:
ComboFix 12-09-22.02 - GAMELASTER . 09. 2012 22:55:28.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1789.1033 [GMT 2:00]
Running from: c:\users\GAMELASTER\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *Disabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Disabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GAMELASTER\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
c:\windows\SysWow64\d2d1debug1.dll
.
.
((((((((((((((((((((((((( Files Created from 2012-08-23 to 2012-09-23 )))))))))))))))))))))))))))))))
.
.
2012-09-22 21:04 . 2012-09-22 21:04 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-09-22 21:04 . 2012-09-22 21:04 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-22 09:07 . 2012-09-22 09:08 -------- d-----w- C:\rsit
2012-09-21 15:43 . 2012-09-21 17:40 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Temporary Projects
2012-09-18 14:40 . 2012-09-18 14:51 -------- d-----w- c:\program files (x86)\MTA San Andreas 1.3
2012-09-18 14:40 . 2012-09-18 14:40 -------- d-----w- c:\programdata\MTA San Andreas All
2012-09-17 17:08 . 2012-09-17 17:17 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Nokia
2012-09-17 17:08 . 2012-09-17 17:13 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\PC Suite
2012-09-17 17:08 . 2012-09-17 17:13 -------- d-----w- c:\programdata\PC Suite
2012-09-17 17:07 . 2012-09-17 17:07 -------- d-----w- c:\program files (x86)\Common Files\PCSuite
2012-09-17 17:07 . 2012-09-17 17:07 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-09-17 17:07 . 2012-06-11 09:33 26112 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-09-17 17:07 . 2012-09-17 17:07 -------- dc----w- c:\windows\system32\DRVSTORE
2012-09-17 17:06 . 2012-09-17 17:06 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-09-17 17:06 . 2012-01-09 15:28 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2012-09-17 17:05 . 2012-09-17 17:05 -------- d-----w- c:\programdata\Installations
2012-09-17 15:59 . 2012-09-17 15:59 -------- d-----w- c:\program files (x86)\PdaNet for Android
2012-09-17 15:59 . 2011-11-24 22:25 15360 ----a-w- c:\windows\system32\drivers\pneteth.sys
2012-09-15 12:12 . 2010-02-04 08:01 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_4.dll
2012-09-15 12:12 . 2010-02-04 08:01 528216 ----a-w- c:\windows\SysWow64\XAudio2_6.dll
2012-09-15 12:12 . 2010-02-04 08:01 238936 ----a-w- c:\windows\SysWow64\xactengine3_6.dll
2012-09-15 12:12 . 2010-02-04 08:01 22360 ----a-w- c:\windows\SysWow64\X3DAudio1_7.dll
2012-09-15 12:12 . 2009-03-09 13:27 4178264 ----a-w- c:\windows\SysWow64\D3DX9_41.dll
2012-09-15 12:12 . 2007-04-04 16:53 81768 ----a-w- c:\windows\SysWow64\xinput1_3.dll
2012-09-15 12:12 . 2007-03-12 14:42 3495784 ----a-w- c:\windows\SysWow64\d3dx9_33.dll
2012-09-15 12:12 . 2012-09-15 12:12 -------- d-----w- c:\program files (x86)\Microsoft XNA
2012-09-13 19:08 . 2012-09-13 19:08 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Microsoft FxCop
2012-09-13 14:42 . 2012-09-13 14:42 -------- d-----w- c:\programdata\Blizzard
2012-09-13 14:42 . 2012-09-13 14:42 -------- d-----w- c:\program files (x86)\Common Files\Blizzard Entertainment
2012-09-09 20:08 . 2012-09-09 20:08 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Pamela
2012-09-09 20:08 . 2012-09-09 20:08 -------- d-----w- c:\program files (x86)\Pamela RichMood Editor
2012-09-09 12:32 . 2012-09-09 12:32 -------- d-----w- c:\users\GAMELASTER\AppData\Local\CrypTool2
2012-09-09 12:31 . 2012-09-09 12:31 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Distributed_Systems_Group
2012-09-07 20:48 . 2012-09-07 20:49 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-09-07 20:48 . 2012-09-07 20:49 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\DVDVideoSoft
2012-09-07 20:44 . 2012-09-07 20:44 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Youtube to MP3 Converter
2012-09-07 19:45 . 2012-09-07 19:45 -------- d-----w- c:\program files (x86)\Skillbrains
2012-09-07 19:45 . 2012-09-07 19:45 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Skillbrains
2012-09-07 15:31 . 2006-05-15 15:00 86016 ----a-w- c:\windows\SysWow64\ionenshi.dll
2012-09-05 18:03 . 2012-09-17 20:11 -------- d-----w- c:\users\GAMELASTER\AppData\Local\CrashDumps
2012-09-05 17:04 . 2012-09-05 17:04 -------- d-----w- c:\programdata\Microsoft Visual Studio
2012-09-05 16:23 . 2012-09-15 18:02 2549120 ----a-w- c:\programdata\Microsoft\VisualStudio\11.0\1033\ResourceCache.dll
2012-09-05 16:15 . 2012-09-05 16:15 -------- d-----w- c:\program files (x86)\Microsoft Silverlight
2012-09-05 16:12 . 2012-09-05 16:12 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-09-05 16:10 . 2012-09-05 16:10 -------- d-----w- c:\program files\Application Verifier
2012-09-05 16:10 . 2012-09-05 16:10 -------- d-----w- c:\program files (x86)\Application Verifier
2012-09-05 16:10 . 2012-09-05 16:10 -------- d-----w- c:\programdata\Windows App Certification Kit
2012-09-05 16:08 . 2012-09-05 16:08 -------- d-----w- c:\program files (x86)\Common Files\Microsoft
2012-09-05 16:04 . 2012-09-05 16:05 -------- d-----w- c:\program files (x86)\Microsoft ASP.NET
2012-09-05 16:03 . 2012-09-05 16:04 -------- d-----w- c:\program files (x86)\Microsoft Web Tools
2012-09-05 16:02 . 2012-09-05 16:02 -------- d-----w- c:\program files\Microsoft
2012-09-05 16:02 . 2012-09-05 16:02 -------- d-----w- c:\program files (x86)\IIS Express
2012-09-05 16:02 . 2012-09-05 16:02 -------- d-----w- c:\program files\IIS Express
2012-09-05 16:00 . 2012-09-05 16:00 -------- d-----w- c:\program files (x86)\NuGet
2012-09-05 16:00 . 2012-09-05 16:00 -------- d-----w- c:\program files (x86)\Microsoft WCF Data Services
2012-09-05 16:00 . 2012-09-05 16:00 -------- d-----w- c:\program files\IIS
2012-09-05 16:00 . 2012-09-05 16:00 -------- d-----w- c:\program files (x86)\IIS
2012-09-05 15:57 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-09-05 15:56 . 2012-09-05 15:56 -------- d-----w- c:\program files (x86)\Windows Kits
2012-09-05 15:46 . 2012-09-05 15:46 -------- d-----w- c:\program files (x86)\Microsoft Help Viewer
2012-09-05 15:36 . 2012-09-05 15:44 -------- d-----w- c:\windows\system32\1033
2012-09-05 15:35 . 2012-09-05 15:35 -------- d-----w- c:\program files\Microsoft Visual Studio 11.0
2012-09-05 15:04 . 2012-09-05 15:04 -------- d-----w- c:\programdata\regid.1991-06.com.microsoft
2012-09-05 15:04 . 2012-09-15 17:54 -------- d-----w- c:\programdata\Package Cache
2012-09-04 19:58 . 2012-09-04 19:58 -------- d-----w- c:\program files (x86)\NVIDIA Corporation
2012-09-03 11:54 . 2012-09-03 11:54 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
2012-09-03 06:14 . 2012-09-03 06:14 -------- d-----w- c:\program files\Microsoft SDKs
2012-09-03 06:13 . 2012-09-03 06:13 -------- d-----w- c:\program files\Business Objects
2012-09-03 06:10 . 2012-09-03 06:10 -------- d-----w- c:\program files (x86)\Business Objects
2012-09-03 06:03 . 2012-09-03 06:03 -------- d-----w- c:\windows\PCHEALTH
2012-09-03 06:03 . 2012-09-05 16:13 -------- d-----w- c:\program files\Microsoft SQL Server
2012-09-03 06:03 . 2012-09-05 16:13 -------- d-----w- c:\program files (x86)\Microsoft SQL Server
2012-09-03 06:02 . 2012-09-03 06:02 -------- d-----w- c:\program files\Microsoft Device Emulator
2012-09-03 06:02 . 2012-09-03 06:02 -------- d-----w- c:\program files (x86)\Microsoft Device Emulator
2012-09-03 06:01 . 2012-09-03 06:02 -------- d-----w- c:\program files (x86)\Windows Mobile 5.0 SDK R2
2012-09-03 06:00 . 2012-09-05 16:12 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-09-03 06:00 . 2012-09-03 06:00 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services
2012-09-03 05:50 . 2012-09-03 05:50 -------- d-----w- c:\programdata\PreEmptive Solutions
2012-09-03 05:45 . 2012-09-03 05:45 -------- d-----w- c:\windows\symbols
2012-09-03 05:44 . 2012-09-05 15:52 -------- d-----w- c:\windows\SysWow64\1033
2012-09-03 05:42 . 2012-09-05 16:17 -------- d-----w- c:\program files (x86)\Microsoft SDKs
2012-09-03 05:42 . 2012-09-05 15:40 -------- d-----w- c:\program files (x86)\Common Files\Merge Modules
2012-09-03 05:42 . 2012-09-03 05:46 -------- d-----w- c:\program files (x86)\HTML Help Workshop
2012-09-03 05:42 . 2012-09-03 05:42 -------- d-----w- c:\program files (x86)\CE Remote Tools
2012-09-03 05:39 . 2012-09-03 05:40 -------- d-----w- c:\program files (x86)\Microsoft Web Designer Tools
2012-09-03 05:39 . 2012-09-03 05:39 -------- d-----r- C:\MSOCache
2012-09-03 05:37 . 2012-09-03 05:37 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Microsoft Help
2012-09-03 05:37 . 2012-09-03 05:58 -------- d-----w- c:\programdata\Microsoft Help
2012-09-03 05:37 . 2012-09-03 05:37 97296 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1036.dll
2012-09-03 05:37 . 2012-09-03 05:37 96272 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.3082.dll
2012-09-03 05:37 . 2012-09-03 05:37 96272 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1031.dll
2012-09-03 05:37 . 2012-09-03 05:37 95248 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1040.dll
2012-09-03 05:37 . 2012-09-03 05:37 91152 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1033.dll
2012-09-03 05:37 . 2012-09-03 05:37 81424 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1041.dll
2012-09-03 05:37 . 2012-09-03 05:37 79888 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1042.dll
2012-09-03 05:37 . 2012-09-03 05:37 76304 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.1028.dll
2012-09-03 05:37 . 2012-09-03 05:37 75792 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.res.2052.dll
2012-09-03 05:37 . 2012-09-03 05:37 562688 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\Help 9\Microsoft Document Explorer 2008\install.exe
2012-09-03 05:36 . 2012-09-03 06:09 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2012-09-02 19:39 . 2012-09-02 19:39 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Thinstall
2012-09-02 19:39 . 2012-09-02 19:39 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Thinstall
2012-09-02 07:56 . 2012-09-02 07:56 -------- d-----w- c:\users\GAMELASTER\AppData\Local\CueBug_Inc
2012-09-01 09:19 . 2012-09-23 07:10 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Dropbox
2012-09-01 08:02 . 2012-09-01 08:02 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-01 08:02 . 2012-09-01 08:02 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-01 08:02 . 2012-09-01 08:02 188904 ----a-w- c:\windows\system32\java.exe
2012-09-01 08:02 . 2012-09-01 08:02 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-08-30 08:32 . 2012-09-08 07:02 73696 ----a-w- c:\program files (x86)\Mozilla Firefox\breakpadinjector.dll
2012-08-28 19:00 . 2012-08-28 19:00 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Crafting Table
2012-08-27 18:44 . 2012-09-20 14:45 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Audacity
2012-08-27 06:37 . 2012-08-27 06:37 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Image-Line
2012-08-27 06:28 . 2012-08-27 06:28 -------- d-----w- c:\program files (x86)\ASIO4ALL v2
2012-08-27 06:28 . 2012-08-29 10:54 -------- d-----w- c:\program files (x86)\VstPlugins
2012-08-27 06:28 . 2006-06-20 08:56 225280 ----a-w- c:\windows\SysWow64\rewire.dll
2012-08-27 06:28 . 2012-08-27 06:28 -------- d-----w- c:\program files (x86)\Image-Line
2012-08-27 06:27 . 2009-09-15 09:14 1554944 ----a-w- c:\windows\SysWow64\vorbis.acm
2012-08-27 06:27 . 2012-08-27 06:27 -------- d-----w- c:\program files (x86)\Outsim
2012-08-26 19:18 . 2012-08-26 19:19 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\Unleashed Games
2012-08-26 08:18 . 2012-08-26 08:18 -------- d-----w- C:\zaloha
2012-08-25 19:08 . 2012-08-25 19:08 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Farar
2012-08-25 17:47 . 2012-08-25 17:47 -------- d-----w- c:\users\GAMELASTER\AppData\Local\Farár
2012-08-25 16:52 . 2012-08-25 18:54 -------- d-----w- c:\users\GAMELASTER\AppData\Roaming\GameMaker-Studio
2012-08-24 19:47 . 2012-08-24 19:47 -------- d-----w- C:\kubo
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-21 12:34 . 2012-08-05 20:02 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-21 12:34 . 2012-08-05 20:02 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-01 08:02 . 2012-08-06 15:25 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-01 08:02 . 2012-08-06 15:25 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-08-18 10:20 . 2012-08-18 10:18 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2012-08-07 19:14 . 2012-08-07 19:14 40 ----a-w- c:\users\GAMELASTER\goto.bat
2012-08-06 15:37 . 2012-08-06 15:37 772592 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-08-06 14:40 . 2012-08-06 14:40 615728 ----a-w- c:\windows\system32\drivers\klif.sys
2012-08-05 19:50 . 2010-11-21 03:24 14848 ----a-w- c:\windows\system32\slwga.dll
2012-08-05 19:50 . 2010-11-21 03:24 419840 ----a-w- c:\windows\system32\systemcpl.dll
2012-08-05 19:50 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-08-05 19:50 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-08-05 19:50 . 2010-11-21 03:24 1008640 ----a-w- c:\windows\system32\user32.dll
2012-07-26 17:08 . 2012-07-26 17:08 862664 ----a-w- c:\windows\SysWow64\msvcr110.dll
2012-07-26 17:08 . 2012-07-26 17:08 837072 ----a-w- c:\windows\SysWow64\vcamp110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 82888 ----a-w- c:\windows\SysWow64\mfcm110u.dll
2012-07-26 17:08 . 2012-07-26 17:08 82888 ----a-w- c:\windows\SysWow64\mfcm110.dll
2012-07-26 17:08 . 2012-07-26 17:08 8234952 ----a-w- c:\windows\SysWow64\mfc110ud.dll
2012-07-26 17:08 . 2012-07-26 17:08 821200 ----a-w- c:\windows\SysWow64\msvcp110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 8164296 ----a-w- c:\windows\SysWow64\mfc110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 74704 ----a-w- c:\windows\SysWow64\mfc110fra.dll
2012-07-26 17:08 . 2012-07-26 17:08 74704 ----a-w- c:\windows\SysWow64\mfc110deu.dll
2012-07-26 17:08 . 2012-07-26 17:08 73680 ----a-w- c:\windows\SysWow64\mfc110esn.dll
2012-07-26 17:08 . 2012-07-26 17:08 729560 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 72656 ----a-w- c:\windows\SysWow64\mfc110ita.dll
2012-07-26 17:08 . 2012-07-26 17:08 70608 ----a-w- c:\windows\SysWow64\mfc110rus.dll
2012-07-26 17:08 . 2012-07-26 17:08 64976 ----a-w- c:\windows\SysWow64\mfc110enu.dll
2012-07-26 17:08 . 2012-07-26 17:08 53712 ----a-w- c:\windows\SysWow64\mfc110jpn.dll
2012-07-26 17:08 . 2012-07-26 17:08 534480 ----a-w- c:\windows\SysWow64\msvcp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 53200 ----a-w- c:\windows\SysWow64\mfc110kor.dll
2012-07-26 17:08 . 2012-07-26 17:08 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-07-26 17:08 . 2012-07-26 17:08 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-07-26 17:08 . 2012-07-26 17:08 4446152 ----a-w- c:\windows\SysWow64\mfc110u.dll
2012-07-26 17:08 . 2012-07-26 17:08 4411848 ----a-w- c:\windows\SysWow64\mfc110.dll
2012-07-26 17:08 . 2012-07-26 17:08 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 263112 ----a-w- c:\windows\SysWow64\vsjitdebugger.exe
2012-07-26 17:08 . 2012-07-26 17:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08 2203632 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
2012-07-26 17:08 . 2012-07-26 17:08 216016 ----a-w- c:\windows\SysWow64\VSPerf110.dll
2012-07-26 17:08 . 2012-07-26 17:08 173016 ----a-w- c:\windows\SysWow64\VSCover110.dll
2012-07-26 17:08 . 2012-07-26 17:08 1678792 ----a-w- c:\windows\SysWow64\msvcr110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 153536 ----a-w- c:\windows\SysWow64\atl110.dll
2012-07-26 17:08 . 2012-07-26 17:08 144848 ----a-w- c:\windows\SysWow64\vcomp110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 111560 ----a-w- c:\windows\SysWow64\mfcm110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 110544 ----a-w- c:\windows\SysWow64\mfcm110ud.dll
2012-07-26 13:22 . 2012-07-26 13:22 997336 ----a-w- c:\windows\system32\vccorlib110d.dll
2012-07-26 13:22 . 2012-07-26 13:22 90056 ----a-w- c:\windows\system32\mfcm110u.dll
2012-07-26 13:22 . 2012-07-26 13:22 90056 ----a-w- c:\windows\system32\mfcm110.dll
2012-07-26 13:22 . 2012-07-26 13:22 828872 ----a-w- c:\windows\system32\msvcr110.dll
2012-07-26 13:22 . 2012-07-26 13:22 74704 ----a-w- c:\windows\system32\mfc110fra.dll
2012-07-26 13:22 . 2012-07-26 13:22 74704 ----a-w- c:\windows\system32\mfc110deu.dll
2012-07-26 13:22 . 2012-07-26 13:22 73680 ----a-w- c:\windows\system32\mfc110esn.dll
2012-07-26 13:22 . 2012-07-26 13:22 72656 ----a-w- c:\windows\system32\mfc110ita.dll
2012-07-26 13:22 . 2012-07-26 13:22 70608 ----a-w- c:\windows\system32\mfc110rus.dll
2012-07-26 13:22 . 2012-07-26 13:22 661448 ----a-w- c:\windows\system32\msvcp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 64976 ----a-w- c:\windows\system32\mfc110enu.dll
2012-07-26 13:22 . 2012-07-26 13:22 5606856 ----a-w- c:\windows\system32\mfc110u.dll
2012-07-26 13:22 . 2012-07-26 13:22 5579208 ----a-w- c:\windows\system32\mfc110.dll
2012-07-26 13:22 . 2012-07-26 13:22 53712 ----a-w- c:\windows\system32\mfc110jpn.dll
2012-07-26 13:22 . 2012-07-26 13:22 53200 ----a-w- c:\windows\system32\mfc110kor.dll
2012-07-26 13:22 . 2012-07-26 13:22 46032 ----a-w- c:\windows\system32\mfc110cht.dll
2012-07-26 13:22 . 2012-07-26 13:22 46032 ----a-w- c:\windows\system32\mfc110chs.dll
2012-07-26 13:22 . 2012-07-26 13:22 385480 ----a-w- c:\windows\system32\vcamp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 354264 ----a-w- c:\windows\system32\vccorlib110.dll
2012-07-26 13:22 . 2012-07-26 13:22 292320 ----a-w- c:\windows\system32\vsjitdebugger.exe
2012-07-26 13:22 . 2012-07-26 13:22 248272 ----a-w- c:\windows\system32\VSPerf110.dll
2012-07-26 13:22 . 2012-07-26 13:22 1957328 ----a-w- c:\windows\system32\msvcr110d.dll
2012-07-26 13:22 . 2012-07-26 13:22 187864 ----a-w- c:\windows\system32\VSCover110.dll
2012-07-26 13:22 . 2012-07-26 13:22 177096 ----a-w- c:\windows\system32\atl110.dll
2012-07-26 13:22 . 2012-07-26 13:22 153040 ----a-w- c:\windows\system32\vcomp110d.dll
2012-07-26 13:22 . 2012-07-26 13:22 124360 ----a-w- c:\windows\system32\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 120776 ----a-w- c:\windows\system32\mfcm110d.dll
2012-07-26 13:22 . 2012-07-26 13:22 119760 ----a-w- c:\windows\system32\mfcm110ud.dll
2012-07-26 13:22 . 2012-07-26 13:22 1106384 ----a-w- c:\windows\system32\msvcp110d.dll
2012-07-26 13:22 . 2012-07-26 13:22 10915784 ----a-w- c:\windows\system32\mfc110ud.dll
2012-07-26 13:22 . 2012-07-26 13:22 10843080 ----a-w- c:\windows\system32\mfc110d.dll
2012-07-26 13:22 . 2012-07-26 13:22 1077688 ----a-w- c:\windows\system32\vcamp110d.dll
2012-07-25 18:32 . 2012-07-25 18:32 98792 ----a-w- c:\windows\SysWow64\vfrdvcompat.dll
2012-07-25 18:32 . 2012-07-25 18:32 164200 ----a-w- c:\windows\SysWow64\vrfcore.dll
2012-07-25 18:31 . 2012-07-25 18:31 87328 ----a-w- c:\windows\SysWow64\vfcompat.dll
2012-07-25 18:31 . 2012-07-25 18:31 81592 ----a-w- c:\windows\SysWow64\vfnet.dll
2012-07-25 18:31 . 2012-07-25 18:31 61384 ----a-w- c:\windows\SysWow64\vfnws.dll
2012-07-25 18:31 . 2012-07-25 18:31 52032 ----a-w- c:\windows\SysWow64\vfcuzz.dll
2012-07-25 18:31 . 2012-07-25 18:31 40136 ----a-w- c:\windows\SysWow64\vfntlmless.dll
2012-07-25 18:31 . 2012-07-25 18:31 367392 ----a-w- c:\windows\SysWow64\vfprintpthelper.dll
2012-07-25 18:31 . 2012-07-25 18:31 353328 ----a-w- c:\windows\SysWow64\vfbasics.dll
2012-07-25 18:31 . 2012-07-25 18:31 306592 ----a-w- c:\windows\SysWow64\vfprint.dll
2012-07-25 18:31 . 2012-07-25 18:31 242776 ----a-w- c:\windows\SysWow64\vfluapriv.dll
2012-07-25 18:31 . 2012-07-25 18:31 21448 ----a-w- c:\windows\SysWow64\cuzzapi.dll
2012-07-25 18:31 . 2012-07-25 18:31 173520 ----a-w- c:\windows\SysWow64\appverif.exe
2012-07-25 18:25 . 2012-07-25 18:25 59848 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
2012-07-25 18:25 . 2012-07-25 18:25 713672 ----a-w- c:\windows\SysWow64\d3d11_1sdklayers.dll
2012-07-25 18:25 . 2012-07-25 18:25 609224 ----a-w- c:\windows\SysWow64\d3d11ref.dll
2012-07-25 18:25 . 2012-07-25 18:25 590792 ----a-w- c:\windows\SysWow64\d3d11sdklayers.dll
2012-07-25 18:25 . 2012-07-25 18:25 461256 ----a-w- c:\windows\SysWow64\d3d10sdklayers.dll
2012-07-25 18:25 . 2012-07-25 18:25 383944 ----a-w- c:\windows\SysWow64\d3dref9.dll
2012-07-25 18:25 . 2012-07-25 18:25 365512 ----a-w- c:\windows\SysWow64\d3d10ref.dll
2012-07-25 18:25 . 2012-07-25 18:25 232904 ----a-w- c:\windows\SysWow64\dxcpl.exe
2012-07-25 18:25 . 2012-07-25 18:25 102344 ----a-w- c:\windows\SysWow64\dxgidebug.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-08-05 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-08-05 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"WebcamMaxAutoRun"="d:\program files (x86)\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"LightShot"="c:\users\GAMELASTER\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-02-02 220160]
"PC Suite Tray"="d:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\GAMELASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
OpenOffice.org 3.3.lnk - d:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2012-9-17 484976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 Photon Socket Server: LoadBalancing;Photon Socket Server: LoadBalancing;c:\users\GAMELASTER\Desktop\CspServer\deploy\bin_Win64\PhotonSocketServer.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-09-24 11104]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;d:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-18 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 41704]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 15360]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{585d89d3-e909-11e1-b61a-0022645fc0e5}]
\shell\AutoRun\command - F:\vs_ultimate.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 12:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"SoundMAX"="c:\program files (x86)\Analog Devices\SoundMAX\soundmax.exe" [2009-05-18 3866624]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\GAMELASTER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GAMELASTER\AppData\Roaming\Mozilla\Firefox\Profiles\k33cm9pq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?SSPV=FFB2&ctid=CT2269050&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
AddRemove-DVDVideoSoftTB Toolbar - c:\program files (x86)\DVDVideoSoftTB\uninstall.exe
AddRemove-uTorrentControl2 Toolbar - c:\program files (x86)\uTorrentControl2\uninstall.exe
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Photon Socket Server: LoadBalancing]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7e,7e,fb,98,fe,45,51,03,07,62,52,b0,7e,1f,be,c5,ad,23,53,17,9d,
ef,f5,db,e5,d1,ed,7c,9b,34,8e,fe,7c,8c,55,fe,18,4b,e5,0d,79,57,2a,66,ae,04,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7e,7e,fb,98,fe,45,51,03,07,62,52,b0,7e,1f,be,c5,ad,23,53,17,9d,
ef,f5,db,e5,d1,ed,7c,9b,34,8e,fe,7c,8c,55,fe,18,4b,e5,0d,79,57,2a,66,ae,04,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
@Denied: (A) (Everyone)
"Solution"="{36eb6792-3a29-43b3-8cd0-f67d266fb426}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
"Key"="ActionsPane"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\8.0\\ActionsPane.xsd"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
d:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\users\GAMELASTER\AppData\Local\Skillbrains\lightshot\3.0.0.0\LightShot.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
d:\program files (x86)\OpenOffice.org 3\program\soffice.exe
d:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\Winamp\winamp.exe
.
**************************************************************************
.
Completion time: 2012-09-23 09:20:06 - machine was rebooted
ComboFix-quarantined-files.txt 2012-09-23 07:20
.
Pre-Run: 7 364 481 024 bytes free
Post-Run: 7 281 332 224 bytes free
.
- - End Of File - - 49E2350FCA4A0CB486D96272FDE0D795

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 09:10
od GAMELASTER
P.S. Combofix chcel pomne aby som vypol kasperskyho

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 10:46
od Rudy
Ano, to je v pořádku. Při skenu CF musí být rezident antiviru vypnut. Ještě dočistíme. Přesuňte ComboFix na plochu. Otevřte poznámkový blok a zkopírujte do něj:
KillAll::

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{585d89d3-e909-11e1-b61a-0022645fc0e5}]

Firefox::
FF - ProfilePath - c:\users\GAMELASTER\AppData\Roaming\Mozilla\Firefox\Profiles\k33cm9pq.default\
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=

Reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B9A09F18-45AB-4F09-A117-A4ADDA8FA8C8}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane\0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::
Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Obrázek

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 10:51
od GAMELASTER
mate tam chybku , tam to url v code bere ako url, takze je skratene..
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
(Nemusite fixovat :DDDD)

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 10:56
od Rudy
GAMELASTER píše:mate tam chybku , tam to url v code bere ako url, takze je skratene..
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q=
(Nemusite fixovat :DDDD)
O tom, co mám, nebo nemám fixovat, rozhoduji já. Pokud se vám to nelíbí obraťte se jinam. URL hxxp://search.conduit.com/ResultsExt.as ... ource=2&q= jste so do prohlížeče určitě sám nenastavil, takže musí pryč.

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 12:34
od GAMELASTER
ComboFix 12-09-22.02 - GAMELASTER . 03. 1993 13:04:46.2.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.1789.785 [GMT 2:00]
Running from: c:\users\GAMELASTER\Desktop\ComboFix.exe
Command switches used :: c:\users\GAMELASTER\Desktop\CFScript.txt
AV: Kaspersky Anti-Virus *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Anti-Virus *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\GAMELASTER\AppData\Local\Skillbrains\lightshot\LightShot.exe Flags: uninsdeletevalue
.
.
((((((((((((((((((((((((( Files Created from 2000-11-28 to 2000-12-31 )))))))))))))))))))))))))))))))
.
.
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-05 19:50 . 2010-11-21 03:23 13824 ----a-w- c:\windows\SysWow64\slwga.dll
2012-08-05 19:50 . 2010-11-21 03:24 833024 ----a-w- c:\windows\SysWow64\user32.dll
2012-07-26 17:08 . 2012-07-26 17:08 837072 ----a-w- c:\windows\SysWow64\vcamp110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 729560 ----a-w- c:\windows\SysWow64\vccorlib110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 46032 ----a-w- c:\windows\SysWow64\mfc110cht.dll
2012-07-26 17:08 . 2012-07-26 17:08 46032 ----a-w- c:\windows\SysWow64\mfc110chs.dll
2012-07-26 17:08 . 2012-07-26 17:08 320976 ----a-w- c:\windows\SysWow64\vcamp110.dll
2012-07-26 17:08 . 2012-07-26 17:08 263112 ----a-w- c:\windows\SysWow64\vsjitdebugger.exe
2012-07-26 17:08 . 2012-07-26 17:08 251864 ----a-w- c:\windows\SysWow64\vccorlib110.dll
2012-07-26 17:08 . 2012-07-26 17:08 2203632 ----a-w- c:\windows\SysWow64\VsGraphicsHelper.dll
2012-07-26 17:08 . 2012-07-26 17:08 216016 ----a-w- c:\windows\SysWow64\VSPerf110.dll
2012-07-26 17:08 . 2012-07-26 17:08 173016 ----a-w- c:\windows\SysWow64\VSCover110.dll
2012-07-26 17:08 . 2012-07-26 17:08 144848 ----a-w- c:\windows\SysWow64\vcomp110d.dll
2012-07-26 17:08 . 2012-07-26 17:08 115656 ----a-w- c:\windows\SysWow64\vcomp110.dll
2012-07-26 13:22 . 2012-07-26 13:22 46032 ----a-w- c:\windows\system32\mfc110cht.dll
2012-07-26 13:22 . 2012-07-26 13:22 46032 ----a-w- c:\windows\system32\mfc110chs.dll
2012-07-25 18:32 . 2012-07-25 18:32 98792 ----a-w- c:\windows\SysWow64\vfrdvcompat.dll
2012-07-25 18:32 . 2012-07-25 18:32 164200 ----a-w- c:\windows\SysWow64\vrfcore.dll
2012-07-25 18:31 . 2012-07-25 18:31 87328 ----a-w- c:\windows\SysWow64\vfcompat.dll
2012-07-25 18:31 . 2012-07-25 18:31 81592 ----a-w- c:\windows\SysWow64\vfnet.dll
2012-07-25 18:31 . 2012-07-25 18:31 61384 ----a-w- c:\windows\SysWow64\vfnws.dll
2012-07-25 18:31 . 2012-07-25 18:31 52032 ----a-w- c:\windows\SysWow64\vfcuzz.dll
2012-07-25 18:31 . 2012-07-25 18:31 40136 ----a-w- c:\windows\SysWow64\vfntlmless.dll
2012-07-25 18:31 . 2012-07-25 18:31 367392 ----a-w- c:\windows\SysWow64\vfprintpthelper.dll
2012-07-25 18:31 . 2012-07-25 18:31 353328 ----a-w- c:\windows\SysWow64\vfbasics.dll
2012-07-25 18:31 . 2012-07-25 18:31 306592 ----a-w- c:\windows\SysWow64\vfprint.dll
2012-07-25 18:31 . 2012-07-25 18:31 242776 ----a-w- c:\windows\SysWow64\vfluapriv.dll
2012-07-25 18:25 . 2012-07-25 18:25 59848 ----a-w- c:\windows\SysWow64\VSD3DRefDebug.dll
2012-04-18 18:56 . 2012-04-18 18:56 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-04-18 18:56 . 2012-04-18 18:56 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-04-16 09:47 . 2012-04-16 09:47 258560 ----a-w- c:\windows\SysWow64\tsc2_codec64.dll
2012-04-16 09:47 . 2012-04-16 09:47 222208 ----a-w- c:\windows\SysWow64\tsc2_codec32.dll
2012-02-11 08:00 . 2012-02-11 08:00 3005528 ----a-w- c:\windows\SysWow64\sqlncli11.dll
2012-02-11 07:04 . 2012-02-11 07:04 521816 ----a-w- c:\windows\SysWow64\SqlServerSpatial110.dll
2010-11-21 15:00 . 2010-11-21 15:00 2560 ----a-w- c:\windows\SysWow64\drivers\en-US\qwavedrv.sys.mui
2010-11-21 15:00 . 2010-11-21 15:00 25600 ----a-w- c:\windows\SysWow64\drivers\en-US\bfe.dll.mui
2010-11-21 15:00 . 2010-11-21 15:00 15360 ----a-w- c:\windows\SysWow64\drivers\en-US\pacer.sys.mui
2010-11-21 15:00 . 2010-11-21 15:00 2560 ----a-w- c:\windows\SysWow64\drivers\sk-SK\scfilter.sys.mui
2010-11-21 15:00 . 2010-11-21 15:00 5632 ----a-w- c:\windows\SysWow64\drivers\en-US\ndiscap.sys.mui
2010-11-21 15:00 . 2010-11-21 15:00 47616 ----a-w- c:\windows\SysWow64\drivers\sk-SK\tcpip.sys.mui
2010-11-21 03:25 . 2010-11-21 03:25 301568 ----a-w- c:\windows\SysWow64\srchadmin.dll
2010-11-21 03:25 . 2010-11-21 03:25 172544 ----a-w- c:\windows\SysWow64\spp.dll
2010-11-21 03:25 . 2010-11-21 03:25 1548288 ----a-w- c:\windows\SysWow64\tquery.dll
2010-11-21 03:25 . 2010-11-21 03:25 738816 ----a-w- c:\windows\SysWow64\wmpmde.dll
2010-11-21 03:25 . 2010-11-21 03:25 2202624 ----a-w- c:\windows\SysWow64\SensorsCpl.dll
2010-11-21 03:25 . 2010-11-21 03:25 902656 ----a-w- c:\windows\SysWow64\WMADMOD.DLL
2010-11-21 03:25 . 2010-11-21 03:25 541184 ----a-w- c:\windows\SysWow64\WMVSDECD.DLL
2010-11-21 03:25 . 2010-11-21 03:25 1619456 ----a-w- c:\windows\SysWow64\WMVDECOD.DLL
2010-11-21 03:25 . 2010-11-21 03:25 350720 ----a-w- c:\windows\SysWow64\WPDSp.dll
2010-11-21 03:25 . 2010-11-21 03:25 850432 ----a-w- c:\windows\SysWow64\sbe.dll
2010-11-21 03:25 . 2010-11-21 03:25 8192 ----a-w- c:\windows\SysWow64\spwmp.dll
2010-11-21 03:25 . 2010-11-21 03:25 78848 ----a-w- c:\windows\SysWow64\UserAccountControlSettings.dll
2010-11-21 03:25 . 2010-11-21 03:25 68608 ----a-w- c:\windows\SysWow64\WSTPager.ax
2010-11-21 03:25 . 2010-11-21 03:25 616960 ----a-w- c:\windows\SysWow64\wmdrmsdk.dll
2010-11-21 03:25 . 2010-11-21 03:25 51712 ----a-w- c:\windows\SysWow64\wscapi.dll
2010-11-21 03:25 . 2010-11-21 03:25 509440 ----a-w- c:\windows\SysWow64\qedit.dll
2010-11-21 03:25 . 2010-11-21 03:25 416768 ----a-w- c:\windows\SysWow64\wiadefui.dll
2010-11-21 03:25 . 2010-11-21 03:25 352256 ----a-w- c:\windows\SysWow64\wmpeffects.dll
2010-11-21 03:25 . 2010-11-21 03:25 33792 ----a-w- c:\windows\SysWow64\vbisurf.ax
2010-11-21 03:25 . 2010-11-21 03:25 299520 ----a-w- c:\windows\SysWow64\wmpdxm.dll
2010-11-21 03:25 . 2010-11-21 03:25 246272 ----a-w- c:\windows\SysWow64\scansetting.dll
2010-11-21 03:25 . 2010-11-21 03:25 2311168 ----a-w- c:\windows\SysWow64\wpdshext.dll
2010-11-21 03:25 . 2010-11-21 03:25 198144 ----a-w- c:\windows\SysWow64\wpdwcn.dll
2010-11-21 03:25 . 2010-11-21 03:25 182272 ----a-w- c:\windows\SysWow64\wmpsrcwp.dll
2010-11-21 03:25 . 2010-11-21 03:25 1624064 ----a-w- c:\windows\SysWow64\WMPEncEn.dll
2010-11-21 03:25 . 2010-11-21 03:25 153600 ----a-w- c:\windows\SysWow64\VBICodec.ax
2010-11-21 03:25 . 2010-11-21 03:25 144384 ----a-w- c:\windows\SysWow64\wmpps.dll
2010-11-21 03:25 . 2010-11-21 03:25 12625408 ----a-w- c:\windows\SysWow64\wmploc.DLL
2010-11-21 03:25 . 2010-11-21 03:25 115712 ----a-w- c:\windows\SysWow64\setupcln.dll
2010-11-21 03:25 . 2010-11-21 03:25 109568 ----a-w- c:\windows\SysWow64\wiavideo.dll
2010-11-21 03:25 . 2010-11-21 03:25 105984 ----a-w- c:\windows\SysWow64\WPDShServiceObj.dll
2010-11-21 03:25 . 2010-11-21 03:25 105472 ----a-w- c:\windows\SysWow64\wmpshell.dll
2010-11-21 03:25 . 2010-11-21 03:25 340992 ----a-w- c:\windows\system32\srchadmin.dll
2010-11-21 03:25 . 2010-11-21 03:25 293888 ----a-w- c:\windows\SysWow64\ssText3d.scr
2010-11-21 03:25 . 2010-11-21 03:25 220672 ----a-w- c:\windows\SysWow64\Ribbons.scr
2010-11-21 03:25 . 2010-11-21 03:25 2146304 ----a-w- c:\windows\SysWow64\SyncCenter.dll
2010-11-21 03:25 . 2010-11-21 03:25 159232 ----a-w- c:\windows\SysWow64\syncui.dll
2010-11-21 03:25 . 2010-11-21 03:25 83968 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2010-11-21 03:25 . 2010-11-21 03:25 140800 ----a-w- c:\windows\SysWow64\rdpendp.dll
2010-11-21 03:25 . 2010-11-21 03:25 464896 ----a-w- c:\windows\SysWow64\scrptadm.dll
2010-11-21 03:24 . 2010-11-21 03:24 507392 ----a-w- c:\windows\SysWow64\wmdrmdev.dll
2010-11-21 03:24 . 2010-11-21 03:24 436736 ----a-w- c:\windows\SysWow64\wmdrmnet.dll
2010-11-21 03:24 . 2010-11-21 03:24 1003008 ----a-w- c:\windows\SysWow64\WMNetMgr.dll
2010-11-21 03:24 . 2010-11-21 03:24 428032 ----a-w- c:\windows\SysWow64\wlanmsm.dll
2010-11-21 03:24 . 2010-11-21 03:24 410112 ----a-w- c:\windows\SysWow64\wlanui.dll
2010-11-21 03:24 . 2010-11-21 03:24 335872 ----a-w- c:\windows\SysWow64\WinSATAPI.dll
2010-11-21 03:24 . 2010-11-21 03:24 1326592 ----a-w- c:\windows\SysWow64\wlanpref.dll
2010-11-21 03:24 . 2010-11-21 03:24 36352 ----a-w- c:\windows\SysWow64\wshbth.dll
2010-11-21 03:24 . 2010-11-21 03:24 276992 ----a-w- c:\windows\SysWow64\wcncsvc.dll
2010-11-21 03:24 . 2010-11-21 03:24 270848 ----a-w- c:\windows\SysWow64\tsmf.dll
2010-11-21 03:24 . 2010-11-21 03:24 204800 ----a-w- c:\windows\SysWow64\WebClnt.dll
2010-11-21 03:24 . 2010-11-21 03:24 79232 ----a-w- c:\windows\SysWow64\rdvgumd32.dll
2010-11-21 03:24 . 2010-11-21 03:24 290304 ----a-w- c:\windows\system32\webcheck.dll
2010-11-21 03:24 . 2010-11-21 03:24 51200 ----a-w- c:\windows\SysWow64\PushPrinterConnections.exe
2010-11-21 03:24 . 2010-11-21 03:24 65024 ----a-w- c:\windows\SysWow64\TSpkg.dll
2010-11-21 03:24 . 2010-11-21 03:24 11264 ----a-w- c:\windows\SysWow64\wshirda.dll
2010-11-21 03:24 . 2010-11-21 03:24 1010688 ----a-w- c:\windows\SysWow64\WindowsCodecs.dll
2010-11-21 03:24 . 2010-11-21 03:24 52224 ----a-w- c:\windows\SysWow64\rdpd3d.dll
2010-11-21 03:24 . 2010-11-21 03:24 505856 ----a-w- c:\windows\SysWow64\taskschd.dll
2010-11-21 03:24 . 2010-11-21 03:24 352768 ----a-w- c:\windows\SysWow64\termmgr.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[-] 2012-08-05 . 2C353B6CE0C8D03225CAA2AF33B68D79 . 1008640 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[-] 2012-08-05 . 861C4346F9281DC0380DE72C8D55D6BE . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2012-05-31 445624]
"DAEMON Tools Pro Agent"="c:\program files (x86)\DAEMON Tools Pro\DTAgent.exe" [2012-04-26 3111744]
"WebcamMaxAutoRun"="d:\program files (x86)\WebcamMax\wcmmon.exe" [2011-07-17 1038848]
"LightShot"="c:\users\GAMELASTER\AppData\Local\Skillbrains\lightshot\LightShot.exe" [2012-02-02 220160]
"PC Suite Tray"="d:\program files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe" [2012-06-26 1516632]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2012-06-28 74752]
"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2012\avp.exe" [2011-04-24 202296]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="d:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
.
c:\users\GAMELASTER\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-8-27 26924984]
OpenOffice.org 3.3.lnk - d:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
PdaNet Desktop.lnk - c:\program files (x86)\PdaNet for Android\PdaNetPC.exe [2012-9-17 484976]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 Photon Socket Server: LoadBalancing;Photon Socket Server: LoadBalancing;c:\users\GAMELASTER\Desktop\CspServer\deploy\bin_Win64\PhotonSocketServer.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 fussvc;Windows App Certification Kit Fast User Switching Utility Service;c:\program files (x86)\Windows Kits\8.0\App Certification Kit\fussvc.exe [2012-07-25 139776]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2008-09-24 11104]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-08 114144]
R3 PAC207;Trust WB-1400T Webcam;c:\windows\system32\DRIVERS\PFC027.SYS [2007-05-14 573952]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 Te.Service;Te.Service;c:\program files (x86)\Windows Kits\8.0\Testing\Runtimes\TAEF\Wex.Services.exe [2012-07-25 126976]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv110;Performance Tools Driver 11.0;d:\program files (x86)\Microsoft Visual Studio 11.0\Team Tools\Performance Tools\x64\VSPerfDrv110.sys [2012-07-13 70264]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2012-08-05 1255736]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-08-18 283200]
S1 HssDRV6;Hotspot Shield Routing Driver 6;c:\windows\system32\DRIVERS\hssdrv6.sys [2012-07-24 41704]
S1 kl2;kl2;c:\windows\system32\DRIVERS\kl2.sys [2011-03-04 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2011-03-10 29488]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-04 203264]
S2 Apache2.2;Apache2.2;d:\xampp\apache\bin\httpd.exe [2011-09-10 18432]
S2 WCMVCAM;WebcamMax, WDM Video Capture;c:\windows\system32\DRIVERS\wcmvcam64.sys [2011-06-23 1071032]
S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2009-11-02 22544]
S3 pneteth;PdaNet Broadband;c:\windows\system32\DRIVERS\pneteth.sys [2011-11-24 15360]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
Contents of the 'Scheduled Tasks' folder
.
2012-09-23 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-05 12:34]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}]
c:\program files (x86)\Hotspot Shield\HssIE\HssIE_64.dll [BU]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\GAMELASTER\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\GAMELASTER\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\GAMELASTER\AppData\Roaming\Mozilla\Firefox\Profiles\k33cm9pq.default\
FF - prefs.js: browser.startup.homepage - hxxp://google.sk
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{687578B9-7132-4A7A-80E4-30EE31099E03} - (no file)
WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)
WebBrowser-{872B5B88-9DB5-4310-BDD0-AC189557E5F5} - (no file)
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\PerfProc]
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Photon Socket Server: LoadBalancing]
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:7e,7e,fb,98,fe,45,51,03,07,62,52,b0,7e,1f,be,c5,ad,23,53,17,9d,
ef,f5,db,e5,d1,ed,7c,9b,34,8e,fe,7c,8c,55,fe,18,4b,e5,0d,79,57,2a,66,ae,04,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:7e,7e,fb,98,fe,45,51,03,07,62,52,b0,7e,1f,be,c5,ad,23,53,17,9d,
ef,f5,db,e5,d1,ed,7c,9b,34,8e,fe,7c,8c,55,fe,18,4b,e5,0d,79,57,2a,66,ae,04,\
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
d:\xampp\mysql\bin\mysqld.exe
c:\program files (x86)\DAEMON Tools Pro\DTShellHlp.exe
c:\windows\SysWOW64\rundll32.exe
c:\users\GAMELASTER\AppData\Local\Skillbrains\lightshot\3.0.0.0\LightShot.exe
c:\program files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe
d:\program files (x86)\OpenOffice.org 3\program\soffice.exe
d:\program files (x86)\OpenOffice.org 3\program\soffice.bin
c:\program files (x86)\PC Connectivity Solution\ServiceLayer.exe
c:\program files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe
c:\program files (x86)\Winamp\winamp.exe
.
**************************************************************************
.
Completion time: 2000-12-31 23:13:26 - machine was rebooted
ComboFix-quarantined-files.txt 2000-12-31 22:13
ComboFix2.txt 2012-09-23 07:20
.
Pre-Run: 7 115 108 352 bytes free
Post-Run: 7 052 414 976 bytes free
.
- - End Of File - - 1DDF004BC55D2168C88DBA0738251FF5

Ten virus asi furt zije:
http://prntscr.com/g2li6
dokonca sa tomu virusu podarilo nastavit cas

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 13:11
od Rudy
Smazáno. Nastala nějaká změna?

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 13:13
od GAMELASTER
Rudy píše:Smazáno. Nastala nějaká změna?
vsiml sem si ze pc jde rychleji, ale zas dela to co v minulom topicu:
GAMELASTER píše:Ten virus asi furt zije:
http://prntscr.com/g2li6
dokonca sa tomu virusu podarilo nastavit cas

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 13:16
od Rudy
Udělejte sken GMER: http://forum.viry.cz/viewtopic.php?f=29&t=62878 a dejte oba logy.

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 14:14
od GAMELASTER
je zle ze som dal skanovat aj ked som mal vsetko odskrtnute okrem Services,Registry a Files? Ostatne mam sede.. program zapinam ako spravca....

Dal som zatial iba Services, Registry a Files, a ked som dal save, bolo to prazdne... :/

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 15:53
od Rudy
Řiďte se přesně návodem v odkazu. Potřebuji vidět ty logy, je dost pravděpodobné, že máte rootkit.

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 16:03
od GAMELASTER
nejde to, GMER vyzera takto:
http://prntscr.com/g2xpw

a ked som to dal takto skenovat, ked som dal save, dalo mi prazdny subor... Program siel ako spravca, tak nwm.
Resp. Aj po rychlo skane mi exportlo nic, aj po hlavnom skane exportlo nic.... Ani ten zaciatok nenapisalo
myslim tento:

Kód: Vybrat vše

GMER 1.0.14.14536 - http://www.gmer.net
Rootkit scan 2008-06-14 09:01:44
Windows 5.1.2600 Service Pack 3
//Postreh virusu, hra ktora mi brala 100 000kb teraz berie 1 000 000 kb
//Dalsi postreh, program sa neda spustit(nie, nieje to chyba programu, fungovalo mi to do teraz):
http://prntscr.com/g2y2y

Re: Virus nebol uplne zniceny, utoci silnejsie

Napsal: 23 zář 2012 16:28
od Rudy
Máte ty hry legální?
Všechny časy jsou v UTC+01:00
Stránka 1 z 2

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz