VIRY.CZ

Zdravím potrebujem pomôcť z vyriešním tohto BSODu. Tento BSOD mi hodí väčšinou vtedy keď hrám hry na Facebooku naposledy pri Zynga Poker keď som menil jazyk z anglického na nemecky.A ešte mi hocikedy hodí BSOD ntkrnlpa.exe.
Tu je Log z RSIT:
Logfile of random's system information tool 1.09 (written by random/random)
Run by Admin at 2013-02-19 22:27:13
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 19 GB (12%) free of 157 GB
Total RAM: 2047 MB (14% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 22:28:40, on 19. 2. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16464)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\ESET\ESET Smart Security\egui.exe
C:\Windows\V0640Mon.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe
C:\Users\Admin\Downloads\RSIT.exe
C:\Program Files\trend micro\Admin.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.zoznam.sk
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.zoznam.sk
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000& ... F5572959FA}
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Program Windows Internet Explorer poskytuje: Zoznam.sk
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=C:\Windows\system32\userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: AppGraffiti - {6F6A5334-78E9-4D9B-8182-8B41EA8C39EF} - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: DefaultTabBHO - {7F6AFBF1-E065-4627-A2FD-810366367D01} - (no file)
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: SMTTB2009 - {FCBCCB87-9224-4B8D-B117-F56D924BEB18} - (no file)
O3 - Toolbar: HyperCam Toolbar - {338B4DFE-2E2C-4338-9E41-E176D497299E} - (no file)
O4 - HKLM\..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s
O4 - HKLM\..\Run: [NVRaidService] C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe
O4 - HKLM\..\Run: [CmPCIaudio] RunDll32 CMICNFG3.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET Smart Security\egui.exe" /hide /waitservice
O4 - HKLM\..\Run: [V0640Mon.exe] C:\Windows\V0640Mon.exe
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [GarenaPlus] "C:\Program Files\Garena Plus\GarenaMessenger.exe" -autolaunch
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-3515453284-2844420679-3037330450-1006\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-3515453284-2844420679-3037330450-1006\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O8 - Extra context menu item: Send by Bluetooth - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
O8 - Extra context menu item: Send via &Message... - C:\Program Files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
O9 - Extra button: PokerStars - {3AD14F0C-ED16-4e43-B6D8-661B03F6A1EF} - C:\Program Files\PokerStars\PokerStarsUpdate.exe (file missing)
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O17 - HKLM\System\CCS\Services\Tcpip\..\{418478AD-D133-4889-8699-3F7B847FD9E2}: NameServer = 8.8.8.8,4.4.4.4
O17 - HKLM\System\CCS\Services\Tcpip\..\{6644A630-B2A7-4BD6-8398-DDC9A045AF52}: NameServer = 192.168.7.1
O18 - Protocol: hddlife - {BD758015-47D9-477A-8873-4B688A2BC0E2} - "C:\Program Files\Common Files\BinarySense\hlAPP.dll" (file missing)
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs:
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: BlueSoleilCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
O23 - Service: BsHelpCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe
O23 - Service: BsMobileCS - Unknown owner - C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe
O23 - Service: DefaultTabUpdate - Unknown owner - C:\Users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET Smart Security\ekrn.exe
O23 - Service: FLEXnet Licensing Service - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: HDDlife HDD Access service - BinarySense, Inc. - C:\Program Files\Common Files\BinarySense\hldasvc.exe
O23 - Service: HiSuiteOuc.exe - Unknown owner - C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe
O23 - Service: HuaweiHiSuiteService.exe - Unknown owner - C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe
O23 - Service: nProtect GameGuard Service (npggsvc) - Unknown owner - C:\Windows\system32\GameMon.des.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared files\RichVideo.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies, Inc. - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: ServiceLayer - Nokia - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe
O23 - Service: TeamViewer 8 (TeamViewer8) - TeamViewer GmbH - C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
O23 - Service: TunngleService - Tunngle.net GmbH - C:\Program Files\Tunngle\TnglCtrl.exe

--
End of file - 9479 bytes

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000UA.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798

prefs.js - "browser.startup.homepage" - "http://www.google.sk/"

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.6.602.168 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_168.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw_1200112.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.11.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ogplanet.com/npOGPPlugin]
"Description"=OGPlanet Game Plugin
"Path"=C:\Windows\system32\npOGPPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@videolan.org/vlc,version=2.0.5]
"Description"=VLC Multimedia Plugin
"Path"=C:\Program Files\VideoLAN\VLC\npvlc.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll

C:\Program Files\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsRLCT4Player.xpt

C:\Program Files\Mozilla Firefox\plugins\
CrazyTalk4Native.dll
ctdomemhelper.dll
ctframeplayerobject.dll
ctplayerobject.dll
imagickrt.dll
nplv86win32.dll
nplv90win32.dll
nppdf32.dll
npRLCT4Player.dll
npwachk.dll
rlcontentclass.dll
RLMusicPacker.dll
RLMusicUnpacker.dll
RLVoicePacker.dll
RLVoiceUnpacker.dll

C:\Program Files\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
McSiteAdvisor.xml
Search_Results.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\
battlefieldheroespatcher@ea.com
battlefieldplay4free@ea.com

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-12-18 66280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
AppGraffiti - C:\PROGRA~1\APPGRA~1\APPGRA~1.DLL [2012-12-12 271672]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2013-01-16 461216]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7F6AFBF1-E065-4627-A2FD-810366367D01}]
DefaultTab Browser Helper

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2010-09-21 439168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2012-03-02 4296864]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2013-01-16 170912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FCBCCB87-9224-4B8D-B117-F56D924BEB18}]
SMTTB2009 Class

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{338B4DFE-2E2C-4338-9E41-E176D497299E} -

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"=C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [2012-06-11 10996368]
"NVRaidService"=C:\Program Files\NVIDIA Corporation\Raid\nvraidservice.exe [2010-04-09 163944]
"CmPCIaudio"=RunDll32 CMICNFG3.cpl,CMICtrlWnd []
"MSC"=C:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]
"egui"=C:\Program Files\ESET\ESET Smart Security\egui.exe [2012-11-26 5074384]
"V0640Mon.exe"=C:\Windows\V0640Mon.exe [2009-09-23 28672]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"GarenaPlus"=C:\Program Files\Garena Plus\GarenaMessenger.exe [2013-01-30 9458992]
"DAEMON Tools Lite"=C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe [2009-02-27 315478]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
C:\Program Files\DAEMON Tools Lite\DTLite.exe [2011-11-10 3514176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=" "

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableUIADesktopToggle"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\facebookmessenger.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\firefox.exe]
"Debugger=""C:\Program Files\TuneUp Utilities 2013\TUAutoReactivator32.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"VIDC.LAGS"=lagarith.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.FPS1"=frapsvid.dll
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"aux2"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux3"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave6"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer6"=wdmaud.drv
"msacm.l3codecp"=l3codecp.acm
"wave5"=wdmaud.drv
"midi6"=wdmaud.drv
"mixer5"=wdmaud.drv
"wave7"=wdmaud.drv
"midi7"=wdmaud.drv
"mixer7"=wdmaud.drv
"aux4"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2013-02-19 22:27:17 ----D---- C:\Program Files\trend micro
2013-02-19 22:27:13 ----D---- C:\rsit
2013-02-19 20:27:02 ----D---- C:\Users\Admin\AppData\Roaming\Reallusion
2013-02-19 20:25:44 ----D---- C:\ProgramData\Creative
2013-02-19 20:25:33 ----D---- C:\Users\Admin\AppData\Roaming\Creative
2013-02-19 20:14:31 ----A---- C:\Windows\system32\CTAFX32.dll
2013-02-19 20:14:10 ----A---- C:\Windows\system32\V0640Pin.dll
2013-02-19 20:14:08 ----A---- C:\Windows\system32\V0640Hwx.dll
2013-02-19 20:14:08 ----A---- C:\Windows\system32\drivers\V0640Vid.sys
2013-02-19 20:14:08 ----A---- C:\Windows\system32\CtCamMgr.dll
2013-02-19 20:14:08 ----A---- C:\Windows\CtDrvIns.exe
2013-02-19 20:12:09 ----D---- C:\Program Files\Common Files\Reallusion
2013-02-19 20:04:56 ----A---- C:\Windows\system32\drivers\cmudax3.sys
2013-02-19 20:03:31 ----D---- C:\Users\Admin\AppData\Roaming\InstallShield
2013-02-19 19:59:07 ----D---- C:\Program Files\Creative
2013-02-19 16:52:23 ----D---- C:\ProgramData\ESET
2013-02-18 14:58:38 ----D---- C:\ProgramData\WCMShare
2013-02-18 14:46:58 ----D---- C:\Program Files\WebcamMax
2013-02-18 10:00:11 ----D---- C:\ProgramData\BlueStacksSetup
2013-02-14 13:47:01 ----D---- C:\Users\Admin\AppData\Roaming\GitHub
2013-02-13 18:05:16 ----A---- C:\Windows\system32\mshtmled.dll
2013-02-13 18:05:15 ----A---- C:\Windows\system32\vbscript.dll
2013-02-13 18:05:14 ----A---- C:\Windows\system32\jsproxy.dll
2013-02-13 18:05:13 ----A---- C:\Windows\system32\ieUnatt.exe
2013-02-13 18:05:13 ----A---- C:\Windows\system32\ieui.dll
2013-02-13 18:05:12 ----A---- C:\Windows\system32\msfeeds.dll
2013-02-13 18:05:11 ----A---- C:\Windows\system32\wininet.dll
2013-02-13 18:05:11 ----A---- C:\Windows\system32\jscript.dll
2013-02-13 18:05:10 ----A---- C:\Windows\system32\jscript9.dll
2013-02-13 18:05:09 ----A---- C:\Windows\system32\url.dll
2013-02-13 18:05:08 ----A---- C:\Windows\system32\iertutil.dll
2013-02-13 18:05:06 ----A---- C:\Windows\system32\urlmon.dll
2013-02-13 18:05:03 ----A---- C:\Windows\system32\mshtml.dll
2013-02-13 18:04:58 ----A---- C:\Windows\system32\ieframe.dll
2013-02-13 13:50:49 ----A---- C:\Windows\system32\win32k.sys
2013-02-13 13:50:25 ----A---- C:\Windows\system32\ntkrnlpa.exe
2013-02-13 13:50:19 ----A---- C:\Windows\system32\ntoskrnl.exe
2013-02-13 13:50:16 ----A---- C:\Windows\system32\drivers\tcpip.sys
2013-02-13 13:50:15 ----A---- C:\Windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 13:50:11 ----A---- C:\Windows\system32\winsrv.dll
2013-02-02 12:05:56 ----D---- C:\Program Files\Microsoft Security Client
2013-02-01 17:34:36 ----D---- C:\Users\Admin\AppData\Roaming\Hothead Games
2013-02-01 16:40:57 ----A---- C:\Windows\system32\XAudio2_7.dll
2013-02-01 16:40:57 ----A---- C:\Windows\system32\XAPOFX1_5.dll
2013-02-01 16:40:57 ----A---- C:\Windows\system32\xactengine3_7.dll
2013-02-01 16:40:56 ----A---- C:\Windows\system32\D3DCompiler_43.dll
2013-02-01 16:40:55 ----A---- C:\Windows\system32\d3dx11_43.dll
2013-02-01 16:40:55 ----A---- C:\Windows\system32\d3dcsx_43.dll
2013-02-01 16:40:54 ----A---- C:\Windows\system32\XAPOFX1_4.dll
2013-02-01 16:40:54 ----A---- C:\Windows\system32\D3DX9_43.dll
2013-02-01 16:40:54 ----A---- C:\Windows\system32\d3dx10_43.dll
2013-02-01 16:40:53 ----A---- C:\Windows\system32\XAudio2_6.dll
2013-02-01 16:40:53 ----A---- C:\Windows\system32\xactengine3_6.dll
2013-02-01 16:40:53 ----A---- C:\Windows\system32\X3DAudio1_7.dll
2013-01-29 22:10:34 ----D---- C:\Users\Admin\AppData\Roaming\HD Tune Pro
2013-01-29 22:09:07 ----D---- C:\Program Files\HD Tune Pro
2013-01-29 14:29:43 ----D---- C:\Users\Admin\AppData\Roaming\Doublefine
2013-01-29 14:26:32 ----D---- C:\ProgramData\RELOADED
2013-01-25 18:22:22 ----D---- C:\Users\Admin\AppData\Roaming\Wireshark
2013-01-25 17:08:42 ----D---- C:\Program Files\WinPcap
2013-01-25 17:08:01 ----D---- C:\Program Files\Wireshark
2013-01-23 19:40:16 ----D---- C:\Program Files\Common Files\Skype

======List of files/folders modified in the last 1 month======

2013-02-19 22:28:30 ----D---- C:\Windows\Temp
2013-02-19 22:27:17 ----RD---- C:\Program Files
2013-02-19 22:02:21 ----D---- C:\Windows\system32\drivers
2013-02-19 22:02:21 ----D---- C:\Windows\system32\catroot
2013-02-19 22:01:01 ----SHD---- C:\System Volume Information
2013-02-19 21:58:11 ----D---- C:\ProgramData\PMB Files
2013-02-19 21:40:13 ----D---- C:\Windows\system32\config
2013-02-19 20:32:57 ----AD---- C:\Windows
2013-02-19 20:32:21 ----A---- C:\Windows\system32\LOCALSERVICE.INI
2013-02-19 20:32:12 ----AD---- C:\ProgramData\TEMP
2013-02-19 20:31:46 ----D---- C:\Windows\system32\Tasks
2013-02-19 20:31:45 ----A---- C:\Windows\system32\bscs.ini
2013-02-19 20:27:57 ----D---- C:\Users\Admin\AppData\Roaming\Skype
2013-02-19 20:25:44 ----HD---- C:\ProgramData
2013-02-19 20:21:18 ----A---- C:\Windows\Cmicnfg3.ini.imi
2013-02-19 20:14:36 ----D---- C:\Windows\System32
2013-02-19 20:14:34 ----D---- C:\Windows\inf
2013-02-19 20:14:32 ----D---- C:\Windows\system32\DriverStore
2013-02-19 20:14:17 ----D---- C:\Windows\twain_32
2013-02-19 20:13:38 ----A---- C:\Windows\Cmicnfg3.ini.cfl
2013-02-19 20:12:17 ----D---- C:\Windows\system32\catroot2
2013-02-19 20:12:09 ----D---- C:\Program Files\Common Files
2013-02-19 20:10:46 ----D---- C:\Windows\system
2013-02-19 20:04:02 ----HD---- C:\Program Files\InstallShield Installation Information
2013-02-19 16:54:18 ----SHD---- C:\Windows\Installer
2013-02-19 16:39:43 ----D---- C:\Windows\Microsoft.NET
2013-02-19 16:39:07 ----RSD---- C:\Windows\assembly
2013-02-19 16:21:48 ----A---- C:\Windows\system32\PerfStringBackup.INI
2013-02-19 16:08:58 ----D---- C:\Windows\Minidump
2013-02-18 19:08:30 ----D---- C:\Program Files\Steam
2013-02-18 18:12:17 ----A---- C:\Windows\system32\LOCALDEVICE.INI
2013-02-18 13:47:11 ----D---- C:\ProgramData\Adobe
2013-02-18 13:46:28 ----A---- C:\Windows\system32\FlashPlayerApp.exe
2013-02-18 10:08:28 ----D---- C:\Windows\Prefetch
2013-02-17 17:24:29 ----D---- C:\Windows\system32\Adobe
2013-02-17 15:05:44 ----D---- C:\Users\Admin\AppData\Roaming\vlc
2013-02-17 10:12:42 ----D---- C:\Program Files\Common Files\Steam
2013-02-15 22:03:22 ----D---- C:\Users\Admin\AppData\Roaming\GarenaPlus
2013-02-15 22:03:22 ----D---- C:\ProgramData\GarenaMessenger
2013-02-14 15:48:59 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-02-14 13:39:47 ----D---- C:\Program Files\Mozilla Firefox
2013-02-13 18:21:18 ----D---- C:\Windows\winsxs
2013-02-13 18:18:25 ----D---- C:\Windows\system32\migration
2013-02-13 18:18:25 ----D---- C:\Program Files\Internet Explorer
2013-02-13 18:08:40 ----A---- C:\Windows\system32\MRT.exe
2013-02-13 18:07:46 ----D---- C:\ProgramData\Microsoft Help
2013-02-10 22:05:35 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2013-02-09 14:42:28 ----D---- C:\Users\Admin\AppData\Roaming\.minecraft
2013-02-09 10:27:37 ----D---- C:\Windows\system32\en-US
2013-02-09 10:27:37 ----D---- C:\Windows\system32\drivers\etc
2013-02-09 10:27:37 ----D---- C:\Windows\system32\cs-CZ
2013-02-05 17:12:36 ----D---- C:\Windows\system32\NDF
2013-02-04 18:47:26 ----D---- C:\Program Files\NVIDIA Corporation
2013-02-04 16:00:56 ----D---- C:\Users\Admin\AppData\Roaming\dvdcss
2013-02-03 09:59:55 ----D---- C:\Windows\system32\LogFiles
2013-02-02 12:06:04 ----SD---- C:\ProgramData\Microsoft
2013-02-01 22:08:23 ----D---- C:\Program Files\Garena Plus
2013-02-01 21:43:03 ----D---- C:\ProgramData\TrackMania
2013-02-01 18:31:55 ----D---- C:\ProgramData\Tunngle
2013-02-01 16:38:21 ----D---- C:\Program Files\AGEIA Technologies
2013-01-30 11:53:21 ----N---- C:\Windows\system32\MpSigStub.exe
2013-01-29 19:01:58 ----D---- C:\Windows\system32\drivers\UMDF
2013-01-29 19:01:54 ----D---- C:\ProgramData\PC Suite
2013-01-23 19:40:24 ----D---- C:\ProgramData\Skype
2013-01-23 19:40:16 ----RD---- C:\Program Files\Skype
2013-01-20 13:24:55 ----D---- C:\Users\Admin\AppData\Roaming\PC Suite

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 BtHidBus;Bluetooth HID Bus Service; C:\Windows\System32\Drivers\BtHidBus.sys [2009-01-07 20744]
R0 epfwwfp;epfwwfp; C:\Windows\system32\DRIVERS\epfwwfp.sys [2012-11-28 47056]
R0 MpFilter;Microsoft Malware Protection Driver; C:\Windows\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 nvstor32;nvstor32; C:\Windows\system32\DRIVERS\nvstor32.sys [2010-04-09 215656]
R0 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-12-06 428088]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 388096]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-10-08 170656]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-10-08 121216]
R1 EpfwLWF;Epfw NDIS LightWeight Filter; C:\Windows\system32\DRIVERS\EpfwLWF.sys [2012-10-08 46056]
R1 MpKslb4dff94a;MpKslb4dff94a; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F75761E9-D6BF-4095-9430-7FB21B8D95DC}\MpKslb4dff94a.sys [2013-02-19 29904]
R2 acedrv11;acedrv11; \??\C:\Windows\system32\drivers\acedrv11.sys [2010-02-24 185472]
R2 atksgt;atksgt; C:\Windows\system32\DRIVERS\atksgt.sys [2011-11-06 281760]
R2 cvintdrv;cvintdrv; C:\Windows\system32\drivers\cvintdrv.sys [2009-05-29 4096]
R2 epfw;epfw; C:\Windows\system32\DRIVERS\epfw.sys [2012-10-08 149568]
R2 irda;IrDA Protocol; C:\Windows\system32\DRIVERS\irda.sys [2009-07-14 96768]
R2 lirsgt;lirsgt; C:\Windows\system32\DRIVERS\lirsgt.sys [2011-11-06 25888]
R2 NisDrv;Microsoft Network Inspection System; C:\Windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R2 NPF;NetGroup Packet Filter Driver; C:\Windows\system32\drivers\npf.sys [2010-06-25 35088]
R3 btnetBUs;Bluetooth PAN Bus Service; C:\Windows\System32\Drivers\btnetBus.sys [2008-12-07 30088]
R3 cmuda3;C-Media PCI Audio Interface; C:\Windows\system32\drivers\cmudax3.sys [2009-05-19 1872192]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver; C:\Windows\system32\DRIVERS\CtClsFlt.sys []
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHDA.sys [2012-06-19 3240400]
R3 irsir;Microsoft Serial Infrared Driver; C:\Windows\system32\DRIVERS\irsir.sys [2006-11-02 20992]
R3 IvtBtBUs;IVT Bluetooth Bus Service; C:\Windows\System32\Drivers\IvtBtBus.sys [2008-07-02 26248]
R3 MirayVirtualDisk;MirayVirtualDisk; C:\Windows\system32\DRIVERS\mvd.sys [2011-10-26 142064]
R3 NVENETFD;NVIDIA nForce Networking Controller Driver; C:\Windows\system32\DRIVERS\nvm62x32.sys [2009-07-13 347264]
R3 tap0901t;TAP-Win32 Adapter V9 (Tunngle); C:\Windows\system32\DRIVERS\tap0901t.sys [2009-09-16 27136]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv; \??\C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys [2012-09-18 10088]
R3 V0640Vid;Creative Live! Cam Socialize (VF0640) Driver; C:\Windows\system32\DRIVERS\V0640Vid.sys [2009-12-04 273760]
R3 VComm;Virtual Serial port driver; C:\Windows\system32\DRIVERS\VComm.sys [2008-01-21 14856]
R3 VcommMgr;Bluetooth VComm Manager Service; C:\Windows\System32\Drivers\VcommMgr.sys [2009-01-08 31880]
S0 BTHidEnum;Bluetooth HID Enumerator; C:\Windows\System32\Drivers\vbtenum.sys []
S0 BTHidMgr;Bluetooth HID Manager Service; C:\Windows\System32\Drivers\BTHidMgr.sys []
S1 MpKsle0591176;MpKsle0591176; \??\C:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F75761E9-D6BF-4095-9430-7FB21B8D95DC}\MpKsle0591176.sys [2013-02-19 29904]
S1 SysTool;SysTool Overclocking Utility; C:\Windows\system32\DRIVERS\SysTool.sys [2006-11-10 24064]
S2 Parvdm;Parvdm; C:\Windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 61883;61883 Unit Device; C:\Windows\system32\DRIVERS\61883.sys [2009-07-14 46976]
S3 aic78xx;aic78xx; C:\Windows\system32\drivers\djsvs.sys [2009-07-14 70720]
S3 amdagp;AMD AGP Bus Filter Driver; C:\Windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 androidusb;ADB Interface Driver; C:\Windows\System32\Drivers\androidusb.sys [2010-10-18 32408]
S3 athur;Atheros AR9271 Wireless Network Adapter Service; C:\Windows\system32\DRIVERS\athur.sys [2011-04-20 1570304]
S3 Avc;Zařízení AVC; C:\Windows\system32\DRIVERS\avc.sys [2009-07-14 40320]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\Windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BlueletAudio;Bluetooth Audio Service; C:\Windows\system32\DRIVERS\blueletaudio.sys [2008-11-25 33800]
S3 BlueletSCOAudio;Bluetooth SCO Audio Service; C:\Windows\system32\DRIVERS\BlueletSCOAudio.sys [2008-11-25 27528]
S3 Bridge;@%SystemRoot%\system32\bridgeres.dll,-3; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\Windows\system32\DRIVERS\bridge.sys [2009-07-14 78336]
S3 BT;Bluetooth PAN Network Adapter; C:\Windows\system32\DRIVERS\btnetdrv.sys []
S3 BTCOM;Bluetooth Serial port driver; C:\Windows\system32\DRIVERS\btcomport.sys []
S3 BTCOMBUS;Bluetooth Serial Port Bus Service; C:\Windows\System32\Drivers\btcombus.sys []
S3 Btcsrusb;Bluetooth USB For Bluetooth Service; C:\Windows\System32\Drivers\btcusb.sys [2009-01-03 39304]
S3 BthEnum;Služba Bluetooth Enumerator; C:\Windows\system32\DRIVERS\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 BTNetFilter;Bluetooth Network Filter; \??\C:\Program Files\IVT Corporation\BlueSoleil\Device\Win2k\BTNetFilter.sys [2006-11-22 22416]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-20 62464]
S3 DrvSnSht;DrvSnSht; \??\C:\Program Files\R-Drive Image\DrvSnSht.sys []
S3 epmntdrv;epmntdrv; \??\C:\Windows\system32\epmntdrv.sys [2011-07-29 14216]
S3 EuGdiDrv;EuGdiDrv; \??\C:\Windows\system32\EuGdiDrv.sys [2011-07-29 8456]
S3 GGSAFERDriver;GGSAFER Driver; \??\C:\Program Files\Garena Plus\Room\safedrv.sys []
S3 hamachi;Hamachi Network Interface; C:\Windows\system32\DRIVERS\hamachi.sys [2009-03-18 26176]
S3 massfilter_hs;HS HandSet Mass Storage Filter Driver; C:\Windows\system32\DRIVERS\massfilter_hs.sys [2011-03-07 15896]
S3 MSDV;Microsoft DV Camera and VCR; C:\Windows\system32\DRIVERS\msdv.sys [2009-07-14 52608]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmb.sys [2012-11-09 18560]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbo.sys [2012-11-09 23168]
S3 NVNET;NVIDIA nForce Ethernet Driver; C:\Windows\system32\DRIVERS\nvmf6232.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfd.sys [2012-06-27 19072]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 133632]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2012-08-23 14848]
S3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 R-ImageDisk;R-ImageDisk; \??\C:\Program Files\R-Drive Image\R-ImageDisk.sys []
S3 ROOTMODEM;Microsoft Legacy Modem Driver; C:\Windows\System32\Drivers\RootMdm.sys [2009-07-14 8192]
S3 RTL8023xp;Realtek 10/100 NIC Family NDIS x86 Driver; C:\Windows\system32\DRIVERS\Rtnicxp.sys [2009-07-23 43008]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter; C:\Windows\system32\DRIVERS\rtwlanu.sys []
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 5632]
S3 sisagp;SIS AGP Bus Filter; C:\Windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 28032]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys [2010-11-20 77184]
S3 terminpt;Microsoft Remote Desktop Input Driver; C:\Windows\system32\drivers\terminpt.sys [2012-08-23 24064]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\Windows\System32\drivers\tsusbflt.sys [2012-08-23 49664]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2012-08-23 27136]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys [2010-11-20 112640]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerflt.sys [2012-11-09 8192]
S3 usb_rndisx;Adaptér USB RNDIS; C:\Windows\system32\DRIVERS\usb8023x.sys [2009-07-14 15872]
S3 usbscan;Ovladač skeneru USB; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 usbser;USB Modem Driver; C:\Windows\system32\DRIVERS\usbser.sys [2010-11-20 27648]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltj.sys [2012-11-09 8192]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 BlueSoleilCS;BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [2009-04-20 840192]
R2 BsMobileCS;BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [2009-02-27 143467]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R2 DefaultTabUpdate;DefaultTabUpdate; C:\Users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe [2012-10-26 107520]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2012-11-26 1329304]
R2 HDDlife HDD Access service;HDDlife HDD Access service; C:\Program Files\Common Files\BinarySense\hldasvc.exe [2012-03-05 845640]
R2 HiSuiteOuc.exe;HiSuiteOuc.exe; C:\ProgramData\HiSuiteOuc\HiSuiteOuc.exe [2012-12-24 117424]
R2 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe; C:\ProgramData\HandSetService\HuaweiHiSuiteService.exe [2012-11-21 162696]
R2 Irmon;@%SystemRoot%\System32\irmon.dll,-2000; C:\Windows\system32\svchost.exe [2009-07-14 20992]
R2 MsMpSvc;Microsoft Antimalware Service; C:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2012-10-02 645992]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-10-02 1258856]
R2 RichVideo;Cyberlink RichVideo Service(CRVS); C:\Program Files\CyberLink\Shared files\RichVideo.exe [2010-08-19 247152]
R2 simptcp;@%SystemRoot%\system32\simptcp.dll,-200; C:\Windows\System32\tcpsvcs.exe [2009-07-14 9216]
R2 TeamViewer8;TeamViewer 8; C:\Program Files\TeamViewer\Version8\TeamViewer_Service.exe [2012-12-14 3467768]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service; C:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe [2012-09-19 1699168]
R2 UxTuneUp;@%SystemRoot%\System32\uxtuneup.dll,-4096; C:\Windows\System32\svchost.exe [2009-07-14 20992]
R3 BsHelpCS;BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [2009-02-27 98407]
R3 NisSrv;@C:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; C:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-17 116648]
S2 NOD32FiXTemDono;Eset Nod32 Boot; C:\Windows\system32\regedt32.exe [2009-07-14 9216]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2013-01-08 161536]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-18 251248]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 20992]
S3 aspnet_state;ASP.NET State Service; C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-10-11 655624]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files\Google\Update\GoogleUpdate.exe [2012-10-17 116648]
S3 npggsvc;nProtect GameGuard Service; C:\Windows\system32\GameMon.des [2011-06-19 4122968]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S3 rpcapd;Remote Packet Capture Protocol v.0 (experimental); C:\Program Files\WinPcap\rpcapd.exe [2010-06-25 117264]
S3 ServiceLayer;ServiceLayer; C:\Program Files\PC Connectivity Solution\ServiceLayer.exe [2012-10-03 725400]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2013-02-15 543144]
S3 TunngleService;TunngleService; C:\Program Files\Tunngle\TnglCtrl.exe [2012-11-26 745368]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 20992]
S4 LkCitadelServer;Lookout Citadel Server; C:\Windows\system32\lkcitdl.exe [2008-10-31 695136]
S4 lkClassAds;National Instruments PSP Server Locator; C:\Windows\system32\lkads.exe [2009-06-18 42544]
S4 lkTimeSync;National Instruments Time Synchronization; C:\Windows\system32\lktsrv.exe [2009-06-18 53296]
S4 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-02-01 115608]
S4 NetMsmqActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\Windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NIDomainService;National Instruments Domain Service; C:\Program Files\National Instruments\Shared\Security\nidmsrv.exe [2009-06-18 356912]
S4 NILM License Manager;NILM License Manager; C:\Program Files\National Instruments\Shared\License Manager\Bin\lmgrd.exe [2009-09-18 1007616]
S4 niSvcLoc;NI Service Locator; C:\Windows\system32\nisvcloc.exe [2009-06-04 13896]

-----------------EOF-----------------

Zdravím!
Poprosím o log ComboFix:

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

Tu je log z Combofix:
ComboFix 13-02-21.02 - Admin . 02. 2013 20:04:31.3.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.2047.712 [GMT 1:00]
Running from: c:\users\Admin\Downloads\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\0.bak
C:\install.exe
c:\users\Admin\AppData\Local\TempDIR
c:\users\Admin\AppData\Local\TempDIR\GFInstaller\AppName.txt
c:\users\Admin\AppData\Local\TempDIR\GFInstaller\DownloadURL.txt
c:\users\Admin\AppData\Local\TempDIR\GFInstaller\GFInstaller.exe
c:\users\Admin\AppData\Local\TempDIR\GFInstaller\Channel.txt
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\addon.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\amazon_ie.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.cfg
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabBHO.dll
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabStart.exe
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DefaultTabWrap.dll
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DT.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\DTUpdate.exe
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\ebay_ie.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\facebook_ie.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\search_here_ie.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\searchhere.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\twitter_ie.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\uninstalldt.exe
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\wikipedia_ie.ico
c:\users\Miro\AppData\Roaming\DefaultTab\DefaultTab\youtube_ie.ico
c:\windows\system32\cc32100mt.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\muzapp.exe
c:\windows\system32\roboot.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_DefaultTabUpdate
-------\Service_DefaultTabUpdate
.
.
((((((((((((((((((((((((( Files Created from 2013-01-21 to 2013-02-21 )))))))))))))))))))))))))))))))
.
.
2013-02-21 19:31 . 2013-02-21 19:31 -------- d-----w- c:\users\Monika\AppData\Local\temp
2013-02-21 19:31 . 2013-02-21 19:35 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-02-21 19:31 . 2013-02-21 19:31 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-19 21:27 . 2013-02-19 21:28 -------- d-----w- c:\program files\trend micro
2013-02-19 21:27 . 2013-02-19 21:28 -------- d-----w- C:\rsit
2013-02-19 19:27 . 2013-02-19 19:27 -------- d-----w- c:\users\Admin\AppData\Roaming\Reallusion
2013-02-19 19:25 . 2013-02-19 19:27 -------- d-----w- c:\programdata\Creative
2013-02-19 19:25 . 2013-02-19 21:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Creative
2013-02-19 19:14 . 2009-09-03 08:47 218624 ----a-w- c:\windows\system32\CTAFX32.dll
2013-02-19 19:14 . 2009-11-13 05:25 45056 ----a-w- c:\windows\system32\V0640Pin.dll
2013-02-19 19:14 . 2009-10-07 01:00 114688 ----a-w- c:\windows\system32\V0640Ext.ax
2013-02-19 19:14 . 2009-12-04 01:00 273760 ----a-w- c:\windows\system32\drivers\V0640Vid.sys
2013-02-19 19:14 . 2009-10-15 01:37 32768 ----a-w- c:\windows\system32\V0640Hwx.dll
2013-02-19 19:14 . 2009-09-23 01:00 65536 ----a-w- c:\windows\system32\V0640Ext.crl
2013-02-19 19:14 . 2009-06-17 05:20 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2013-02-19 19:14 . 2009-03-18 10:30 94208 ----a-w- c:\windows\CtDrvIns.exe
2013-02-19 19:14 . 2007-08-23 11:46 20480 ----a-w- c:\windows\system32\CtCamPin.crl
2013-02-19 19:04 . 2009-05-19 15:22 1872192 ----a-w- c:\windows\system32\drivers\cmudax3.sys
2013-02-19 19:03 . 2013-02-19 19:03 -------- d-----w- c:\users\Admin\AppData\Roaming\InstallShield
2013-02-19 18:59 . 2013-02-19 21:02 -------- d-----w- c:\program files\Creative
2013-02-19 18:58 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-02-19 18:58 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-02-19 18:58 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-02-19 18:58 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-02-19 18:58 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-02-19 18:58 . 2013-02-19 18:58 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-02-19 18:58 . 2013-02-19 18:58 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-02-18 14:00 . 2013-02-18 14:00 -------- d-----w- c:\users\Miro\AppData\Roaming\WebcamMax
2013-02-18 13:58 . 2013-02-18 13:58 -------- d-----w- c:\users\Monika\AppData\Roaming\WCMShare
2013-02-18 13:58 . 2013-02-18 13:58 -------- d-----w- c:\programdata\WCMShare
2013-02-18 13:48 . 2013-02-18 13:48 -------- d-----w- c:\users\Monika\AppData\Roaming\WebcamMax
2013-02-18 13:46 . 2013-02-18 14:00 -------- d-----w- c:\program files\WebcamMax
2013-02-18 09:00 . 2013-02-18 09:07 -------- d-----w- c:\programdata\BlueStacksSetup
2013-02-18 06:58 . 2013-02-18 06:58 -------- d-----w- c:\users\Monika\AppData\Roaming\NVIDIA
2013-02-14 17:25 . 2013-02-14 17:25 -------- d-----w- c:\users\Admin\AppData\Local\BSP
2013-02-14 12:47 . 2013-02-14 12:47 -------- d-----w- c:\users\Admin\AppData\Roaming\GitHub
2013-02-14 12:46 . 2013-02-14 12:50 -------- d-----w- c:\users\Admin\AppData\Local\GitHub
2013-02-14 12:39 . 2013-02-14 12:51 -------- d-----w- c:\users\Admin\AppData\Local\Deployment
2013-02-14 12:39 . 2013-01-17 02:15 866056 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-02-14 12:39 . 2013-01-16 20:10 262552 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-02-14 12:39 . 2013-01-16 20:10 17802648 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2013-02-14 12:39 . 2013-01-16 20:09 19352 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2013-02-14 12:39 . 2013-01-16 20:09 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-02-14 12:39 . 2013-01-16 20:09 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-02-14 12:39 . 2013-01-16 20:09 271768 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2013-02-13 17:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:50 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 12:50 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 12:50 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 12:50 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:50 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 12:50 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-04 17:49 . 2013-02-04 17:49 -------- d-----w- c:\users\Admin\AppData\Local\4A Games
2013-02-02 11:05 . 2013-02-19 21:32 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-01 16:34 . 2013-02-01 16:34 -------- d-----w- c:\users\Admin\AppData\Roaming\Hothead Games
2013-02-01 15:40 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-02-01 15:40 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-02-01 15:40 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-02-01 15:40 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-02-01 15:40 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-02-01 15:40 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-02-01 15:40 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-02-01 15:40 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-02-01 15:10 . 2013-02-01 15:10 -------- d-----w- c:\users\Admin\.swt
2013-01-31 15:48 . 2013-01-31 15:48 -------- d-----w- c:\users\Monika\AppData\Roaming\Doublefine
2013-01-31 15:25 . 2013-01-31 15:27 -------- d-----w- c:\users\Monika\AppData\Roaming\ChessBase
2013-01-29 21:10 . 2013-01-29 21:10 -------- d-----w- c:\users\Admin\AppData\Roaming\HD Tune Pro
2013-01-29 21:09 . 2013-01-29 21:09 -------- d-----w- c:\program files\HD Tune Pro
2013-01-29 13:29 . 2013-01-29 13:29 -------- d-----w- c:\users\Admin\AppData\Roaming\Doublefine
2013-01-29 13:26 . 2013-01-29 13:26 -------- d-----w- c:\programdata\RELOADED
2013-01-25 17:22 . 2013-01-25 17:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Wireshark
2013-01-25 16:08 . 2013-01-25 16:08 -------- d-----w- c:\program files\WinPcap
2013-01-25 16:08 . 2013-01-25 16:09 -------- d-----w- c:\program files\Wireshark
2013-01-23 18:40 . 2013-01-23 18:40 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 12:46 . 2012-04-04 18:13 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-18 12:46 . 2011-08-29 06:21 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-08-29 06:30 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-16 16:49 . 2013-01-16 16:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 16:49 . 2012-05-19 20:00 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-16 16:49 . 2011-08-29 15:19 780192 ----a-w- c:\windows\system32\deployJava1.dll
2012-12-16 14:13 . 2012-12-21 08:26 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 12:49 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 12:49 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 12:49 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 12:49 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 12:49 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 12:49 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 12:49 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 12:49 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 12:49 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 12:49 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 12:49 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 12:49 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 12:49 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 12:51 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 12:51 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 12:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-28 08:07 . 2012-11-28 08:07 47056 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2008-10-28 11:41 . 2013-02-19 19:12 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2008-10-28 11:41 . 2013-02-19 19:12 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2008-10-28 11:41 . 2013-02-19 19:12 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2008-10-28 11:41 . 2013-02-19 19:12 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2008-10-28 11:41 . 2013-02-19 19:12 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2008-10-28 11:41 . 2013-02-19 19:12 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2008-10-28 11:41 . 2013-02-19 19:12 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-12-10 12:50 . 2008-12-10 12:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-10-07 14:11 . 2009-10-07 14:11 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2013-01-16 20:10 . 2013-02-14 12:39 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2013-01-30 9458992]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-11-26 5074384]
"V0640Mon.exe"="c:\windows\V0640Mon.exe" [2009-09-23 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 15:44 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update"="c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" -autolaunch
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NI Background Service"=c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe
"HDD Regenerator"=c:\program files\HDD Regenerator\HDD Regenerator.exe
.
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool.sys [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S1 MpKsl46417953;MpKsl46417953;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{809DF697-1DA2-41AA-989B-6399B7489645}\MpKsl46417953.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 HiSuiteOuc.exe;HiSuiteOuc.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc.exe [x]
S2 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\programdata\HandSetService\HuaweiHiSuiteService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 MirayVirtualDisk;MirayVirtualDisk;c:\windows\system32\DRIVERS\mvd.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 14:07 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:46]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000Core.job
- c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 17:22]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000UA.job
- c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 17:22]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011Core.job
- c:\users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-12 12:16]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011UA.job
- c:\users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-12 12:16]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-17 17:59]
.
2013-02-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-17 17:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={AB928E25-DE9C-4645-BD3E-75F5572959FA}
uInternet Settings,ProxyOverride = local
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{418478AD-D133-4889-8699-3F7B847FD9E2}: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{6644A630-B2A7-4BD6-8398-DDC9A045AF52}: NameServer = 192.168.7.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - ExtSQL: 2013-02-01 17:22; battlefieldheroespatcher@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldheroespatcher@ea.com
FF - ExtSQL: 2013-02-02 11:35; battlefieldplay4free@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldplay4free@ea.com
pref(startup.homepage_override_url,);
pref(startup.homepage_welcome_url,);
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
WebBrowser-{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC} - (no file)
HKLM-Run-CmPCIaudio - CMICNFG3.cpl
SafeBoot-SolutoService
MSConfigStartUp-SweetIM - c:\program files\SweetIM\Messenger\SweetIM.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3515453284-2844420679-3037330450-1000\Software\SecuROM\License information*]
"datasecu"=hex:ec,0d,04,0d,ab,2c,14,48,7e,75,4a,3b,24,6f,17,4a,34,85,db,24,fb,
a6,35,61,d7,15,54,8b,25,e0,a9,5b,97,96,5f,e7,db,47,a4,c5,dc,6f,01,91,4f,ea,\
"rkeysecu"=hex:79,65,c2,f7,66,23,3f,a1,48,1f,aa,86,69,88,46,6d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2324)
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
c:\windows\System32\pnidui.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\windows\system32\DllHost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\WmiApSrv.exe
c:\windows\system32\DllHost.exe
.
**************************************************************************
.
Completion time: 2013-02-21 20:42:24 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-21 19:42
.
Pre-Run: 20 007 374 848 bytes free
Post-Run: 21 547 700 224 bytes free
.
- - End Of File - - 8DEBCD067D1B17B3276E97A5271B8C48

Nejprve odinstalujte cracklý NOD a přejděte na některou free variantu: http://forum.viry.cz/viewforum.php?f=29 . Toto fórum nepodporuje softwarové pirátství. Pak budeme pokračovat.

Tak som vymazal crack na Esete a preinstaloval ho pouzivam teraz tu novu skusobnu verziu a tu je log z Combofix:
ComboFix 13-02-22.01 - Admin . 02. 2013 18:06:51.6.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.2047.939 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
AV: ESET Smart Security 6.0 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
FW: ESET personal firewall *Enabled* {4FE52EC8-CB26-1113-0EFE-8842E2773BAA}
SP: ESET Smart Security 6.0 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
/wow section - STAGE 3
.
.
((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))
.
.
2013-02-22 17:36 . 2013-02-22 17:36 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-22 17:36 . 2013-02-22 17:36 -------- d-----w- c:\users\Monika\AppData\Local\temp
2013-02-22 17:36 . 2013-02-22 17:36 -------- d-----w- c:\users\Miro\AppData\Local\temp
2013-02-22 17:36 . 2013-02-22 17:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-22 17:36 . 2013-02-22 17:36 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-21 21:06 . 2013-02-21 21:06 -------- d-----w- c:\program files\ESET
2013-02-21 19:31 . 2013-02-22 17:36 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-02-19 21:27 . 2013-02-19 21:28 -------- d-----w- c:\program files\trend micro
2013-02-19 21:27 . 2013-02-19 21:28 -------- d-----w- C:\rsit
2013-02-19 19:27 . 2013-02-19 19:27 -------- d-----w- c:\users\Admin\AppData\Roaming\Reallusion
2013-02-19 19:25 . 2013-02-19 19:27 -------- d-----w- c:\programdata\Creative
2013-02-19 19:25 . 2013-02-19 21:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Creative
2013-02-19 19:14 . 2009-09-03 08:47 218624 ----a-w- c:\windows\system32\CTAFX32.dll
2013-02-19 19:14 . 2009-11-13 05:25 45056 ----a-w- c:\windows\system32\V0640Pin.dll
2013-02-19 19:14 . 2009-10-07 01:00 114688 ----a-w- c:\windows\system32\V0640Ext.ax
2013-02-19 19:14 . 2009-12-04 01:00 273760 ----a-w- c:\windows\system32\drivers\V0640Vid.sys
2013-02-19 19:14 . 2009-10-15 01:37 32768 ----a-w- c:\windows\system32\V0640Hwx.dll
2013-02-19 19:14 . 2009-09-23 01:00 65536 ----a-w- c:\windows\system32\V0640Ext.crl
2013-02-19 19:14 . 2009-06-17 05:20 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2013-02-19 19:14 . 2009-03-18 10:30 94208 ----a-w- c:\windows\CtDrvIns.exe
2013-02-19 19:14 . 2007-08-23 11:46 20480 ----a-w- c:\windows\system32\CtCamPin.crl
2013-02-19 19:04 . 2009-05-19 15:22 1872192 ----a-w- c:\windows\system32\drivers\cmudax3.sys
2013-02-19 19:03 . 2013-02-19 19:03 -------- d-----w- c:\users\Admin\AppData\Roaming\InstallShield
2013-02-19 18:59 . 2013-02-19 21:02 -------- d-----w- c:\program files\Creative
2013-02-19 18:58 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-02-19 18:58 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-02-19 18:58 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-02-19 18:58 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-02-19 18:58 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-02-19 18:58 . 2013-02-19 18:58 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-02-19 18:58 . 2013-02-19 18:58 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-02-18 14:00 . 2013-02-18 14:00 -------- d-----w- c:\users\Miro\AppData\Roaming\WebcamMax
2013-02-18 13:58 . 2013-02-18 13:58 -------- d-----w- c:\users\Monika\AppData\Roaming\WCMShare
2013-02-18 13:58 . 2013-02-18 13:58 -------- d-----w- c:\programdata\WCMShare
2013-02-18 13:48 . 2013-02-18 13:48 -------- d-----w- c:\users\Monika\AppData\Roaming\WebcamMax
2013-02-18 13:46 . 2013-02-18 14:00 -------- d-----w- c:\program files\WebcamMax
2013-02-18 09:00 . 2013-02-18 09:07 -------- d-----w- c:\programdata\BlueStacksSetup
2013-02-18 06:58 . 2013-02-18 06:58 -------- d-----w- c:\users\Monika\AppData\Roaming\NVIDIA
2013-02-14 17:25 . 2013-02-14 17:25 -------- d-----w- c:\users\Admin\AppData\Local\BSP
2013-02-14 12:47 . 2013-02-14 12:47 -------- d-----w- c:\users\Admin\AppData\Roaming\GitHub
2013-02-14 12:46 . 2013-02-14 12:50 -------- d-----w- c:\users\Admin\AppData\Local\GitHub
2013-02-14 12:39 . 2013-02-14 12:51 -------- d-----w- c:\users\Admin\AppData\Local\Deployment
2013-02-14 12:39 . 2013-01-17 02:15 866056 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-02-14 12:39 . 2013-01-16 20:10 262552 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-02-14 12:39 . 2013-01-16 20:10 17802648 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2013-02-14 12:39 . 2013-01-16 20:09 19352 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2013-02-14 12:39 . 2013-01-16 20:09 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-02-14 12:39 . 2013-01-16 20:09 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-02-14 12:39 . 2013-01-16 20:09 271768 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2013-02-13 17:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:50 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 12:50 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 12:50 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 12:50 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:50 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 12:50 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-04 17:49 . 2013-02-04 17:49 -------- d-----w- c:\users\Admin\AppData\Local\4A Games
2013-02-02 11:05 . 2013-02-19 21:32 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-01 16:34 . 2013-02-01 16:34 -------- d-----w- c:\users\Admin\AppData\Roaming\Hothead Games
2013-02-01 15:40 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-02-01 15:40 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-02-01 15:40 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-02-01 15:40 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-02-01 15:40 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-02-01 15:40 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-02-01 15:40 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-02-01 15:40 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-02-01 15:10 . 2013-02-01 15:10 -------- d-----w- c:\users\Admin\.swt
2013-01-31 15:48 . 2013-01-31 15:48 -------- d-----w- c:\users\Monika\AppData\Roaming\Doublefine
2013-01-31 15:25 . 2013-01-31 15:27 -------- d-----w- c:\users\Monika\AppData\Roaming\ChessBase
2013-01-29 21:10 . 2013-01-29 21:10 -------- d-----w- c:\users\Admin\AppData\Roaming\HD Tune Pro
2013-01-29 21:09 . 2013-01-29 21:09 -------- d-----w- c:\program files\HD Tune Pro
2013-01-29 13:29 . 2013-01-29 13:29 -------- d-----w- c:\users\Admin\AppData\Roaming\Doublefine
2013-01-29 13:26 . 2013-01-29 13:26 -------- d-----w- c:\programdata\RELOADED
2013-01-25 17:22 . 2013-01-25 17:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Wireshark
2013-01-25 16:08 . 2013-01-25 16:08 -------- d-----w- c:\program files\WinPcap
2013-01-25 16:08 . 2013-01-25 16:09 -------- d-----w- c:\program files\Wireshark
2013-01-23 18:40 . 2013-01-23 18:40 -------- d-----w- c:\program files\Common Files\Skype
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 12:46 . 2012-04-04 18:13 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-18 12:46 . 2011-08-29 06:21 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-08-29 06:30 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-16 16:49 . 2013-01-16 16:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 16:49 . 2012-05-19 20:00 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-16 16:49 . 2011-08-29 15:19 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-10 08:25 . 2013-01-10 08:25 150080 ----a-w- c:\windows\system32\drivers\epfw.sys
2013-01-10 08:25 . 2013-01-10 08:25 47568 ----a-w- c:\windows\system32\drivers\epfwwfp.sys
2013-01-10 08:25 . 2013-01-10 08:25 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2013-01-10 08:25 . 2013-01-10 08:25 171680 ----a-w- c:\windows\system32\drivers\eamonm.sys
2013-01-10 08:25 . 2013-01-10 08:25 122240 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2012-12-16 14:13 . 2012-12-21 08:26 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 12:49 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 12:49 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 12:49 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 12:49 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 12:49 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 12:49 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 12:49 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 12:49 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 12:49 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 12:49 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 12:49 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 12:49 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 12:49 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 12:51 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 12:51 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 12:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2008-10-28 11:41 . 2013-02-19 19:12 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2008-10-28 11:41 . 2013-02-19 19:12 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2008-10-28 11:41 . 2013-02-19 19:12 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2008-10-28 11:41 . 2013-02-19 19:12 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2008-10-28 11:41 . 2013-02-19 19:12 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2008-10-28 11:41 . 2013-02-19 19:12 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2008-10-28 11:41 . 2013-02-19 19:12 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-12-10 12:50 . 2008-12-10 12:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-10-07 14:11 . 2009-10-07 14:11 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2013-01-16 20:10 . 2013-02-14 12:39 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2013-01-30 9458992]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"V0640Mon.exe"="c:\windows\V0640Mon.exe" [2009-09-23 28672]
"egui"="c:\program files\ESET\ESET Smart Security\egui.exe" [2012-12-21 5074384]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 15:44 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update"="c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" -autolaunch
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
"NI Background Service"=c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe
"HDD Regenerator"=c:\program files\HDD Regenerator\HDD Regenerator.exe
.
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool.sys [x]
R2 HiSuiteOuc.exe;HiSuiteOuc.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc.exe [x]
R2 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\programdata\HandSetService\HuaweiHiSuiteService.exe [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 epfwwfp;epfwwfp;c:\windows\system32\DRIVERS\epfwwfp.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 EpfwLWF;Epfw NDIS LightWeight Filter;c:\windows\system32\DRIVERS\EpfwLWF.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
S2 ekrn;ESET Service;c:\program files\ESET\ESET Smart Security\ekrn.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 MirayVirtualDisk;MirayVirtualDisk;c:\windows\system32\DRIVERS\mvd.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-01 14:07 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
.
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:46]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000Core.job
- c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 17:22]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000UA.job
- c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-20 17:22]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011Core.job
- c:\users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-12 12:16]
.
2013-02-20 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011UA.job
- c:\users\Monika\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-10-12 12:16]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-17 17:59]
.
2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-10-17 17:59]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={AB928E25-DE9C-4645-BD3E-75F5572959FA}
uInternet Settings,ProxyOverride = local
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{418478AD-D133-4889-8699-3F7B847FD9E2}: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{6644A630-B2A7-4BD6-8398-DDC9A045AF52}: NameServer = 192.168.7.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - ExtSQL: 2013-02-01 17:22; battlefieldheroespatcher@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldheroespatcher@ea.com
FF - ExtSQL: 2013-02-02 11:35; battlefieldplay4free@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldplay4free@ea.com
pref(startup.homepage_override_url,);
pref(startup.homepage_welcome_url,);
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3515453284-2844420679-3037330450-1000\Software\SecuROM\License information*]
"datasecu"=hex:ec,0d,04,0d,ab,2c,14,48,7e,75,4a,3b,24,6f,17,4a,34,85,db,24,fb,
a6,35,61,d7,15,54,8b,25,e0,a9,5b,97,96,5f,e7,db,47,a4,c5,dc,6f,01,91,4f,ea,\
"rkeysecu"=hex:79,65,c2,f7,66,23,3f,a1,48,1f,aa,86,69,88,46,6d
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(2556)
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
Completion time: 2013-02-22 18:41:42
ComboFix-quarantined-files.txt 2013-02-22 17:41
.
Pre-Run: 21 262 024 704 bytes free
Post-Run: 20 939 685 888 bytes free
.
- - End Of File - - 7A8415CBE17605CBFEDF07560DBEFA53

Ještě dočistíme. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Folder::
c:\users\Admin\.swt
c:\users\Admin\AppData\Local\Facebook\Update

File::
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000UA.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job

Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"SunJavaUpdateSched"=-

Firefox::
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\
FF - ExtSQL: 2013-02-01 17:22; battlefieldheroespatcher@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldheroespatcher@ea.com
FF - ExtSQL: 2013-02-02 11:35; battlefieldplay4free@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldplay4free@ea.com
pref(startup.homepage_override_url,);
pref(startup.homepage_welcome_url,);
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000

Regnull::
[HKEY_USERS\S-1-5-21-3515453284-2844420679-3037330450-1000\Software\SecuROM\License information*]

RegLock::
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]

Reboot::

Uložte na plochu jako CFScript.txt. Pak jej myší přetáhněte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

Zdravim

Omlouvam se kolegovi za vstup...

Ja myslim ze Rudy napsal zcela jasne, ze mate dat free reseni, ne znovu trial licenci (abyste si ji pak znovu cracknul)...A mimochodem i tim porusujete licencni podminky, se kterymi jste souhlasil pri instalaci..

Takze si dejte free reseni, jinak bude dalsi pomoc odmitnuta

Dobre tak ho odinstalujem a staci ked budem mat iba Microsoft Security Essentials? a potom ked sa vykonaju prikazy zasa vlozit log?

Ano, MSE ci Avast ci Aviru...Za me mohu doporucit Avast...

Odinstalovat ESET, nainstalovat free zabezpeceni, aplikovat skript pro CF a pote vlozit log co vznikne

dobre dik a nevies preco v Combofix mi to ako keby zasekne, ale nepise ze neodpoveda je normalne spusteny a potom musim vypnut 1 proces a znova sa to rozbehne. Konkretne mi to spravi keď napise stage 3 completed tak na procaku nie je ziadna zataz a nic prakticky nerobi a musim ukoncit ten druhy proces aby sa to rozbehlo.

O jaké procesy se jedná?
Btw, jak jste se zařídil ohledně toho antiviru?

Jedná sa o proces CF26549.3XE a tu je log z Combofix po uplatneni scriptu:
ComboFix 13-02-22.01 - Admin . 02. 2013 23:03:52.8.2 - x86
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1029.18.2047.1199 [GMT 1:00]
Running from: c:\users\Admin\Desktop\ComboFix.exe
Command switches used :: c:\users\Admin\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {3F839487-C7A2-C958-E30C-E2825BA31FB5}
SP: Microsoft Security Essentials *Disabled/Updated* {84E27563-E198-C6D6-D9BC-D9F020245508}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000UA.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011Core.job"
"c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011UA.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
.
/wow section - STAGE 3
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Admin\.swt
c:\users\Admin\.swt\lib\win32\x86\swt-gdip-win32-3740.dll
c:\users\Admin\.swt\lib\win32\x86\swt-win32-3740.dll
c:\users\Admin\AppData\Local\Facebook\Update
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\FacebookCrashHandler.exe
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdate.exe
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\FacebookUpdateHelper.msi
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdate.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ar.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bg.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_bn.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ca.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_cs.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_da.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_de.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_el.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en-GB.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_en.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es-419.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_es.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_et.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fa.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fi.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fil.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_fr.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_gu.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hi.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hr.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_hu.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_id.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_is.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_it.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_iw.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ja.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_kn.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ko.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lt.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_lv.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ml.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_mr.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ms.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_nl.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_no.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_or.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pl.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-BR.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_pt-PT.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ro.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ru.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sk.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sl.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sr.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_sv.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ta.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_te.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_th.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_tr.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_uk.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_ur.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_vi.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-CN.dll
c:\users\Admin\AppData\Local\Facebook\Update\1.2.205.0\goopdateres_zh-TW.dll
c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1000UA.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011Core.job
c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-3515453284-2844420679-3037330450-1011UA.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
.
.
((((((((((((((((((((((((( Files Created from 2013-01-22 to 2013-02-22 )))))))))))))))))))))))))))))))
.
.
2013-02-22 22:29 . 2013-02-22 22:32 -------- d-----w- c:\users\Admin\AppData\Local\temp
2013-02-22 22:29 . 2013-02-22 22:29 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-22 22:29 . 2013-02-22 22:29 -------- d-----w- c:\users\Monika\AppData\Local\temp
2013-02-22 22:29 . 2013-02-22 22:29 -------- d-----w- c:\users\Miro\AppData\Local\temp
2013-02-22 22:29 . 2013-02-22 22:29 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-22 22:29 . 2013-02-22 22:29 -------- d-----w- c:\users\Administrator\AppData\Local\temp
2013-02-19 21:27 . 2013-02-19 21:28 -------- d-----w- c:\program files\trend micro
2013-02-19 21:27 . 2013-02-19 21:28 -------- d-----w- C:\rsit
2013-02-19 19:27 . 2013-02-19 19:27 -------- d-----w- c:\users\Admin\AppData\Roaming\Reallusion
2013-02-19 19:25 . 2013-02-19 19:27 -------- d-----w- c:\programdata\Creative
2013-02-19 19:25 . 2013-02-19 21:02 -------- d-----w- c:\users\Admin\AppData\Roaming\Creative
2013-02-19 19:14 . 2009-09-03 08:47 218624 ----a-w- c:\windows\system32\CTAFX32.dll
2013-02-19 19:14 . 2009-11-13 05:25 45056 ----a-w- c:\windows\system32\V0640Pin.dll
2013-02-19 19:14 . 2009-10-07 01:00 114688 ----a-w- c:\windows\system32\V0640Ext.ax
2013-02-19 19:14 . 2009-12-04 01:00 273760 ----a-w- c:\windows\system32\drivers\V0640Vid.sys
2013-02-19 19:14 . 2009-10-15 01:37 32768 ----a-w- c:\windows\system32\V0640Hwx.dll
2013-02-19 19:14 . 2009-09-23 01:00 65536 ----a-w- c:\windows\system32\V0640Ext.crl
2013-02-19 19:14 . 2009-06-17 05:20 36864 ----a-w- c:\windows\system32\CtCamMgr.dll
2013-02-19 19:14 . 2009-03-18 10:30 94208 ----a-w- c:\windows\CtDrvIns.exe
2013-02-19 19:14 . 2007-08-23 11:46 20480 ----a-w- c:\windows\system32\CtCamPin.crl
2013-02-19 19:04 . 2009-05-19 15:22 1872192 ----a-w- c:\windows\system32\drivers\cmudax3.sys
2013-02-19 19:03 . 2013-02-19 19:03 -------- d-----w- c:\users\Admin\AppData\Roaming\InstallShield
2013-02-19 18:59 . 2013-02-19 21:02 -------- d-----w- c:\program files\Creative
2013-02-19 18:58 . 2003-11-10 17:14 729088 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iKernel.dll
2013-02-19 18:58 . 2003-11-10 17:13 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\ctor.dll
2013-02-19 18:58 . 2003-11-10 17:12 266240 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iscript.dll
2013-02-19 18:58 . 2003-11-10 17:12 192512 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iuser.dll
2013-02-19 18:58 . 2003-11-10 17:11 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\DotNetInstaller.exe
2013-02-19 18:58 . 2013-02-19 18:58 311428 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\setup.dll
2013-02-19 18:58 . 2013-02-19 18:58 188548 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\09\01\Intel32\iGdi.dll
2013-02-18 14:00 . 2013-02-18 14:00 -------- d-----w- c:\users\Miro\AppData\Roaming\WebcamMax
2013-02-18 13:58 . 2013-02-18 13:58 -------- d-----w- c:\users\Monika\AppData\Roaming\WCMShare
2013-02-18 13:58 . 2013-02-18 13:58 -------- d-----w- c:\programdata\WCMShare
2013-02-18 13:48 . 2013-02-18 13:48 -------- d-----w- c:\users\Monika\AppData\Roaming\WebcamMax
2013-02-18 13:46 . 2013-02-18 14:00 -------- d-----w- c:\program files\WebcamMax
2013-02-18 09:00 . 2013-02-18 09:07 -------- d-----w- c:\programdata\BlueStacksSetup
2013-02-18 06:58 . 2013-02-18 06:58 -------- d-----w- c:\users\Monika\AppData\Roaming\NVIDIA
2013-02-14 17:25 . 2013-02-14 17:25 -------- d-----w- c:\users\Admin\AppData\Local\BSP
2013-02-14 12:47 . 2013-02-14 12:47 -------- d-----w- c:\users\Admin\AppData\Roaming\GitHub
2013-02-14 12:46 . 2013-02-14 12:50 -------- d-----w- c:\users\Admin\AppData\Local\GitHub
2013-02-14 12:39 . 2013-02-14 12:51 -------- d-----w- c:\users\Admin\AppData\Local\Deployment
2013-02-14 12:39 . 2013-01-17 02:15 866056 ----a-w- c:\program files\Mozilla Firefox\uninstall\helper.exe
2013-02-14 12:39 . 2013-01-16 20:10 262552 ----a-w- c:\program files\Mozilla Firefox\components\browsercomps.dll
2013-02-14 12:39 . 2013-01-16 20:10 17802648 ----a-w- c:\program files\Mozilla Firefox\xul.dll
2013-02-14 12:39 . 2013-01-16 20:09 19352 ----a-w- c:\program files\Mozilla Firefox\xpcom.dll
2013-02-14 12:39 . 2013-01-16 20:09 96664 ----a-w- c:\program files\Mozilla Firefox\webapprt-stub.exe
2013-02-14 12:39 . 2013-01-16 20:09 157712 ----a-w- c:\program files\Mozilla Firefox\webapp-uninstaller.exe
2013-02-14 12:39 . 2013-01-16 20:09 271768 ----a-w- c:\program files\Mozilla Firefox\updater.exe
2013-02-13 17:04 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-13 12:50 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-02-13 12:50 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-02-13 12:50 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-13 12:50 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-13 12:50 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-13 12:50 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-02-04 17:49 . 2013-02-04 17:49 -------- d-----w- c:\users\Admin\AppData\Local\4A Games
2013-02-02 11:05 . 2013-02-19 21:32 -------- d-----w- c:\program files\Microsoft Security Client
2013-02-01 16:34 . 2013-02-01 16:34 -------- d-----w- c:\users\Admin\AppData\Roaming\Hothead Games
2013-02-01 15:40 . 2010-06-02 03:55 74072 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2013-02-01 15:40 . 2010-06-02 03:55 527192 ----a-w- c:\windows\system32\XAudio2_7.dll
2013-02-01 15:40 . 2010-06-02 03:55 239960 ----a-w- c:\windows\system32\xactengine3_7.dll
2013-02-01 15:40 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 248672 ----a-w- c:\windows\system32\d3dx11_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 1868128 ----a-w- c:\windows\system32\d3dcsx_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 470880 ----a-w- c:\windows\system32\d3dx10_43.dll
2013-02-01 15:40 . 2010-05-26 10:41 1998168 ----a-w- c:\windows\system32\D3DX9_43.dll
2013-02-01 15:40 . 2010-02-04 09:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2013-02-01 15:40 . 2010-02-04 09:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2013-02-01 15:40 . 2010-02-04 09:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2013-02-01 15:40 . 2010-02-04 09:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2013-01-31 15:48 . 2013-01-31 15:48 -------- d-----w- c:\users\Monika\AppData\Roaming\Doublefine
2013-01-31 15:25 . 2013-01-31 15:27 -------- d-----w- c:\users\Monika\AppData\Roaming\ChessBase
2013-01-29 21:10 . 2013-01-29 21:10 -------- d-----w- c:\users\Admin\AppData\Roaming\HD Tune Pro
2013-01-29 21:09 . 2013-01-29 21:09 -------- d-----w- c:\program files\HD Tune Pro
2013-01-29 13:29 . 2013-01-29 13:29 -------- d-----w- c:\users\Admin\AppData\Roaming\Doublefine
2013-01-29 13:26 . 2013-01-29 13:26 -------- d-----w- c:\programdata\RELOADED
2013-01-25 17:22 . 2013-01-25 17:54 -------- d-----w- c:\users\Admin\AppData\Roaming\Wireshark
2013-01-25 16:08 . 2013-01-25 16:08 -------- d-----w- c:\program files\WinPcap
2013-01-25 16:08 . 2013-01-25 16:09 -------- d-----w- c:\program files\Wireshark
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 12:46 . 2012-04-04 18:13 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-02-18 12:46 . 2011-08-29 06:21 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-01-30 10:53 . 2011-08-29 06:30 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-20 14:59 . 2013-01-20 14:59 195296 ----a-w- c:\windows\system32\drivers\MpFilter.sys
2013-01-20 14:59 . 2012-08-30 21:03 100328 ----a-w- c:\windows\system32\drivers\NisDrvWFP.sys
2013-01-16 16:49 . 2013-01-16 16:49 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll
2013-01-16 16:49 . 2012-05-19 20:00 859552 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-01-16 16:49 . 2011-08-29 15:19 780192 ----a-w- c:\windows\system32\deployJava1.dll
2013-01-10 08:25 . 2013-01-10 08:25 46056 ----a-w- c:\windows\system32\drivers\EpfwLWF.sys
2012-12-16 14:13 . 2012-12-21 08:26 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 08:26 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-07 12:26 . 2013-01-09 12:49 308736 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 12:20 . 2013-01-09 12:49 2576384 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 10:46 . 2013-01-09 12:49 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 10:46 . 2013-01-09 12:49 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 10:46 . 2013-01-09 12:49 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 12:49 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 12:49 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 12:49 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 10:46 . 2013-01-09 12:49 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 10:46 . 2013-01-09 12:49 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 10:46 . 2013-01-09 12:49 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 10:46 . 2013-01-09 12:49 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 10:46 . 2013-01-09 12:49 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 10:46 . 2013-01-09 12:49 51712 ----a-w- c:\windows\system32\esrb.rs
2012-11-30 04:47 . 2013-01-09 12:51 293376 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 02:55 . 2013-01-09 12:51 271360 ----a-w- c:\windows\system32\conhost.exe
2012-11-30 02:38 . 2013-01-09 12:51 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 02:38 . 2013-01-09 12:51 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2008-10-28 11:41 . 2013-02-19 19:12 238896 ----a-w- c:\program files\mozilla firefox\plugins\CrazyTalk4Native.dll
2008-10-28 11:41 . 2013-02-19 19:12 210320 ----a-w- c:\program files\mozilla firefox\plugins\ctdomemhelper.dll
2008-10-28 11:41 . 2013-02-19 19:12 83248 ----a-w- c:\program files\mozilla firefox\plugins\ctframeplayerobject.dll
2008-10-28 11:41 . 2013-02-19 19:12 431512 ----a-w- c:\program files\mozilla firefox\plugins\ctplayerobject.dll
2008-10-28 11:41 . 2013-02-19 19:12 464176 ----a-w- c:\program files\mozilla firefox\plugins\imagickrt.dll
2008-10-28 11:41 . 2013-02-19 19:12 144688 ----a-w- c:\program files\mozilla firefox\plugins\rlcontentclass.dll
2008-10-28 11:41 . 2013-02-19 19:12 210224 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicPacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 111920 ----a-w- c:\program files\mozilla firefox\plugins\RLMusicUnpacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 218416 ----a-w- c:\program files\mozilla firefox\plugins\RLVoicePacker.dll
2008-10-28 11:41 . 2013-02-19 19:12 173360 ----a-w- c:\program files\mozilla firefox\plugins\RLVoiceUnpacker.dll
2008-12-10 12:50 . 2008-12-10 12:50 118784 ----a-w- c:\program files\internet explorer\plugins\LV86ActiveXControl.dll
2009-10-07 14:11 . 2009-10-07 14:11 158720 ----a-w- c:\program files\internet explorer\plugins\LV90ActiveXControl.dll
2013-01-16 20:10 . 2013-02-14 12:39 262552 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\~\Browser Helper Objects\{6F6A5334-78E9-4D9B-8182-8B41EA8C39EF}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" [2013-01-30 9458992]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" [2011-11-10 3514176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2012-06-11 10996368]
"NVRaidService"="c:\program files\NVIDIA Corporation\Raid\nvraidservice.exe" [2010-04-09 163944]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 947152]
"V0640Mon.exe"="c:\windows\V0640Mon.exe" [2009-09-23 28672]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray]
2009-02-27 15:44 315478 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2011-11-10 09:17 3514176 ----a-w- c:\program files\DAEMON Tools Lite\DTLite.exe
.
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"DAEMON Tools Lite"="c:\program files\DAEMON Tools Lite\DTLite.exe" -autorun
"Facebook Update"="c:\users\Admin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
"GarenaPlus"="c:\program files\Garena Plus\GarenaMessenger.exe" -autolaunch
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"WinampAgent"="c:\program files\Winamp\winampa.exe"
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin
"NI Background Service"=c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe
"HDD Regenerator"=c:\program files\HDD Regenerator\HDD Regenerator.exe
.
R1 SysTool;SysTool Overclocking Utility;c:\windows\system32\DRIVERS\SysTool.sys [x]
R2 NOD32FiXTemDono;Eset Nod32 Boot;c:\windows\system32\regedt32.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 androidusb;ADB Interface Driver;c:\windows\system32\Drivers\androidusb.sys [x]
R3 athur;Atheros AR9271 Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athur.sys [x]
R3 BTCOM;Bluetooth Serial port driver;c:\windows\system32\DRIVERS\btcomport.sys [x]
R3 BTCOMBUS;Bluetooth Serial Port Bus Service;c:\windows\system32\Drivers\btcombus.sys [x]
R3 CtClsFlt;Creative Camera Class Upper Filter Driver;c:\windows\system32\DRIVERS\CtClsFlt.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [x]
R3 DrvSnSht;DrvSnSht;c:\program files\R-Drive Image\DrvSnSht.sys [x]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [x]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [x]
R3 GGSAFERDriver;GGSAFER Driver;c:\program files\Garena Plus\Room\safedrv.sys [x]
R3 massfilter_hs;HS HandSet Mass Storage Filter Driver;c:\windows\system32\DRIVERS\massfilter_hs.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 R-ImageDisk;R-ImageDisk;c:\program files\R-Drive Image\R-ImageDisk.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt; [x]
S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [x]
S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [x]
S2 HiSuiteOuc.exe;HiSuiteOuc.exe;c:\programdata\HiSuiteOuc\HiSuiteOuc.exe [x]
S2 HuaweiHiSuiteService.exe;HuaweiHiSuiteService.exe;c:\programdata\HandSetService\HuaweiHiSuiteService.exe [x]
S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [x]
S2 TeamViewer8;TeamViewer 8;c:\program files\TeamViewer\Version8\TeamViewer_Service.exe [x]
S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x]
S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x]
S3 MirayVirtualDisk;MirayVirtualDisk;c:\windows\system32\DRIVERS\mvd.sys [x]
S3 tap0901t;TAP-Win32 Adapter V9 (Tunngle);c:\windows\system32\DRIVERS\tap0901t.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup REG_MULTI_SZ GPSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-02-22 18:14 1629648 ----a-w- c:\program files\Google\Chrome\Application\25.0.1364.97\Installer\chrmstp.exe
.
Contents of the 'Scheduled Tasks' folder
2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 12:46]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.zoznam.sk
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000&barid={AB928E25-DE9C-4645-BD3E-75F5572959FA}
uInternet Settings,ProxyOverride = local
IE: Send by Bluetooth - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tsinfo.htm
IE: Send via &Message... - c:\program files\IVT Corporation\BlueSoleil\TransSend\IE\tssms.htm
TCP: DhcpNameServer = 192.168.0.1
TCP: Interfaces\{418478AD-D133-4889-8699-3F7B847FD9E2}: NameServer = 8.8.8.8,4.4.4.4
TCP: Interfaces\{6644A630-B2A7-4BD6-8398-DDC9A045AF52}: NameServer = 192.168.7.1
FF - ProfilePath - c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - ExtSQL: 2013-02-01 17:22; battlefieldheroespatcher@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldheroespatcher@ea.com
FF - ExtSQL: 2013-02-02 11:35; battlefieldplay4free@ea.com; c:\users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\2oaqyr48.default-1352030006798\extensions\battlefieldplay4free@ea.com
pref(startup.homepage_override_url,);
pref(startup.homepage_welcome_url,);
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(5156)
c:\windows\system32\BsMobileSDK.dll
c:\windows\system32\BsLangInDepRes.dll
c:\windows\system32\Bs2Res.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\Common Files\BinarySense\hldasvc.exe
c:\program files\CyberLink\Shared files\RichVideo.exe
c:\windows\System32\tcpsvcs.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\program files\TuneUp Utilities 2013\TuneUpUtilitiesApp32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Google\Update\GoogleUpdate.exe
c:\program files\IVT Corporation\BlueSoleil\BsHelpCS.exe
c:\windows\servicing\TrustedInstaller.exe
c:\windows\system32\conhost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\DllHost.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\wbem\WmiApSrv.exe
.
**************************************************************************
.
Completion time: 2013-02-22 23:38:05 - machine was rebooted
ComboFix-quarantined-files.txt 2013-02-22 22:38
ComboFix2.txt 2013-02-22 17:41
.
Pre-Run: 21 043 339 264 bytes free
Post-Run: 20 957 171 712 bytes free
.
- - End Of File - - 1022468FACE9D6F7D548C70FECF31479

1. log není kompletní.
2. Neodpověděl jste mi na otázky.

1. Ako to že nie je kompletný??? čo tam ešte chýba?
2. Jedná sa o proces CF26549.3XE a eset som odinstaloval a nechal som si iba MSE.

Teď už je OK. Asi před půl hodinou se nezobrazoval konec od Reg Loading Points dále. Log již vypadá čistý. Nyní PC vyzkoušejte, zda se nebude chyba opakovat.