Obsah fóra
PravidláRegistrovaťPrihlásenie




Odpovedať na tému [ Príspevkov: 37 ] Choď na stránku: 1, 2 ďalšia
AutorSpráva
Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok NapísalOffline : 22.01.2013 14:14

Zdravím, poprosím o pomoc,

ked sa pripojim na net, respektive niekedy ked odoslem mail alebo stiahnem pdf, tak sa niekedy stane ze AVAST zablokuje proces: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
neviem sa toho zbavit, skusal som kontrolu po restarte cez AVAST a aj pomocou SPYBOOT, no nic podozrive nenaslo, neviem co robit....
Tu je vypis z AVASTU:

Infection Details

URL: http://best-installer.info/get/
Process: C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL
Infection: URL:Mal

vypis z Hijack:

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 11:58:38, on 22. 1. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\windows\system32\spool\DRIVERS\x64\3\CNABBSWK.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\nexter\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Trend Micro\HiJackThis\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1:2121
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lexmark Panel nástroju - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - (no file)
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SaveByclick - {90283CE0-6C4B-1EF0-5248-B5DD24CA3850} - C:\ProgramData\SaveByclick\50f7bbf966b87.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O3 - Toolbar: Lexmark Panel nástroju - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [estar] C:\System.Sav\Util\HideDOS.EXE C:\System.Sav\util\estartwk\twk764.bat
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IFXSPMGT] "C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FF46A31E74098BEBB8626DB345599EF9] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\nexter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Prevést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Prevést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Prevést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridat do stávajícího PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) -
O17 - HKLM\System\CCS\Services\Tcpip\..\{0D044146-0F77-45DA-9CD4-BD9CFA547FA9}: NameServer = 194.154.227.17 195.91.0.17
O17 - HKLM\System\CCS\Services\Tcpip\..\{B6EA7203-9B8C-4E0D-A19A-E839820DF8AB}: NameServer = 194.154.227.17 195.91.0.17
O17 - HKLM\System\CS1\Services\Tcpip\..\{0D044146-0F77-45DA-9CD4-BD9CFA547FA9}: NameServer = 194.154.227.17 195.91.0.17
O17 - HKLM\System\CS2\Services\Tcpip\..\{0D044146-0F77-45DA-9CD4-BD9CFA547FA9}: NameServer = 194.154.227.17 195.91.0.17
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O20 - AppInit_DLLs: c:\progra~2\google\google~3\go36f4~1.dll c:\progra~2\saveby~1\sprote~1.dll
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
O23 - Service: lxec_device - - C:\windows\system32\lxeccoms.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 24007 bytes


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 14:20

vlož log z rsit je podrobnejší než HJT
tiahni si RSIT z http://images.malwareremoval.com/random/RSIT.exe pre 64 bit verzie http://images.malwareremoval.com/random/RSITx64.exe spusť daj continue chvíľu počkaj dokým sa vygeneruje log keď ho vygeneruje nájdeš ho na C:\rsit\log.txt log vlož sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 14:32

1/2

Logfile of random's system information tool 1.09 (written by random/random)
Run by nexter at 2013-01-22 14:26:26
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 121 GB (26%) free of 459 GB
Total RAM: 3830 MB (21% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 14:26:39, on 22. 1. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe
C:\ProgramData\DatacardService\DCSHelper.exe
C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe
C:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe
C:\windows\system32\spool\DRIVERS\x64\3\CNABBSWK.EXE
C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
C:\Program Files (x86)\Google\Drive\googledrivesync.exe
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
C:\Users\nexter\Local Settings\Apps\F.lux\flux.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
C:\Program Files\trend micro\nexter.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,AutoConfigURL = 192.168.1.1:2121
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Lexmark Panel nástroju - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
O2 - BHO: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: SaveByclick - {90283CE0-6C4B-1EF0-5248-B5DD24CA3850} - C:\ProgramData\SaveByclick\50f7bbf966b87.dll
O2 - BHO: Pomocník pri prihlasovaní v konte Windows Live ID - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: Lexmark - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O3 - Toolbar: Lexmark Panel nástroju - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O4 - HKLM\..\Run: [File Sanitizer] C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe
O4 - HKLM\..\Run: [estar] C:\System.Sav\Util\HideDOS.EXE C:\System.Sav\util\estartwk\twk764.bat
O4 - HKLM\..\Run: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe /start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
O4 - HKLM\..\Run: [IFXSPMGT] "C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" /NotifyLogon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [AMD AVT] Cmd.exe /c start "AMD Accelerated Video Transcoding device initialization" /min "C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe" aml
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [HTC Sync Loader] "C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" -startup
O4 - HKCU\..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe
O4 - HKCU\..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe
O4 - HKCU\..\Run: [Media Finder] "C:\Program Files (x86)\Media Finder\Media Finder.exe" /opentotray
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [GoogleDriveSync] "C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
O4 - HKCU\..\Run: [GoogleChromeAutoLaunch_FF46A31E74098BEBB8626DB345599EF9] "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --no-startup-window
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: Download with &Media Finder - C:\Program Files (x86)\Media Finder\hook.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\nexter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Prevést cíl vazby do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Prevést cíl vazby do existujícího PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Prevést do Adobe PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Pridat do stávajícího PDF - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra 'Tools' menuitem: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: WebTran - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: &Nastaviť prekladač - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &označený text - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} (Java Plug-in 1.6.0_24) -
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: ActivIdentity Shared Store Service (ac.sharedstore) - ActivIdentity - C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: avast! Antivirus - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: FABS - Helping agent for MAGIX media database (Fabs) - MAGIX AG - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: Firebird Server - MAGIX Instance (FirebirdServerMAGIXInstance) - MAGIX® - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: FLEXnet Licensing Service 64 - Acresso Software Inc. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
O23 - Service: Google Desktop Manager 5.9.1005.12335 (GoogleDesktopManager-051210-111108) - Google - C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HP Power Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Support Assistant Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: HWDeviceService64.exe - Unknown owner - C:\ProgramData\DatacardService\HWDeviceService64.exe
O23 - Service: Updater Service (IBUpdaterService) - Unknown owner - C:\ProgramData\IBUpdaterService\ibsvc.exe (file missing)
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: lxecCATSCustConnectService - Lexmark International, Inc. - C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
O23 - Service: lxec_device - - C:\windows\system32\lxeccoms.exe
O23 - Service: Mobile Partner. OUC (Mobile Partner. RunOuc) - Unknown owner - C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: Internet Pass-Through Service (PassThru Service) - Unknown owner - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files (x86)\PDF Architect\ConversionService.exe
O23 - Service: Personal Secure Drive Service (PersonalSecureDriveService) - Infineon Technologies AG - C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: RoxMediaDB10 - Sonic Solutions - c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: Soluto Launcher Service (SolutoLauncherService) - Soluto - C:\Program Files\Soluto\SolutoLauncherService.exe
O23 - Service: Soluto Remote Service (SolutoRemoteService) - Soluto - C:\Program Files\Soluto\SolutoRemoteService.exe
O23 - Service: Soluto PCGenome Core Service (SolutoService) - Soluto - C:\Program Files\Soluto\SolutoService.exe
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: TeamViewer 7 (TeamViewer7) - TeamViewer GmbH - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 23125 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
C:\windows\system32\services.exe
winlogon.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
atieclxx
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\AVAST Software\Avast\AvastSvc.exe"
C:\windows\system32\WLANExt.exe 4389952
\??\C:\windows\system32\conhost.exe "1820806264-1144566494-13762579941281673100-15486649941793232125-24670878411029438
C:\windows\System32\spoolsv.exe
"C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe" /launchService
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
"C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe" /DisableUI
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
C:\ProgramData\DatacardService\HWDeviceService64.exe -/service
"C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe"
"C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe"
C:\windows\system32\lxeccoms.exe -service
"C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe" "C:/Program Files (x86)/Mobile Partner/UpdateDog/"
"C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe"
"C:\Program Files (x86)\PDF Architect\HelperService.exe"
"C:\Program Files (x86)\PDF Architect\ConversionService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe"
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
"C:\Program Files\Soluto\SolutoLauncherService.exe"
"C:\Program Files\Soluto\SolutoService.exe"
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
C:\windows\system32\svchost.exe -k bthsvcs
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\windows\System32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-36204958-5e73-430a-8e14-eb27000ac2f9 -SystemEventPortName:HostProcess-03ea0007-5849-4627-b0ec-490a125715df -IoCancelEventPortName:HostProcess-a95ea787-289f-407c-b2cf-252c827a33e0 -NonStateChangingEventPortName:HostProcess-fb027c02-562b-41f0-9216-28d6032afe6f -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:dbdf1968-03ba-4e3f-841c-9b1693a57ba1 -DeviceGroupId:WpdFsGroup
"taskhost.exe"
"C:\windows\system32\Dwm.exe"
"c:\program files (x86)\hewlett-packard\hp protecttools security manager\bin\dpagent.exe"
"c:\program files\soluto\soluto.exe" /userinit
C:\windows\Explorer.EXE
"C:\ProgramData\DatacardService\DCSHelper.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" /hidden
"C:\Program Files\ActivIdentity\ActivClient\acevents.exe"
"C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe"
"C:\Windows\System32\spool\drivers\x64\3\CNAP2LAK.EXE"
"C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe"
C:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
"C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe"
C:\windows\system32\spool\DRIVERS\x64\3\CNABBSWK.EXE !hide Canon LBP6300
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Windows\System32\StikyNot.exe"
"C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files\Synaptics\SynTP\SynTPHelper.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe"
C:\windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\coreshredder.exe"
"C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" /start
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe" -Embedding
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM" PriorityLow
C:\windows\splwow64.exe 12288
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe"
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
"C:\Program Files (x86)\Google\Drive\googledrivesync.exe" /autostart
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><ProgressBar><Percentage>94</Percentage><LeftIconPath>C:\Users\nexter\AppData\Local\Temp\VolumeLow.ico</LeftIconPath><RightIconPath>C:\Users\nexter\AppData\Local\Temp\VolumeHigh.ico</RightIconPath></ProgressBar></hpNotification>"
C:\windows\System32\svchost.exe -k secsvcs
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\HP Advisor\HPAdvisor.exe" mode=windowless
"C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe"
"C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe" /startup
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 7292
"C:\Users\nexter\Local Settings\Apps\F.lux\flux.exe" /noshow
"C:\Program Files\Autodesk\AutoCAD 2011\acad.exe"
"C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe"
"C:\Program Files\Common Files\Autodesk Shared\WSCommCntr\lib\\WSCommCntr2.exe" -Embedding
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "http://forum.avast.com/index.php?board=30.0&p_pro=0&p_vep=7&p_ves=0&p_lqa=0&p_lqe=0&p_lsu=24&p_lst=0&p_lex=106&p_lng=sk&p_lid=cs-cz&p_bld=chr0%3Btris4&p_elm=73&p_var=%252Ffa%252Fcs-cz%252Fother%252Fsupport-center_70_default.html&utm_campaign=support&utm_source=prg_fav_70_0&utm_medium=prg_lnk&utm_content=%2Ffa%2Fcs-cz%2Fsupport-center_70_default.html_forum"
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4476.0.974214084\517402451" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=gpu-process --channel="4476.1.1630895354\1514986853" --supports-dual-gpus=false --skip-gpu-full-info-collection --gpu-vendor-id=0x1002 --gpu-device-id=0x9712 --gpu-driver-vendor="Advanced Micro Devices, Inc." --gpu-driver-version=8.970.100.3000 --ignored=" --type=renderer " /prefetch:12
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4476.2.73267804\426009661" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4476.3.2088646138\586882892" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4476.5.2015031913\1915805466" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\nexter\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.0.0_0\np_dvs_plugin.dll" --lang=sk --channel="4476.6.1485363028\1724044023" /prefetch:4
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=ppapi --channel="4476.7.2025634479\870435185" --lang=sk --ignored=" --type=renderer " /prefetch:13
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4476.10.1741379818\1147700587" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4476.14.908474406\1155283180" /prefetch:3
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=2352.1af09800.1990290339 "C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll" E7CF176E110C211B -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.ja" 2352 "\\.\pipe\gecko-crash-server-pipe.2352" plugin
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe" --proxy-stub-channel=Flash6580.5D7AFFC0.41 --host-broker-channel=Flash6580.5D7AFFC0.18467 --host-pid=6580 --host-npapi-version=27 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll"
"C:\windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe" --channel=4392.0027F1B0.992230819 --proxy-stub-channel=Flash6580.5D7AFFC0.41 --plugin-path="C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll" --host-npapi-version=27 --type=renderer
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4476.20.1671688206\1911875849" /prefetch:3
"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtrials=CacheSensitivityAnalysis/No/EnableStage3D/enabled/ForceCompositingMode/enabled/GlobalSdch/global_enable_sdch/InfiniteCache/No/NewTabButton/default/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxHUPCreateShorterMatch/Standard/OmniboxHUPCullRedirects/Standard/OmniboxSearchSuggestTrialStarted2012Q4/3/OneClickSignIn/Standard/Prerender/PrerenderEnabled/PrerenderFromOmnibox/OmniboxPrerenderEnabled/SBInterstitial/V2/SpdyCwnd/cwndDynamic/SpeculativePrefetching/Disabled/Test0PercentDefault/group_01/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Session-Randomized-Uniformity-Trial-5-Percent/group_15/UMA-Uniformity-Trial-1-Percent/group_65/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_04/UMA-Uniformity-Trial-5-Percent/group_04/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4476.22.454536374\225773446" /prefetch:3
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe" lng=1033
"C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe" "/base-dir=C:\Program Files (x86)\ESET\ESET Online Scanner" /lang=1033 /as
\??\C:\windows\system32\conhost.exe "92100165813007408791192111581-14021955081128253447-1830247236-1165347142940092892
"C:\windows\system32\calc.exe"
"C:\windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe14_ Global\UsGthrCtrlFltPipeMssGthrPipe14 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\windows\system32\SearchFilterHost.exe" 0 528 532 540 65536 536
C:\windows\System32\svchost.exe -k WerSvcGroup
"C:\Users\nexter\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\Adobe Flash Player Updater.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2184412465-192472027-3838285202-1002Core.job
C:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-2184412465-192472027-3838285202-1002UA.job
C:\windows\tasks\GoogleUpdateTaskMachineCore.job
C:\windows\tasks\GoogleUpdateTaskMachineUA.job
C:\windows\tasks\HPCeeScheduleFornexter.job

=========Mozilla firefox=========

ProfilePath - C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default

prefs.js - "browser.startup.homepage" - "www.google.sk"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37]
"Description"=
"Path"=C:\windows\SysWOW64\npdeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308]
"Description"=WLPG Install MIME type
"Path"=C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Reader]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.5.502.146 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.4.0]
"Description"=
"Path"=C:\windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
{972ce4c6-7e08-4474-a285-3208198ce6fd}
{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
GoogleDesktopMozilla.dll
GoogleDesktopMozillaStub.js
GoogleDesktopMozillaStub.xpt
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
nppdf32.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
npwachk.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
googledesktop.xml
slovnik-sk.xml
wikipedia-sk.xml
yahoo.xml
zoznam-sk.xml

C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\extensions\
50f7bbf9669f7@50f7bbf966a2f.com
plugin3@gameplaylabs.com

C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\searchplugins\
badoo.xml
daemon-search.xml


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 14:32

2/2

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-05-24 545224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 529280]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-05-24 193480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1017A80C-6F09-4548-A84D-EDD6AC9525F0}]
Lexmark Panel nástroju - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-05-22 372736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23 60568]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-04-02 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3A2D5EBA-F86D-4BD3-A177-019765996711}]
PDF Architect Helper - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll [2013-01-09 92232]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [2012-10-25 329712]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8E5E2654-AD2D-48bf-AC2D-D17F00898D06}]
avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{90283CE0-6C4B-1EF0-5248-B5DD24CA3850}]
SaveByclick - C:\ProgramData\SaveByclick\50f7bbf966b87.dll [2013-01-17 118784]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Pomocník pri prihlasovaní v konte Windows Live ID - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2011-03-28 441216]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE805869-2E5C-4ED4-8F7B-F1F7851A4497}]
Skype Browser Helper - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll [2011-10-10 3834016]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D2C5E510-BE6D-42CC-9F61-E4F939078474}]
Lexmark - C:\Program Files\Lexmark Printable Web\bho.dll [2008-05-22 180224]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2012-10-25 59376]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2012-10-30 1502288]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\PROGRA~2\PCTRAN~1\webie.dll [2004-05-13 319488]
{1017A80C-6F09-4548-A84D-EDD6AC9525F0} - Lexmark Panel nástroju - C:\Program Files\Lexmark Toolbar\toolband.dll [2008-05-22 372736]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11 345480]
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - avast! WebRep - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2012-10-30 1227736]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"=C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe [2010-04-05 1691192]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-04-05 8192]
"acevents"=C:\Program Files\ActivIdentity\ActivClient\acevents.exe [2009-06-04 196648]
""= []
"accrdsub"=C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe [2009-06-04 483880]
"CNAP2 Launcher"=C:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE [2009-04-22 116128]
"lxecmon.exe"=C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe [2011-01-23 770728]
"EzPrint"=C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe [2011-01-23 148280]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-03-17 487424]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-07-07 2174760]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"=C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe [2010-02-10 1712184]
"RESTART_STICKY_NOTES"=C:\Windows\System32\StikyNot.exe [2009-07-14 427520]
"Media Finder"=C:\Program Files (x86)\Media Finder\Media Finder.exe /opentotray []
"SpybotSD TeaTimer"=C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe [2009-03-05 2260480]
"GoogleDriveSync"=C:\Program Files (x86)\Google\Drive\googledrivesync.exe [2012-12-17 16328976]
"GoogleChromeAutoLaunch_FF46A31E74098BEBB8626DB345599EF9"=C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [2013-01-08 1248360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [2008-06-11 640376]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Acrobat Speed Launcher]
C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [2008-06-12 37232]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Advanced SystemCare 4]
C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCTray.exe [2011-04-21 402832]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Facebook Update]
C:\Users\nexter\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HTC Sync Loader]
C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29 655360]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesTrayAgent]
C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2011-03-04 2736128]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SearchSettings]
C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 641704]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
C:\Program Files (x86)\Winamp\winampa.exe [2011-10-26 74752]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^nexter^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^GpsGate.lnk]
C:\Program Files (x86)\Franson\GpsGate 2.0\GpsGateXP.exe -boot []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"File Sanitizer"=C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2010-01-19 11266048]
"estar"=C:\System.Sav\Util\HideDOS.EXE [2006-11-28 77824]
"avast"=C:\Program Files\AVAST Software\Avast\avastUI.exe [2012-10-30 4297136]
"GrooveMonitor"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"QLBController"=C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2011-07-06 323128]
"QuickTime Task"=C:\Program Files (x86)\QuickTime\QTTask.exe [2011-10-24 421888]
"APSDaemon"=C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2011-09-27 59240]
"IFXSPMGT"=C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [2010-02-24 1160480]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-09-17 254896]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 641704]
"AMD AVT"=Cmd.exe /c start AMD Accelerated Video Transcoding device initialization /min C:\Program Files (x86)\AMD AVT\bin\kdbsync.exe aml []
"Adobe ARM"=C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-12-03 946352]
"HTC Sync Loader"=C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe [2012-05-29 655360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\SolutoService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-01-22 14:26:28 ----D---- C:\Program Files\trend micro
2013-01-22 14:26:26 ----D---- C:\rsit
2013-01-22 12:15:46 ----D---- C:\Program Files (x86)\ESET
2013-01-21 08:36:19 ----D---- C:\Program Files (x86)\Mozilla Firefox
2013-01-17 09:45:33 ----D---- C:\Users\nexter\AppData\Roaming\PDF Architect
2013-01-17 09:32:08 ----D---- C:\ProgramData\Cloud Software LTD
2013-01-17 09:32:03 ----D---- C:\Program Files (x86)\SaveByClick
2013-01-17 09:31:47 ----D---- C:\ProgramData\SaveByclick
2013-01-17 09:30:39 ----D---- C:\ProgramData\InstallMate
2013-01-17 09:29:56 ----D---- C:\Program Files (x86)\PDF Architect
2013-01-17 09:29:35 ----D---- C:\Users\nexter\AppData\Roaming\pdfforge
2013-01-17 09:29:28 ----A---- C:\windows\system32\pdfcmon.dll
2013-01-17 09:29:26 ----D---- C:\Program Files (x86)\PDFCreator
2013-01-17 09:29:26 ----A---- C:\windows\SYSWOW64\MSMPIDE.DLL
2013-01-09 19:00:09 ----A---- C:\windows\SYSWOW64\win32spl.dll
2013-01-09 19:00:09 ----A---- C:\windows\system32\win32spl.dll
2013-01-09 18:59:52 ----A---- C:\windows\system32\msxml6.dll
2013-01-09 18:59:50 ----A---- C:\windows\system32\msxml3.dll
2013-01-09 18:59:49 ----A---- C:\windows\SYSWOW64\msxml6.dll
2013-01-09 18:59:49 ----A---- C:\windows\SYSWOW64\msxml3.dll
2013-01-09 18:59:47 ----A---- C:\windows\SYSWOW64\ncrypt.dll
2013-01-09 18:59:47 ----A---- C:\windows\system32\ncrypt.dll
2013-01-09 18:59:45 ----A---- C:\windows\SYSWOW64\usp10.dll
2013-01-09 18:59:45 ----A---- C:\windows\system32\usp10.dll
2013-01-09 18:59:33 ----A---- C:\windows\system32\Wpc.dll
2013-01-09 18:59:32 ----A---- C:\windows\SYSWOW64\Wpc.dll
2013-01-09 18:59:32 ----A---- C:\windows\SYSWOW64\gameux.dll
2013-01-09 18:59:32 ----A---- C:\windows\system32\gameux.dll
2013-01-09 18:58:46 ----A---- C:\windows\system32\KernelBase.dll
2013-01-09 18:58:43 ----A---- C:\windows\SYSWOW64\KernelBase.dll
2013-01-09 18:58:42 ----A---- C:\windows\system32\kernel32.dll
2013-01-09 18:58:40 ----A---- C:\windows\SYSWOW64\kernel32.dll
2013-01-09 18:58:38 ----A---- C:\windows\system32\wow64win.dll
2013-01-09 18:58:38 ----A---- C:\windows\system32\wow64cpu.dll
2013-01-09 18:58:38 ----A---- C:\windows\system32\wow64.dll
2013-01-09 18:58:38 ----A---- C:\windows\system32\winsrv.dll
2013-01-09 18:58:38 ----A---- C:\windows\system32\ntvdm64.dll
2013-01-09 18:58:38 ----A---- C:\windows\system32\conhost.exe
2013-01-09 18:58:37 ----A---- C:\windows\SYSWOW64\wow32.dll
2013-01-09 18:58:37 ----A---- C:\windows\SYSWOW64\ntvdm64.dll
2013-01-09 18:58:36 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 18:58:31 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-file-l1-1-0.dll
2013-01-09 18:58:31 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 18:58:31 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 18:58:30 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 18:58:30 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 18:58:28 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 18:58:28 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 18:58:27 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 18:58:26 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 18:58:26 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 18:58:25 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 18:58:25 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-string-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 18:58:24 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 18:58:23 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 18:58:23 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 18:58:23 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 18:58:23 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 18:58:23 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 18:58:23 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 18:58:23 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 18:58:22 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 18:58:22 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 18:58:22 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-io-l1-1-0.dll
2013-01-09 18:58:22 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 18:58:22 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 18:58:22 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 18:58:21 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 18:58:21 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 18:58:21 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 18:58:21 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 18:58:20 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 18:58:20 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 18:58:20 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 18:58:20 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 18:58:20 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 18:58:19 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 18:58:19 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 18:58:19 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 18:58:18 ----AH---- C:\windows\SYSWOW64\api-ms-win-security-base-l1-1-0.dll
2013-01-09 18:58:18 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 18:58:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 18:58:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-util-l1-1-0.dll
2013-01-09 18:58:16 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 18:58:15 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 18:58:14 ----A---- C:\windows\SYSWOW64\setup16.exe
2013-01-09 18:58:10 ----A---- C:\windows\SYSWOW64\instnm.exe
2013-01-09 18:58:08 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 18:58:08 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 18:58:07 ----AH---- C:\windows\SYSWOW64\api-ms-win-core-console-l1-1-0.dll
2013-01-09 18:58:06 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 18:58:04 ----A---- C:\windows\SYSWOW64\user.exe
2013-01-09 18:57:46 ----A---- C:\windows\system32\taskhost.exe
2013-01-09 18:57:43 ----A---- C:\windows\system32\win32k.sys
2012-12-27 07:19:35 ----D---- C:\Program Files\Soluto
2012-12-23 18:10:21 ----D---- C:\Users\nexter\AppData\Roaming\Publish Providers
2012-12-23 18:01:44 ----D---- C:\ProgramData\Sony
2012-12-23 17:10:25 ----A---- C:\windows\SYSWOW64\atmlib.dll
2012-12-23 17:10:25 ----A---- C:\windows\system32\atmlib.dll
2012-12-23 17:10:24 ----A---- C:\windows\system32\atmfd.dll
2012-12-23 17:10:23 ----A---- C:\windows\SYSWOW64\atmfd.dll

======List of files/folders modified in the last 1 month======

2013-01-22 14:26:35 ----D---- C:\windows\Temp
2013-01-22 14:26:28 ----RD---- C:\Program Files
2013-01-22 12:55:00 ----SHD---- C:\System Volume Information
2013-01-22 12:37:38 ----D---- C:\Windows
2013-01-22 12:24:31 ----D---- C:\windows\inf
2013-01-22 12:21:41 ----D---- C:\windows\System32
2013-01-22 12:21:41 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-01-22 12:15:46 ----D---- C:\Program Files (x86)
2013-01-22 11:58:06 ----SHD---- C:\windows\Installer
2013-01-22 11:58:06 ----SHD---- C:\Config.Msi
2013-01-22 11:40:16 ----D---- C:\Users\nexter\AppData\Roaming\Winamp
2013-01-22 11:40:16 ----D---- C:\ProgramData\Spybot - Search & Destroy
2013-01-22 11:39:02 ----D---- C:\windows\debug
2013-01-22 11:24:37 ----D---- C:\windows\system32\config
2013-01-22 11:07:22 ----D---- C:\ProgramData\HPQLOG
2013-01-21 14:17:34 ----D---- C:\Program Files (x86)\Mozilla Maintenance Service
2013-01-21 13:25:46 ----A---- C:\windows\wdict32.INI
2013-01-18 14:55:42 ----D---- C:\ProgramData\Lx_cats
2013-01-18 14:55:41 ----HD---- C:\ProgramData
2013-01-18 08:57:29 ----D---- C:\windows\Prefetch
2013-01-17 09:29:32 ----D---- C:\windows\SysWOW64
2013-01-15 13:04:52 ----D---- C:\windows\rescache
2013-01-14 08:04:45 ----D---- C:\Program Files\WinRAR
2013-01-14 08:04:09 ----D---- C:\Program Files\CDBurnerXP
2013-01-14 07:17:48 ----D---- C:\windows\Tasks
2013-01-14 07:17:48 ----D---- C:\windows\system32\Tasks
2013-01-10 12:57:09 ----D---- C:\windows\pss
2013-01-10 12:37:54 ----D---- C:\windows\Microsoft.NET
2013-01-10 12:37:52 ----RSD---- C:\windows\assembly
2013-01-10 07:29:41 ----D---- C:\windows\winsxs
2013-01-10 07:28:15 ----D---- C:\windows\system32\catroot2
2013-01-10 07:25:33 ----D---- C:\windows\SYSWOW64\sk-SK
2013-01-10 07:25:32 ----D---- C:\windows\system32\sk-SK
2013-01-10 07:25:29 ----D---- C:\windows\AppPatch
2013-01-09 22:24:19 ----D---- C:\ProgramData\Microsoft Help
2013-01-09 22:11:37 ----A---- C:\windows\system32\MRT.exe
2013-01-09 18:57:32 ----D---- C:\windows\system32\catroot
2013-01-09 12:04:27 ----A---- C:\windows\SYSWOW64\FlashPlayerApp.exe
2013-01-06 18:23:20 ----D---- C:\Program Files (x86)\Lexmark Pro800-Pro900 Series
2013-01-03 14:55:05 ----D---- C:\Program Files (x86)\Google
2012-12-27 07:19:38 ----DC---- C:\windows\system32\DRVSTORE
2012-12-27 07:19:38 ----D---- C:\windows\system32\drivers
2012-12-23 18:26:49 ----D---- C:\Program Files\Sony
2012-12-23 18:23:01 ----D---- C:\Program Files\Avidemux 2.6
2012-12-23 18:22:43 ----D---- C:\windows\SYSWOW64\drivers
2012-12-23 18:10:15 ----D---- C:\Users\nexter\AppData\Roaming\Sony

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie.sys [2009-08-23 16440]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 PxHlpa64;PxHlpa64; C:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-02-02 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-02-02 15688]
R0 Soluto;Soluto; C:\windows\system32\DRIVERS\Soluto.sys [2012-12-20 54728]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2011-04-22 834544]
R1 aswKbd;aswKbd; C:\windows\system32\drivers\aswKbd.sys [2012-07-03 19600]
R1 aswRdr;aswRdr; C:\windows\System32\Drivers\aswrdr2.sys [2012-10-15 54072]
R1 aswSnx;aswSnx; C:\windows\system32\drivers\aswSnx.sys [2012-10-30 984144]
R1 aswSP;aswSP; C:\windows\system32\drivers\aswSP.sys [2012-10-30 370288]
R1 aswTdi;avast! Network Shield Support; C:\windows\system32\drivers\aswTdi.sys [2012-10-30 59728]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 PersonalSecureDrive;PersonalSecureDrive; C:\windows\System32\drivers\psd.sys [2010-01-26 44576]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-02-02 58184]
R2 AODDriver4.1;AODDriver4.1; \??\C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
R2 aswFsBlk;aswFsBlk; C:\windows\system32\drivers\aswFsBlk.sys [2012-10-30 25232]
R2 aswMonFlt;aswMonFlt; \??\C:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
R2 rimspci;rimspci; C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
R2 risdpcie;risdpcie; C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360]
R2 rixdpcie;rixdpcie; C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2010-01-21 1209856]
R3 amdiox64;AMD IO Driver; C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-03-09 123408]
R3 BCM43XX;Broadcom 802.11 - ovládač sieťového adaptéru; C:\windows\system32\DRIVERS\bcmwl664.sys [2011-04-22 3058168]
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-01-07 98344]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-01-07 132648]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-01-07 21160]
R3 cpuz136;cpuz136; \??\C:\windows\TEMP\cpuz136\cpuz136_x64.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 huawei_enumerator;huawei_enumerator; C:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-07-02 86016]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 rtsuvc;HP Webcam [2 MP Fixed]; C:\windows\system32\DRIVERS\rtsuvc.sys [2010-01-30 89344]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-03-17 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2011-07-07 1379376]
R3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 cpuz135;cpuz135; \??\C:\windows\TEMP\cpuz135\cpuz135_x64.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device; C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-02 117248]
S3 ewusbmbb;HUAWEI USB-WWAN miniport; C:\windows\system32\DRIVERS\ewusbwwan.sys [2012-07-02 421376]
S3 grmnusb;grmnusb; C:\windows\system32\drivers\grmnusb.sys [2012-04-18 19304]
S3 HTCAND64;HTC Device Driver; C:\windows\System32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
S3 htcnprot;HTC NDIS Protocol Driver; C:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
S3 hwdatacard;Huawei DataCard USB Modem and USB Serial; C:\windows\system32\DRIVERS\ewusbmdm.sys [2012-07-02 221312]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\windows\system32\drivers\ccdcmbx64.sys [2011-08-17 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\windows\system32\drivers\ccdcmbox64.sys [2011-08-17 27136]
S3 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RTCore64;RTCore64; \??\C:\Users\nexter\Desktop\rmclock_235_bin\RTCore64.sys []
S3 s3cap;s3cap; C:\windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 sdbus;sdbus; C:\windows\system32\drivers\sdbus.sys [2010-11-20 109056]
S3 StarOpen;StarOpen; C:\windows\system32\drivers\StarOpen.sys [2009-11-12 5504]
S3 storvsc;storvsc; C:\windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 TsUsbFlt;@%SystemRoot%\system32\drivers\tsusbflt.sys,-1; C:\windows\System32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys [2011-08-17 9216]
S3 usb_rndisx;USB RNDIS Adapter; C:\windows\system32\drivers\usb8023x.sys [2009-07-14 19968]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 usbser;USB Modem Driver; C:\windows\system32\drivers\usbser.sys [2010-11-20 32768]
S3 UsbserFilt;UsbserFilt; C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2011-08-17 9216]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ac.sharedstore;ActivIdentity Shared Store Service; C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-04 277032]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-12-18 65192]
R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2010-01-21 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2012-07-04 238080]
R2 AMD FUEL Service;AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
R2 avast! Antivirus;avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-10-30 44808]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-12-29 873248]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-03-31 462088]
R2 Fabs;FABS - Helping agent for MAGIX media database; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
R2 HP Power Assistant Service;HP Power Assistant Service; C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
R2 HP Support Assistant Service;HP Support Assistant Service; C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-03-25 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-07-06 1698360]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-05-13 30520]
R2 HWDeviceService64.exe;HWDeviceService64.exe; C:\ProgramData\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
R2 IFXSpMgtSrv;Security Platform Management Service; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe [2010-02-24 1160480]
R2 IFXTCS;Trusted Platform Core Service; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe [2010-02-24 992544]
R2 lxec_device;lxec_device; C:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
R2 PassThru Service;Internet Pass-Through Service; C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
R2 PDF Architect Helper Service;PDF Architect Helper Service; C:\Program Files (x86)\PDF Architect\HelperService.exe [2013-01-09 1324104]
R2 PDF Architect Service;PDF Architect Service; C:\Program Files (x86)\PDF Architect\ConversionService.exe [2013-01-09 795208]
R2 PersonalSecureDriveService;Personal Secure Drive Service; C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe [2010-02-24 214304]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-28 249648]
R2 SolutoLauncherService;Soluto Launcher Service; C:\Program Files\Soluto\SolutoLauncherService.exe [2012-12-20 183432]
R2 SolutoService;Soluto PCGenome Core Service; C:\Program Files\Soluto\SolutoService.exe [2012-12-20 542344]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe [2010-03-17 244736]
R3 AppMgmt;@appmgmts.dll,-3250; C:\windows\system32\svchost.exe [2009-07-14 27136]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-22 1436424]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe [2011-09-01 991288]
R3 SBSDWSCService;SBSD Security Center Service; C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
S2 IBUpdaterService;Updater Service; C:\ProgramData\IBUpdaterService\ibsvc.exe /SERVICE []
S2 lxecCATSCustConnectService;lxecCATSCustConnectService; C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
S2 Mobile Partner. RunOuc;Mobile Partner. OUC; C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-07-02 218624]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-01-09 251400]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
S3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance; C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2011-06-19 651720]
S3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335; C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-10-24 30192]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 136176]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-21 115608]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 RoxMediaDB10;RoxMediaDB10; c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
S3 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 160944]
S3 SolutoRemoteService;Soluto Remote Service; C:\Program Files\Soluto\SolutoRemoteService.exe [2012-12-20 1246344]
S3 stllssvr;stllssvr; c:\Program Files (x86)\Common Files\SureThing Shared\stllssvr.exe [2009-10-16 74392]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\windows\System32\svchost.exe [2009-07-14 27136]
S3 TeamViewer7;TeamViewer 7; C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\windows\System32\svchost.exe [2009-07-14 27136]
S4 AdvancedSystemCareService;Advanced SystemCare Service; C:\Program Files (x86)\IObit\Advanced SystemCare 4\ASCService.exe [2011-04-21 352656]
S4 avast! Firewall;avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe []
S4 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\windows\System32\svchost.exe [2009-07-14 27136]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2011-03-04 73728]
S4 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\windows\System32\svchost.exe [2009-07-14 27136]

-----------------EOF-----------------


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 14:53

Odinštaluj spybot je zastaralý
čo si skášal z ESETOM
Advanced SystemCare 4 odinštaluj nahraď ho ccleanerom http://www.piriform.com/ccleaner
Stiahni si AdwCleaner http://general-changelog-team.fr/fr/dow ... adwcleaner
ulož ho na plochu Spusť program stlač tlačidlo search
Po skene sa objaví log budeš ho mať na systémovom disku ako AdwCleaner[R?].txt cely obsah vlož sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 15:11

ESET online scaner som mal pusteny, nieco nasiel ale nemyslim si ze to je povodca totho problemu
ccleaner mam nainstalovany a pouzivam ho.

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 15:10:38
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : nexter - SOHLER
# Boot Mode : Normal
# Running from : C:\Users\nexter\Downloads\adwcleaner.exe
# Option [Search]


***** [Services] *****

Found : IBUpdaterService

***** [Files / Folders] *****

File Found : C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\searchplugins\daemon-search.xml
Folder Found : C:\ProgramData\InstallMate
Folder Found : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Found : C:\ProgramData\Tarma Installer
Folder Found : C:\Users\nexter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Found : C:\Users\nexter\AppData\LocalLow\pdfforge
Folder Found : C:\Users\nexter\AppData\LocalLow\Search Settings
Folder Found : C:\Users\nexter\AppData\Roaming\eType
Folder Found : C:\Users\nexter\AppData\Roaming\Media Finder
Folder Found : C:\Users\nexter\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Found : C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\extensions\plugin3@gameplaylabs.com
Folder Found : C:\Users\nexter\AppData\Roaming\pdfforge
Folder Found : C:\Users\nexter\AppData\Roaming\PerformerSoft

***** [Registry] *****

Key Found : HKCU\Software\AppDataLow\Software\Crossrider
Key Found : HKCU\Software\AppDataLow\SProtector
Key Found : HKCU\Software\DSNR Labs
Key Found : HKCU\Software\GamePlayLabs
Key Found : HKCU\Software\MediaFinder
Key Found : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Found : HKCU\Software\Search Settings
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Found : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Found : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Found : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Found : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Found : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Found : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Found : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Found : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Found : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Found : HKLM\SOFTWARE\Classes\b
Key Found : HKLM\SOFTWARE\Classes\MF
Key Found : HKLM\SOFTWARE\Classes\Prod.cap
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Found : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Found : HKLM\Software\GamePlayLabs
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Found : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Found : HKLM\Software\pdfforge
Key Found : HKLM\Software\Search Settings
Key Found : HKLM\Software\SP Global
Key Found : HKLM\Software\SProtector
Key Found : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Found : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Found : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Found : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Found : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Found : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Found : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Found : HKLM\SOFTWARE\Tarma Installer
Key Found : HKU\S-1-5-21-2184412465-192472027-3838285202-1002\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Found : HKU\S-1-5-21-2184412465-192472027-3838285202-1002\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Found : HKU\S-1-5-21-2184412465-192472027-3838285202-1002\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Found : HKU\S-1-5-21-2184412465-192472027-3838285202-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Value Found : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (sk)

File : C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\prefs.js

Found : user_pref("aol_toolbar.default.homepage.check", false);
Found : user_pref("aol_toolbar.default.search.check", false);
Found : user_pref("extensions.50f7bbf966aa2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Found : user_pref("extensions.BabylonToolbar.aflt", "babclient");
Found : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Found : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Found : user_pref("extensions.BabylonToolbar.id", "cad26d3800000000000000268272f9d7");
Found : user_pref("extensions.BabylonToolbar.instlDay", "15286");
Found : user_pref("extensions.BabylonToolbar.instlRef", "std");
Found : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_&q={searchTe[...]
Found : user_pref("extensions.BabylonToolbar.lastDP", 6);
Found : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1012:58:15");
Found : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
Found : user_pref("extensions.BabylonToolbar.newTab", true);
Found : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Found : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Found : user_pref("extensions.BabylonToolbar.propectorlck", 69593393);
Found : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Found : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Found : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Found : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Found : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Found : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Found : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Found : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Found : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1012:58:15");
Found : user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":11,\"data\":[{\"u[...]
Found : user_pref("extensions.ntk.thumbsUrls", "hxxps://mail.google.com/mail/?shva=1#inbox;hxxp://www.google[...]
Found : user_pref("extensions.plugin3@gameplaylabs.com.fr", "1303500906");
Found : user_pref("extensions.plugin3@gameplaylabs.com.ranonce", true);
Found : user_pref("extensions.plugin3@gameplaylabs.com.rule_/", "1303500907");
Found : user_pref("extensions.plugin3@gameplaylabs.com.var_installerid", "vid-exe");
Found : user_pref("extensions.plugin3@gameplaylabs.com.var_pid", "5");
Found : user_pref("extensions.plugin3@gameplaylabs.com.var_revision", "5");
Found : user_pref("extensions.plugin3@gameplaylabs.com.var_source", "4caa425a93dbdb1f6d1082322");
Found : user_pref("extensions.plugin3@gameplaylabs.com.var_sub_id", "a-0-2398-9346-7103-0-194-0");
Found : user_pref("extensions.plugin3@gameplaylabs.com.var_zdata", "9346");
Found : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Found : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Found : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Found : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Found : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Found : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Found : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\nexter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10134 octets] - [22/01/2013 15:10:38]

########## EOF - C:\AdwCleaner[R1].txt - [10195 octets] ##########


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 15:23

Spusť adwcleaner stlač tlačidlo delete pre odsúhlasenie stlač OK počítač sa reštartuje
log budeš ho mať na systémovom disku ako AdwCleaner[S?].txt cely obsah vlož sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 15:36

# AdwCleaner v2.107 - Logfile created 01/22/2013 at 15:28:08
# Updated 21/01/2013 by Xplode
# Operating system : Windows 7 Professional Service Pack 1 (64 bits)
# User : nexter - SOHLER
# Boot Mode : Normal
# Running from : C:\Users\nexter\Desktop\adwcleaner.exe
# Option [Delete]


***** [Services] *****

Stopped & Deleted : IBUpdaterService

***** [Files / Folders] *****

File Deleted : C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\searchplugins\daemon-search.xml
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Finder
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Users\nexter\AppData\Local\Google\Chrome\User Data\Default\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Folder Deleted : C:\Users\nexter\AppData\LocalLow\pdfforge
Folder Deleted : C:\Users\nexter\AppData\LocalLow\Search Settings
Folder Deleted : C:\Users\nexter\AppData\Roaming\eType
Folder Deleted : C:\Users\nexter\AppData\Roaming\Media Finder
Folder Deleted : C:\Users\nexter\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}\gencrawler@some.com
Folder Deleted : C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\extensions\plugin3@gameplaylabs.com
Folder Deleted : C:\Users\nexter\AppData\Roaming\pdfforge
Folder Deleted : C:\Users\nexter\AppData\Roaming\PerformerSoft

***** [Registry] *****

Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\SProtector
Key Deleted : HKCU\Software\DSNR Labs
Key Deleted : HKCU\Software\GamePlayLabs
Key Deleted : HKCU\Software\MediaFinder
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\MenuExt\Download with &Media Finder
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKCU\Software\Search Settings
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4FC7-90CC-5EA0ABBE9EB8}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{65C994A2-C65A-4A20-BA92-AADAFC0DCE49}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\MF
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Key Deleted : HKLM\Software\GamePlayLabs
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKLM\Software\pdfforge
Key Deleted : HKLM\Software\Search Settings
Key Deleted : HKLM\Software\SP Global
Key Deleted : HKLM\Software\SProtector
Key Deleted : HKLM\SOFTWARE\Wow6432Node\14919ea49a8f3b4aa3cf1058d9a64cec
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dednnpigldgdbpgcdpfppmlcnnbjciel
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\lpmkgpnbiojfaoklbkpfneikocaobfai
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65BCD620-07DD-012F-819F-073CF1B8F7C6}
Key Deleted : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Key Deleted : HKLM\SOFTWARE\Tarma Installer
Value Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Run [Media Finder]

***** [Internet Browsers] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Registry is clean.

-\\ Mozilla Firefox v18.0.1 (sk)

File : C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\prefs.js

C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\user.js ... Deleted !

Deleted : user_pref("aol_toolbar.default.homepage.check", false);
Deleted : user_pref("aol_toolbar.default.search.check", false);
Deleted : user_pref("extensions.50f7bbf966aa2.scode", "(function(){try{if('aol.com,mail.google.com,mystart.inc[...]
Deleted : user_pref("extensions.BabylonToolbar.aflt", "babclient");
Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 6);
Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Deleted : user_pref("extensions.BabylonToolbar.id", "cad26d3800000000000000268272f9d7");
Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15286");
Deleted : user_pref("extensions.BabylonToolbar.instlRef", "std");
Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?babsrc=SP_&q={searchTe[...]
Deleted : user_pref("extensions.BabylonToolbar.lastDP", 6);
Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.4.35.1012:58:15");
Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "10.0");
Deleted : user_pref("extensions.BabylonToolbar.newTab", true);
Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_FFUP");
Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 69593393);
Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "none");
Deleted : user_pref("extensions.BabylonToolbar.srchPrvdr", "Search the web (Babylon)");
Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.4.35.10");
Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.4.35.1012:58:15");
Deleted : user_pref("extensions.ntk.feedStore", "{\"URLtoFeedCount\":15,\"FeedStoriesCount\":11,\"data\":[{\"u[...]
Deleted : user_pref("extensions.ntk.thumbsUrls", "hxxps://mail.google.com/mail/?shva=1#inbox;hxxp://www.google[...]
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.fr", "1303500906");
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.ranonce", true);
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.rule_/", "1303500907");
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_installerid", "vid-exe");
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_pid", "5");
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_revision", "5");
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_source", "4caa425a93dbdb1f6d1082322");
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_sub_id", "a-0-2398-9346-7103-0-194-0");
Deleted : user_pref("extensions.plugin3@gameplaylabs.com.var_zdata", "9346");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Deleted : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Deleted : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Deleted : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v24.0.1312.52

File : C:\Users\nexter\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] File is clean.

*************************

AdwCleaner[R1].txt - [10245 octets] - [22/01/2013 15:10:38]
AdwCleaner[S2].txt - [9924 octets] - [22/01/2013 15:28:08]

########## EOF - C:\AdwCleaner[S2].txt - [9984 octets] ##########


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 15:38

Prekontroluj na virustotal https://www.virustotal.com/
C:\PROGRA~2\Google\GOOGLE~3\GO36F4~1.DLL


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 15:58

No ale to je ten problem ze fyzicky to na disky nemam, ten proces sa ako keby iba v tej chvili vytvori a snazi sa pripojit na stranku:
URL: http://best-installer.info/get/
a potom to AVAST stopne, tak som dal aspon tu stranku do https://www.virustotal.com/ a tu je vysledok

https://www.virustotal.com/url/e96b7916 ... 358866446/


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 16:02

Stiahni si RKill z http://download.bleepingcomputer.com/grinler/rkill.com
ulož ho na plochu Spusť Rkill
program ukonči všetky procesi teda aj malware
Na ploche sa vytvori rkill.txt vlož ho sem
Teraz nereštartuj PC
Aplikuj hneď combofix


Stihni si combofix z http://download.bleepingcomputer.com/sUBs/ComboFix.exe ulož ho na plochu
Vypni všetky rezidentné štíty antiviru a antyspyware
Pre WIN XP spuštaj pod administrátorom
Pre WIN Vista a WIN 7 klikny na combofix pravým tlačidlom daj spustiť ako správca
Hneď po zapnutý okno z licečnimi podmienkami stlač tlačidlo áno
Keď ty combofix ponúkne inštalovať konzolu pre zotavenie odsúhlas inštaláciu tlačidlom ANO
Behom scanu nechaj combofix pracovať nerob nič na PC
Scan môže trvať cca 10 min všetko zaleží od toho v akom stave je PC môže sa to predlžiť o dvojnásobok
Po dokončení skenovanie combofix reštartuje PC a zobrazí sa log budeš ho mať na C:\ComboFix.txt vlož ho sem
Nože sa stať že systém nenabehne v tom prípade použi poslednú známu konfiguráciu http://support.microsoft.com/kb/307852/sk


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 16:43

ComboFix 13-01-21.04 - nexter . 01. 2013 16:18:23.1.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3830.1321 [GMT 1:00]
Running from: C:\Users\nexter\Downloads\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\nexter\AppData\Local\Temp\_MEI42082\_ctypes.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\_elementtree.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\_hashlib.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\_socket.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\_ssl.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\pyexpat.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\pysqlite2._sqlite.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\python26.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\pythoncom26.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\PyWinTypes26.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\select.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\unicodedata.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32api.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32com.shell.shell.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32crypt.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32event.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32file.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32inet.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32pdh.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32process.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32profile.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32security.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\win32ts.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\windows._cacheinvalidation.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wx._controls_.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wx._core_.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wx._gdi_.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wx._html2.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wx._misc_.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wx._windows_.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wx._wizard.pyd
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wxbase293u_net_vc.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wxbase293u_vc.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_adv_vc.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_core_vc.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_html_vc.dll
C:\Users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_webview_vc.dll
C:\windows\SysWow64\pt
C:\windows\SysWow64\pt\DPCont32.dll.mui


((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))


2013-01-22 15:28:54 . 2013-01-22 15:28:54 -------- d-----w- C:\Users\Default\AppData\Local\temp
2013-01-22 14:19:37 . 2013-01-22 14:19:37 -------- d-----w- C:\Users\nexter\AppData\Roaming\Roxio Log Files
2013-01-22 14:16:39 . 2013-01-22 14:16:39 -------- d-----w- C:\ProgramData\PDF Architect
2013-01-22 13:26:28 . 2013-01-22 13:26:39 -------- d-----w- C:\Program Files\trend micro
2013-01-22 13:26:26 . 2013-01-22 13:27:08 -------- d-----w- C:\rsit
2013-01-22 11:15:46 . 2013-01-22 11:15:46 -------- d-----w- C:\Program Files (x86)\ESET
2013-01-22 10:58:06 . 2013-01-22 10:58:06 388096 ----a-r- C:\Users\nexter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-22 10:14:09 . 2013-01-08 05:32:08 9161176 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{B5FF14EC-2A3F-4781-9A55-3C9DC6C1B132}\mpengine.dll
2013-01-21 06:16:44 . 2013-01-21 06:16:44 -------- d-----w- C:\Users\Default\AppData\Local\Google
2013-01-17 08:45:33 . 2013-01-17 08:45:34 -------- d-----w- C:\Users\nexter\AppData\Roaming\PDF Architect
2013-01-17 08:32:08 . 2013-01-17 08:32:08 -------- d-----w- C:\ProgramData\Cloud Software LTD
2013-01-17 08:32:03 . 2013-01-17 08:32:03 -------- d-----w- C:\Program Files (x86)\SaveByClick
2013-01-17 08:31:47 . 2013-01-17 08:31:47 -------- d-----w- C:\ProgramData\SaveByclick
2013-01-17 08:29:32 . 2012-05-05 09:54:20 137000 ----a-w- C:\windows\SysWow64\MSMAPI32.OCX
2013-01-17 08:29:28 . 2013-01-11 10:39:42 103936 ----a-w- C:\windows\system32\pdfcmon.dll
2013-01-17 08:29:26 . 2013-01-17 08:29:38 -------- d-----w- C:\Program Files (x86)\PDFCreator
2013-01-17 08:29:26 . 2012-05-05 09:54:20 23552 ----a-w- C:\windows\SysWow64\MSMPIDE.DLL
2013-01-14 07:05:30 . 2013-01-14 07:05:30 -------- d-----w- C:\Users\nexter\AppData\Local\Programs
2013-01-09 18:00:09 . 2012-11-09 05:45:32 750592 ----a-w- C:\windows\system32\win32spl.dll
2013-01-09 18:00:09 . 2012-11-09 04:43:04 492032 ----a-w- C:\windows\SysWow64\win32spl.dll
2013-01-09 17:58:46 . 2012-11-30 05:41:07 424448 ----a-w- C:\windows\system32\KernelBase.dll
2013-01-09 17:57:46 . 2012-11-23 03:13:57 68608 ----a-w- C:\windows\system32\taskhost.exe
2013-01-09 17:57:43 . 2012-11-23 03:26:31 3149824 ----a-w- C:\windows\system32\win32k.sys
2013-01-04 08:47:11 . 2013-01-04 08:47:11 -------- d-----w- C:\Users\nexter\AppData\Local\Finančné_riaditeľstvo_SR_-_Sekcia_daňová
2013-01-03 13:57:50 . 2013-01-22 14:35:35 -------- d-s---w- C:\Users\nexter\Disk Google
2012-12-27 06:19:35 . 2012-12-27 06:19:39 -------- d-----w- C:\Program Files\Soluto
2012-12-23 17:10:21 . 2012-12-23 17:10:21 -------- d-----w- C:\Users\nexter\AppData\Roaming\Publish Providers
2012-12-23 17:01:44 . 2012-12-23 17:01:44 -------- d-----w- C:\ProgramData\Sony
2012-12-23 16:10:25 . 2012-12-16 17:11:22 46080 ----a-w- C:\windows\system32\atmlib.dll
2012-12-23 16:10:25 . 2012-12-16 14:13:20 34304 ----a-w- C:\windows\SysWow64\atmlib.dll
2012-12-23 16:10:24 . 2012-12-16 14:45:03 367616 ----a-w- C:\windows\system32\atmfd.dll
2012-12-23 16:10:23 . 2012-12-16 14:13:28 295424 ----a-w- C:\windows\SysWow64\atmfd.dll
.


(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-01-09 21:11:37 . 2011-04-26 06:45:44 67599240 ----a-w- C:\windows\system32\MRT.exe
2013-01-09 11:04:27 . 2012-05-01 11:12:06 697864 ----a-w- C:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 11:04:27 . 2011-08-23 05:57:05 74248 ----a-w- C:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 19:22:43 . 2012-12-22 19:22:43 25616 ----a-w- C:\windows\system32\drivers\bizVSerialNT.sys
2012-12-20 18:19:42 . 2011-10-21 06:42:04 54728 ----a-w- C:\windows\system32\drivers\Soluto.sys
2012-11-30 04:45:10 . 2013-01-09 17:58:38 44032 ----a-w- C:\windows\apppatch\acwow64.dll
2012-11-14 07:06:18 . 2012-12-12 20:13:34 17811968 ----a-w- C:\windows\system32\mshtml.dll
2012-11-14 06:32:33 . 2012-12-12 20:13:31 10925568 ----a-w- C:\windows\system32\ieframe.dll
2012-11-14 06:11:44 . 2012-12-12 20:14:00 2312704 ----a-w- C:\windows\system32\jscript9.dll
2012-11-14 06:04:44 . 2012-12-12 20:14:02 1346048 ----a-w- C:\windows\system32\urlmon.dll
2012-11-14 06:04:11 . 2012-12-12 20:13:56 1392128 ----a-w- C:\windows\system32\wininet.dll
2012-11-14 06:02:49 . 2012-12-12 20:14:01 1494528 ----a-w- C:\windows\system32\inetcpl.cpl
2012-11-14 06:02:04 . 2012-12-12 20:14:10 237056 ----a-w- C:\windows\system32\url.dll
2012-11-14 05:59:52 . 2012-12-12 20:13:54 85504 ----a-w- C:\windows\system32\jsproxy.dll
2012-11-14 05:58:36 . 2012-12-12 20:13:50 816640 ----a-w- C:\windows\system32\jscript.dll
2012-11-14 05:57:46 . 2012-12-12 20:13:51 599040 ----a-w- C:\windows\system32\vbscript.dll
2012-11-14 05:57:35 . 2012-12-12 20:14:14 173056 ----a-w- C:\windows\system32\ieUnatt.exe
2012-11-14 05:55:45 . 2012-12-12 20:13:48 2144768 ----a-w- C:\windows\system32\iertutil.dll
2012-11-14 05:55:26 . 2012-12-12 20:13:59 729088 ----a-w- C:\windows\system32\msfeeds.dll
2012-11-14 05:53:22 . 2012-12-12 20:14:21 96768 ----a-w- C:\windows\system32\mshtmled.dll
2012-11-14 05:52:40 . 2012-12-12 20:14:23 2382848 ----a-w- C:\windows\system32\mshtml.tlb
2012-11-14 05:46:25 . 2012-12-12 20:14:14 248320 ----a-w- C:\windows\system32\ieui.dll
2012-11-14 02:09:22 . 2012-12-12 20:13:52 1800704 ----a-w- C:\windows\SysWow64\jscript9.dll
2012-11-14 01:58:15 . 2012-12-12 20:14:02 1427968 ----a-w- C:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57:37 . 2012-12-12 20:13:56 1129472 ----a-w- C:\windows\SysWow64\wininet.dll
2012-11-14 01:49:25 . 2012-12-12 20:14:13 142848 ----a-w- C:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48:27 . 2012-12-12 20:14:18 420864 ----a-w- C:\windows\SysWow64\vbscript.dll
2012-11-14 01:44:42 . 2012-12-12 20:14:22 2382848 ----a-w- C:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45:09 . 2012-12-12 06:37:14 2048 ----a-w- C:\windows\system32\tzres.dll
2012-11-09 04:42:49 . 2012-12-12 06:37:14 2048 ----a-w- C:\windows\SysWow64\tzres.dll
2012-11-08 10:29:12 . 2012-11-08 10:29:12 1402312 ----a-w- C:\windows\SysWow64\msxml4.dll
2012-11-02 05:59:11 . 2012-12-12 06:35:38 478208 ----a-w- C:\windows\system32\dpnet.dll
2012-11-02 05:11:31 . 2012-12-12 06:35:37 376832 ----a-w- C:\windows\SysWow64\dpnet.dll
2012-10-31 16:05:32 . 2012-10-31 16:05:33 368912 ----a-w- C:\windows\SysWow64\VBAR332.DLL
2012-10-31 16:05:32 . 2012-10-31 16:05:33 252176 ----a-w- C:\windows\SysWow64\MSRD2X35.DLL
2012-10-31 16:05:32 . 2012-10-31 16:05:33 24848 ----a-w- C:\windows\SysWow64\MSJTER35.DLL
2012-10-31 16:05:32 . 2012-10-31 16:05:33 123664 ----a-w- C:\windows\SysWow64\MSJINT35.DLL
2012-10-31 16:05:32 . 2012-10-31 16:05:32 1045776 ----a-w- C:\windows\SysWow64\MSJET35.DLL
2012-10-30 22:51:56 . 2011-04-22 10:13:14 59728 ----a-w- C:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51:55 . 2011-04-22 10:13:17 370288 ----a-w- C:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51:55 . 2011-04-22 10:13:14 984144 ----a-w- C:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51:55 . 2011-04-22 10:13:12 71600 ----a-w- C:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51:53 . 2011-04-22 10:13:18 25232 ----a-w- C:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51:07 . 2011-04-22 10:12:26 41224 ----a-w- C:\windows\avastSS.scr
2012-10-30 22:50:59 . 2011-04-22 10:12:26 227648 ----a-w- C:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50:30 . 2011-04-22 10:13:12 285328 ----a-w- C:\windows\system32\aswBoot.exe


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))


*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90283CE0-6C4B-1EF0-5248-B5DD24CA3850}]
2013-01-17 08:53:13 118784 ----a-w- C:\ProgramData\SaveByclick\50f7bbf966b87.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"="C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe" [2010-02-10 02:01:14 1712184]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 14:07:20 2260480]
"GoogleDriveSync"="C:\Program Files (x86)\Google\Drive\googledrivesync.exe" [2012-12-17 18:50:28 16328976]
"GoogleChromeAutoLaunch_FF46A31E74098BEBB8626DB345599EF9"="C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-08 00:06:24 1248360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"File Sanitizer"="C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 18:17:28 11266048]
"estar"="C:\System.Sav\Util\HideDOS.EXE" [2006-11-28 22:26:40 77824]
"avast"="C:\Program Files\AVAST Software\Avast\avastUI.exe" [2012-10-30 22:50:59 4297136]
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 17:36:46 30040]
"QLBController"="C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe" [2011-07-06 17:17:46 323128]
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe" [2011-10-24 12:28:52 421888]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 05:22:28 59240]
"IFXSPMGT"="C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2010-02-24 06:56:12 1160480]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-09-17 11:41:54 254896]
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 02:03:04 641704]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 07:35:28 946352]
"HTC Sync Loader"="C:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-05-29 08:06:00 655360]

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=C:\PROGRA~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 18:15:22 103992]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 13:57:34 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 18:12:00 103992]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 13:08:23 45736]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-07-02 08:35:28 218624]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\windows\system32\vcsFPService.exe [2010-02-18 12:52:30 2045232]
R3 BBSvc;Bing Bar Update Service;C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 10:14:30 183560]
R3 cpuz135;cpuz135;C:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 DAMDrv;DAMDrv;C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 20:37:52 40760]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;C:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-02 08:35:36 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;C:\windows\system32\DRIVERS\ewusbwwan.sys [2012-07-02 08:35:36 421376]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 09:10:02 3276800]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 18:36:10 362040]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-22 16:34:53 1436424]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-10-24 08:01:14 30192]
R3 HTCAND64;HTC Device Driver;C:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 17:16:50 33736]
R3 htcnprot;HTC NDIS Protocol Driver;C:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 14:08:10 36928]
R3 RoxMediaDB10;RoxMediaDB10;c:\Program Files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 18:08:10 1120752]
R3 RTCore64;RTCore64;C:\Users\nexter\Desktop\rmclock_235_bin\RTCore64.sys [x]
R3 SBSDWSCService;SBSD Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 13:31:10 1153368]
R3 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-06-07 17:12:14 160944]
R3 SolutoRemoteService;Soluto Remote Service;C:\Program Files\Soluto\SolutoRemoteService.exe [2012-12-20 18:27:04 1246344]
R3 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 11:47:20 3027840]
R3 TsUsbFlt;TsUsbFlt;C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;C:\windows\system32\Wat\WatAdminSvc.exe [2011-04-23 14:48:03 1255736]
S0 PxHlpa64;PxHlpa64;C:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 19:44:12 55856]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 Soluto;Soluto;C:\windows\system32\DRIVERS\Soluto.sys [2012-12-20 18:19:42 54728]
S0 sptd;sptd;C:\windows\System32\Drivers\sptd.sys [2011-04-22 12:44:27 834544]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;C:\windows\System32\drivers\psd.sys [2010-01-26 03:06:06 44576]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 23:38:36 277032]
S2 AESTFilters;Andrea ST Filters Service;C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 10:42:58 89600]
S2 AMD External Events Utility;AMD External Events Utility;C:\windows\system32\atiesrxx.exe [2012-07-04 06:20:54 238080]
S2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 00:36:06 361984]
S2 AODDriver4.1;AODDriver4.1;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 15:04:30 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;C:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 22:51:55 71600]
S2 Fabs;FABS - Helping agent for MAGIX media database;C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 15:09:10 1253376]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 00:37:08 36864]
S2 HPDayStarterService;HP DayStarter Service;c:\Program Files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-03-25 14:02:02 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 16:06:50 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 00:09:48 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 18:17:10 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-07-06 17:20:10 1698360]
S2 hpsrv;HP Service;C:\windows\system32\Hpservice.exe [2011-05-13 16:58:10 30520]
S2 HWDeviceService64.exe;HWDeviceService64.exe;C:\ProgramData\DatacardService\HWDeviceService64.exe [2010-11-16 13:38:16 339456]
S2 lxec_device;lxec_device;C:\windows\system32\lxeccoms.exe [2010-04-14 13:08:30 1052328]
S2 PassThru Service;Internet Pass-Through Service;C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 12:25:24 87040]
S2 rimspci;rimspci;C:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 12:52:00 61952]
S2 risdpcie;risdpcie;C:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 15:54:00 79360]
S2 rixdpcie;rixdpcie;C:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 12:32:06 55808]
S2 SolutoLauncherService;Soluto Launcher Service;C:\Program Files\Soluto\SolutoLauncherService.exe [2012-12-20 18:34:28 183432]
S2 SolutoService;Soluto PCGenome Core Service;C:\Program Files\Soluto\SolutoService.exe [2012-12-20 18:34:26 542344]
S3 amdiox64;AMD IO Driver;C:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 08:18:24 46136]
S3 btwl2cap;Bluetooth L2CAP Service;C:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 18:22:40 35104]
S3 cpuz136;cpuz136;C:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 DEBridge;DEBridge;c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 00:05:52 704512]
S3 huawei_enumerator;huawei_enumerator;C:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-07-02 08:35:36 86016]
S3 rtsuvc;HP Webcam [2 MP Fixed];C:\windows\system32\DRIVERS\rtsuvc.sys [2010-01-30 05:46:04 89344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;C:\windows\system32\DRIVERS\yk62x64.sys [2010-01-08 10:23:00 395776]


--- Other Services/Drivers In Memory ---

*NewlyCreated* - WS2IFSL

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29:54 451872 ----a-w- C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 12:42:42 1606760 ----a-w- C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe

Contents of the 'Scheduled Tasks' folder

2013-01-22 C:\windows\Tasks\Adobe Flash Player Updater.job
- C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-01 11:12:06 . 2013-01-09 11:04:29]

2013-01-22 C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 05:32:08 . 2011-09-22 05:32:04]

2013-01-22 C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-09-22 05:32:08 . 2011-09-22 05:32:04]

2013-01-15 C:\windows\Tasks\HPCeeScheduleFornexter.job
- C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2010-01-05 10:53:14 . 2010-01-05 10:53:14]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50:24 133400 ----a-w- C:\Program Files\AVAST Software\Avast\ashShA64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50:30 755816 ----a-w- C:\Program Files (x86)\Google\Drive\googledrivesync64.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 18:15:28 1691192]
"HPWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 18:11:54 8192]
"acevents"="C:\Program Files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 23:38:32 196648]
"accrdsub"="C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 23:36:22 483880]
"CNAP2 Launcher"="C:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2009-04-22 15:00:00 116128]
"lxecmon.exe"="C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 17:47:42 770728]
"EzPrint"="C:\Program Files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 17:47:44 148280]
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe" [2010-03-17 12:48:42 487424]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2011-07-07 19:30:38 2174760]
"Soluto"="c:\program files\soluto\soluto.exe" [2012-12-20 18:34:24 1229448]

------- Supplementary Scan -------

uStart Page = about:blank
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
IE: Download with &Media Finder
IE: E&xportovať do programu Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\nexter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Prevést cíl vazby do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\PROGRA~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - C:\PROGRA~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\PROGRA~2\PCTRAN~1\webie.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 195.168.1.2 195.168.1.4
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: 2013-01-17 09:53; 50f7bbf9669f7@50f7bbf966a2f.com; C:\Users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\extensions\50f7bbf9669f7@50f7bbf966a2f.com

- - - - ORPHANS REMOVED - - - -

Wow6432Node-HKCU-Run-RESTART_STICKY_NOTES - C:\Windows\System32\StikyNot.exe


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 16:44

Rkill 2.4.6 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 01/22/2013 04:44:14 PM in x64 mode.
Windows Version: Windows 7 Professional Service Pack 1

Checking for Windows services to stop:

* No malware services found to stop.

Checking for processes to terminate:

* C:\ProgramData\DatacardService\HWDeviceService64.exe (PID: 2992) [AU-HEUR]
* C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe (PID: 752) [AU-HEUR]

2 proccesses terminated!

Checking Registry for malware related settings:

* No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

* No issues found.

Checking Windows Service Integrity:

* No issues found.

Searching for Missing Digital Signatures:

* No issues found.

Checking HOSTS File:

* HOSTS file entries found:

127.0.0.1 localhost

Program finished at: 01/22/2013 04:44:30 PM
Execution time: 0 hours(s), 0 minute(s), and 16 seconds(s)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 16:52

kde je zvyšok combofixu a neodinštaloval si spybot


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 18:42

uz som ho odinstaloval ale viac v combofixe nie je....


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 19:22

nezrušil si ho predčasne náhodou


Keď nemáš combofix tak ho presuň na plochu
Spusť poznámkový blok
skopíruj script do poznámkového bloku

Kód:
killall::
folder::
C:\Program Files (x86)\ESET
C:\Program Files (x86)\SaveByClick
C:\ProgramData\SaveByclick
C:\ProgramData\Spybot - Search & Destroy
C:\Program Files\IObit
C:\Program Files (x86)\Spybot - Search & Destroy
dds::
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
IE: Free YouTube to MP3 Converter - C:\Users\nexter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Download with &Media Finder

registry::
[-HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{90283CE0-6C4B-1EF0-5248-B5DD24CA3850}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPAdvisorDock"=-
"SpybotSD TeaTimer"=-
"GoogleDriveSync"=-
"GoogleChromeAutoLaunch_FF46A31E74098BEBB8626DB345599EF9"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"GrooveMonitor"=-
"QLBController"=-
"QuickTime Task"=-
"APSDaemon"=-
"SunJavaUpdateSched"=-
"Adobe ARM"=-

driver::
cpuz135
SBSDWSCService
cpuz136
SkypeUpdate
gupdate
gupdatem
file::
C:\windows\TEMP\cpuz136\cpuz136_x64.sys
C:\windows\TEMP\cpuz135\cpuz135_x64.sys
C:\windows\Tasks\HPCeeScheduleFornexter.job
C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
C:\windows\Tasks\Adobe Flash Player Updater.job
C:\windows\Tasks\GoogleUpdateTaskMachineCore.job


clearjavacache::
reboot::


Ulož vytvorený TXT súbor ako CFScript
Pretiahni cfscript cez combofix aplikuje sa script
Po aplikovaný scriptu a možnom reštarte pc vlož log sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 22.01.2013 20:47

ComboFix 13-01-22.01 - nexter . 01. 2013 20:22:24.2.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3830.1532 [GMT 1:00]
Running from: c:\users\nexter\Desktop\ComboFix.exe
Command switches used :: c:\users\nexter\Desktop\CFScript.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\windows\Tasks\Adobe Flash Player Updater.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\Tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\Tasks\HPCeeScheduleFornexter.job"
"c:\windows\TEMP\cpuz135\cpuz135_x64.sys"
"c:\windows\TEMP\cpuz136\cpuz136_x64.sys"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ESET
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiA.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW.dll
c:\program files (x86)\ESET\ESET Online Scanner\esets_apiW_a.dll
c:\program files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\log.txt
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\http_update.eset.com\update.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\lastupd.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod043C.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod074D.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod09D3.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod10E1.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod2375.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod263D.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod34C4.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod386D.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod38B0.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod3A1C.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod439D.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod440E.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5271.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod53D8.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5492.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod5687.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod61A6.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod6E2C.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7596.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod77CC.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod78A7.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7D68.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7F1C.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7F47.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\nod7FDC.nup
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\temp\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\data\updfiles\upd.ver
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em000_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em001_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em002_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em003_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em004_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em005_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em006_64.dat
c:\program files (x86)\ESET\ESET Online Scanner\Modules\em023_32.dat
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScannerA.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.cab
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.inf
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScanner64.ocx
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerLang.dll
c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
c:\program files (x86)\ESET\ESET Online Scanner\unicows.dll
c:\program files (x86)\SaveByClick
c:\program files (x86)\SaveByClick\sprotector.dll
c:\program files (x86)\SaveByClick\uninstall.exe
c:\program files (x86)\Spybot - Search & Destroy
c:\program files (x86)\Spybot - Search & Destroy\advcheck.dll
c:\program files (x86)\Spybot - Search & Destroy\Help\Slovensky.Resident.chm
c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe
c:\programdata\SaveByclick
c:\programdata\SaveByclick\50f7bbf966b87.dll
c:\programdata\SaveByclick\50f7bbf966b87.tlb
c:\programdata\SaveByclick\settings.ini
c:\programdata\SaveByclick\uninstall.exe
c:\programdata\Spybot - Search & Destroy
c:\programdata\Spybot - Search & Destroy\Logs\Resident.log
c:\programdata\Spybot - Search & Destroy\ProcCache.sbc
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar100.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar28.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar29.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar30.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar31.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar32.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar33.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar34.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar35.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar36.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar37.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar38.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar39.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar40.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar41.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar42.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar43.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar44.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar45.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar46.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar47.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar48.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar49.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar50.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar51.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar52.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar53.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar54.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar55.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar56.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar57.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar58.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar59.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar60.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar61.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar62.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar63.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar64.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar65.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar66.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar67.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar68.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar69.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar70.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar71.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar72.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar73.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar74.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar75.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar76.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar77.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar78.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar79.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar80.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar81.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar82.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar83.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar84.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar85.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar86.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar87.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar88.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar89.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar90.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar91.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar92.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar93.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar94.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar95.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar96.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar97.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar98.zip
c:\programdata\Spybot - Search & Destroy\Recovery\BabylonToolbar99.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\FacebookMessenger9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\iCrossRider.zip
c:\programdata\Spybot - Search & Destroy\Recovery\iCrossRider1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\iCrossRider2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\iCrossRider3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\iCrossRider4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\iCrossRider5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\iCrossRider6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\IWantThis.zip
c:\programdata\Spybot - Search & Destroy\Recovery\IWantThis1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\IWantThis2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\Overview.ini
c:\programdata\Spybot - Search & Destroy\Recovery\PCPerformer.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar28.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar29.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar30.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar31.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar32.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar33.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar34.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar35.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar36.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar37.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar38.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar39.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar40.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar41.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WidgiToolbar9.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinUrFacebho.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinUrFacebho1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\WinUrFacebho2.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage1.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage10.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage11.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage12.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage13.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage14.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage15.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage16.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage17.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage18.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage19.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage20.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage21.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage22.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage23.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage24.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage25.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage26.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage27.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage3.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage4.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage5.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage6.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage7.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage8.zip
c:\programdata\Spybot - Search & Destroy\Recovery\YontooPagerage9.zip
C:\Thumbs.db
c:\users\nexter\AppData\Local\Temp\_MEI40762\_ctypes.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\_elementtree.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\_hashlib.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\_socket.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\_ssl.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\pyexpat.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\pysqlite2._sqlite.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\python26.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\pythoncom26.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\PyWinTypes26.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\select.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\unicodedata.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32api.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32com.shell.shell.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32crypt.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32event.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32file.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32inet.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32pdh.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32process.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32profile.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32security.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\win32ts.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\windows._cacheinvalidation.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wx._controls_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wx._core_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wx._gdi_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wx._html2.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wx._misc_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wx._windows_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wx._wizard.pyd
c:\users\nexter\AppData\Local\Temp\_MEI40762\wxbase293u_net_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\wxbase293u_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\wxmsw293u_adv_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\wxmsw293u_core_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\wxmsw293u_html_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI40762\wxmsw293u_webview_vc.dll
c:\users\nexter\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
c:\windows\Tasks\Adobe Flash Player Updater.job
c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
c:\windows\Tasks\HPCeeScheduleFornexter.job
c:\windows\wininit.ini
.
---- Previous Run -------
.
c:\users\nexter\AppData\Local\Temp\_MEI42082\_ctypes.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\_elementtree.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\_hashlib.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\_socket.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\_ssl.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\pyexpat.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\pysqlite2._sqlite.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\python26.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\pythoncom26.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\PyWinTypes26.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\select.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\unicodedata.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32api.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32com.shell.shell.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32crypt.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32event.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32file.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32inet.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32pdh.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32process.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32profile.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32security.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\win32ts.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\windows._cacheinvalidation.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wx._controls_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wx._core_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wx._gdi_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wx._html2.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wx._misc_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wx._windows_.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wx._wizard.pyd
c:\users\nexter\AppData\Local\Temp\_MEI42082\wxbase293u_net_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\wxbase293u_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_adv_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_core_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_html_vc.dll
c:\users\nexter\AppData\Local\Temp\_MEI42082\wxmsw293u_webview_vc.dll
c:\windows\SysWow64\pt\DPCont32.dll.mui
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ135
-------\Legacy_CPUZ136
-------\Service_cpuz135
-------\Service_cpuz136
-------\Service_gupdate
-------\Service_gupdatem
-------\Service_SkypeUpdate
.
.
((((((((((((((((((((((((( Files Created from 2012-12-22 to 2013-01-22 )))))))))))))))))))))))))))))))
.
.
2013-01-22 14:19 . 2013-01-22 14:19 -------- d-----w- c:\users\nexter\AppData\Roaming\Roxio Log Files
2013-01-22 14:16 . 2013-01-22 14:16 -------- d-----w- c:\programdata\PDF Architect
2013-01-22 13:26 . 2013-01-22 13:26 -------- d-----w- c:\program files\trend micro
2013-01-22 13:26 . 2013-01-22 13:27 -------- d-----w- C:\rsit
2013-01-22 10:58 . 2013-01-22 10:58 388096 ----a-r- c:\users\nexter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-22 10:14 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5FF14EC-2A3F-4781-9A55-3C9DC6C1B132}\mpengine.dll
2013-01-21 06:16 . 2013-01-21 06:16 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-01-17 08:45 . 2013-01-17 08:45 -------- d-----w- c:\users\nexter\AppData\Roaming\PDF Architect
2013-01-17 08:32 . 2013-01-17 08:32 -------- d-----w- c:\programdata\Cloud Software LTD
2013-01-17 08:29 . 2012-05-05 09:54 137000 ----a-w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-17 08:29 . 2013-01-11 10:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-17 08:29 . 2013-01-17 08:29 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-17 08:29 . 2012-05-05 09:54 23552 ----a-w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-14 07:05 . 2013-01-14 07:05 -------- d-----w- c:\users\nexter\AppData\Local\Programs
2013-01-09 18:00 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 18:00 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 17:58 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 17:57 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 17:57 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 08:47 . 2013-01-04 08:47 -------- d-----w- c:\users\nexter\AppData\Local\Finančné_riaditeľstvo_SR_-_Sekcia_daňová
2013-01-03 13:57 . 2013-01-22 19:18 -------- d-s---w- c:\users\nexter\Disk Google
2012-12-27 06:19 . 2012-12-27 06:19 -------- d-----w- c:\program files\Soluto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:11 . 2011-04-26 06:45 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 11:04 . 2012-05-01 11:12 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 11:04 . 2011-08-23 05:57 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 19:22 . 2012-12-22 19:22 25616 ----a-w- c:\windows\system32\drivers\bizVSerialNT.sys
2012-12-20 18:19 . 2011-10-21 06:42 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-12-16 17:11 . 2012-12-23 16:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 16:10 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:10 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 17:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 20:13 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 20:13 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 20:14 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 20:14 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 20:13 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 20:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 20:14 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 20:13 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 20:13 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 20:13 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 20:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 20:13 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 20:13 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 20:14 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 20:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 20:14 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 20:13 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 06:37 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 06:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-02 05:59 . 2012-12-12 06:35 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 06:35 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-31 16:05 . 2012-10-31 16:05 368912 ----a-w- c:\windows\SysWow64\VBAR332.DLL
2012-10-31 16:05 . 2012-10-31 16:05 252176 ----a-w- c:\windows\SysWow64\MSRD2X35.DLL
2012-10-31 16:05 . 2012-10-31 16:05 24848 ----a-w- c:\windows\SysWow64\MSJTER35.DLL
2012-10-31 16:05 . 2012-10-31 16:05 123664 ----a-w- c:\windows\SysWow64\MSJINT35.DLL
2012-10-31 16:05 . 2012-10-31 16:05 1045776 ----a-w- c:\windows\SysWow64\MSJET35.DLL
2012-10-30 22:51 . 2011-04-22 10:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-04-22 10:13 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-04-22 10:13 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-04-22 10:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-04-22 10:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-04-22 10:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-04-22 10:12 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-04-22 10:13 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"estar"="c:\system.sav\Util\HideDOS.EXE" [2006-11-28 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2010-02-24 1160480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-07-02 218624]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-04-01 183560]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-02 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-07-02 421376]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-22 1436424]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-10-24 30192]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 RoxMediaDB10;RoxMediaDB10;c:\program files (x86)\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-11-23 1120752]
R3 RTCore64;RTCore64;c:\users\nexter\Desktop\rmclock_235_bin\RTCore64.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [2012-12-20 1246344]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-23 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-12-20 54728]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-22 834544]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2010-01-26 44576]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S2 HPDayStarterService;HP DayStarter Service;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-03-25 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-07-06 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2012-12-20 183432]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-12-20 542344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-07-02 86016]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-01-30 05:46 89344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-01-08 395776]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 12:42 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2009-04-22 116128]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 148280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-07-07 2174760]
"Soluto"="c:\program files\soluto\soluto.exe" [2012-12-20 1229448]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
IE: Download with &Media Finder
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Prevést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~2\PCTRAN~1\webie.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 192.168.0.1
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: 2013-01-17 09:53; 50f7bbf9669f7@50f7bbf966a2f.com; c:\users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\extensions\50f7bbf9669f7@50f7bbf966a2f.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{90283CE0-6C4B-1EF0-5248-B5DD24CA3850} - c:\programdata\SaveByclick\50f7bbf966b87.dll
AddRemove-ESET Online Scanner - c:\program files (x86)\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
AddRemove-SP_661c9f97 - c:\program files (x86)\SaveByClick\uninstall.exe
AddRemove-{26B5A6D1-1F75-3B59-5825-E4D4CAE3445D} - c:\programdata\SaveByclick\uninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\x64\3\CNABBSWK.EXE
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Completion time: 2013-01-22 20:44:42 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-22 19:44
.
Pre-Run: 127 959 142 400 bytes free
Post-Run: 127 402 135 552 bytes free
.
- - End Of File - - CDB135A6E88B70DEB485C0C695CAC6A1


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 22.01.2013 21:00

Keď nemáš combofix tak ho presuň na plochu
Spusť poznámkový blok
skopíruj script do poznámkového bloku
Kód:
killall::

dds::
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www

reglock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
Replicator::
reboot::


Ulož vytvorený TXT súbor ako CFScript
Pretiahni cfscript cez combofix aplikuje sa script
Po aplikovaný scriptu a možnom reštarte pc vlož log sem

Stiahni si MBAM z http://www.techspot.com/downloads/4716- ... lware.html nainštaluj spusť daj plnu kontrolu predom nič nemaž pošli vypis z protokolov


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 23.01.2013 7:27

Malwarebytes Anti-Malware (Skúšobná verzia) 1.70.0.1100
http://www.malwarebytes.org

Verzia databázy: v2013.01.22.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
nexter :: SOHLER [administrátor]

Ochrana: Zapnuté

22. 1. 2013 21:19:16
MBAM-log-2013-01-23 (05-49-36).txt

Typ kontroly: Úplná kontrola (C:\|)
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 616240
Uplynutý čas: 2 hod, 6 min, 5 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 5
C:\1_Home\Zaloha\OLD PC AMD ATHLON 1800+\D\Instal\download\_apps\winamp\keygen.exe (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.
C:\1_Home\Zaloha\OLD PC AMD ATHLON 1800+\D\Instal\download\_video\_videotools\Rip\Power Ripper 1.65\powerip.exe (Backdoor.Bot) -> Žiadna úloha nevykonaná.
C:\1_Home\Zaloha\OLD PC AMD ATHLON 1800+\D\NET\system\Windows_XP_Keygen_Key_Change_(http://WWW.CRACK-LOCATOR.ORG)\XP KeyGen\XP Keygen.exe (Trojan.Downloader) -> Žiadna úloha nevykonaná.
C:\1_Home\Zaloha\OLD PC AMD ATHLON 1800+\Documents and Settings\nexter\Desktop\FlashCatcher(2).exe.part (Trojan.P2P.Dropper) -> Žiadna úloha nevykonaná.
C:\Users\nexter\Desktop\Keygen Autodesk 2011 x64.exe (RiskWare.Tool.CK) -> Žiadna úloha nevykonaná.

(koniec)


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 23.01.2013 9:43

V MBAM daj všetko odstrániť čakám na combofix


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 23.01.2013 12:25

to so zmazal hned ako som videl vysledky aj ked si nemyslim ze to mohlo byt z toho lebo to tam bolo dlhsie. Tu je combofix:

ComboFix 13-01-22.01 - nexter . 01. 2013 11:48:23.3.3 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.421.1051.18.3830.1775 [GMT 1:00]
Running from: c:\users\nexter\Desktop\ComboFix.exe
Command switches used :: c:\users\nexter\Desktop\CFScript.txt.txt
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infected copy of c:\windows\SysWow64\userinit.exe was found and disinfected
Restored copy from - c:\combofix\HarddiskVolumeShadowCopy6_!Windows!SysWOW64!userinit.exe
.
.
((((((((((((((((((((((((( Files Created from 2012-12-23 to 2013-01-23 )))))))))))))))))))))))))))))))
.
.
2013-01-23 10:59 . 2013-01-23 10:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-22 20:09 . 2013-01-22 20:09 -------- d-----w- c:\users\nexter\AppData\Roaming\Malwarebytes
2013-01-22 20:08 . 2013-01-22 20:08 -------- d-----w- c:\programdata\Malwarebytes
2013-01-22 20:08 . 2013-01-22 20:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-22 20:08 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-22 14:19 . 2013-01-22 14:19 -------- d-----w- c:\users\nexter\AppData\Roaming\Roxio Log Files
2013-01-22 14:16 . 2013-01-22 14:16 -------- d-----w- c:\programdata\PDF Architect
2013-01-22 13:26 . 2013-01-22 13:26 -------- d-----w- c:\program files\trend micro
2013-01-22 13:26 . 2013-01-22 13:27 -------- d-----w- C:\rsit
2013-01-22 10:58 . 2013-01-22 10:58 388096 ----a-r- c:\users\nexter\AppData\Roaming\Microsoft\Installer\{45A66726-69BC-466B-A7A4-12FCBA4883D7}\HiJackThis.exe
2013-01-22 10:14 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B5FF14EC-2A3F-4781-9A55-3C9DC6C1B132}\mpengine.dll
2013-01-21 06:16 . 2013-01-21 06:16 -------- d-----w- c:\users\Default\AppData\Local\Google
2013-01-17 08:45 . 2013-01-17 08:45 -------- d-----w- c:\users\nexter\AppData\Roaming\PDF Architect
2013-01-17 08:32 . 2013-01-17 08:32 -------- d-----w- c:\programdata\Cloud Software LTD
2013-01-17 08:29 . 2012-05-05 09:54 137000 ------w- c:\windows\SysWow64\MSMAPI32.OCX
2013-01-17 08:29 . 2013-01-11 10:39 103936 ----a-w- c:\windows\system32\pdfcmon.dll
2013-01-17 08:29 . 2013-01-17 08:29 -------- d-----w- c:\program files (x86)\PDFCreator
2013-01-17 08:29 . 2012-05-05 09:54 23552 ------w- c:\windows\SysWow64\MSMPIDE.DLL
2013-01-14 07:05 . 2013-01-14 07:05 -------- d-----w- c:\users\nexter\AppData\Local\Programs
2013-01-09 18:00 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 18:00 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 17:58 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2013-01-09 17:57 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 17:57 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2013-01-04 08:47 . 2013-01-04 08:47 -------- d-----w- c:\users\nexter\AppData\Local\Finančné_riaditeľstvo_SR_-_Sekcia_daňová
2013-01-03 13:57 . 2013-01-22 19:18 -------- d-s---w- c:\users\nexter\Disk Google
2012-12-27 06:19 . 2012-12-27 06:19 -------- d-----w- c:\program files\Soluto
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 21:11 . 2011-04-26 06:45 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 11:04 . 2012-05-01 11:12 697864 ------w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 11:04 . 2011-08-23 05:57 74248 ------w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-22 19:22 . 2012-12-22 19:22 25616 ----a-w- c:\windows\system32\drivers\bizVSerialNT.sys
2012-12-20 18:19 . 2011-10-21 06:42 54728 ----a-w- c:\windows\system32\drivers\Soluto.sys
2012-12-16 17:11 . 2012-12-23 16:10 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 16:10 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:10 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 16:10 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-09 17:58 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-14 07:06 . 2012-12-12 20:13 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 20:13 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 20:14 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 20:14 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 20:13 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 20:14 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 20:14 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 20:13 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 20:13 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 20:13 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 20:14 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 20:13 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 20:13 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 20:14 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 20:14 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 20:14 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 20:13 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 20:14 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 20:13 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 20:14 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 20:14 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 20:14 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 06:37 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 06:37 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ------w- c:\windows\SysWow64\msxml4.dll
2012-11-02 05:59 . 2012-12-12 06:35 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 06:35 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-31 16:05 . 2012-10-31 16:05 368912 ------w- c:\windows\SysWow64\VBAR332.DLL
2012-10-31 16:05 . 2012-10-31 16:05 252176 ------w- c:\windows\SysWow64\MSRD2X35.DLL
2012-10-31 16:05 . 2012-10-31 16:05 24848 ------w- c:\windows\SysWow64\MSJTER35.DLL
2012-10-31 16:05 . 2012-10-31 16:05 123664 ------w- c:\windows\SysWow64\MSJINT35.DLL
2012-10-31 16:05 . 2012-10-31 16:05 1045776 ------w- c:\windows\SysWow64\MSJET35.DLL
2012-10-30 22:51 . 2011-04-22 10:13 59728 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2012-10-30 22:51 . 2011-04-22 10:13 370288 ----a-w- c:\windows\system32\drivers\aswSP.sys
2012-10-30 22:51 . 2011-04-22 10:13 984144 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2012-10-30 22:51 . 2011-04-22 10:13 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-10-30 22:51 . 2011-04-22 10:13 25232 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2012-10-30 22:51 . 2011-04-22 10:12 41224 ----a-w- c:\windows\avastSS.scr
2012-10-30 22:50 . 2011-04-22 10:12 227648 ------w- c:\windows\SysWow64\aswBoot.exe
2012-10-30 22:50 . 2011-04-22 10:13 285328 ----a-w- c:\windows\system32\aswBoot.exe
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RESTART_STICKY_NOTES"="c:\windows\System32\StikyNot.exe" [BU]
"GoogleChromeAutoLaunch_FF46A31E74098BEBB8626DB345599EF9"="c:\program files (x86)\Google\Chrome\Application\chrome.exe" [2013-01-08 1248360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"File Sanitizer"="c:\program files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe" [2010-01-19 11266048]
"estar"="c:\system.sav\Util\HideDOS.EXE" [2006-11-28 77824]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"IFXSPMGT"="c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe" [2010-02-24 1160480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-05-29 655360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2009-12-29 1082656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\progra~2\Google\GOOGLE~3\GoogleDesktopNetwork3.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SolutoService]
@="Service"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 lxecCATSCustConnectService;lxecCATSCustConnectService;c:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe [2010-04-14 45736]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files (x86)\Mobile Partner\UpdateDog\ouc.exe [2012-07-02 218624]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-07-02 117248]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-07-02 421376]
R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe [2008-08-07 3276800]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2011-04-22 1436424]
R3 GoogleDesktopManager-051210-111108;Google Desktop Manager 5.9.1005.12335;c:\program files (x86)\Google\Google Desktop Search\GoogleDesktop.exe [2012-10-24 30192]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-01 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 RTCore64;RTCore64;c:\users\nexter\Desktop\rmclock_235_bin\RTCore64.sys [x]
R3 SolutoRemoteService;Soluto Remote Service;c:\program files\Soluto\SolutoRemoteService.exe [2012-12-20 1246344]
R3 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [2011-04-23 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-03-04 55856]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S0 Soluto;Soluto;c:\windows\system32\DRIVERS\Soluto.sys [2012-12-20 54728]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2011-04-22 834544]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 PersonalSecureDrive;PersonalSecureDrive;c:\windows\System32\drivers\psd.sys [2010-01-26 44576]
S1 RsvLock;RsvLock; [x]
S2 ac.sharedstore;ActivIdentity Shared Store Service;c:\program files\Common Files\ActivIdentity\ac.sharedstore.exe [2009-06-03 277032]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-07-04 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-03-05 53888]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe [2009-08-27 1253376]
S2 HP Power Assistant Service;HP Power Assistant Service;c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe [2010-04-05 103992]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-03-17 36864]
S2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-04-05 103992]
S2 HPDayStarterService;HP DayStarter Service;c:\program files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe [2010-03-25 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-09-01 227896]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-02-02 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2011-07-06 1698360]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [2010-11-16 339456]
S2 lxec_device;lxec_device;c:\windows\system32\lxeccoms.exe [2010-04-14 1052328]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 rimspci;rimspci;c:\windows\system32\DRIVERS\rimspe64.sys [2009-10-26 61952]
S2 risdpcie;risdpcie;c:\windows\system32\DRIVERS\risdpe64.sys [2009-10-28 79360]
S2 rixdpcie;rixdpcie;c:\windows\system32\DRIVERS\rixdpe64.sys [2009-12-11 55808]
S2 SolutoLauncherService;Soluto Launcher Service;c:\program files\Soluto\SolutoLauncherService.exe [2012-12-20 183432]
S2 SolutoService;Soluto PCGenome Core Service;c:\program files\Soluto\SolutoService.exe [2012-12-20 542344]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-01-07 35104]
S3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-02-02 704512]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-07-02 86016]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
S3 rtsuvc;HP Webcam [2 MP Fixed];c:\windows\system32\DRIVERS\rtsuvc.sys [2010-01-30 05:46 89344]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2010-01-08 395776]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 10:29 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 12:42 1606760 ----a-w- c:\program files (x86)\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveBlacklistedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSharedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D43}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncedOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\GDriveSyncingOverlay]
@="{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}"
[HKEY_CLASSES_ROOT\CLSID\{81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41}]
2012-12-17 18:50 755816 ----a-w- c:\program files (x86)\Google\Drive\googledrivesync64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPPowerAssistant"="c:\program files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe" [2010-04-05 1691192]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-04-05 8192]
"acevents"="c:\program files\ActivIdentity\ActivClient\acevents.exe" [2009-06-03 196648]
"accrdsub"="c:\program files\ActivIdentity\ActivClient\accrdsub.exe" [2009-06-03 483880]
"CNAP2 Launcher"="c:\windows\system32\spool\DRIVERS\x64\3\CNAP2LAK.EXE" [2009-04-22 116128]
"lxecmon.exe"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\lxecmon.exe" [2011-01-23 770728]
"EzPrint"="c:\program files (x86)\Lexmark Pro800-Pro900 Series\ezprint.exe" [2011-01-23 148280]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-17 487424]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2011-07-07 2174760]
"Soluto"="c:\program files\soluto\soluto.exe" [2012-12-20 1229448]
.
------- Supplementary Scan -------
.
uStart Page = about:blank
mDefault_Page_URL = hxxp://www.bing.com
mStart Page = hxxp://www.bing.com
IE: Download with &Media Finder
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Prevést cíl vazby do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Prevést cíl vazby do existujícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Prevést do Adobe PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Pridat do stávajícího PDF - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\progra~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748451} - {CC963627-B1DC-40E0-B52A-CF21EE748451} - c:\progra~2\PCTRAN~1\webie.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\progra~2\PCTRAN~1\webie.dll
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 195.168.1.2 195.168.1.4
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.startup.homepage - www.google.sk
FF - ExtSQL: 2013-01-17 09:53; 50f7bbf9669f7@50f7bbf966a2f.com; c:\users\nexter\AppData\Roaming\Mozilla\Firefox\Profiles\11kw2nld.default\extensions\50f7bbf9669f7@50f7bbf966a2f.com
.
- - - - ORPHANS REMOVED - - - -
.
BHO-{90283CE0-6C4B-1EF0-5248-B5DD24CA3850} - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\programdata\Mobile Partner\OnlineUpdate\ouc.exe
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\windows\system32\spool\DRIVERS\x64\3\CNAP2RPK.EXE
c:\windows\system32\spool\DRIVERS\x64\3\CNABBSWK.EXE
c:\program files (x86)\Hewlett-Packard\Embedded Security Software\PSDrt.exe
c:\program files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
.
**************************************************************************
.
Completion time: 2013-01-23 12:23:00 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-23 11:22
ComboFix2.txt 2013-01-22 19:44
.
Pre-Run: 129 473 019 904 bytes free
Post-Run: 129 103 589 376 bytes free
.
- - End Of File - - 3DFC4E95A4FCF338273EA62CA5506E9E


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 23.01.2013 13:45

dobre nastala nejaká zmena ?
Stiahni si tdsskiller http://support.kaspersky.com/downloads/ ... killer.exe na plochu
Spusť daj scan
C:\TDSSKiller.2.8.15.0._datum_log.txt , vlož sem celý log

vlož novy log z RSIT


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 23.01.2013 13:48

Od vcera vecera sa to zatial nestalo... tak mozno je uz pokoj... Co mi vies povedat ty z tych logov co som sem pastol, lebo ja moc do toho nevidim.....


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 23.01.2013 13:49

dobre pokračuj podľa inštrukcii


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 23.01.2013 13:57

1/2

13:48:58.0246 6512 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:48:58.0525 6512 ============================================================
13:48:58.0525 6512 Current date / time: 2013/01/23 13:48:58.0525
13:48:58.0525 6512 SystemInfo:
13:48:58.0525 6512
13:48:58.0525 6512 OS Version: 6.1.7601 ServicePack: 1.0
13:48:58.0525 6512 Product type: Workstation
13:48:58.0525 6512 ComputerName: SOHLER
13:48:58.0525 6512 UserName: nexter
13:48:58.0525 6512 Windows directory: C:\windows
13:48:58.0525 6512 System windows directory: C:\windows
13:48:58.0525 6512 Running under WOW64
13:48:58.0525 6512 Processor architecture: Intel x64
13:48:58.0525 6512 Number of processors: 3
13:48:58.0525 6512 Page size: 0x1000
13:48:58.0525 6512 Boot type: Normal boot
13:48:58.0525 6512 ============================================================
13:48:59.0676 6512 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:48:59.0676 6512 Drive \Device\Harddisk1\DR1 - Size: 0x3BA000000 (14.91 Gb), SectorSize: 0x200, Cylinders: 0x799, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
13:48:59.0686 6512 ============================================================
13:48:59.0686 6512 \Device\Harddisk0\DR0:
13:48:59.0686 6512 MBR partitions:
13:48:59.0686 6512 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
13:48:59.0686 6512 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x380EF800
13:48:59.0686 6512 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x38186000, BlocksNum 0x1E00000
13:48:59.0686 6512 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x39F86000, BlocksNum 0x3FF800
13:48:59.0686 6512 \Device\Harddisk1\DR1:
13:48:59.0686 6512 MBR partitions:
13:48:59.0686 6512 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xC, StartLBA 0x2000, BlocksNum 0x1DD0000
13:48:59.0686 6512 ============================================================
13:48:59.0716 6512 C: <-> \Device\Harddisk0\DR0\Partition2
13:48:59.0746 6512 E: <-> \Device\Harddisk0\DR0\Partition4
13:48:59.0746 6512 ============================================================
13:48:59.0746 6512 Initialize success
13:48:59.0746 6512 ============================================================
13:49:02.0996 3092 ============================================================
13:49:02.0996 3092 Scan started
13:49:02.0996 3092 Mode: Manual;
13:49:02.0996 3092 ============================================================
13:49:04.0527 3092 ================ Scan system memory ========================
13:49:04.0527 3092 System memory - ok
13:49:04.0527 3092 ================ Scan services =============================
13:49:04.0937 3092 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
13:49:04.0947 3092 1394ohci - ok
13:49:04.0997 3092 [ 5E8EFEB338DEB1F485420B090FE6C85E ] ac.sharedstore C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
13:49:04.0997 3092 ac.sharedstore - ok
13:49:05.0037 3092 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
13:49:05.0037 3092 Accelerometer - ok
13:49:05.0057 3092 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\drivers\ACPI.sys
13:49:05.0067 3092 ACPI - ok
13:49:05.0087 3092 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
13:49:05.0097 3092 AcpiPmi - ok
13:49:05.0197 3092 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:49:05.0197 3092 AdobeARMservice - ok
13:49:05.0307 3092 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:49:05.0307 3092 AdobeFlashPlayerUpdateSvc - ok
13:49:05.0347 3092 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
13:49:05.0357 3092 adp94xx - ok
13:49:05.0387 3092 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
13:49:05.0387 3092 adpahci - ok
13:49:05.0407 3092 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
13:49:05.0407 3092 adpu320 - ok
13:49:05.0437 3092 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
13:49:05.0437 3092 AeLookupSvc - ok
13:49:05.0537 3092 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\AESTSr64.exe
13:49:05.0537 3092 AESTFilters - ok
13:49:05.0567 3092 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
13:49:05.0577 3092 AFD - ok
13:49:05.0617 3092 [ B65F8DBA54F251906BBE8611B5A0E7AB ] AgereModemAudio C:\Program Files\LSI SoftModem\agr64svc.exe
13:49:05.0617 3092 AgereModemAudio - ok
13:49:05.0667 3092 [ A6AB6F0ACE87DA76B4C401813D18BE95 ] AgereSoftModem C:\windows\system32\DRIVERS\agrsm64.sys
13:49:05.0687 3092 AgereSoftModem - ok
13:49:05.0717 3092 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\drivers\agp440.sys
13:49:05.0717 3092 agp440 - ok
13:49:05.0757 3092 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
13:49:05.0757 3092 ALG - ok
13:49:05.0777 3092 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\drivers\aliide.sys
13:49:05.0777 3092 aliide - ok
13:49:05.0817 3092 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
13:49:05.0817 3092 AMD External Events Utility - ok
13:49:05.0887 3092 AMD FUEL Service - ok
13:49:05.0907 3092 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\drivers\amdide.sys
13:49:05.0907 3092 amdide - ok
13:49:05.0927 3092 [ 6A2EEB0C4133B20773BB3DD0B7B377B4 ] amdiox64 C:\windows\system32\DRIVERS\amdiox64.sys
13:49:05.0927 3092 amdiox64 - ok
13:49:05.0957 3092 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
13:49:05.0957 3092 AmdK8 - ok
13:49:06.0177 3092 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
13:49:06.0367 3092 amdkmdag - ok
13:49:06.0407 3092 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
13:49:06.0417 3092 amdkmdap - ok
13:49:06.0437 3092 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
13:49:06.0437 3092 AmdPPM - ok
13:49:06.0467 3092 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
13:49:06.0467 3092 amdsata - ok
13:49:06.0507 3092 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
13:49:06.0507 3092 amdsbs - ok
13:49:06.0527 3092 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
13:49:06.0527 3092 amdxata - ok
13:49:06.0557 3092 [ 5B25D1A753CC3A3EDB909BB759AC1098 ] AODDriver4.1 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
13:49:06.0557 3092 AODDriver4.1 - ok
13:49:06.0607 3092 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
13:49:06.0607 3092 AppID - ok
13:49:06.0647 3092 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
13:49:06.0647 3092 AppIDSvc - ok
13:49:06.0667 3092 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
13:49:06.0667 3092 Appinfo - ok
13:49:06.0687 3092 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\windows\System32\appmgmts.dll
13:49:06.0697 3092 AppMgmt - ok
13:49:06.0727 3092 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
13:49:06.0727 3092 arc - ok
13:49:06.0737 3092 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
13:49:06.0737 3092 arcsas - ok
13:49:06.0767 3092 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\windows\system32\drivers\aswFsBlk.sys
13:49:06.0767 3092 aswFsBlk - ok
13:49:06.0817 3092 [ C42D45089FD2EC63D13571362C258DC6 ] aswKbd C:\windows\system32\drivers\aswKbd.sys
13:49:06.0817 3092 aswKbd - ok
13:49:06.0847 3092 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\windows\system32\drivers\aswMonFlt.sys
13:49:06.0847 3092 aswMonFlt - ok
13:49:06.0877 3092 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\windows\System32\Drivers\aswrdr2.sys
13:49:06.0877 3092 aswRdr - ok
13:49:06.0897 3092 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\windows\system32\drivers\aswSnx.sys
13:49:06.0907 3092 aswSnx - ok
13:49:06.0937 3092 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\windows\system32\drivers\aswSP.sys
13:49:06.0947 3092 aswSP - ok
13:49:06.0957 3092 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\windows\system32\drivers\aswTdi.sys
13:49:06.0957 3092 aswTdi - ok
13:49:06.0987 3092 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
13:49:06.0987 3092 AsyncMac - ok
13:49:07.0007 3092 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\drivers\atapi.sys
13:49:07.0007 3092 atapi - ok
13:49:07.0057 3092 [ 7E2F5A758F63F80F8B03F889B4E6B19F ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
13:49:07.0057 3092 AtiHdmiService - ok
13:49:07.0077 3092 [ C07A040D6B5A42DD41EE386CF90974C8 ] AtiPcie C:\windows\system32\DRIVERS\AtiPcie.sys
13:49:07.0077 3092 AtiPcie - ok
13:49:07.0117 3092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
13:49:07.0127 3092 AudioEndpointBuilder - ok
13:49:07.0137 3092 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
13:49:07.0137 3092 AudioSrv - ok
13:49:07.0177 3092 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
13:49:07.0177 3092 avast! Antivirus - ok
13:49:07.0227 3092 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
13:49:07.0227 3092 AxInstSV - ok
13:49:07.0267 3092 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
13:49:07.0277 3092 b06bdrv - ok
13:49:07.0307 3092 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
13:49:07.0307 3092 b57nd60a - ok
13:49:07.0397 3092 [ 35756E37D5FDEE22FBF27090A14FE608 ] BCM43XX C:\windows\system32\DRIVERS\bcmwl664.sys
13:49:07.0427 3092 BCM43XX - ok
13:49:07.0447 3092 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
13:49:07.0457 3092 BDESVC - ok
13:49:07.0477 3092 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
13:49:07.0487 3092 Beep - ok
13:49:07.0527 3092 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
13:49:07.0527 3092 BFE - ok
13:49:07.0567 3092 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\system32\qmgr.dll
13:49:07.0567 3092 BITS - ok
13:49:07.0607 3092 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
13:49:07.0607 3092 blbdrive - ok
13:49:07.0627 3092 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
13:49:07.0627 3092 bowser - ok
13:49:07.0667 3092 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
13:49:07.0667 3092 BrFiltLo - ok
13:49:07.0707 3092 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
13:49:07.0707 3092 BrFiltUp - ok
13:49:07.0737 3092 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
13:49:07.0737 3092 BridgeMP - ok
13:49:07.0757 3092 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
13:49:07.0757 3092 Browser - ok
13:49:07.0777 3092 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
13:49:07.0787 3092 Brserid - ok
13:49:07.0797 3092 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
13:49:07.0797 3092 BrSerWdm - ok
13:49:07.0817 3092 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
13:49:07.0817 3092 BrUsbMdm - ok
13:49:07.0827 3092 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
13:49:07.0827 3092 BrUsbSer - ok
13:49:07.0857 3092 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
13:49:07.0857 3092 BthEnum - ok
13:49:07.0877 3092 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
13:49:07.0877 3092 BTHMODEM - ok
13:49:07.0907 3092 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
13:49:07.0907 3092 BthPan - ok
13:49:07.0937 3092 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
13:49:07.0947 3092 BTHPORT - ok
13:49:07.0967 3092 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
13:49:07.0967 3092 bthserv - ok
13:49:07.0977 3092 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
13:49:07.0987 3092 BTHUSB - ok
13:49:08.0017 3092 [ AF838D8029AE7C27470862D63FA54D24 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
13:49:08.0017 3092 btwaudio - ok
13:49:08.0047 3092 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
13:49:08.0047 3092 btwavdt - ok
13:49:08.0097 3092 [ 10FFB5FA51D5713D872B41A59DFC2213 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
13:49:08.0107 3092 btwdins - ok
13:49:08.0127 3092 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
13:49:08.0127 3092 btwl2cap - ok
13:49:08.0137 3092 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
13:49:08.0137 3092 btwrchid - ok
13:49:08.0187 3092 catchme - ok
13:49:08.0217 3092 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
13:49:08.0217 3092 cdfs - ok
13:49:08.0247 3092 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
13:49:08.0247 3092 cdrom - ok
13:49:08.0277 3092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
13:49:08.0277 3092 CertPropSvc - ok
13:49:08.0297 3092 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
13:49:08.0297 3092 circlass - ok
13:49:08.0327 3092 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
13:49:08.0337 3092 CLFS - ok
13:49:08.0387 3092 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:49:08.0387 3092 clr_optimization_v2.0.50727_32 - ok
13:49:08.0417 3092 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:49:08.0417 3092 clr_optimization_v2.0.50727_64 - ok
13:49:08.0467 3092 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:49:08.0467 3092 clr_optimization_v4.0.30319_32 - ok
13:49:08.0497 3092 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:49:08.0497 3092 clr_optimization_v4.0.30319_64 - ok
13:49:08.0537 3092 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
13:49:08.0537 3092 CmBatt - ok
13:49:08.0557 3092 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\drivers\cmdide.sys
13:49:08.0557 3092 cmdide - ok
13:49:08.0587 3092 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
13:49:08.0587 3092 CNG - ok
13:49:08.0607 3092 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
13:49:08.0607 3092 Compbatt - ok
13:49:08.0627 3092 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
13:49:08.0627 3092 CompositeBus - ok
13:49:08.0637 3092 COMSysApp - ok
13:49:08.0677 3092 cpuz136 - ok
13:49:08.0687 3092 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
13:49:08.0697 3092 crcdisk - ok
13:49:08.0737 3092 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\windows\system32\cryptsvc.dll
13:49:08.0737 3092 CryptSvc - ok
13:49:08.0767 3092 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\windows\system32\drivers\csc.sys
13:49:08.0777 3092 CSC - ok
13:49:08.0804 3092 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\windows\System32\cscsvc.dll
13:49:08.0813 3092 CscService - ok
13:49:08.0839 3092 [ A8BA4DA23AC20BDA23CA15234D42A3FA ] DAMDrv C:\windows\system32\DRIVERS\DAMDrv64.sys
13:49:08.0841 3092 DAMDrv - ok
13:49:08.0871 3092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
13:49:08.0877 3092 DcomLaunch - ok
13:49:08.0935 3092 [ E6E9610D76418357A7EC725989687CB4 ] DEBridge c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
13:49:08.0943 3092 DEBridge - ok
13:49:08.0981 3092 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
13:49:08.0986 3092 defragsvc - ok
13:49:09.0005 3092 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
13:49:09.0007 3092 DfsC - ok
13:49:09.0042 3092 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
13:49:09.0047 3092 Dhcp - ok
13:49:09.0073 3092 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
13:49:09.0074 3092 discache - ok
13:49:09.0133 3092 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
13:49:09.0135 3092 Disk - ok
13:49:09.0167 3092 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
13:49:09.0170 3092 Dnscache - ok
13:49:09.0189 3092 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
13:49:09.0194 3092 dot3svc - ok
13:49:09.0242 3092 [ 723E663FD14A7FBE4B1C8C8FDE1C406C ] DpHost c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
13:49:09.0248 3092 DpHost - ok
13:49:09.0276 3092 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
13:49:09.0280 3092 DPS - ok
13:49:09.0312 3092 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
13:49:09.0314 3092 drmkaud - ok
13:49:09.0347 3092 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
13:49:09.0358 3092 DXGKrnl - ok
13:49:09.0389 3092 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
13:49:09.0392 3092 EapHost - ok
13:49:09.0457 3092 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
13:49:09.0493 3092 ebdrv - ok
13:49:09.0525 3092 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
13:49:09.0528 3092 EFS - ok
13:49:09.0564 3092 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
13:49:09.0573 3092 ehRecvr - ok
13:49:09.0599 3092 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
13:49:09.0601 3092 ehSched - ok
13:49:09.0644 3092 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
13:49:09.0650 3092 elxstor - ok
13:49:09.0662 3092 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\drivers\errdev.sys
13:49:09.0664 3092 ErrDev - ok
13:49:09.0714 3092 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
13:49:09.0718 3092 EventSystem - ok
13:49:09.0770 3092 [ 334C907536E815E56CD13108A6D5FB9D ] ewusbmbb C:\windows\system32\DRIVERS\ewusbwwan.sys
13:49:09.0776 3092 ewusbmbb - ok
13:49:09.0815 3092 [ 86F7951BBCEE4A86E79A97306BD14318 ] ew_hwusbdev C:\windows\system32\DRIVERS\ew_hwusbdev.sys
13:49:09.0817 3092 ew_hwusbdev - ok
13:49:09.0850 3092 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
13:49:09.0853 3092 exfat - ok
13:49:09.0942 3092 Fabs - ok
13:49:09.0955 3092 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
13:49:09.0958 3092 fastfat - ok
13:49:10.0004 3092 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
13:49:10.0013 3092 Fax - ok
13:49:10.0045 3092 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
13:49:10.0046 3092 fdc - ok
13:49:10.0071 3092 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
13:49:10.0073 3092 fdPHost - ok
13:49:10.0085 3092 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
13:49:10.0088 3092 FDResPub - ok
13:49:10.0100 3092 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
13:49:10.0102 3092 FileInfo - ok
13:49:10.0110 3092 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
13:49:10.0112 3092 Filetrace - ok
13:49:10.0191 3092 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe
13:49:10.0227 3092 FirebirdServerMAGIXInstance - ok
13:49:10.0307 3092 [ 614B050875190FFE7ABBAF0CBB4FBBBA ] FLCDLOCK c:\Windows\SysWOW64\flcdlock.exe
13:49:10.0313 3092 FLCDLOCK - ok
13:49:10.0355 3092 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
13:49:10.0362 3092 FLEXnet Licensing Service - ok
13:49:10.0437 3092 [ A4297244D4F817278A6AE45B1899CA9C ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
13:49:10.0452 3092 FLEXnet Licensing Service 64 - ok
13:49:10.0471 3092 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
13:49:10.0473 3092 flpydisk - ok
13:49:10.0505 3092 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
13:49:10.0509 3092 FltMgr - ok
13:49:10.0614 3092 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
13:49:10.0628 3092 FontCache - ok
13:49:10.0675 3092 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:49:10.0677 3092 FontCache3.0.0.0 - ok
13:49:10.0708 3092 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
13:49:10.0710 3092 FsDepends - ok
13:49:10.0733 3092 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
13:49:10.0735 3092 Fs_Rec - ok
13:49:10.0763 3092 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
13:49:10.0765 3092 fvevol - ok
13:49:10.0787 3092 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
13:49:10.0789 3092 gagp30kx - ok
13:49:10.0884 3092 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files (x86)\Google\Google Desktop Search\GoogleDesktop.exe
13:49:10.0885 3092 GoogleDesktopManager-051210-111108 - ok
13:49:10.0913 3092 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
13:49:10.0923 3092 gpsvc - ok
13:49:10.0982 3092 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\windows\system32\drivers\grmnusb.sys
13:49:10.0984 3092 grmnusb - ok
13:49:11.0007 3092 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
13:49:11.0009 3092 hcw85cir - ok
13:49:11.0053 3092 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
13:49:11.0058 3092 HdAudAddService - ok
13:49:11.0078 3092 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
13:49:11.0081 3092 HDAudBus - ok
13:49:11.0100 3092 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
13:49:11.0101 3092 HidBatt - ok
13:49:11.0107 3092 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
13:49:11.0109 3092 HidBth - ok
13:49:11.0115 3092 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
13:49:11.0116 3092 HidIr - ok
13:49:11.0150 3092 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\System32\hidserv.dll
13:49:11.0152 3092 hidserv - ok
13:49:11.0171 3092 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
13:49:11.0172 3092 HidUsb - ok
13:49:11.0201 3092 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
13:49:11.0204 3092 hkmsvc - ok
13:49:11.0230 3092 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
13:49:11.0235 3092 HomeGroupListener - ok
13:49:11.0255 3092 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
13:49:11.0261 3092 HomeGroupProvider - ok
13:49:11.0321 3092 [ F2889318AB3CD87CCA17CB3769CDC1E4 ] HP Power Assistant Service C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Service.exe
13:49:11.0323 3092 HP Power Assistant Service - ok
13:49:11.0372 3092 [ 3891D3993065D392E0DE541BEA0A9EA5 ] HP ProtectTools Service c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
13:49:11.0376 3092 HP ProtectTools Service - ok
13:49:11.0433 3092 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
13:49:11.0434 3092 HP Support Assistant Service - ok
13:49:11.0455 3092 [ 58CC11D14D88EF70EF7ABBC75B5EEBD8 ] HP Wireless Assistant Service C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
13:49:11.0458 3092 HP Wireless Assistant Service - ok
13:49:11.0497 3092 [ 18B19A49A2B92C356D225012CE354E60 ] HPDayStarterService c:\Program Files (x86)\Hewlett-Packard\HP QuickLook\HPDayStarterService.exe
13:49:11.0499 3092 HPDayStarterService - ok
13:49:11.0567 3092 [ B19FF523B533A3F198B9239E1749C940 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
13:49:11.0570 3092 HPDrvMntSvc.exe - ok
13:49:11.0589 3092 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
13:49:11.0590 3092 hpdskflt - ok
13:49:11.0607 3092 [ 5AFB3F9B74553BD933555E1C800D2CE1 ] HpFkCryptService c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
13:49:11.0611 3092 HpFkCryptService - ok
13:49:11.0659 3092 [ 8205DA7B4191ACD96F76B81E42945754 ] HPFSService C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
13:49:11.0662 3092 HPFSService - ok
13:49:11.0738 3092 [ 7D10E0F2F603A3CE65F0B9750F7ABDB2 ] hpHotkeyMonitor C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
13:49:11.0757 3092 hpHotkeyMonitor - ok
13:49:11.0784 3092 [ B98EE5D4535A685634B90F7E04DE0DF7 ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
13:49:11.0786 3092 HpqKbFiltr - ok
13:49:11.0827 3092 [ 01091B900E15878B4434F9C726C4541D ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
13:49:11.0838 3092 hpqwmiex - ok
13:49:11.0870 3092 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
13:49:11.0872 3092 HpSAMD - ok
13:49:11.0903 3092 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\windows\system32\Hpservice.exe
13:49:11.0906 3092 hpsrv - ok
13:49:11.0938 3092 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\windows\system32\Drivers\ANDROIDUSB.sys
13:49:11.0939 3092 HTCAND64 - ok
13:49:11.0984 3092 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\windows\system32\DRIVERS\htcnprot.sys
13:49:11.0985 3092 htcnprot - ok
13:49:12.0034 3092 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
13:49:12.0043 3092 HTTP - ok
13:49:12.0080 3092 [ 1642C62F1FD5E1FF44608283994A7BB8 ] huawei_enumerator C:\windows\system32\DRIVERS\ew_jubusenum.sys
13:49:12.0082 3092 huawei_enumerator - ok
13:49:12.0120 3092 [ 04D1DE1E8ACE40CA396502C90524E945 ] hwdatacard C:\windows\system32\DRIVERS\ewusbmdm.sys
13:49:12.0123 3092 hwdatacard - ok
13:49:12.0167 3092 HWDeviceService64.exe - ok
13:49:12.0190 3092 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
13:49:12.0191 3092 hwpolicy - ok
13:49:12.0231 3092 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\drivers\i8042prt.sys
13:49:12.0234 3092 i8042prt - ok
13:49:12.0276 3092 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
13:49:12.0282 3092 iaStorV - ok
13:49:12.0318 3092 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:49:12.0328 3092 idsvc - ok
13:49:12.0389 3092 [ F52DEF944A2B149AF079D094BAAB22E1 ] IFXSpMgtSrv C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxspmgt.exe
13:49:12.0403 3092 IFXSpMgtSrv - ok
13:49:12.0433 3092 [ 32D2F6C67511C90A3FE2C31DE887A767 ] IFXTCS C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\ifxtcs.exe
13:49:12.0445 3092 IFXTCS - ok
13:49:12.0474 3092 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
13:49:12.0475 3092 iirsp - ok
13:49:12.0510 3092 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
13:49:12.0522 3092 IKEEXT - ok
13:49:12.0547 3092 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\drivers\intelide.sys
13:49:12.0548 3092 intelide - ok
13:49:12.0576 3092 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
13:49:12.0578 3092 intelppm - ok
13:49:12.0621 3092 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
13:49:12.0624 3092 IPBusEnum - ok
13:49:12.0653 3092 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
13:49:12.0655 3092 IpFilterDriver - ok
13:49:12.0685 3092 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
13:49:12.0694 3092 iphlpsvc - ok
13:49:12.0717 3092 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
13:49:12.0719 3092 IPMIDRV - ok
13:49:12.0754 3092 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
13:49:12.0757 3092 IPNAT - ok
13:49:12.0784 3092 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
13:49:12.0786 3092 IRENUM - ok
13:49:12.0815 3092 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\drivers\isapnp.sys
13:49:12.0816 3092 isapnp - ok
13:49:12.0832 3092 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
13:49:12.0836 3092 iScsiPrt - ok
13:49:12.0848 3092 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\drivers\kbdclass.sys
13:49:12.0849 3092 kbdclass - ok
13:49:12.0876 3092 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\drivers\kbdhid.sys
13:49:12.0878 3092 kbdhid - ok
13:49:12.0908 3092 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
13:49:12.0911 3092 KeyIso - ok
13:49:12.0935 3092 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
13:49:12.0937 3092 KSecDD - ok
13:49:12.0953 3092 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
13:49:12.0956 3092 KSecPkg - ok
13:49:12.0979 3092 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
13:49:12.0981 3092 ksthunk - ok
13:49:13.0012 3092 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
13:49:13.0019 3092 KtmRm - ok
13:49:13.0061 3092 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\System32\srvsvc.dll
13:49:13.0068 3092 LanmanServer - ok
13:49:13.0094 3092 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
13:49:13.0099 3092 LanmanWorkstation - ok
13:49:13.0152 3092 [ C34411A244029F1C08687F7C752C4563 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
13:49:13.0153 3092 LightScribeService - ok
13:49:13.0181 3092 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
13:49:13.0183 3092 lltdio - ok
13:49:13.0216 3092 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
13:49:13.0222 3092 lltdsvc - ok
13:49:13.0240 3092 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
13:49:13.0242 3092 lmhosts - ok
13:49:13.0272 3092 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
13:49:13.0275 3092 LSI_FC - ok
13:49:13.0286 3092 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
13:49:13.0288 3092 LSI_SAS - ok
13:49:13.0303 3092 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
13:49:13.0305 3092 LSI_SAS2 - ok
13:49:13.0320 3092 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
13:49:13.0323 3092 LSI_SCSI - ok
13:49:13.0351 3092 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
13:49:13.0353 3092 luafv - ok
13:49:13.0439 3092 [ 1F02B554DDC4086D786537A3BF6488F1 ] lxecCATSCustConnectService C:\windows\system32\spool\DRIVERS\x64\3\\lxecserv.exe
13:49:13.0443 3092 lxecCATSCustConnectService - ok
13:49:13.0486 3092 lxec_device - ok
13:49:13.0516 3092 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\windows\system32\drivers\mbam.sys
13:49:13.0517 3092 MBAMProtector - ok
13:49:13.0574 3092 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
13:49:13.0579 3092 MBAMScheduler - ok
13:49:13.0610 3092 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:49:13.0619 3092 MBAMService - ok
13:49:13.0648 3092 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
13:49:13.0652 3092 Mcx2Svc - ok
13:49:13.0663 3092 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
13:49:13.0665 3092 megasas - ok
13:49:13.0701 3092 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
13:49:13.0705 3092 MegaSR - ok
13:49:13.0764 3092 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:49:13.0766 3092 Microsoft Office Groove Audit Service - ok
13:49:13.0788 3092 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
13:49:13.0791 3092 MMCSS - ok
13:49:13.0849 3092 [ 38106C7BD34EAE89D2769AC0BA2E846B ] Mobile Partner. RunOuc C:\Program Files (x86)\Mobile Partner\UpdateDog\ouc.exe
13:49:13.0852 3092 Mobile Partner. RunOuc - ok
13:49:13.0863 3092 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
13:49:13.0864 3092 Modem - ok
13:49:13.0886 3092 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
13:49:13.0887 3092 monitor - ok
13:49:13.0914 3092 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
13:49:13.0916 3092 mouclass - ok
13:49:13.0940 3092 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
13:49:13.0941 3092 mouhid - ok
13:49:13.0968 3092 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
13:49:13.0970 3092 mountmgr - ok
13:49:14.0014 3092 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:49:14.0015 3092 MozillaMaintenance - ok
13:49:14.0047 3092 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\drivers\mpio.sys
13:49:14.0050 3092 mpio - ok
13:49:14.0071 3092 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
13:49:14.0073 3092 mpsdrv - ok
13:49:14.0109 3092 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
13:49:14.0121 3092 MpsSvc - ok
13:49:14.0157 3092 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
13:49:14.0160 3092 MRxDAV - ok
13:49:14.0187 3092 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
13:49:14.0190 3092 mrxsmb - ok
13:49:14.0220 3092 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
13:49:14.0225 3092 mrxsmb10 - ok
13:49:14.0240 3092 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
13:49:14.0243 3092 mrxsmb20 - ok
13:49:14.0260 3092 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\drivers\msahci.sys
13:49:14.0262 3092 msahci - ok
13:49:14.0286 3092 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\drivers\msdsm.sys
13:49:14.0289 3092 msdsm - ok
13:49:14.0303 3092 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
13:49:14.0308 3092 MSDTC - ok
13:49:14.0335 3092 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
13:49:14.0337 3092 Msfs - ok
13:49:14.0346 3092 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
13:49:14.0348 3092 mshidkmdf - ok
13:49:14.0356 3092 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\drivers\msisadrv.sys
13:49:14.0357 3092 msisadrv - ok
13:49:14.0385 3092 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
13:49:14.0389 3092 MSiSCSI - ok
13:49:14.0393 3092 msiserver - ok
13:49:14.0422 3092 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
13:49:14.0424 3092 MSKSSRV - ok
13:49:14.0441 3092 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
13:49:14.0443 3092 MSPCLOCK - ok
13:49:14.0458 3092 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
13:49:14.0459 3092 MSPQM - ok
13:49:14.0492 3092 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
13:49:14.0497 3092 MsRPC - ok
13:49:14.0520 3092 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
13:49:14.0521 3092 mssmbios - ok
13:49:14.0538 3092 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
13:49:14.0540 3092 MSTEE - ok
13:49:14.0550 3092 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
13:49:14.0551 3092 MTConfig - ok
13:49:14.0574 3092 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
13:49:14.0576 3092 Mup - ok
13:49:14.0593 3092 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
13:49:14.0602 3092 napagent - ok
13:49:14.0636 3092 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
13:49:14.0640 3092 NativeWifiP - ok
13:49:14.0673 3092 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
13:49:14.0679 3092 NDIS - ok
13:49:14.0693 3092 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
13:49:14.0708 3092 NdisCap - ok
13:49:14.0837 3092 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
13:49:14.0853 3092 NdisTapi - ok
13:49:14.0880 3092 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
13:49:14.0882 3092 Ndisuio - ok
13:49:14.0903 3092 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
13:49:14.0906 3092 NdisWan - ok
13:49:14.0940 3092 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
13:49:14.0942 3092 NDProxy - ok
13:49:14.0965 3092 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
13:49:14.0967 3092 NetBIOS - ok
13:49:14.0990 3092 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
13:49:14.0993 3092 NetBT - ok
13:49:15.0009 3092 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
13:49:15.0011 3092 Netlogon - ok
13:49:15.0106 3092 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
13:49:15.0112 3092 Netman - ok
13:49:15.0223 3092 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
13:49:15.0231 3092 netprofm - ok
13:49:15.0244 3092 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:49:15.0246 3092 NetTcpPortSharing - ok
13:49:15.0283 3092 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
13:49:15.0285 3092 nfrd960 - ok
13:49:15.0317 3092 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
13:49:15.0323 3092 NlaSvc - ok
13:49:15.0378 3092 [ 907B5E1E4A592E5EDC5E4CCBDE4863C2 ] nmwcd C:\windows\system32\drivers\ccdcmbx64.sys
13:49:15.0380 3092 nmwcd - ok
13:49:15.0391 3092 [ 41C1AC1F3613435EB32D67BCB80A5FA5 ] nmwcdc C:\windows\system32\drivers\ccdcmbox64.sys
13:49:15.0392 3092 nmwcdc - ok
13:49:15.0405 3092 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
13:49:15.0407 3092 Npfs - ok
13:49:15.0431 3092 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
13:49:15.0434 3092 nsi - ok
13:49:15.0443 3092 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
13:49:15.0444 3092 nsiproxy - ok
13:49:15.0521 3092 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
13:49:15.0533 3092 Ntfs - ok
13:49:15.0556 3092 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
13:49:15.0557 3092 Null - ok
13:49:15.0591 3092 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
13:49:15.0594 3092 nvraid - ok
13:49:15.0609 3092 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
13:49:15.0612 3092 nvstor - ok
13:49:15.0648 3092 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\drivers\nv_agp.sys
13:49:15.0650 3092 nv_agp - ok
13:49:15.0703 3092 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:49:15.0708 3092 odserv - ok
13:49:15.0723 3092 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
13:49:15.0725 3092 ohci1394 - ok
13:49:15.0766 3092 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:49:15.0768 3092 ose - ok
13:49:15.0811 3092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
13:49:15.0818 3092 p2pimsvc - ok
13:49:15.0836 3092 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
13:49:15.0844 3092 p2psvc - ok
13:49:15.0875 3092 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
13:49:15.0878 3092 Parport - ok
13:49:15.0905 3092 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
13:49:15.0907 3092 partmgr - ok
13:49:15.0964 3092 [ AFADA8B97BE3C9398DC6C770409C3544 ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
13:49:15.0966 3092 PassThru Service - ok
13:49:15.0997 3092 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
13:49:16.0002 3092 PcaSvc - ok
13:49:16.0022 3092 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\drivers\pci.sys
13:49:16.0026 3092 pci - ok
13:49:16.0048 3092 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\drivers\pciide.sys
13:49:16.0050 3092 pciide - ok
13:49:16.0077 3092 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
13:49:16.0081 3092 pcmcia - ok
13:49:16.0099 3092 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
13:49:16.0101 3092 pcw - ok
13:49:16.0117 3092 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
13:49:16.0126 3092 PEAUTH - ok
13:49:16.0161 3092 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\windows\system32\peerdistsvc.dll
13:49:16.0179 3092 PeerDistSvc - ok
13:49:16.0257 3092 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
13:49:16.0260 3092 PerfHost - ok
13:49:16.0293 3092 [ F20612DF7E12DE3A087D0F44CC545FB1 ] PersonalSecureDrive C:\windows\System32\drivers\psd.sys
13:49:16.0295 3092 PersonalSecureDrive - ok
13:49:16.0332 3092 [ ED3FD75339C3B6FEC93EAE2513E0A46E ] PersonalSecureDriveService C:\Program Files (x86)\Hewlett-Packard\Embedded Security Software\IfxPsdSv.exe
13:49:16.0335 3092 PersonalSecureDriveService - ok
13:49:16.0376 3092 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
13:49:16.0395 3092 pla - ok
13:49:16.0439 3092 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
13:49:16.0448 3092 PlugPlay - ok
13:49:16.0466 3092 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
13:49:16.0470 3092 PNRPAutoReg - ok
13:49:16.0486 3092 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
13:49:16.0491 3092 PNRPsvc - ok
13:49:16.0522 3092 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
13:49:16.0529 3092 PolicyAgent - ok
13:49:16.0554 3092 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
13:49:16.0560 3092 Power - ok
13:49:16.0590 3092 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
13:49:16.0592 3092 PptpMiniport - ok
13:49:16.0614 3092 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
13:49:16.0616 3092 Processor - ok
13:49:16.0640 3092 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
13:49:16.0646 3092 ProfSvc - ok
13:49:16.0659 3092 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
13:49:16.0661 3092 ProtectedStorage - ok
13:49:16.0696 3092 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
13:49:16.0698 3092 Psched - ok
13:49:16.0718 3092 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\windows\system32\Drivers\PxHlpa64.sys
13:49:16.0720 3092 PxHlpa64 - ok
13:49:16.0766 3092 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
13:49:16.0784 3092 ql2300 - ok
13:49:16.0819 3092 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
13:49:16.0822 3092 ql40xx - ok
13:49:16.0848 3092 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
13:49:16.0854 3092 QWAVE - ok
13:49:16.0864 3092 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
13:49:16.0866 3092 QWAVEdrv - ok
13:49:16.0878 3092 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
13:49:16.0879 3092 RasAcd - ok
13:49:16.0911 3092 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
13:49:16.0913 3092 RasAgileVpn - ok
13:49:16.0936 3092 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
13:49:16.0941 3092 RasAuto - ok
13:49:16.0970 3092 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
13:49:16.0972 3092 Rasl2tp - ok
13:49:16.0988 3092 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
13:49:16.0995 3092 RasMan - ok
13:49:17.0006 3092 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
13:49:17.0009 3092 RasPppoe - ok
13:49:17.0033 3092 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
13:49:17.0035 3092 RasSstp - ok
13:49:17.0049 3092 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
13:49:17.0054 3092 rdbss - ok
13:49:17.0064 3092 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
13:49:17.0066 3092 rdpbus - ok
13:49:17.0080 3092 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
13:49:17.0081 3092 RDPCDD - ok
13:49:17.0104 3092 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\windows\system32\drivers\rdpdr.sys
13:49:17.0108 3092 RDPDR - ok
13:49:17.0125 3092 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
13:49:17.0126 3092 RDPENCDD - ok
13:49:17.0138 3092 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
13:49:17.0139 3092 RDPREFMP - ok
13:49:17.0174 3092 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
13:49:17.0178 3092 RDPWD - ok
13:49:17.0219 3092 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
13:49:17.0222 3092 rdyboost - ok
13:49:17.0246 3092 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
13:49:17.0250 3092 RemoteAccess - ok
13:49:17.0263 3092 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
13:49:17.0273 3092 RemoteRegistry - ok
13:49:17.0303 3092 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
13:49:17.0303 3092 RFCOMM - ok
13:49:17.0333 3092 [ 3DCA561AAF776AA2E356FB5B142AA5F8 ] rimspci C:\windows\system32\DRIVERS\rimspe64.sys
13:49:17.0333 3092 rimspci - ok
13:49:17.0363 3092 [ C4581F04AA130892555B821F1FBAA151 ] risdpcie C:\windows\system32\DRIVERS\risdpe64.sys
13:49:17.0363 3092 risdpcie - ok
13:49:17.0373 3092 [ A4579105A3C5B6290701EAD0C153E07A ] rixdpcie C:\windows\system32\DRIVERS\rixdpe64.sys
13:49:17.0373 3092 rixdpcie - ok
13:49:17.0393 3092 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
13:49:17.0393 3092 RpcEptMapper - ok
13:49:17.0403 3092 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
13:49:17.0413 3092 RpcLocator - ok
13:49:17.0443 3092 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
13:49:17.0453 3092 RpcSs - ok
13:49:17.0483 3092 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
13:49:17.0483 3092 rspndr - ok
13:49:17.0503 3092 [ 26E0D15FB1835F7ED638F157CCD2E04D ] RsvLock C:\windows\system32\drivers\RsvLock.sys
13:49:17.0503 3092 RsvLock - ok
13:49:17.0583 3092 RTCore64 - ok
13:49:17.0623 3092 [ 39A1CF40AA29A16FE176B825195A3E0B ] rtsuvc C:\windows\system32\DRIVERS\rtsuvc.sys
13:49:17.0623 3092 rtsuvc - ok
13:49:17.0653 3092 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\windows\system32\drivers\vms3cap.sys
13:49:17.0653 3092 s3cap - ok
13:49:17.0693 3092 [ 6EF8E5E3A079C97C70915CF740E89977 ] SafeBoot C:\windows\system32\drivers\SafeBoot.sys
13:49:17.0693 3092 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 6EF8E5E3A079C97C70915CF740E89977
13:49:17.0693 3092 SafeBoot ( LockedFile.Multi.Generic ) - warning
13:49:17.0693 3092 SafeBoot - detected LockedFile.Multi.Generic (1)
13:49:17.0703 3092 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
13:49:17.0703 3092 SamSs - ok
13:49:17.0723 3092 [ FD8714A36C4646DE22DDC7E36F6D09EF ] SbAlg C:\windows\system32\drivers\SbAlg.sys
13:49:17.0723 3092 SbAlg - ok
13:49:17.0733 3092 [ 43027F1996F3AC6BD54B8A871996B7B3 ] SbFsLock C:\windows\system32\drivers\SbFsLock.sys
13:49:17.0733 3092 SbFsLock - ok
13:49:17.0753 3092 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\drivers\sbp2port.sys
13:49:17.0753 3092 sbp2port - ok
13:49:17.0783 3092 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
13:49:17.0793 3092 SCardSvr - ok
13:49:17.0803 3092 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
13:49:17.0813 3092 scfilter - ok


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 23.01.2013 13:57

2/2

13:49:17.0843 3092 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
13:49:17.0853 3092 Schedule - ok
13:49:17.0873 3092 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
13:49:17.0873 3092 SCPolicySvc - ok
13:49:17.0903 3092 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\drivers\sdbus.sys
13:49:17.0903 3092 sdbus - ok
13:49:17.0923 3092 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
13:49:17.0933 3092 SDRSVC - ok
13:49:17.0963 3092 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
13:49:17.0963 3092 secdrv - ok
13:49:17.0973 3092 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
13:49:17.0983 3092 seclogon - ok
13:49:18.0013 3092 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\system32\sens.dll
13:49:18.0023 3092 SENS - ok
13:49:18.0043 3092 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
13:49:18.0043 3092 SensrSvc - ok
13:49:18.0053 3092 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
13:49:18.0053 3092 Serenum - ok
13:49:18.0073 3092 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
13:49:18.0073 3092 Serial - ok
13:49:18.0093 3092 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
13:49:18.0093 3092 sermouse - ok
13:49:18.0123 3092 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
13:49:18.0133 3092 SessionEnv - ok
13:49:18.0153 3092 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\drivers\sffdisk.sys
13:49:18.0153 3092 sffdisk - ok
13:49:18.0163 3092 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
13:49:18.0163 3092 sffp_mmc - ok
13:49:18.0183 3092 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
13:49:18.0183 3092 sffp_sd - ok
13:49:18.0213 3092 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
13:49:18.0213 3092 sfloppy - ok
13:49:18.0253 3092 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
13:49:18.0263 3092 SharedAccess - ok
13:49:18.0273 3092 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
13:49:18.0283 3092 ShellHWDetection - ok
13:49:18.0303 3092 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
13:49:18.0303 3092 SiSRaid2 - ok
13:49:18.0313 3092 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
13:49:18.0323 3092 SiSRaid4 - ok
13:49:18.0343 3092 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
13:49:18.0343 3092 Smb - ok
13:49:18.0373 3092 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
13:49:18.0383 3092 SNMPTRAP - ok
13:49:18.0433 3092 [ F9369327409492097B0BB7CE86BD29DE ] Soluto C:\windows\system32\DRIVERS\Soluto.sys
13:49:18.0433 3092 Soluto - ok
13:49:18.0503 3092 [ A2CBEF298A220F19125EB17CE6932DC4 ] SolutoLauncherService C:\Program Files\Soluto\SolutoLauncherService.exe
13:49:18.0503 3092 SolutoLauncherService - ok
13:49:18.0543 3092 [ 379BED16AB0FE75EAF4B19C1F4DD5E37 ] SolutoRemoteService C:\Program Files\Soluto\SolutoRemoteService.exe
13:49:18.0563 3092 SolutoRemoteService - ok
13:49:18.0623 3092 [ 8399FC38576E3A4798BA970345EC4213 ] SolutoService C:\Program Files\Soluto\SolutoService.exe
13:49:18.0663 3092 SolutoService - ok
13:49:18.0693 3092 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
13:49:18.0693 3092 spldr - ok
13:49:18.0733 3092 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
13:49:18.0733 3092 Spooler - ok
13:49:18.0823 3092 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
13:49:18.0863 3092 sppsvc - ok
13:49:18.0883 3092 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
13:49:18.0883 3092 sppuinotify - ok
13:49:18.0943 3092 [ 602884696850C86434530790B110E8EB ] sptd C:\windows\system32\Drivers\sptd.sys
13:49:18.0943 3092 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: 602884696850C86434530790B110E8EB
13:49:18.0943 3092 sptd ( LockedFile.Multi.Generic ) - warning
13:49:18.0943 3092 sptd - detected LockedFile.Multi.Generic (1)
13:49:18.0983 3092 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
13:49:18.0993 3092 srv - ok
13:49:19.0013 3092 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
13:49:19.0013 3092 srv2 - ok
13:49:19.0033 3092 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
13:49:19.0043 3092 srvnet - ok
13:49:19.0083 3092 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
13:49:19.0083 3092 SSDPSRV - ok
13:49:19.0103 3092 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
13:49:19.0103 3092 SstpSvc - ok
13:49:19.0173 3092 [ E455F5FE92EDC3CAD3F2963C5CCA47E6 ] STacSV C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_b20011ea53a6b83e\STacSV64.exe
13:49:19.0173 3092 STacSV - ok
13:49:19.0203 3092 [ E57B778208C783D8DEBAB320C16A1B82 ] StarOpen C:\windows\system32\drivers\StarOpen.sys
13:49:19.0213 3092 StarOpen - ok
13:49:19.0233 3092 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
13:49:19.0233 3092 stexstor - ok
13:49:19.0263 3092 [ 4A9D087C9A97071B9D06DB38567DA906 ] STHDA C:\windows\system32\DRIVERS\stwrt64.sys
13:49:19.0263 3092 STHDA - ok
13:49:19.0303 3092 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
13:49:19.0313 3092 stisvc - ok
13:49:19.0333 3092 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\windows\system32\drivers\vmstorfl.sys
13:49:19.0333 3092 storflt - ok
13:49:19.0353 3092 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\windows\system32\storsvc.dll
13:49:19.0353 3092 StorSvc - ok
13:49:19.0373 3092 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\windows\system32\drivers\storvsc.sys
13:49:19.0373 3092 storvsc - ok
13:49:19.0403 3092 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\drivers\swenum.sys
13:49:19.0403 3092 swenum - ok
13:49:19.0423 3092 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
13:49:19.0433 3092 swprv - ok
13:49:19.0483 3092 [ D268D2A0DB2A2BBE963E688D0B039267 ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
13:49:19.0493 3092 SynTP - ok
13:49:19.0553 3092 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
13:49:19.0573 3092 SysMain - ok
13:49:19.0603 3092 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
13:49:19.0603 3092 TabletInputService - ok
13:49:19.0653 3092 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
13:49:19.0653 3092 TapiSrv - ok
13:49:19.0693 3092 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
13:49:19.0703 3092 TBS - ok
13:49:19.0773 3092 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
13:49:19.0783 3092 Tcpip - ok
13:49:19.0823 3092 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
13:49:19.0833 3092 TCPIP6 - ok
13:49:19.0893 3092 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
13:49:19.0903 3092 tcpipreg - ok
13:49:19.0933 3092 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
13:49:19.0933 3092 TDPIPE - ok
13:49:19.0993 3092 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
13:49:19.0993 3092 TDTCP - ok
13:49:20.0013 3092 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
13:49:20.0023 3092 tdx - ok
13:49:20.0133 3092 [ 3E85BDD019E3DB66D9471DAD7FD6A887 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
13:49:20.0163 3092 TeamViewer7 - ok
13:49:20.0183 3092 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\drivers\termdd.sys
13:49:20.0183 3092 TermDD - ok
13:49:20.0213 3092 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
13:49:20.0223 3092 TermService - ok
13:49:20.0243 3092 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
13:49:20.0243 3092 Themes - ok
13:49:20.0273 3092 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
13:49:20.0283 3092 THREADORDER - ok
13:49:20.0303 3092 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\windows\system32\drivers\tpm.sys
13:49:20.0313 3092 TPM - ok
13:49:20.0323 3092 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
13:49:20.0333 3092 TrkWks - ok
13:49:20.0373 3092 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
13:49:20.0373 3092 TrustedInstaller - ok
13:49:20.0403 3092 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
13:49:20.0403 3092 tssecsrv - ok
13:49:20.0413 3092 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
13:49:20.0413 3092 TsUsbFlt - ok
13:49:20.0453 3092 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
13:49:20.0453 3092 tunnel - ok
13:49:20.0473 3092 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
13:49:20.0473 3092 uagp35 - ok
13:49:20.0493 3092 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
13:49:20.0503 3092 udfs - ok
13:49:20.0533 3092 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
13:49:20.0543 3092 UI0Detect - ok
13:49:20.0563 3092 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
13:49:20.0573 3092 uliagpkx - ok
13:49:20.0603 3092 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
13:49:20.0603 3092 umbus - ok
13:49:20.0623 3092 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
13:49:20.0633 3092 UmPass - ok
13:49:20.0663 3092 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\windows\System32\umrdp.dll
13:49:20.0673 3092 UmRdpService - ok
13:49:20.0693 3092 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
13:49:20.0693 3092 upnphost - ok
13:49:20.0733 3092 [ 4E93C8496359E97830C75AC36393654D ] upperdev C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys
13:49:20.0733 3092 upperdev - ok
13:49:20.0753 3092 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
13:49:20.0753 3092 usbccgp - ok
13:49:20.0783 3092 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\drivers\usbcir.sys
13:49:20.0783 3092 usbcir - ok
13:49:20.0813 3092 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
13:49:20.0823 3092 usbehci - ok
13:49:20.0843 3092 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
13:49:20.0853 3092 usbhub - ok
13:49:20.0863 3092 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
13:49:20.0873 3092 usbohci - ok
13:49:20.0893 3092 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
13:49:20.0903 3092 usbprint - ok
13:49:20.0933 3092 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
13:49:20.0933 3092 usbscan - ok
13:49:20.0963 3092 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\windows\system32\drivers\usbser.sys
13:49:20.0963 3092 usbser - ok
13:49:20.0973 3092 [ 8844CB19A37B65E27049D4A7786726A9 ] UsbserFilt C:\windows\system32\DRIVERS\usbser_lowerfltjx64.sys
13:49:20.0973 3092 UsbserFilt - ok
13:49:21.0003 3092 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
13:49:21.0013 3092 USBSTOR - ok
13:49:21.0033 3092 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
13:49:21.0033 3092 usbuhci - ok
13:49:21.0073 3092 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
13:49:21.0073 3092 usbvideo - ok
13:49:21.0113 3092 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\windows\system32\drivers\usb8023x.sys
13:49:21.0113 3092 usb_rndisx - ok
13:49:21.0133 3092 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
13:49:21.0143 3092 UxSms - ok
13:49:21.0143 3092 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
13:49:21.0153 3092 VaultSvc - ok
13:49:21.0223 3092 [ BBE2B5036D2FF45458C747FB2513591D ] vcsFPService C:\windows\system32\vcsFPService.exe
13:49:21.0243 3092 vcsFPService - ok
13:49:21.0273 3092 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
13:49:21.0273 3092 vdrvroot - ok
13:49:21.0303 3092 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
13:49:21.0313 3092 vds - ok
13:49:21.0333 3092 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
13:49:21.0343 3092 vga - ok
13:49:21.0353 3092 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
13:49:21.0353 3092 VgaSave - ok
13:49:21.0383 3092 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\drivers\vhdmp.sys
13:49:21.0383 3092 vhdmp - ok
13:49:21.0403 3092 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\drivers\viaide.sys
13:49:21.0403 3092 viaide - ok
13:49:21.0413 3092 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\windows\system32\drivers\vmbus.sys
13:49:21.0423 3092 vmbus - ok
13:49:21.0433 3092 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\windows\system32\drivers\VMBusHID.sys
13:49:21.0443 3092 VMBusHID - ok
13:49:21.0483 3092 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\drivers\volmgr.sys
13:49:21.0483 3092 volmgr - ok
13:49:21.0523 3092 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
13:49:21.0533 3092 volmgrx - ok
13:49:21.0553 3092 [ DF8126BD41180351A093A3AD2FC8903B ] volsnap C:\windows\system32\drivers\volsnap.sys
13:49:21.0563 3092 volsnap - ok
13:49:21.0603 3092 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\windows\system32\DRIVERS\vpchbus.sys
13:49:21.0603 3092 vpcbus - ok
13:49:21.0633 3092 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\windows\system32\DRIVERS\vpcnfltr.sys
13:49:21.0633 3092 vpcnfltr - ok
13:49:21.0643 3092 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\windows\system32\DRIVERS\vpcusb.sys
13:49:21.0643 3092 vpcusb - ok
13:49:21.0673 3092 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\windows\system32\drivers\vpcvmm.sys
13:49:21.0673 3092 vpcvmm - ok
13:49:21.0703 3092 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
13:49:21.0703 3092 vsmraid - ok
13:49:21.0743 3092 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
13:49:21.0763 3092 VSS - ok
13:49:21.0773 3092 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
13:49:21.0773 3092 vwifibus - ok
13:49:21.0803 3092 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
13:49:21.0803 3092 vwififlt - ok
13:49:21.0833 3092 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
13:49:21.0833 3092 vwifimp - ok
13:49:21.0863 3092 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
13:49:21.0863 3092 W32Time - ok
13:49:21.0883 3092 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
13:49:21.0883 3092 WacomPen - ok
13:49:21.0913 3092 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
13:49:21.0923 3092 WANARP - ok
13:49:21.0923 3092 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
13:49:21.0923 3092 Wanarpv6 - ok
13:49:21.0973 3092 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
13:49:21.0993 3092 WatAdminSvc - ok
13:49:22.0033 3092 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
13:49:22.0053 3092 wbengine - ok
13:49:22.0083 3092 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
13:49:22.0093 3092 WbioSrvc - ok
13:49:22.0113 3092 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
13:49:22.0123 3092 wcncsvc - ok
13:49:22.0133 3092 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
13:49:22.0143 3092 WcsPlugInService - ok
13:49:22.0163 3092 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
13:49:22.0163 3092 Wd - ok
13:49:22.0203 3092 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
13:49:22.0213 3092 Wdf01000 - ok
13:49:22.0223 3092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
13:49:22.0223 3092 WdiServiceHost - ok
13:49:22.0233 3092 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
13:49:22.0233 3092 WdiSystemHost - ok
13:49:22.0263 3092 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
13:49:22.0273 3092 WebClient - ok
13:49:22.0293 3092 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
13:49:22.0303 3092 Wecsvc - ok
13:49:22.0313 3092 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
13:49:22.0323 3092 wercplsupport - ok
13:49:22.0343 3092 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
13:49:22.0343 3092 WerSvc - ok
13:49:22.0363 3092 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
13:49:22.0363 3092 WfpLwf - ok
13:49:22.0383 3092 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
13:49:22.0383 3092 WIMMount - ok
13:49:22.0413 3092 WinDefend - ok
13:49:22.0413 3092 WinHttpAutoProxySvc - ok
13:49:22.0473 3092 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
13:49:22.0473 3092 Winmgmt - ok
13:49:22.0523 3092 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
13:49:22.0553 3092 WinRM - ok
13:49:22.0583 3092 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\windows\system32\DRIVERS\WinUSB.sys
13:49:22.0583 3092 WinUSB - ok
13:49:22.0613 3092 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
13:49:22.0623 3092 Wlansvc - ok
13:49:22.0763 3092 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
13:49:22.0793 3092 wlidsvc - ok
13:49:22.0823 3092 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
13:49:22.0823 3092 WmiAcpi - ok
13:49:22.0853 3092 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
13:49:22.0853 3092 wmiApSrv - ok
13:49:22.0873 3092 WMPNetworkSvc - ok
13:49:22.0883 3092 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
13:49:22.0893 3092 WPCSvc - ok
13:49:22.0913 3092 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
13:49:22.0913 3092 WPDBusEnum - ok
13:49:22.0933 3092 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
13:49:22.0933 3092 ws2ifsl - ok
13:49:22.0943 3092 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\system32\wscsvc.dll
13:49:22.0953 3092 wscsvc - ok
13:49:22.0953 3092 WSearch - ok
13:49:23.0013 3092 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
13:49:23.0043 3092 wuauserv - ok
13:49:23.0073 3092 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
13:49:23.0073 3092 WudfPf - ok
13:49:23.0103 3092 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
13:49:23.0113 3092 WUDFRd - ok
13:49:23.0133 3092 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
13:49:23.0133 3092 wudfsvc - ok
13:49:23.0153 3092 [ CE8CF9DE9CBFDAA318BD04D8BE3FCADA ] WwanSvc C:\windows\System32\wwansvc.dll
13:49:23.0163 3092 WwanSvc - ok
13:49:23.0193 3092 [ E8EAE03EB934BD26F021B882B9F29771 ] yukonw7 C:\windows\system32\DRIVERS\yk62x64.sys
13:49:23.0193 3092 yukonw7 - ok
13:49:23.0233 3092 ================ Scan global ===============================
13:49:23.0243 3092 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
13:49:23.0283 3092 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
13:49:23.0293 3092 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\windows\system32\winsrv.dll
13:49:23.0333 3092 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
13:49:23.0343 3092 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
13:49:23.0353 3092 [Global] - ok
13:49:23.0353 3092 ================ Scan MBR ==================================
13:49:23.0363 3092 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:49:23.0573 3092 \Device\Harddisk0\DR0 - ok
13:49:23.0573 3092 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
13:49:23.0583 3092 \Device\Harddisk1\DR1 - ok
13:49:23.0583 3092 ================ Scan VBR ==================================
13:49:23.0583 3092 [ 062152209E131DB456A38A01694E526C ] \Device\Harddisk0\DR0\Partition1
13:49:23.0583 3092 \Device\Harddisk0\DR0\Partition1 - ok
13:49:23.0603 3092 [ E31530BAE1D1CA5D99C14B53E71DD046 ] \Device\Harddisk0\DR0\Partition2
13:49:23.0603 3092 \Device\Harddisk0\DR0\Partition2 - ok
13:49:23.0633 3092 [ 1402705A255D6BCCB5628D6F3725CC17 ] \Device\Harddisk0\DR0\Partition3
13:49:23.0633 3092 \Device\Harddisk0\DR0\Partition3 - ok
13:49:23.0653 3092 [ 6A672E4E05E418B0075E4BCED0BD9D69 ] \Device\Harddisk0\DR0\Partition4
13:49:23.0653 3092 \Device\Harddisk0\DR0\Partition4 - ok
13:49:23.0663 3092 [ BC0D0A51EC806028F94459298A672510 ] \Device\Harddisk1\DR1\Partition1
13:49:23.0663 3092 \Device\Harddisk1\DR1\Partition1 - ok
13:49:23.0663 3092 ============================================================
13:49:23.0663 3092 Scan finished
13:49:23.0663 3092 ============================================================
13:49:23.0673 1756 Detected object count: 2
13:49:23.0673 1756 Actual detected object count: 2
13:50:32.0673 1756 C:\windows\system32\drivers\SafeBoot.sys - copied to quarantine
13:50:32.0785 1756 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Quarantine
13:50:32.0824 1756 C:\windows\system32\Drivers\sptd.sys - copied to quarantine
13:50:32.0888 1756 sptd ( LockedFile.Multi.Generic ) - User select action: Quarantine


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 23.01.2013 14:04

nič som ty mazať nevravel neviem prečo sa nedržíš inštrukcii
stiahni si TDSSQlook http://www.malwareinfo.nl/tools/TDSSQlook.exe
daj uložiť na plochu
Zobrazia sa možnosti zvoľ možnosť A
zobrazi sa log vlož ho sem


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 23.01.2013 14:10

Nic sa nezmenilo ked som ho pustil opat, tak obidva naslo opat, dal som skip.....
Pokracujem v instrukciach...


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 18.11.09
Prihlásený: 16.04.18
Príspevky: 94
Témy: 18
Bydlisko: Ružomberok
Príspevok Napísal autor témyOffline : 23.01.2013 14:11

TDSSKiller Quarantine Information log
TDSS Qlook Version 1.0.0.5 - nexter - st 23. 01. 2013 - 14:11:00,54.
Microsoft Windows 7 Professional 6.1.7601 Service Pack 1
***** START SCAN st 23. 01. 2013 14:11:01,57 *****

---------- TDSSKiller logs ----------

TDSSKiller.2.8.15.0_23.01.2013_13.48.58_log.txt
TDSSKiller.2.8.15.0_23.01.2013_14.07.53_log.txt

---------- TDSSStarter logs ----------


---------- DIR LIST ----------

C:\TDSSKiller_Quarantine\23.01.2013_13.48.58
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\object.ini
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000\object.ini
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000\tsk0000.ini
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\object.ini
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000\tsk0000.dta
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000\object.ini
C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000\tsk0000.ini

---------- INI FILES ----------

=== C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000\object.ini

[InfectedObject]
Type: Service
Name: SafeBoot
Type: Kernel driver (0x1)
Start: Boot (0x0)
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\drivers\SafeBoot.sys
md5: 6EF8E5E3A079C97C70915CF740E89977


=== C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\object.ini

[InfectedObject]
Verdict: LockedFile.Multi.Generic


=== C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000\object.ini

[InfectedObject]
Type: Service
Name: sptd
Type: Kernel driver (0x1)
Start: Boot (0x0)
ImagePath: System32\Drivers\sptd.sys
Suspicious states: Locked file;


=== C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000\tsk0000.ini

[InfectedFile]
Type: Raw image
Src: C:\windows\system32\Drivers\sptd.sys
md5: 602884696850C86434530790B110E8EB


***** END SCAN st 23. 01. 2013 14:11:02,00 *****


Offline

Užívateľ
Užívateľ
Obrázok užívateľa

Registrovaný: 09.05.11
Prihlásený: 20.12.18
Príspevky: 618
Témy: 2
Príspevok NapísalOffline : 23.01.2013 14:28

spusť znovu TDSS Qlook
zvoľ možnosť B
Otvori sa poznámkový blok
vlož nasledujúce

Kód:
REN "C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000\tsk0000.dta"SafeBoot.sys
COPY "C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0000\svc0000\SafeBoot.sys"C:\windows\system32\drivers
REN "C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000\tsk0000.dta"sptd.sys
COPY "C:\TDSSKiller_Quarantine\23.01.2013_13.48.58\susp0001\svc0000\sptd.sys"C:\windows\system32\Drivers


Zavri okno input.txt ulož ho


Odpovedať na tému [ Príspevkov: 37 ] Choď na stránku: 1, 2 ďalšia


Nemôžete zakladať nové témy v tomto fóre
Nemôžete odpovedať na témy v tomto fóre
Nemôžete upravovať svoje príspevky v tomto fóre
Nemôžete mazať svoje príspevky v tomto fóre

Skočiť na:  

Powered by phpBB Jarvis © 2005 - 2024 PCforum, webhosting by WebSupport, secured by GeoTrust, edited by JanoF
Ako väčšina webových stránok aj my používame cookies. Zotrvaním na webovej stránke súhlasíte, že ich môžeme používať.
Všeobecné podmienky, spracovanie osobných údajov a pravidlá fóra