eset našiel virus no nevie ho vyliečiť prosim o pomoc
Windows 7 64-bit
log :
Logfile of random's system information tool 1.09 (written by random/random)
Run by Stano at 2011-10-27 18:40:34
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 51 GB (50%) free of 102 GB
Total RAM: 3886 MB (55% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 18:40:44, on 27. 10. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\AsScrPro.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Windows\SysWOW64\explorer.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Program Files\trend micro\Stano.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.nike.sk/app/kurzovaPonuka/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKLM\..\Policies\Explorer\Run: [CanoScan Toolbox Ver5.0] C:\Program Files (x86)\Canon\CSTBox.exe
O4 - HKCU\..\Policies\Explorer\Run: [CanoScan Toolbox Ver5.0] C:\Program Files (x86)\Canon\CSTBox.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-223967131-339517205-2418397834-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-223967131-339517205-2418397834-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CSTBox.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 10587 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2000
taskeng.exe {CBED046C-7F89-4E35-AE16-AABD4DD31C6E}
"taskhost.exe"
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe"
"C:\Windows\AsScrPro.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-9bd0ef0e-c7ed-4275-bffd-e47b0cf17e53 -SystemEventPortName:HostProcess-dcad08dd-4595-43a4-ac15-53b21ddc004c -IoCancelEventPortName:HostProcess-de1b807f-1c89-4d24-bcb3-cadad4feaa13 -NonStateChangingEventPortName:HostProcess-3482ad9d-2301-47ad-aff4-116ea41e7859 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:75ecad1b-c1db-4530-b256-a6fb05738341
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
explorer.exe
explorer.exe
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe"
ATKOSD.exe
"C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe"
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe" /X
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\splwow64.exe 12288
"C:\Program Files (x86)\Mozilla Firefox\firefox.exe"
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
"C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe" --channel=3060.56684c0.76326490 "C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll" Mozilla.Firefox.6.0 -greomni "C:\Program Files (x86)\Mozilla Firefox\omni.jar" 3060 "\\.\pipe\gecko-crash-server-pipe.3060" plugin
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
C:\Windows\System32\svchost.exe -k secsvcs
"D:\Software\Utility\RSITx64.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
C:\Windows\system32\wbem\wmiprvse.exe
======Scheduled tasks folder======
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default
prefs.js - "browser.startup.homepage" - "https://tipkurz.etip.sk/Odds.aspx?i=14996&v=101"
prefs.js - "extensions.enabledItems" - "fastdial@telega.phpnet.us:3.4, {54affe52-8223-453b-be1e-2fe2e250045c}:5.0.0.185, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=adbartrp&q="
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\extensions\
fastdial@telega.phpnet.us
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13 75592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-09-12 75656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13 63304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2011-06-13 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13 454472]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2011-06-13 503808]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2011-01-12 2918656]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-10 9643552]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nektra OEAPI"= []
"OEXPRESS"= []
"AdobeBridge"= []
"WEBTRAN"= []
"Google Update"=C:\Users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
"Facebook Update"=C:\Users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 137536]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2009-09-18 205976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2011-06-03 3058304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
C:\Windows\vsnp2uvc.exe [2010-01-21 909824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T3Desk]
C:\Program Files (x86)\T3Desk\T3Desk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2011-02-18 162912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CSTBox.exe]
C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSTBox.exe [2005-07-30 674816]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2011-06-03 3058304]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-26 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-19 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-10-21 106496]
"YouCam Mirage"=C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-18 136488]
"YouCam Tray"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2011-02-18 162912]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snagit 10.lnk - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CSTBox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-10-27 18:40:34 ----D---- C:\rsit
2011-10-27 18:40:34 ----D---- C:\Program Files\trend micro
2011-10-27 12:43:40 ----A---- C:\error.txt
2011-10-26 18:05:57 ----D---- C:\Program Files (x86)\FinalWire
2011-10-26 15:09:29 ----D---- C:\Program Files (x86)\Pixelbreaker
2011-10-26 15:08:16 ----A---- C:\Windows\SYSWOW64\dxtmeta2.dll
2011-10-23 19:44:50 ----D---- C:\ProgramData\Innovative Solutions
2011-10-23 19:35:18 ----D---- C:\Program Files (x86)\CyberLink
2011-10-23 19:08:38 ----D---- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2011-10-14 19:54:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-14 19:54:29 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-14 19:54:27 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-14 19:54:27 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-14 19:54:27 ----A---- C:\Windows\system32\iertutil.dll
2011-10-14 19:54:26 ----A---- C:\Windows\system32\url.dll
2011-10-14 19:54:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-14 19:54:25 ----A---- C:\Windows\system32\urlmon.dll
2011-10-14 19:54:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-14 19:54:24 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-14 19:54:22 ----A---- C:\Windows\system32\wininet.dll
2011-10-14 19:54:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-14 19:54:20 ----A---- C:\Windows\system32\jscript9.dll
2011-10-14 19:54:20 ----A---- C:\Windows\system32\ieui.dll
2011-10-14 19:54:19 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-14 19:54:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-14 19:54:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-14 19:54:18 ----A---- C:\Windows\system32\jscript.dll
2011-10-14 19:54:16 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-14 19:54:13 ----A---- C:\Windows\system32\mshtml.dll
2011-10-14 19:54:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-14 19:54:08 ----A---- C:\Windows\system32\ieframe.dll
2011-10-13 20:17:31 ----A---- C:\Windows\system32\win32k.sys
2011-10-13 20:17:30 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-13 20:17:29 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-13 19:37:07 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-13 19:37:07 ----A---- C:\Windows\system32\oleacc.dll
2011-10-13 19:37:05 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-13 19:37:05 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-06 20:43:57 ----D---- C:\Program Files (x86)\PlayLogic
2011-09-29 20:02:49 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2011-09-29 20:02:00 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2011-09-29 20:01:59 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-29 20:01:55 ----D---- C:\Program Files\Oracle
======List of files/folders modified in the last 1 month======
2011-10-27 18:40:34 ----RD---- C:\Program Files
2011-10-27 18:40:34 ----D---- C:\Windows\Temp
2011-10-27 18:23:38 ----D---- C:\Windows\system32\config
2011-10-27 18:16:29 ----D---- C:\Windows\System32
2011-10-27 18:16:28 ----D---- C:\Windows\inf
2011-10-27 18:16:28 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-27 18:15:55 ----D---- C:\Windows
2011-10-27 18:10:31 ----D---- C:\Windows\system32\Tasks
2011-10-27 18:10:15 ----A---- C:\Windows\SYSWOW64\log.txt
2011-10-27 13:53:24 ----SHD---- C:\Windows\Installer
2011-10-27 03:00:42 ----D---- C:\Windows\winsxs
2011-10-27 03:00:31 ----SHD---- C:\System Volume Information
2011-10-26 18:28:25 ----RD---- C:\Program Files (x86)
2011-10-26 18:26:33 ----D---- C:\Windows\SysWOW64
2011-10-26 18:26:33 ----D---- C:\Windows\system32\drivers
2011-10-26 18:26:04 ----D---- C:\Users\Stano\AppData\Roaming\Ethereal
2011-10-26 18:13:21 ----D---- C:\Windows\Prefetch
2011-10-26 15:11:28 ----RSD---- C:\Windows\assembly
2011-10-26 15:11:00 ----SD---- C:\Users\Stano\AppData\Roaming\Microsoft
2011-10-26 10:29:09 ----D---- C:\Program Files (x86)\Opera
2011-10-26 10:27:00 ----D---- C:\Windows\system32\catroot
2011-10-24 18:12:12 ----D---- C:\Users\Stano\AppData\Roaming\Skype
2011-10-24 18:12:11 ----D---- C:\ProgramData\Skype
2011-10-23 19:44:50 ----HD---- C:\ProgramData
2011-10-23 19:36:57 ----D---- C:\Windows\system32\DriverStore
2011-10-23 18:58:19 ----D---- C:\Windows\Tasks
2011-10-22 12:01:27 ----D---- C:\Windows\system32\catroot2
2011-10-19 22:36:27 ----D---- C:\Program Files (x86)\VSO
2011-10-19 22:35:09 ----D---- C:\Users\Stano\AppData\Roaming\Vso
2011-10-19 22:35:08 ----A---- C:\Users\Stano\AppData\Roaming\inst.exe
2011-10-18 21:50:36 ----D---- C:\Windows\Microsoft.NET
2011-10-15 19:45:22 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-14 22:38:19 ----D---- C:\Windows\SYSWOW64\migration
2011-10-14 22:38:19 ----D---- C:\Windows\system32\migration
2011-10-14 22:38:19 ----D---- C:\Program Files\Internet Explorer
2011-10-14 22:38:19 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-14 22:38:18 ----D---- C:\Windows\ehome
2011-10-14 20:03:29 ----A---- C:\Windows\system32\MRT.exe
2011-10-05 20:38:47 ----RSD---- C:\Windows\Fonts
2011-09-29 19:44:04 ----D---- C:\Users\Stano\AppData\Roaming\vlc
2011-09-28 14:03:35 ----D---- C:\Windows\debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-01-08 25576]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-01 868848]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 128816]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2010-12-21 170640]
R2 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2010-12-21 141264]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2010-12-21 125296]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-10 2222624]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-21 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-20 1800192]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 165680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 apxzgfkz;apxzgfkz; C:\Windows\system32\drivers\apxzgfkz.sys []
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-07-07 82816]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 5504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-09 96896]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\x86\ekrn.exe [2011-01-12 810144]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 NMSAccess;NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-05 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\reset.exe /s []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2011-01-12 42360]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-03 1255736]
-----------------EOF-----------------
Odvirování PC, zrychlení počítače, vzdálená pomoc prostřednictvím služby neslape.cz
najdený virus v ntb, prosim o kontrolu logu...
Moderátor: Moderátoři
Pravidla fóra
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Pokud chcete pomoc, vložte log z FRST [návod zde] nebo RSIT [návod zde]
Jednotlivé thready budou po vyřešení uzamčeny. Stejně tak ty, které budou nečinné déle než 14 dní. Vizte Pravidlo o zamykání témat. Děkujeme za pochopení.
!NOVINKA!
Nově lze využívat služby vzdálené pomoci, kdy se k vašemu počítači připojí odborník a bližší informace o problému si od vás získá telefonicky! Více na www.neslape.cz
Re: najdený virus v ntb, prosim o kontrolu logu...
Zdravim a pekny vecer preji 
Tim ESETem myslite ten nelegalni 
Kde havet hlasi - ovsem muze to byt i falesna detekce vzhledem k tomu ze je cracknuty - buh vi co crack s nim udelal
Tim ESETem myslite ten nelegalni Kde havet hlasi - ovsem muze to byt i falesna detekce vzhledem k tomu ze je cracknuty - buh vi co crack s nim udelal"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen
od 1. února 2011.
Člen
od 1. února 2011.Re: najdený virus v ntb, prosim o kontrolu logu...
Zdravim Vas.
Ano, Mate pravdu eset je fixnuty
Ano, Mate pravdu eset je fixnuty
Re: najdený virus v ntb, prosim o kontrolu logu...
Dle pravidel fora (viz zde a a zde bod c.3 ) se vsak nelegalnim SW nezabyvame, jelikoz nelegalni programy jsou vetsinou zdrojem haveti. Navic tim porusujete i autorska prava 
, pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora 
Obstarejte si proto legalni ochranu Vaseho PC (antivir), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.
Osobne Vam doporucuji Avast, Aviru ci MSE. Prehled antiviru mate ZDE.
Ta nejvyssi licence na W7 Ultimate asi tez nebude koupena ze Tentokrate PC odvirujem ale pokud zde budete priste zadat pomoc s nelegal OS, bude pomoc odmitnuta - berte to jako maly ustupek na uvitanou - je vsak jediny - priste budem dodrzovani pravidel fora striktne pozadovat
Kde ESET hlasi nakazu
Log z RSITu - viz muj podpis
Stahnete na plochu CKScanner
, pachate trestny cin a ten jako takovy nebude nasim forem podporovan. Uvedomte si, ze jste na bezpecnostnim foru - podpora warezu (zvlaste bezpecnostnich programu) by byla zcela proti logice fora Obstarejte si proto legalni ochranu Vaseho PC (antivir), pote sem vlozte novy log z RSITu a CKScanneru - viz nize.
Osobne Vam doporucuji Avast, Aviru ci MSE. Prehled antiviru mate ZDE.
Ta nejvyssi licence na W7 Ultimate asi tez nebude koupena ze Tentokrate PC odvirujem ale pokud zde budete priste zadat pomoc s nelegal OS, bude pomoc odmitnuta - berte to jako maly ustupek na uvitanou - je vsak jediny - priste budem dodrzovani pravidel fora striktne pozadovat Kde ESET hlasi nakazu Log z RSITu - viz muj podpis Stahnete na plochu CKScanner
- Spustte a kliknete na Search for files
- Po dokonceni skenu kliknete na Save List to File a nasledne OK
- Na plose se Vam vytvori log s nazvem ckfiles.txt, jeho obsah mi sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: najdený virus v ntb, prosim o kontrolu logu...
eset odinstalovany
novy log z HT a CKSc
Logfile of random's system information tool 1.09 (written by random/random)
Run by Stano at 2011-10-27 21:26:58
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 50 GB (49%) free of 102 GB
Total RAM: 3886 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:19, on 27. 10. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\AsScrPro.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\trend micro\Stano.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKLM\..\Policies\Explorer\Run: [CanoScan Toolbox Ver5.0] C:\Program Files (x86)\Canon\CSTBox.exe
O4 - HKCU\..\Policies\Explorer\Run: [CanoScan Toolbox Ver5.0] C:\Program Files (x86)\Canon\CSTBox.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-223967131-339517205-2418397834-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-223967131-339517205-2418397834-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CSTBox.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12135 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -service
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2076
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000610
\??\C:\Windows\system32\conhost.exe "1156187368-2084501093-1029235739-1421585412856776781-26661998820615440661410665321
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5861311d-9908-42f9-ab53-2622d7d63564 -SystemEventPortName:HostProcess-85960036-5fe4-4264-a0f8-704689cd241c -IoCancelEventPortName:HostProcess-92edba94-0ec6-4c8a-a9d6-0c4cf798062b -NonStateChangingEventPortName:HostProcess-3193fc05-0299-41b8-8a10-47efb6b04c57 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:993d9391-7cbe-4ec5-b2db-6a3c6f745b10
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskeng.exe {88528111-D305-4B30-A718-EB20FC8518A3}
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {44CB9FC8-8AD3-4561-9775-F21011FF7961}
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Windows\AsScrPro.exe"
explorer.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
explorer.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe" /X
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\splwow64.exe 12288
"C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /set_event="FFAPI_StartEvent_133c_31e87" /icon="hidden"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
wmiadap.exe /F /T /R
"D:\Software\Utility\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
======Scheduled tasks folder======
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default
prefs.js - "browser.startup.homepage" - "https://tipkurz.etip.sk/Odds.aspx?i=14996&v=101"
prefs.js - "extensions.enabledItems" - "fastdial@telega.phpnet.us:3.4, {54affe52-8223-453b-be1e-2fe2e250045c}:5.0.0.185, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=adbartrp&q="
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\extensions\
fastdial@telega.phpnet.us
{91da5e8a-3318-4f8c-b67e-5964de3ab546}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13 75592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 903672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-09-12 75656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13 63304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2011-06-13 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 599544]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
ZoneAlarm Security Toolbar - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll [2011-03-28 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13 454472]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 903672]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2011-06-13 503808]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]
{91da5e8a-3318-4f8c-b67e-5964de3ab546} - ZoneAlarm Security Toolbar - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 599544]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-10 9643552]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2011-02-15 1123320]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nektra OEAPI"= []
"OEXPRESS"= []
"AdobeBridge"= []
"WEBTRAN"= []
"Google Update"=C:\Users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
"Facebook Update"=C:\Users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 137536]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2009-09-18 205976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2011-06-03 3058304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
C:\Windows\vsnp2uvc.exe [2010-01-21 909824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T3Desk]
C:\Program Files (x86)\T3Desk\T3Desk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2011-02-18 162912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CSTBox.exe]
C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSTBox.exe [2005-07-30 674816]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2011-06-03 3058304]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-26 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-19 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-10-21 106496]
"YouCam Mirage"=C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-18 136488]
"YouCam Tray"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2011-02-18 162912]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-10-19 258512]
"ZoneAlarm Client"=C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snagit 10.lnk - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CSTBox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-10-27 20:58:45 ----D---- C:\Users\Stano\AppData\Roaming\CheckPoint
2011-10-27 20:58:08 ----D---- C:\Program Files (x86)\Conduit
2011-10-27 20:58:07 ----A---- C:\Windows\SYSWOW64\ConduitEngine.tmp
2011-10-27 20:58:06 ----D---- C:\Program Files (x86)\ConduitEngine
2011-10-27 20:58:04 ----D---- C:\Program Files (x86)\ZoneAlarm_Security
2011-10-27 20:57:52 ----D---- C:\Program Files\CheckPoint
2011-10-27 20:57:46 ----A---- C:\Windows\SYSWOW64\vsregexp.dll
2011-10-27 20:57:37 ----A---- C:\Windows\SYSWOW64\zlcommdb.dll
2011-10-27 20:57:37 ----A---- C:\Windows\SYSWOW64\zlcomm.dll
2011-10-27 20:57:33 ----A---- C:\Windows\SYSWOW64\vswmi.dll
2011-10-27 20:57:32 ----A---- C:\Windows\SYSWOW64\zpeng25.dll
2011-10-27 20:57:31 ----D---- C:\Windows\SYSWOW64\ZoneLabs
2011-10-27 20:57:31 ----A---- C:\Windows\SYSWOW64\vsxml.dll
2011-10-27 20:57:31 ----A---- C:\Windows\SYSWOW64\vspubapi.dll
2011-10-27 20:57:31 ----A---- C:\Windows\SYSWOW64\vsmonapi.dll
2011-10-27 20:57:29 ----A---- C:\Windows\SYSWOW64\vsdata.dll
2011-10-27 20:57:29 ----A---- C:\Windows\system32\drivers\~GLH0023.TMP
2011-10-27 20:57:25 ----N---- C:\Windows\system32\drivers\vsdatant.sys
2011-10-27 20:57:24 ----D---- C:\Program Files (x86)\Zone Labs
2011-10-27 20:54:37 ----D---- C:\ProgramData\CheckPoint
2011-10-27 20:54:35 ----D---- C:\Windows\Internet Logs
2011-10-27 20:54:34 ----A---- C:\Windows\SYSWOW64\vsutil.dll
2011-10-27 20:54:34 ----A---- C:\Windows\SYSWOW64\vsinit.dll
2011-10-27 20:41:34 ----D---- C:\Users\Stano\AppData\Roaming\Avira
2011-10-27 20:36:06 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2011-10-27 20:36:06 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-10-27 20:36:06 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-10-27 20:36:03 ----D---- C:\ProgramData\Avira
2011-10-27 20:36:03 ----D---- C:\Program Files (x86)\Avira
2011-10-27 18:40:34 ----D---- C:\rsit
2011-10-27 18:40:34 ----D---- C:\Program Files\trend micro
2011-10-27 12:43:40 ----A---- C:\error.txt
2011-10-26 18:05:57 ----D---- C:\Program Files (x86)\FinalWire
2011-10-26 15:09:29 ----D---- C:\Program Files (x86)\Pixelbreaker
2011-10-26 15:08:16 ----A---- C:\Windows\SYSWOW64\dxtmeta2.dll
2011-10-23 19:44:50 ----D---- C:\ProgramData\Innovative Solutions
2011-10-23 19:35:18 ----D---- C:\Program Files (x86)\CyberLink
2011-10-23 19:08:38 ----D---- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2011-10-14 19:54:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-14 19:54:29 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-14 19:54:27 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-14 19:54:27 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-14 19:54:27 ----A---- C:\Windows\system32\iertutil.dll
2011-10-14 19:54:26 ----A---- C:\Windows\system32\url.dll
2011-10-14 19:54:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-14 19:54:25 ----A---- C:\Windows\system32\urlmon.dll
2011-10-14 19:54:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-14 19:54:24 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-14 19:54:22 ----A---- C:\Windows\system32\wininet.dll
2011-10-14 19:54:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-14 19:54:20 ----A---- C:\Windows\system32\jscript9.dll
2011-10-14 19:54:20 ----A---- C:\Windows\system32\ieui.dll
2011-10-14 19:54:19 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-14 19:54:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-14 19:54:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-14 19:54:18 ----A---- C:\Windows\system32\jscript.dll
2011-10-14 19:54:16 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-14 19:54:13 ----A---- C:\Windows\system32\mshtml.dll
2011-10-14 19:54:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-14 19:54:08 ----A---- C:\Windows\system32\ieframe.dll
2011-10-13 20:17:31 ----A---- C:\Windows\system32\win32k.sys
2011-10-13 20:17:30 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-13 20:17:29 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-13 19:37:07 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-13 19:37:07 ----A---- C:\Windows\system32\oleacc.dll
2011-10-13 19:37:05 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-13 19:37:05 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-06 20:43:57 ----D---- C:\Program Files (x86)\PlayLogic
2011-09-29 20:02:49 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2011-09-29 20:02:00 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2011-09-29 20:01:59 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-29 20:01:55 ----D---- C:\Program Files\Oracle
======List of files/folders modified in the last 1 month======
2011-10-27 21:27:16 ----D---- C:\Windows\Temp
2011-10-27 21:25:20 ----D---- C:\Windows\system32\config
2011-10-27 21:24:19 ----D---- C:\Windows\system32\Tasks
2011-10-27 21:21:33 ----A---- C:\Windows\SYSWOW64\log.txt
2011-10-27 21:20:32 ----D---- C:\Windows\system32\catroot
2011-10-27 20:58:08 ----RD---- C:\Program Files (x86)
2011-10-27 20:58:07 ----D---- C:\Windows\SysWOW64
2011-10-27 20:57:52 ----RD---- C:\Program Files
2011-10-27 20:57:44 ----D---- C:\Windows
2011-10-27 20:57:29 ----D---- C:\Windows\SYSWOW64\drivers
2011-10-27 20:57:29 ----D---- C:\Windows\system32\drivers
2011-10-27 20:57:27 ----D---- C:\Windows\inf
2011-10-27 20:57:26 ----D---- C:\Windows\system32\DriverStore
2011-10-27 20:54:37 ----HD---- C:\ProgramData
2011-10-27 20:36:37 ----D---- C:\Windows\System32
2011-10-27 20:36:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-27 20:35:30 ----SHD---- C:\Windows\Installer
2011-10-27 20:23:43 ----SHD---- C:\System Volume Information
2011-10-27 03:00:42 ----D---- C:\Windows\winsxs
2011-10-26 18:26:04 ----D---- C:\Users\Stano\AppData\Roaming\Ethereal
2011-10-26 18:13:21 ----D---- C:\Windows\Prefetch
2011-10-26 15:11:28 ----RSD---- C:\Windows\assembly
2011-10-26 15:11:00 ----SD---- C:\Users\Stano\AppData\Roaming\Microsoft
2011-10-26 10:29:09 ----D---- C:\Program Files (x86)\Opera
2011-10-24 18:12:12 ----D---- C:\Users\Stano\AppData\Roaming\Skype
2011-10-24 18:12:11 ----D---- C:\ProgramData\Skype
2011-10-23 18:58:19 ----D---- C:\Windows\Tasks
2011-10-22 12:01:27 ----D---- C:\Windows\system32\catroot2
2011-10-19 22:36:27 ----D---- C:\Program Files (x86)\VSO
2011-10-19 22:35:09 ----D---- C:\Users\Stano\AppData\Roaming\Vso
2011-10-19 22:35:08 ----A---- C:\Users\Stano\AppData\Roaming\inst.exe
2011-10-18 21:50:36 ----D---- C:\Windows\Microsoft.NET
2011-10-15 19:45:22 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-14 22:38:19 ----D---- C:\Windows\SYSWOW64\migration
2011-10-14 22:38:19 ----D---- C:\Windows\system32\migration
2011-10-14 22:38:19 ----D---- C:\Program Files\Internet Explorer
2011-10-14 22:38:19 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-14 22:38:18 ----D---- C:\Windows\ehome
2011-10-14 20:03:29 ----A---- C:\Windows\system32\MRT.exe
2011-10-05 20:38:47 ----RSD---- C:\Windows\Fonts
2011-09-29 19:44:04 ----D---- C:\Users\Stano\AppData\Roaming\vlc
2011-09-28 14:03:35 ----D---- C:\Windows\debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-01-08 25576]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-01 868848]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-10-19 130760]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 128816]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 458840]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-10-19 97312]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-10 2222624]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-21 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-20 1800192]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 165680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 au0dwv29;au0dwv29; C:\Windows\system32\drivers\au0dwv29.sys []
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-07-07 82816]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 5504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-19 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-09 96896]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 NMSAccess;NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-05 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\reset.exe /s []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-03 1255736]
-----------------EOF-----------------
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\fp-1.1\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\fp-1.1\java\security\spec\class-use\rsakeygenparameterspec.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\keygenerator.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\keygeneratorspi.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\class-use\keygenerator.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\class-use\keygeneratorspi.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\pbp11\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\pbp11\java\security\spec\class-use\rsakeygenparameterspec.html
c:\users\stano\appdata\local\vs revo group\revo uninstaller pro\keygen.exe
c:\windows\prefetch\keygen.exe-7f2e5f5b.pf
scanner sequence 3.CG.11.TJAAES
----- EOF -----
novy log z HT a CKSc
Logfile of random's system information tool 1.09 (written by random/random)
Run by Stano at 2011-10-27 21:26:58
Microsoft Windows 7 Ultimate Service Pack 1
System drive C: has 50 GB (49%) free of 102 GB
Total RAM: 3886 MB (58% free)
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:27:19, on 27. 10. 2011
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16421)
Boot mode: Normal
Running processes:
C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
C:\Windows\AsScrPro.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\SysWOW64\explorer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe
C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe
C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe
C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe
C:\Program Files\trend micro\Stano.exe
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.conduit.com?SearchSource= ... =CT2645238
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: SnagIt Toolbar Loader - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll
O2 - BHO: WebTransBHO Class - {2DB66063-BB98-466A-AA0D-3E7ACF5ED853} - C:\TRANSLAT\WebIE.dll
O2 - BHO: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O2 - BHO: ZoneAlarm Security Engine Registrar - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ZoneAlarm Security - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: WebTranslator - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - C:\TRANSLAT\WebIE.dll
O3 - Toolbar: Snagit - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll
O3 - Toolbar: ZoneAlarm Security Toolbar - {91da5e8a-3318-4f8c-b67e-5964de3ab546} - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll
O3 - Toolbar: Conduit Engine - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll
O3 - Toolbar: ZoneAlarm Security Engine - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll
O4 - HKLM\..\Run: [ASUS Screen Saver Protector] C:\Windows\AsScrPro.exe
O4 - HKLM\..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
O4 - HKLM\..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
O4 - HKLM\..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
O4 - HKLM\..\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
O4 - HKLM\..\Run: [YouCam Mirage] "C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
O4 - HKLM\..\Run: [YouCam Tray] "C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe" /s
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [Google Update] "C:\Users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe" /c
O4 - HKCU\..\Run: [Facebook Update] "C:\Users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver
O4 - HKLM\..\Policies\Explorer\Run: [CanoScan Toolbox Ver5.0] C:\Program Files (x86)\Canon\CSTBox.exe
O4 - HKCU\..\Policies\Explorer\Run: [CanoScan Toolbox Ver5.0] C:\Program Files (x86)\Canon\CSTBox.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-223967131-339517205-2418397834-1004\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'UpdatusUser')
O4 - HKUS\S-1-5-21-223967131-339517205-2418397834-1004\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'UpdatusUser')
O4 - Startup: CSTBox.exe
O4 - Global Startup: Snagit 10.lnk = C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
O4 - Global Startup: SRS Premium Sound.lnk = ?
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {BFC32E1D-EE75-4A48-BC60-104E11EE2431} - (no file)
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: &Slovník - {CC963627-B1DC-40E0-B52A-CF21EE748450} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: (no name) - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra 'Tools' menuitem: Preložiť &stránku - {CC963627-B1DC-40E0-B52A-CF21EE748452} - C:\TRANSLAT\WebIE.dll
O9 - Extra button: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O9 - Extra 'Tools' menuitem: UB - {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} - C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\UB\UB.lnk (file missing) (HKCU)
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O20 - AppInit_DLLs: C:\Windows\SysWOW64\nvinit.dll
O23 - Service: Eset Trial Reset (.EsetTrialReset) - Unknown owner - C:\Windows\reset.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: ASLDR Service (ASLDRService) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
O23 - Service: ATKGFNEX Service (ATKGFNEXSrv) - ASUS - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Služba Google Update (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Služba Google Update (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: ZoneAlarm Toolbar IswSvc (IswSvc) - Check Point Software Technologies - C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Intel(R) Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: NMSAccess - Unknown owner - C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: NVIDIA Update Service Daemon (nvUpdatusService) - NVIDIA Corporation - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: Intel(R) Management & Security Application User Notification Service (UNS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: TrueVector Internet Monitor (vsmon) - Check Point Software Technologies LTD - C:\Windows\SysWOW64\ZoneLabs\vsmon.exe
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
--
End of file - 12135 bytes
======Listing Processes======
\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
winlogon.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
"C:\Program Files\NVIDIA Corporation\Display\NvXDSync.exe"
C:\Windows\system32\nvvsvc.exe -session -first
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\SysWOW64\ZoneLabs\vsmon.exe -service
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe"
"C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe"
C:\Windows\System32\spoolsv.exe
"C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe"
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe"
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe"
"C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe"
"C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe"
C:\Windows\system32\svchost.exe -k imgsvc
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
WLIDSvcM.exe 2076
"C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe" avshadowcontrol0_00000610
\??\C:\Windows\system32\conhost.exe "1156187368-2084501093-1029235739-1421585412856776781-26661998820615440661410665321
C:\Windows\system32\SearchIndexer.exe /Embedding
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-5861311d-9908-42f9-ab53-2622d7d63564 -SystemEventPortName:HostProcess-85960036-5fe4-4264-a0f8-704689cd241c -IoCancelEventPortName:HostProcess-92edba94-0ec6-4c8a-a9d6-0c4cf798062b -NonStateChangingEventPortName:HostProcess-3193fc05-0299-41b8-8a10-47efb6b04c57 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:993d9391-7cbe-4ec5-b2db-6a3c6f745b10
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
taskeng.exe {88528111-D305-4B30-A718-EB20FC8518A3}
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
taskeng.exe {44CB9FC8-8AD3-4561-9775-F21011FF7961}
"C:\Program Files\P4G\BatteryLife.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe"
ATKOSD.exe
KBFiltr.exe
WDC.exe
"C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe"
"C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
"C:\Windows\System32\hkcmd.exe"
"C:\Windows\System32\igfxpers.exe"
"C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe"
"C:\Program Files\SRS Labs\SRS Premium Sound Control Panel\SRSPremiumPanel_64.exe" /f=srs_premium_sound_nopreset.zip
"C:\Windows\AsScrPro.exe"
explorer.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe"
"C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe"
explorer.exe
"C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe"
"C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\TSCHelp.exe"
"C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe"
"C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
"C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\SnagPriv.exe"
"C:\Program Files (x86)\TechSmith\Snagit 10\snagiteditor.exe" /X
"C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe"
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
C:\Windows\splwow64.exe 12288
"C:\Program Files\CheckPoint\ZAForceField\ForceField.exe" /set_event="FFAPI_StartEvent_133c_31e87" /icon="hidden"
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\DllHost.exe /Processid:{30D49246-D217-465F-B00B-AC9DDD652EB7}
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\servicing\TrustedInstaller.exe
wmiadap.exe /F /T /R
"D:\Software\Utility\RSITx64.exe"
C:\Windows\System32\svchost.exe -k WerSvcGroup
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe3_ Global\UsGthrCtrlFltPipeMssGthrPipe3 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Windows\system32\SearchFilterHost.exe" 0 516 520 528 65536 524
======Scheduled tasks folder======
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
=========Mozilla firefox=========
ProfilePath - C:\Users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default
prefs.js - "browser.startup.homepage" - "https://tipkurz.etip.sk/Odds.aspx?i=14996&v=101"
prefs.js - "extensions.enabledItems" - "fastdial@telega.phpnet.us:3.4, {54affe52-8223-453b-be1e-2fe2e250045c}:5.0.0.185, {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.22"
prefs.js - "keyword.URL" - "http://search.babylon.com/?babsrc=adbartrp&q="
"{FFB96CC1-7EB3-449D-B827-DB661701C6BB}"=C:\Program Files\CheckPoint\ZAForceField\TrustChecker
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 10.1 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer]
"Description"=Adobe Shockwave Player
"Path"=C:\Windows\system32\Adobe\Director\np32dsw.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@checkpoint.com/FFApi]
"Description"=ZoneAlarm Toolbar Api
"Path"=C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf]
"Description"=
"Path"=C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin]
"Description"=Google Earth in your browser
"Path"=C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=C:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9]
"Description"=Google Update
"Path"=C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=C:\Windows\system32\Wat\npWatWeb.dll
C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}
C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
C:\Program Files (x86)\Mozilla Firefox\searchplugins\
atlas-sk.xml
azet-sk.xml
dunaj-sk.xml
eBay.xml
google.xml
slovnik-sk.xml
wikipedia-sk.xml
zoznam-sk.xml
C:\Users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\extensions\
fastdial@telega.phpnet.us
{91da5e8a-3318-4f8c-b67e-5964de3ab546}
======Registry dump======
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitBHO64.dll [2010-04-13 75592]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 903672]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2011-09-12 75656]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{00C6482D-C502-44C8-8409-FCE54AD9C208}]
SnagIt Toolbar Loader - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitBHO.dll [2010-04-13 63304]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2DB66063-BB98-466A-AA0D-3E7ACF5ED853}]
WebTransBHO Class - C:\TRANSLAT\WebIE.dll [2011-06-13 503808]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3}]
ZoneAlarm Security Engine Registrar - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 599544]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
ZoneAlarm Security Toolbar - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll [2011-03-28 176936]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll [2011-02-17 41760]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files (x86)\TechSmith\Snagit 10\DLLx64\SnagitIEAddin64.dll [2010-04-13 454472]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 903672]
[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{BFC32E1D-EE75-4A48-BC60-104E11EE2431} - WebTranslator - C:\TRANSLAT\WebIE.dll [2011-06-13 503808]
{8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - Snagit - C:\Program Files (x86)\TechSmith\Snagit 10\SnagitIEAddin.dll [2010-04-13 206152]
{91da5e8a-3318-4f8c-b67e-5964de3ab546} - ZoneAlarm Security Toolbar - C:\Program Files (x86)\ZoneAlarm_Security\prxtbZone.dll [2011-03-28 176936]
{30F9B915-B755-4826-820B-08FBA6BD249D} - Conduit Engine - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll [2011-03-28 176936]
{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - ZoneAlarm Security Engine - C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll [2011-02-15 599544]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"=C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2009-12-10 9643552]
"IgfxTray"=C:\Windows\system32\igfxtray.exe [2011-02-11 162328]
"HotKeysCmds"=C:\Windows\system32\hkcmd.exe [2011-02-11 386584]
"Persistence"=C:\Windows\system32\igfxpers.exe [2011-02-11 417304]
"AmIcoSinglun64"=C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [2009-09-01 323584]
"ISW"=C:\Program Files\CheckPoint\ZAForceField\ForceField.exe [2011-02-15 1123320]
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Nektra OEAPI"= []
"OEXPRESS"= []
"AdobeBridge"= []
"WEBTRAN"= []
"Google Update"=C:\Users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-06-06 136176]
"Facebook Update"=C:\Users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-27 137536]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-03-06 500208]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe [2010-02-22 406992]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray]
C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount]
C:\Program Files (x86)\Alcohol Soft\Alcohol 120\axcmd.exe [2009-09-18 205976]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ASUS Screen Saver Protector]
C:\Windows\AsScrPro.exe [2011-06-03 3058304]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ETDWare]
C:\Program Files\Elantech\ETDCtrl.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\snp2uvc]
C:\Windows\vsnp2uvc.exe [2010-01-21 909824]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2010-10-29 249064]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T3Desk]
C:\Program Files (x86)\T3Desk\T3Desk.exe []
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\YouCam Tray]
C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2011-02-18 162912]
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Users^Stano^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^CSTBox.exe]
C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSTBox.exe [2005-07-30 674816]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"=C:\Windows\AsScrPro.exe [2011-06-03 3058304]
"ATKOSD2"=C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [2009-10-26 6998656]
"ATKMEDIA"=C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [2009-08-19 170624]
"HControlUser"=C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [2009-06-19 105016]
"NUSB3MON"=C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [2009-10-21 106496]
"YouCam Mirage"=C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2011-02-18 136488]
"YouCam Tray"=C:\Program Files (x86)\CyberLink\YouCam\YouCamTray.exe [2011-02-18 162912]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-10-19 258512]
"ZoneAlarm Client"=C:\Program Files (x86)\Zone Labs\ZoneAlarm\zlclient.exe [2011-03-18 1043968]
[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run]
"CanoScan Toolbox Ver5.0"=C:\Program Files (x86)\Canon\CSTBox.exe [2006-07-17 674816]
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup
Snagit 10.lnk - C:\Program Files (x86)\TechSmith\Snagit 10\Snagit32.exe
SRS Premium Sound.lnk - C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe
C:\Users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
CSTBox.exe
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"="C:\Windows\system32\nvinitx.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\Windows\system32\igfxdev.dll [2011-02-11 272896]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\vsmon]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"LogonHoursAction"=2
"DontDisplayLogonHoursWarnings"=1
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"VIDC.ACDV"=ACDV.dll
======File associations======
.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
======List of files/folders created in the last 1 month======
2011-10-27 20:58:45 ----D---- C:\Users\Stano\AppData\Roaming\CheckPoint
2011-10-27 20:58:08 ----D---- C:\Program Files (x86)\Conduit
2011-10-27 20:58:07 ----A---- C:\Windows\SYSWOW64\ConduitEngine.tmp
2011-10-27 20:58:06 ----D---- C:\Program Files (x86)\ConduitEngine
2011-10-27 20:58:04 ----D---- C:\Program Files (x86)\ZoneAlarm_Security
2011-10-27 20:57:52 ----D---- C:\Program Files\CheckPoint
2011-10-27 20:57:46 ----A---- C:\Windows\SYSWOW64\vsregexp.dll
2011-10-27 20:57:37 ----A---- C:\Windows\SYSWOW64\zlcommdb.dll
2011-10-27 20:57:37 ----A---- C:\Windows\SYSWOW64\zlcomm.dll
2011-10-27 20:57:33 ----A---- C:\Windows\SYSWOW64\vswmi.dll
2011-10-27 20:57:32 ----A---- C:\Windows\SYSWOW64\zpeng25.dll
2011-10-27 20:57:31 ----D---- C:\Windows\SYSWOW64\ZoneLabs
2011-10-27 20:57:31 ----A---- C:\Windows\SYSWOW64\vsxml.dll
2011-10-27 20:57:31 ----A---- C:\Windows\SYSWOW64\vspubapi.dll
2011-10-27 20:57:31 ----A---- C:\Windows\SYSWOW64\vsmonapi.dll
2011-10-27 20:57:29 ----A---- C:\Windows\SYSWOW64\vsdata.dll
2011-10-27 20:57:29 ----A---- C:\Windows\system32\drivers\~GLH0023.TMP
2011-10-27 20:57:25 ----N---- C:\Windows\system32\drivers\vsdatant.sys
2011-10-27 20:57:24 ----D---- C:\Program Files (x86)\Zone Labs
2011-10-27 20:54:37 ----D---- C:\ProgramData\CheckPoint
2011-10-27 20:54:35 ----D---- C:\Windows\Internet Logs
2011-10-27 20:54:34 ----A---- C:\Windows\SYSWOW64\vsutil.dll
2011-10-27 20:54:34 ----A---- C:\Windows\SYSWOW64\vsinit.dll
2011-10-27 20:41:34 ----D---- C:\Users\Stano\AppData\Roaming\Avira
2011-10-27 20:36:06 ----A---- C:\Windows\system32\drivers\avkmgr.sys
2011-10-27 20:36:06 ----A---- C:\Windows\system32\drivers\avipbb.sys
2011-10-27 20:36:06 ----A---- C:\Windows\system32\drivers\avgntflt.sys
2011-10-27 20:36:03 ----D---- C:\ProgramData\Avira
2011-10-27 20:36:03 ----D---- C:\Program Files (x86)\Avira
2011-10-27 18:40:34 ----D---- C:\rsit
2011-10-27 18:40:34 ----D---- C:\Program Files\trend micro
2011-10-27 12:43:40 ----A---- C:\error.txt
2011-10-26 18:05:57 ----D---- C:\Program Files (x86)\FinalWire
2011-10-26 15:09:29 ----D---- C:\Program Files (x86)\Pixelbreaker
2011-10-26 15:08:16 ----A---- C:\Windows\SYSWOW64\dxtmeta2.dll
2011-10-23 19:44:50 ----D---- C:\ProgramData\Innovative Solutions
2011-10-23 19:35:18 ----D---- C:\Program Files (x86)\CyberLink
2011-10-23 19:08:38 ----D---- C:\Program Files (x86)\Mozilla Firefox 4.0 Beta 11
2011-10-14 19:54:29 ----A---- C:\Windows\SYSWOW64\mshtmled.dll
2011-10-14 19:54:29 ----A---- C:\Windows\system32\mshtmled.dll
2011-10-14 19:54:27 ----A---- C:\Windows\SYSWOW64\url.dll
2011-10-14 19:54:27 ----A---- C:\Windows\SYSWOW64\iertutil.dll
2011-10-14 19:54:27 ----A---- C:\Windows\system32\iertutil.dll
2011-10-14 19:54:26 ----A---- C:\Windows\system32\url.dll
2011-10-14 19:54:25 ----A---- C:\Windows\SYSWOW64\urlmon.dll
2011-10-14 19:54:25 ----A---- C:\Windows\system32\urlmon.dll
2011-10-14 19:54:24 ----A---- C:\Windows\SYSWOW64\wininet.dll
2011-10-14 19:54:24 ----A---- C:\Windows\system32\jsproxy.dll
2011-10-14 19:54:22 ----A---- C:\Windows\system32\wininet.dll
2011-10-14 19:54:21 ----A---- C:\Windows\SYSWOW64\ieui.dll
2011-10-14 19:54:20 ----A---- C:\Windows\system32\jscript9.dll
2011-10-14 19:54:20 ----A---- C:\Windows\system32\ieui.dll
2011-10-14 19:54:19 ----A---- C:\Windows\SYSWOW64\jscript9.dll
2011-10-14 19:54:19 ----A---- C:\Windows\SYSWOW64\jscript.dll
2011-10-14 19:54:18 ----A---- C:\Windows\SYSWOW64\jsproxy.dll
2011-10-14 19:54:18 ----A---- C:\Windows\system32\jscript.dll
2011-10-14 19:54:16 ----A---- C:\Windows\SYSWOW64\mshtml.dll
2011-10-14 19:54:13 ----A---- C:\Windows\system32\mshtml.dll
2011-10-14 19:54:11 ----A---- C:\Windows\SYSWOW64\ieframe.dll
2011-10-14 19:54:08 ----A---- C:\Windows\system32\ieframe.dll
2011-10-13 20:17:31 ----A---- C:\Windows\system32\win32k.sys
2011-10-13 20:17:30 ----A---- C:\Windows\system32\psisdecd.dll
2011-10-13 20:17:29 ----A---- C:\Windows\SYSWOW64\psisdecd.dll
2011-10-13 19:37:07 ----A---- C:\Windows\SYSWOW64\oleacc.dll
2011-10-13 19:37:07 ----A---- C:\Windows\system32\oleacc.dll
2011-10-13 19:37:05 ----A---- C:\Windows\SYSWOW64\oleaut32.dll
2011-10-13 19:37:05 ----A---- C:\Windows\system32\oleaut32.dll
2011-10-06 20:43:57 ----D---- C:\Program Files (x86)\PlayLogic
2011-09-29 20:02:49 ----A---- C:\Windows\system32\drivers\VBoxDrv.sys
2011-09-29 20:02:00 ----A---- C:\Windows\system32\drivers\VBoxUSBMon.sys
2011-09-29 20:01:59 ----DC---- C:\Windows\system32\DRVSTORE
2011-09-29 20:01:55 ----D---- C:\Program Files\Oracle
======List of files/folders modified in the last 1 month======
2011-10-27 21:27:16 ----D---- C:\Windows\Temp
2011-10-27 21:25:20 ----D---- C:\Windows\system32\config
2011-10-27 21:24:19 ----D---- C:\Windows\system32\Tasks
2011-10-27 21:21:33 ----A---- C:\Windows\SYSWOW64\log.txt
2011-10-27 21:20:32 ----D---- C:\Windows\system32\catroot
2011-10-27 20:58:08 ----RD---- C:\Program Files (x86)
2011-10-27 20:58:07 ----D---- C:\Windows\SysWOW64
2011-10-27 20:57:52 ----RD---- C:\Program Files
2011-10-27 20:57:44 ----D---- C:\Windows
2011-10-27 20:57:29 ----D---- C:\Windows\SYSWOW64\drivers
2011-10-27 20:57:29 ----D---- C:\Windows\system32\drivers
2011-10-27 20:57:27 ----D---- C:\Windows\inf
2011-10-27 20:57:26 ----D---- C:\Windows\system32\DriverStore
2011-10-27 20:54:37 ----HD---- C:\ProgramData
2011-10-27 20:36:37 ----D---- C:\Windows\System32
2011-10-27 20:36:37 ----A---- C:\Windows\system32\PerfStringBackup.INI
2011-10-27 20:35:30 ----SHD---- C:\Windows\Installer
2011-10-27 20:23:43 ----SHD---- C:\System Volume Information
2011-10-27 03:00:42 ----D---- C:\Windows\winsxs
2011-10-26 18:26:04 ----D---- C:\Users\Stano\AppData\Roaming\Ethereal
2011-10-26 18:13:21 ----D---- C:\Windows\Prefetch
2011-10-26 15:11:28 ----RSD---- C:\Windows\assembly
2011-10-26 15:11:00 ----SD---- C:\Users\Stano\AppData\Roaming\Microsoft
2011-10-26 10:29:09 ----D---- C:\Program Files (x86)\Opera
2011-10-24 18:12:12 ----D---- C:\Users\Stano\AppData\Roaming\Skype
2011-10-24 18:12:11 ----D---- C:\ProgramData\Skype
2011-10-23 18:58:19 ----D---- C:\Windows\Tasks
2011-10-22 12:01:27 ----D---- C:\Windows\system32\catroot2
2011-10-19 22:36:27 ----D---- C:\Program Files (x86)\VSO
2011-10-19 22:35:09 ----D---- C:\Users\Stano\AppData\Roaming\Vso
2011-10-19 22:35:08 ----A---- C:\Users\Stano\AppData\Roaming\inst.exe
2011-10-18 21:50:36 ----D---- C:\Windows\Microsoft.NET
2011-10-15 19:45:22 ----D---- C:\Program Files (x86)\Microsoft Silverlight
2011-10-14 22:38:19 ----D---- C:\Windows\SYSWOW64\migration
2011-10-14 22:38:19 ----D---- C:\Windows\system32\migration
2011-10-14 22:38:19 ----D---- C:\Program Files\Internet Explorer
2011-10-14 22:38:19 ----D---- C:\Program Files (x86)\Internet Explorer
2011-10-14 22:38:18 ----D---- C:\Windows\ehome
2011-10-14 20:03:29 ----A---- C:\Windows\system32\MRT.exe
2011-10-05 20:38:47 ----RSD---- C:\Windows\Fonts
2011-09-29 19:44:04 ----D---- C:\Users\Stano\AppData\Roaming\vlc
2011-09-28 14:03:35 ----D---- C:\Windows\debug
======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R0 iaStor;Intel AHCI Controller; C:\Windows\system32\DRIVERS\iaStor.sys [2009-12-17 538136]
R0 nvpciflt;nvpciflt; C:\Windows\system32\DRIVERS\nvpciflt.sys [2011-01-08 25576]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-20 213888]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2011-02-01 868848]
R0 vmbus;@%SystemRoot%\system32\vmbusres.dll,-1000; C:\Windows\system32\drivers\vmbus.sys [2010-11-20 199552]
R1 avipbb;avipbb; C:\Windows\system32\DRIVERS\avipbb.sys [2011-10-19 130760]
R1 avkmgr;avkmgr; C:\Windows\system32\DRIVERS\avkmgr.sys [2011-10-19 27760]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-20 514560]
R1 VBoxDrv;VirtualBox Service; C:\Windows\system32\DRIVERS\VBoxDrv.sys [2011-08-15 224048]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver; C:\Windows\system32\DRIVERS\VBoxUSBMon.sys [2011-08-15 128816]
R1 Vsdatant;Zone Alarm Firewall Driver; C:\Windows\system32\DRIVERS\vsdatant.sys [2010-05-15 458840]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 ASMMAP64;ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
R2 avgntflt;avgntflt; C:\Windows\system32\DRIVERS\avgntflt.sys [2011-10-19 97312]
R2 ISWKL;ZoneAlarm Toolbar ISWKL; \??\C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
R3 AmUStor;AM USB Stroage Driver; C:\Windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 athr;Atheros Extensible Wireless LAN device driver; C:\Windows\system32\DRIVERS\athrx.sys [2009-10-05 1542656]
R3 clwvd;CyberLink WebCam Virtual Driver; C:\Windows\system32\DRIVERS\clwvd.sys [2010-07-28 31088]
R3 HECIx64;Intel(R) Management Engine Interface; C:\Windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 igfx;igfx; C:\Windows\system32\DRIVERS\igdkmd64.sys [2011-02-11 10628640]
R3 Impcd;Impcd; C:\Windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\Windows\system32\drivers\RTKVHD64.sys [2009-12-10 2222624]
R3 IntcDAud;Intel(R) Zvuk pre obrazovky; C:\Windows\system32\DRIVERS\IntcDAud.sys [2009-10-30 244736]
R3 kbfiltr;Keyboard Filter; C:\Windows\system32\DRIVERS\kbfiltr.sys [2009-07-21 15416]
R3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20); C:\Windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
R3 MTsensor;ATK0100 ACPI UTILITY; C:\Windows\system32\DRIVERS\ATK64AMD.sys [2009-05-13 15928]
R3 nusb3hub;NEC Electronics USB 3.0 Hub Driver; C:\Windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
R3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver; C:\Windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\Windows\system32\DRIVERS\snp2uvc.sys [2009-08-20 1800192]
R3 VBoxNetFlt;VirtualBox Bridged Networking Service; C:\Windows\system32\DRIVERS\VBoxNetFlt.sys [2011-08-15 165680]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\Windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 au0dwv29;au0dwv29; C:\Windows\system32\drivers\au0dwv29.sys []
S3 ETD;ELAN PS/2 Port Input Device; C:\Windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 pcouffin;VSO Software pcouffin; C:\Windows\System32\Drivers\pcouffin.sys [2011-07-07 82816]
S3 pfc;Padus ASPI Shell; C:\Windows\system32\drivers\pfc.sys []
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-20 165888]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver; C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-20 20992]
S3 Revoflt;Revoflt; C:\Windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-20 6656]
S3 StarOpen;StarOpen; C:\Windows\system32\drivers\StarOpen.sys [2009-11-12 5504]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-20 34688]
S3 Synth3dVsc;Synth3dVsc; C:\Windows\System32\drivers\synth3dvsc.sys []
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S3 tsusbhub;@%SystemRoot%\system32\drivers\tsusbhub.sys,-1; C:\Windows\system32\drivers\tsusbhub.sys []
S3 usbscan;USB Scanner Driver; C:\Windows\system32\DRIVERS\usbscan.sys [2009-07-14 41984]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter; C:\Windows\system32\DRIVERS\VBoxNetAdp.sys [2011-08-15 146736]
S3 VGPU;VGPU; C:\Windows\System32\drivers\rdvgkmd.sys []
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-20 21760]
S3 WimFltr;WimFltr; C:\Windows\system32\DRIVERS\wimfltr.sys [2008-05-23 154168]
S3 WinUsb;WinUsb; C:\Windows\system32\DRIVERS\WinUsb.sys [2010-11-20 41984]
======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======
R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-10-19 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
R2 ASLDRService;ASLDR Service; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [2009-06-15 84536]
R2 ATKGFNEXSrv;ATKGFNEX Service; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [2009-11-09 96896]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 IswSvc;ZoneAlarm Toolbar IswSvc; C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
R2 LMS;Intel(R) Management and Security Application Local Management Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe [2009-09-30 262144]
R2 NMSAccess;NMSAccess; C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe [2010-03-05 71096]
R2 nvsvc;NVIDIA Display Driver Service; C:\Windows\system32\nvvsvc.exe [2011-01-07 1005160]
R2 nvUpdatusService;NVIDIA Update Service Daemon; C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
R2 StarWindServiceAE;StarWind AE Service; C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe [2007-05-28 275968]
R2 UNS;Intel(R) Management & Security Application User Notification Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
R2 vsmon;TrueVector Internet Monitor; C:\Windows\SysWOW64\ZoneLabs\vsmon.exe [2011-03-18 2435592]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
S2 .EsetTrialReset;Eset Trial Reset; C:\Windows\reset.exe /s []
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 gupdate;Služba Google Update (gupdate); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 gupdatem;Služba Google Update (gupdatem); C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2011-02-03 1255736]
-----------------EOF-----------------
CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\fp-1.1\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\fp-1.1\java\security\spec\class-use\rsakeygenparameterspec.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\keygenerator.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\keygeneratorspi.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\class-use\keygenerator.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\jce10\javax\crypto\class-use\keygeneratorspi.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\pbp11\java\security\spec\rsakeygenparameterspec.html
c:\program files (x86)\netbeans 7.0.1\mobility\java_me_platform_sdk_3.0\docs\api\pbp11\java\security\spec\class-use\rsakeygenparameterspec.html
c:\users\stano\appdata\local\vs revo group\revo uninstaller pro\keygen.exe
c:\windows\prefetch\keygen.exe-7f2e5f5b.pf
scanner sequence 3.CG.11.TJAAES
----- EOF -----
Re: najdený virus v ntb, prosim o kontrolu logu...
Stahnete si TDSSKiller http://support.kaspersky.com/downloads/ ... killer.exe
- Utilitu spustte a prikazte ji, at skenuje - klik na Start Scan
- Pokud utilita najde infikekci, bude ji chtit lecit (Cure), povolte leceni kliknutim na Continue
- Pokud utilita najde podezrely soubor (suspicious), bude jej chtit preskocit (Skip), povolte preskoceni kliknutim na Continue
- Po dokonceni skenu bude mozna nutny restart PC, povolte jej kliknutim na Reboot now
- Po restartu na Vas vyskoci log, pokud se tak nestane, najdete jej primo na disku, kde mate Windows (obvykle c:\) ve tvaru TDSSKiller.nejaka cisilka _log.txt - jeho obsah sem vlozte
- Pokud restart nebude vyzadovan, kliknete na Close a nasledne na Report - vytvori se log - jeho obsah sem vlozte
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: najdený virus v ntb, prosim o kontrolu logu...
takže tu je log z TDSSKiller ... a vďaka za Váš čas a ochotu ...
21:55:08.0445 5492 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
21:55:09.0007 5492 ============================================================
21:55:09.0007 5492 Current date / time: 2011/10/27 21:55:09.0007
21:55:09.0007 5492 SystemInfo:
21:55:09.0007 5492
21:55:09.0007 5492 OS Version: 6.1.7601 ServicePack: 1.0
21:55:09.0007 5492 Product type: Workstation
21:55:09.0007 5492 ComputerName: STANO-PC
21:55:09.0008 5492 UserName: Stano
21:55:09.0008 5492 Windows directory: C:\Windows
21:55:09.0008 5492 System windows directory: C:\Windows
21:55:09.0008 5492 Running under WOW64
21:55:09.0008 5492 Processor architecture: Intel x64
21:55:09.0008 5492 Number of processors: 4
21:55:09.0008 5492 Page size: 0x1000
21:55:09.0008 5492 Boot type: Normal boot
21:55:09.0008 5492 ============================================================
21:55:09.0652 5492 Initialize success
21:55:17.0131 5864 ============================================================
21:55:17.0131 5864 Scan started
21:55:17.0131 5864 Mode: Manual;
21:55:17.0131 5864 ============================================================
21:55:18.0525 5864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:55:18.0543 5864 1394ohci - ok
21:55:18.0599 5864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:55:18.0606 5864 ACPI - ok
21:55:18.0657 5864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:55:18.0664 5864 AcpiPmi - ok
21:55:18.0729 5864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:55:18.0749 5864 adp94xx - ok
21:55:18.0803 5864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:55:18.0820 5864 adpahci - ok
21:55:18.0877 5864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:55:18.0890 5864 adpu320 - ok
21:55:18.0973 5864 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:55:19.0008 5864 AFD - ok
21:55:19.0062 5864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:55:19.0072 5864 agp440 - ok
21:55:19.0114 5864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:55:19.0120 5864 aliide - ok
21:55:19.0165 5864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:55:19.0172 5864 amdide - ok
21:55:19.0208 5864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:55:19.0220 5864 AmdK8 - ok
21:55:19.0252 5864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:55:19.0262 5864 AmdPPM - ok
21:55:19.0315 5864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:55:19.0325 5864 amdsata - ok
21:55:19.0381 5864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:55:19.0395 5864 amdsbs - ok
21:55:19.0433 5864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:55:19.0441 5864 amdxata - ok
21:55:19.0483 5864 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
21:55:19.0484 5864 AmUStor - ok
21:55:19.0609 5864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:55:19.0617 5864 AppID - ok
21:55:19.0699 5864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:55:19.0710 5864 arc - ok
21:55:19.0745 5864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:55:19.0755 5864 arcsas - ok
21:55:19.0817 5864 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:55:19.0818 5864 ASMMAP64 - ok
21:55:19.0866 5864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:19.0872 5864 AsyncMac - ok
21:55:19.0937 5864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:55:19.0945 5864 atapi - ok
21:55:20.0034 5864 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
21:55:20.0125 5864 athr - ok
21:55:20.0213 5864 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
21:55:20.0225 5864 avgntflt - ok
21:55:20.0291 5864 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
21:55:20.0305 5864 avipbb - ok
21:55:20.0376 5864 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:55:20.0385 5864 avkmgr - ok
21:55:20.0458 5864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:55:20.0478 5864 b06bdrv - ok
21:55:20.0546 5864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:55:20.0561 5864 b57nd60a - ok
21:55:20.0624 5864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:55:20.0629 5864 Beep - ok
21:55:20.0681 5864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:20.0690 5864 blbdrive - ok
21:55:20.0750 5864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:55:20.0759 5864 bowser - ok
21:55:20.0799 5864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:55:20.0805 5864 BrFiltLo - ok
21:55:20.0870 5864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:55:20.0875 5864 BrFiltUp - ok
21:55:20.0921 5864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:55:20.0938 5864 Brserid - ok
21:55:20.0981 5864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:20.0988 5864 BrSerWdm - ok
21:55:21.0023 5864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:21.0027 5864 BrUsbMdm - ok
21:55:21.0066 5864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:21.0070 5864 BrUsbSer - ok
21:55:21.0108 5864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:55:21.0116 5864 BTHMODEM - ok
21:55:21.0168 5864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:21.0179 5864 cdfs - ok
21:55:21.0235 5864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:55:21.0248 5864 cdrom - ok
21:55:21.0299 5864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:55:21.0308 5864 circlass - ok
21:55:21.0351 5864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:55:21.0358 5864 CLFS - ok
21:55:21.0425 5864 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
21:55:21.0432 5864 clwvd - ok
21:55:21.0484 5864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:55:21.0489 5864 CmBatt - ok
21:55:21.0538 5864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:55:21.0544 5864 cmdide - ok
21:55:21.0582 5864 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:55:21.0618 5864 CNG - ok
21:55:21.0680 5864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:55:21.0688 5864 Compbatt - ok
21:55:21.0731 5864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:55:21.0739 5864 CompositeBus - ok
21:55:21.0772 5864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:55:21.0780 5864 crcdisk - ok
21:55:21.0865 5864 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:55:21.0886 5864 CSC - ok
21:55:21.0961 5864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:55:21.0970 5864 DfsC - ok
21:55:22.0016 5864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:55:22.0023 5864 discache - ok
21:55:22.0067 5864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:55:22.0077 5864 Disk - ok
21:55:22.0137 5864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:55:22.0143 5864 drmkaud - ok
21:55:22.0196 5864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:22.0243 5864 DXGKrnl - ok
21:55:22.0343 5864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:55:22.0429 5864 ebdrv - ok
21:55:22.0482 5864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:55:22.0501 5864 elxstor - ok
21:55:22.0533 5864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:55:22.0538 5864 ErrDev - ok
21:55:22.0598 5864 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
21:55:22.0606 5864 ETD - ok
21:55:22.0635 5864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:55:22.0647 5864 exfat - ok
21:55:22.0671 5864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:55:22.0682 5864 fastfat - ok
21:55:22.0708 5864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:55:22.0714 5864 fdc - ok
21:55:22.0747 5864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:55:22.0755 5864 FileInfo - ok
21:55:22.0774 5864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:55:22.0780 5864 Filetrace - ok
21:55:22.0804 5864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:55:22.0809 5864 flpydisk - ok
21:55:22.0852 5864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:55:22.0868 5864 FltMgr - ok
21:55:22.0894 5864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:55:22.0905 5864 FsDepends - ok
21:55:22.0932 5864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:55:22.0938 5864 Fs_Rec - ok
21:55:22.0967 5864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:55:22.0986 5864 fvevol - ok
21:55:23.0012 5864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:55:23.0021 5864 gagp30kx - ok
21:55:23.0092 5864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:55:23.0100 5864 hcw85cir - ok
21:55:23.0150 5864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:55:23.0174 5864 HdAudAddService - ok
21:55:23.0226 5864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:55:23.0228 5864 HDAudBus - ok
21:55:23.0267 5864 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:55:23.0278 5864 HECIx64 - ok
21:55:23.0306 5864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:55:23.0313 5864 HidBatt - ok
21:55:23.0337 5864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:55:23.0347 5864 HidBth - ok
21:55:23.0381 5864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:55:23.0390 5864 HidIr - ok
21:55:23.0455 5864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:55:23.0463 5864 HidUsb - ok
21:55:23.0513 5864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:55:23.0525 5864 HpSAMD - ok
21:55:23.0589 5864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:55:23.0639 5864 HTTP - ok
21:55:23.0676 5864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:55:23.0684 5864 hwpolicy - ok
21:55:23.0731 5864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:55:23.0745 5864 i8042prt - ok
21:55:23.0793 5864 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
21:55:23.0800 5864 iaStor - ok
21:55:23.0850 5864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:55:23.0870 5864 iaStorV - ok
21:55:24.0143 5864 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:55:24.0432 5864 igfx - ok
21:55:24.0502 5864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:55:24.0511 5864 iirsp - ok
21:55:24.0565 5864 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:55:24.0578 5864 Impcd - ok
21:55:24.0669 5864 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
21:55:24.0763 5864 IntcAzAudAddService - ok
21:55:24.0789 5864 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:55:24.0804 5864 IntcDAud - ok
21:55:24.0837 5864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:55:24.0845 5864 intelide - ok
21:55:24.0881 5864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:55:24.0882 5864 intelppm - ok
21:55:24.0935 5864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:24.0947 5864 IpFilterDriver - ok
21:55:24.0984 5864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:55:24.0996 5864 IPMIDRV - ok
21:55:25.0019 5864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:55:25.0032 5864 IPNAT - ok
21:55:25.0065 5864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:55:25.0071 5864 IRENUM - ok
21:55:25.0094 5864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:55:25.0103 5864 isapnp - ok
21:55:25.0131 5864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:55:25.0154 5864 iScsiPrt - ok
21:55:25.0249 5864 ISWKL (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
21:55:25.0250 5864 ISWKL - ok
21:55:25.0295 5864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:25.0306 5864 kbdclass - ok
21:55:25.0328 5864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:55:25.0335 5864 kbdhid - ok
21:55:25.0372 5864 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:55:25.0379 5864 kbfiltr - ok
21:55:25.0426 5864 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:55:25.0438 5864 KSecDD - ok
21:55:25.0481 5864 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:55:25.0497 5864 KSecPkg - ok
21:55:25.0525 5864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:55:25.0532 5864 ksthunk - ok
21:55:25.0576 5864 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:55:25.0585 5864 L1C - ok
21:55:25.0634 5864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:55:25.0645 5864 lltdio - ok
21:55:25.0714 5864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:55:25.0727 5864 LSI_FC - ok
21:55:25.0756 5864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:55:25.0767 5864 LSI_SAS - ok
21:55:25.0797 5864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:55:25.0807 5864 LSI_SAS2 - ok
21:55:25.0850 5864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:55:25.0861 5864 LSI_SCSI - ok
21:55:25.0898 5864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:55:25.0910 5864 luafv - ok
21:55:25.0963 5864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:55:25.0973 5864 megasas - ok
21:55:25.0991 5864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:55:26.0008 5864 MegaSR - ok
21:55:26.0051 5864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:55:26.0059 5864 Modem - ok
21:55:26.0083 5864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:55:26.0085 5864 monitor - ok
21:55:26.0124 5864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:55:26.0134 5864 mouclass - ok
21:55:26.0156 5864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:55:26.0163 5864 mouhid - ok
21:55:26.0212 5864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:55:26.0224 5864 mountmgr - ok
21:55:26.0249 5864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:55:26.0267 5864 mpio - ok
21:55:26.0297 5864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:55:26.0306 5864 mpsdrv - ok
21:55:26.0355 5864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:55:26.0369 5864 MRxDAV - ok
21:55:26.0412 5864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:26.0426 5864 mrxsmb - ok
21:55:26.0467 5864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:26.0487 5864 mrxsmb10 - ok
21:55:26.0525 5864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:26.0539 5864 mrxsmb20 - ok
21:55:26.0557 5864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:55:26.0566 5864 msahci - ok
21:55:26.0596 5864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:55:26.0610 5864 msdsm - ok
21:55:26.0646 5864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:55:26.0653 5864 Msfs - ok
21:55:26.0672 5864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:55:26.0677 5864 mshidkmdf - ok
21:55:26.0694 5864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:55:26.0701 5864 msisadrv - ok
21:55:26.0732 5864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:55:26.0738 5864 MSKSSRV - ok
21:55:26.0757 5864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:26.0762 5864 MSPCLOCK - ok
21:55:26.0783 5864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:55:26.0789 5864 MSPQM - ok
21:55:26.0846 5864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:55:26.0864 5864 MsRPC - ok
21:55:26.0896 5864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:55:26.0899 5864 mssmbios - ok
21:55:26.0925 5864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:55:26.0931 5864 MSTEE - ok
21:55:26.0958 5864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:55:26.0965 5864 MTConfig - ok
21:55:27.0001 5864 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:55:27.0008 5864 MTsensor - ok
21:55:27.0039 5864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:55:27.0049 5864 Mup - ok
21:55:27.0102 5864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:55:27.0122 5864 NativeWifiP - ok
21:55:27.0191 5864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:55:27.0214 5864 NDIS - ok
21:55:27.0241 5864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:55:27.0253 5864 NdisCap - ok
21:55:27.0289 5864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:27.0297 5864 NdisTapi - ok
21:55:27.0337 5864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:27.0347 5864 Ndisuio - ok
21:55:27.0392 5864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:27.0408 5864 NdisWan - ok
21:55:27.0459 5864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:55:27.0468 5864 NDProxy - ok
21:55:27.0496 5864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:55:27.0504 5864 NetBIOS - ok
21:55:27.0547 5864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:55:27.0567 5864 NetBT - ok
21:55:27.0622 5864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:55:27.0632 5864 nfrd960 - ok
21:55:27.0680 5864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:55:27.0690 5864 Npfs - ok
21:55:27.0715 5864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:55:27.0723 5864 nsiproxy - ok
21:55:27.0795 5864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:55:27.0886 5864 Ntfs - ok
21:55:27.0904 5864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:55:27.0912 5864 Null - ok
21:55:27.0958 5864 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:55:27.0968 5864 nusb3hub - ok
21:55:28.0007 5864 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:55:28.0021 5864 nusb3xhc - ok
21:55:28.0337 5864 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:55:28.0729 5864 nvlddmkm - ok
21:55:28.0782 5864 nvpciflt (91aa115e6bd2104d79cadd8b1cbaeb4a) C:\Windows\system32\DRIVERS\nvpciflt.sys
21:55:28.0790 5864 nvpciflt - ok
21:55:28.0826 5864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:55:28.0839 5864 nvraid - ok
21:55:28.0874 5864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:55:28.0888 5864 nvstor - ok
21:55:28.0955 5864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:55:28.0969 5864 nv_agp - ok
21:55:28.0997 5864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:55:29.0009 5864 ohci1394 - ok
21:55:29.0065 5864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:55:29.0077 5864 Parport - ok
21:55:29.0109 5864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:55:29.0120 5864 partmgr - ok
21:55:29.0172 5864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:55:29.0191 5864 pci - ok
21:55:29.0219 5864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:55:29.0227 5864 pciide - ok
21:55:29.0251 5864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:55:29.0270 5864 pcmcia - ok
21:55:29.0325 5864 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
21:55:29.0335 5864 pcouffin - ok
21:55:29.0359 5864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:55:29.0369 5864 pcw - ok
21:55:29.0402 5864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:55:29.0451 5864 PEAUTH - ok
21:55:29.0510 5864 pfc - ok
21:55:29.0594 5864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:29.0609 5864 PptpMiniport - ok
21:55:29.0635 5864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:55:29.0646 5864 Processor - ok
21:55:29.0705 5864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:55:29.0708 5864 Psched - ok
21:55:29.0771 5864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:55:29.0854 5864 ql2300 - ok
21:55:29.0878 5864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:55:29.0899 5864 ql40xx - ok
21:55:29.0932 5864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:55:29.0941 5864 QWAVEdrv - ok
21:55:29.0976 5864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:29.0982 5864 RasAcd - ok
21:55:30.0026 5864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:55:30.0035 5864 RasAgileVpn - ok
21:55:30.0082 5864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:30.0095 5864 Rasl2tp - ok
21:55:30.0123 5864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:30.0135 5864 RasPppoe - ok
21:55:30.0172 5864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:55:30.0182 5864 RasSstp - ok
21:55:30.0226 5864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:30.0256 5864 rdbss - ok
21:55:30.0276 5864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:55:30.0283 5864 rdpbus - ok
21:55:30.0315 5864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:30.0320 5864 RDPCDD - ok
21:55:30.0366 5864 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:55:30.0380 5864 RDPDR - ok
21:55:30.0405 5864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:55:30.0410 5864 RDPENCDD - ok
21:55:30.0437 5864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:55:30.0443 5864 RDPREFMP - ok
21:55:30.0487 5864 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:55:30.0494 5864 RdpVideoMiniport - ok
21:55:30.0530 5864 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:55:30.0544 5864 RDPWD - ok
21:55:30.0604 5864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:55:30.0624 5864 rdyboost - ok
21:55:30.0700 5864 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
21:55:30.0708 5864 Revoflt - ok
21:55:30.0768 5864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:30.0778 5864 rspndr - ok
21:55:30.0815 5864 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:55:30.0821 5864 s3cap - ok
21:55:30.0861 5864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:55:30.0873 5864 sbp2port - ok
21:55:30.0918 5864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:55:30.0927 5864 scfilter - ok
21:55:30.0963 5864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:55:30.0969 5864 secdrv - ok
21:55:31.0012 5864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:55:31.0019 5864 Serenum - ok
21:55:31.0061 5864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:55:31.0072 5864 Serial - ok
21:55:31.0113 5864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:55:31.0120 5864 sermouse - ok
21:55:31.0160 5864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:55:31.0166 5864 sffdisk - ok
21:55:31.0184 5864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:31.0191 5864 sffp_mmc - ok
21:55:31.0211 5864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:55:31.0217 5864 sffp_sd - ok
21:55:31.0238 5864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:55:31.0244 5864 sfloppy - ok
21:55:31.0291 5864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:55:31.0301 5864 SiSRaid2 - ok
21:55:31.0331 5864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:55:31.0344 5864 SiSRaid4 - ok
21:55:31.0369 5864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:55:31.0381 5864 Smb - ok
21:55:31.0485 5864 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:55:31.0554 5864 SNP2UVC - ok
21:55:31.0585 5864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:55:31.0593 5864 spldr - ok
21:55:31.0661 5864 sptd (4c33f139236fd9bd14a920f60c1cb072) C:\Windows\system32\Drivers\sptd.sys
21:55:31.0661 5864 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4c33f139236fd9bd14a920f60c1cb072
21:55:31.0663 5864 sptd ( LockedFile.Multi.Generic ) - warning
21:55:31.0663 5864 sptd - detected LockedFile.Multi.Generic (1)
21:55:31.0715 5864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:55:31.0733 5864 srv - ok
21:55:31.0782 5864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:55:31.0807 5864 srv2 - ok
21:55:31.0834 5864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:55:31.0849 5864 srvnet - ok
21:55:31.0920 5864 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
21:55:31.0928 5864 StarOpen - ok
21:55:31.0984 5864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:55:31.0993 5864 stexstor - ok
21:55:32.0052 5864 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:55:32.0062 5864 storflt - ok
21:55:32.0111 5864 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:55:32.0120 5864 storvsc - ok
21:55:32.0158 5864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:55:32.0165 5864 swenum - ok
21:55:32.0198 5864 Synth3dVsc - ok
21:55:32.0297 5864 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:55:32.0403 5864 Tcpip - ok
21:55:32.0471 5864 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:55:32.0494 5864 TCPIP6 - ok
21:55:32.0541 5864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:55:32.0555 5864 tcpipreg - ok
21:55:32.0609 5864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:55:32.0615 5864 TDPIPE - ok
21:55:32.0640 5864 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:55:32.0647 5864 TDTCP - ok
21:55:32.0707 5864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:55:32.0719 5864 tdx - ok
21:55:32.0760 5864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:55:32.0773 5864 TermDD - ok
21:55:32.0862 5864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:32.0871 5864 tssecsrv - ok
21:55:32.0922 5864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:55:32.0937 5864 TsUsbFlt - ok
21:55:32.0953 5864 tsusbhub - ok
21:55:33.0024 5864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:55:33.0026 5864 tunnel - ok
21:55:33.0062 5864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:55:33.0075 5864 uagp35 - ok
21:55:33.0123 5864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:55:33.0144 5864 udfs - ok
21:55:33.0205 5864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:55:33.0216 5864 uliagpkx - ok
21:55:33.0255 5864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:55:33.0266 5864 umbus - ok
21:55:33.0308 5864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:55:33.0315 5864 UmPass - ok
21:55:33.0370 5864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:33.0381 5864 usbccgp - ok
21:55:33.0427 5864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:55:33.0443 5864 usbcir - ok
21:55:33.0470 5864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:55:33.0479 5864 usbehci - ok
21:55:33.0528 5864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:55:33.0551 5864 usbhub - ok
21:55:33.0588 5864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:55:33.0596 5864 usbohci - ok
21:55:33.0632 5864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:55:33.0640 5864 usbprint - ok
21:55:33.0686 5864 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:55:33.0695 5864 usbscan - ok
21:55:33.0738 5864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:55:33.0750 5864 USBSTOR - ok
21:55:33.0778 5864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:55:33.0786 5864 usbuhci - ok
21:55:33.0819 5864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:55:33.0836 5864 usbvideo - ok
21:55:33.0915 5864 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:55:33.0942 5864 VBoxDrv - ok
21:55:33.0967 5864 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:55:33.0983 5864 VBoxNetAdp - ok
21:55:34.0016 5864 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:55:34.0033 5864 VBoxNetFlt - ok
21:55:34.0089 5864 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:55:34.0104 5864 VBoxUSBMon - ok
21:55:34.0157 5864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:55:34.0166 5864 vdrvroot - ok
21:55:34.0213 5864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:34.0220 5864 vga - ok
21:55:34.0260 5864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:55:34.0267 5864 VgaSave - ok
21:55:34.0292 5864 VGPU - ok
21:55:34.0324 5864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:55:34.0343 5864 vhdmp - ok
21:55:34.0365 5864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:55:34.0372 5864 viaide - ok
21:55:34.0405 5864 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:55:34.0424 5864 vmbus - ok
21:55:34.0449 5864 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:55:34.0458 5864 VMBusHID - ok
21:55:34.0482 5864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:55:34.0493 5864 volmgr - ok
21:55:34.0538 5864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:55:34.0572 5864 volmgrx - ok
21:55:34.0610 5864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:55:34.0629 5864 volsnap - ok
21:55:34.0712 5864 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
21:55:34.0730 5864 Vsdatant - ok
21:55:34.0780 5864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:55:34.0795 5864 vsmraid - ok
21:55:34.0823 5864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:55:34.0830 5864 vwifibus - ok
21:55:34.0862 5864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:55:34.0872 5864 vwififlt - ok
21:55:34.0910 5864 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:55:34.0917 5864 vwifimp - ok
21:55:34.0953 5864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:55:34.0962 5864 WacomPen - ok
21:55:35.0018 5864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:35.0029 5864 WANARP - ok
21:55:35.0040 5864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:35.0042 5864 Wanarpv6 - ok
21:55:35.0087 5864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:55:35.0098 5864 Wd - ok
21:55:35.0136 5864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:55:35.0178 5864 Wdf01000 - ok
21:55:35.0233 5864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:35.0238 5864 WfpLwf - ok
21:55:35.0273 5864 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:55:35.0287 5864 WimFltr - ok
21:55:35.0314 5864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:55:35.0328 5864 WIMMount - ok
21:55:35.0433 5864 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:55:35.0445 5864 WinUsb - ok
21:55:35.0495 5864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:55:35.0497 5864 WmiAcpi - ok
21:55:35.0546 5864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:55:35.0553 5864 ws2ifsl - ok
21:55:35.0616 5864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:55:35.0628 5864 WudfPf - ok
21:55:35.0652 5864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:35.0666 5864 WUDFRd - ok
21:55:35.0738 5864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:55:35.0756 5864 \Device\Harddisk0\DR0 - ok
21:55:35.0767 5864 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:55:35.0847 5864 \Device\Harddisk1\DR1 - ok
21:55:35.0869 5864 Boot (0x1200) (fba16a8ea35bdc26e21d381eae5d7896) \Device\Harddisk0\DR0\Partition0
21:55:35.0872 5864 \Device\Harddisk0\DR0\Partition0 - ok
21:55:35.0886 5864 Boot (0x1200) (1ee9565bbc6274e75d3fa88f3574a604) \Device\Harddisk0\DR0\Partition1
21:55:35.0888 5864 \Device\Harddisk0\DR0\Partition1 - ok
21:55:35.0905 5864 Boot (0x1200) (1629c7fcce88a7b400d5bdb1bf54892a) \Device\Harddisk0\DR0\Partition2
21:55:35.0908 5864 \Device\Harddisk0\DR0\Partition2 - ok
21:55:35.0917 5864 Boot (0x1200) (5642f5de832dc8751ff72918ab98227f) \Device\Harddisk1\DR1\Partition0
21:55:35.0918 5864 \Device\Harddisk1\DR1\Partition0 - ok
21:55:35.0922 5864 ============================================================
21:55:35.0922 5864 Scan finished
21:55:35.0922 5864 ============================================================
21:55:35.0944 1400 Detected object count: 1
21:55:35.0944 1400 Actual detected object count: 1
21:55:44.0064 1400 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:55:44.0064 1400 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:55:08.0445 5492 TDSS rootkit removing tool 2.6.13.0 Oct 25 2011 13:56:21
21:55:09.0007 5492 ============================================================
21:55:09.0007 5492 Current date / time: 2011/10/27 21:55:09.0007
21:55:09.0007 5492 SystemInfo:
21:55:09.0007 5492
21:55:09.0007 5492 OS Version: 6.1.7601 ServicePack: 1.0
21:55:09.0007 5492 Product type: Workstation
21:55:09.0007 5492 ComputerName: STANO-PC
21:55:09.0008 5492 UserName: Stano
21:55:09.0008 5492 Windows directory: C:\Windows
21:55:09.0008 5492 System windows directory: C:\Windows
21:55:09.0008 5492 Running under WOW64
21:55:09.0008 5492 Processor architecture: Intel x64
21:55:09.0008 5492 Number of processors: 4
21:55:09.0008 5492 Page size: 0x1000
21:55:09.0008 5492 Boot type: Normal boot
21:55:09.0008 5492 ============================================================
21:55:09.0652 5492 Initialize success
21:55:17.0131 5864 ============================================================
21:55:17.0131 5864 Scan started
21:55:17.0131 5864 Mode: Manual;
21:55:17.0131 5864 ============================================================
21:55:18.0525 5864 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
21:55:18.0543 5864 1394ohci - ok
21:55:18.0599 5864 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
21:55:18.0606 5864 ACPI - ok
21:55:18.0657 5864 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
21:55:18.0664 5864 AcpiPmi - ok
21:55:18.0729 5864 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\DRIVERS\adp94xx.sys
21:55:18.0749 5864 adp94xx - ok
21:55:18.0803 5864 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\DRIVERS\adpahci.sys
21:55:18.0820 5864 adpahci - ok
21:55:18.0877 5864 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\DRIVERS\adpu320.sys
21:55:18.0890 5864 adpu320 - ok
21:55:18.0973 5864 AFD (d5b031c308a409a0a576bff4cf083d30) C:\Windows\system32\drivers\afd.sys
21:55:19.0008 5864 AFD - ok
21:55:19.0062 5864 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
21:55:19.0072 5864 agp440 - ok
21:55:19.0114 5864 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
21:55:19.0120 5864 aliide - ok
21:55:19.0165 5864 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
21:55:19.0172 5864 amdide - ok
21:55:19.0208 5864 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\DRIVERS\amdk8.sys
21:55:19.0220 5864 AmdK8 - ok
21:55:19.0252 5864 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\DRIVERS\amdppm.sys
21:55:19.0262 5864 AmdPPM - ok
21:55:19.0315 5864 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
21:55:19.0325 5864 amdsata - ok
21:55:19.0381 5864 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\DRIVERS\amdsbs.sys
21:55:19.0395 5864 amdsbs - ok
21:55:19.0433 5864 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
21:55:19.0441 5864 amdxata - ok
21:55:19.0483 5864 AmUStor (9c7f164b49cadc658d1b3c575782f346) C:\Windows\system32\drivers\AmUStor.SYS
21:55:19.0484 5864 AmUStor - ok
21:55:19.0609 5864 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
21:55:19.0617 5864 AppID - ok
21:55:19.0699 5864 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\DRIVERS\arc.sys
21:55:19.0710 5864 arc - ok
21:55:19.0745 5864 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\DRIVERS\arcsas.sys
21:55:19.0755 5864 arcsas - ok
21:55:19.0817 5864 ASMMAP64 (4c016fd76ed5c05e84ca8cab77993961) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
21:55:19.0818 5864 ASMMAP64 - ok
21:55:19.0866 5864 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
21:55:19.0872 5864 AsyncMac - ok
21:55:19.0937 5864 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
21:55:19.0945 5864 atapi - ok
21:55:20.0034 5864 athr (0acc06fcf46f64ed4f11e57ee461c1f4) C:\Windows\system32\DRIVERS\athrx.sys
21:55:20.0125 5864 athr - ok
21:55:20.0213 5864 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\Windows\system32\DRIVERS\avgntflt.sys
21:55:20.0225 5864 avgntflt - ok
21:55:20.0291 5864 avipbb (d959309ececca73fc79f8ef8521346b2) C:\Windows\system32\DRIVERS\avipbb.sys
21:55:20.0305 5864 avipbb - ok
21:55:20.0376 5864 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\Windows\system32\DRIVERS\avkmgr.sys
21:55:20.0385 5864 avkmgr - ok
21:55:20.0458 5864 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\DRIVERS\bxvbda.sys
21:55:20.0478 5864 b06bdrv - ok
21:55:20.0546 5864 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
21:55:20.0561 5864 b57nd60a - ok
21:55:20.0624 5864 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
21:55:20.0629 5864 Beep - ok
21:55:20.0681 5864 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
21:55:20.0690 5864 blbdrive - ok
21:55:20.0750 5864 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
21:55:20.0759 5864 bowser - ok
21:55:20.0799 5864 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:55:20.0805 5864 BrFiltLo - ok
21:55:20.0870 5864 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:55:20.0875 5864 BrFiltUp - ok
21:55:20.0921 5864 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
21:55:20.0938 5864 Brserid - ok
21:55:20.0981 5864 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
21:55:20.0988 5864 BrSerWdm - ok
21:55:21.0023 5864 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:55:21.0027 5864 BrUsbMdm - ok
21:55:21.0066 5864 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
21:55:21.0070 5864 BrUsbSer - ok
21:55:21.0108 5864 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\DRIVERS\bthmodem.sys
21:55:21.0116 5864 BTHMODEM - ok
21:55:21.0168 5864 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
21:55:21.0179 5864 cdfs - ok
21:55:21.0235 5864 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
21:55:21.0248 5864 cdrom - ok
21:55:21.0299 5864 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\DRIVERS\circlass.sys
21:55:21.0308 5864 circlass - ok
21:55:21.0351 5864 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
21:55:21.0358 5864 CLFS - ok
21:55:21.0425 5864 clwvd (50f92c943f18b070f166d019dfab3d9a) C:\Windows\system32\DRIVERS\clwvd.sys
21:55:21.0432 5864 clwvd - ok
21:55:21.0484 5864 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
21:55:21.0489 5864 CmBatt - ok
21:55:21.0538 5864 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
21:55:21.0544 5864 cmdide - ok
21:55:21.0582 5864 CNG (d5fea92400f12412b3922087c09da6a5) C:\Windows\system32\Drivers\cng.sys
21:55:21.0618 5864 CNG - ok
21:55:21.0680 5864 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
21:55:21.0688 5864 Compbatt - ok
21:55:21.0731 5864 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
21:55:21.0739 5864 CompositeBus - ok
21:55:21.0772 5864 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\DRIVERS\crcdisk.sys
21:55:21.0780 5864 crcdisk - ok
21:55:21.0865 5864 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
21:55:21.0886 5864 CSC - ok
21:55:21.0961 5864 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
21:55:21.0970 5864 DfsC - ok
21:55:22.0016 5864 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
21:55:22.0023 5864 discache - ok
21:55:22.0067 5864 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\DRIVERS\disk.sys
21:55:22.0077 5864 Disk - ok
21:55:22.0137 5864 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
21:55:22.0143 5864 drmkaud - ok
21:55:22.0196 5864 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
21:55:22.0243 5864 DXGKrnl - ok
21:55:22.0343 5864 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\DRIVERS\evbda.sys
21:55:22.0429 5864 ebdrv - ok
21:55:22.0482 5864 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\DRIVERS\elxstor.sys
21:55:22.0501 5864 elxstor - ok
21:55:22.0533 5864 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
21:55:22.0538 5864 ErrDev - ok
21:55:22.0598 5864 ETD (3c38648375b7f3988691f53a7aae10a9) C:\Windows\system32\DRIVERS\ETD.sys
21:55:22.0606 5864 ETD - ok
21:55:22.0635 5864 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
21:55:22.0647 5864 exfat - ok
21:55:22.0671 5864 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
21:55:22.0682 5864 fastfat - ok
21:55:22.0708 5864 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\DRIVERS\fdc.sys
21:55:22.0714 5864 fdc - ok
21:55:22.0747 5864 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
21:55:22.0755 5864 FileInfo - ok
21:55:22.0774 5864 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
21:55:22.0780 5864 Filetrace - ok
21:55:22.0804 5864 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\DRIVERS\flpydisk.sys
21:55:22.0809 5864 flpydisk - ok
21:55:22.0852 5864 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
21:55:22.0868 5864 FltMgr - ok
21:55:22.0894 5864 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
21:55:22.0905 5864 FsDepends - ok
21:55:22.0932 5864 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\Windows\system32\drivers\Fs_Rec.sys
21:55:22.0938 5864 Fs_Rec - ok
21:55:22.0967 5864 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
21:55:22.0986 5864 fvevol - ok
21:55:23.0012 5864 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:55:23.0021 5864 gagp30kx - ok
21:55:23.0092 5864 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
21:55:23.0100 5864 hcw85cir - ok
21:55:23.0150 5864 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
21:55:23.0174 5864 HdAudAddService - ok
21:55:23.0226 5864 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
21:55:23.0228 5864 HDAudBus - ok
21:55:23.0267 5864 HECIx64 (b6ac71aaa2b10848f57fc49d55a651af) C:\Windows\system32\DRIVERS\HECIx64.sys
21:55:23.0278 5864 HECIx64 - ok
21:55:23.0306 5864 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\DRIVERS\HidBatt.sys
21:55:23.0313 5864 HidBatt - ok
21:55:23.0337 5864 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\DRIVERS\hidbth.sys
21:55:23.0347 5864 HidBth - ok
21:55:23.0381 5864 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\DRIVERS\hidir.sys
21:55:23.0390 5864 HidIr - ok
21:55:23.0455 5864 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\drivers\hidusb.sys
21:55:23.0463 5864 HidUsb - ok
21:55:23.0513 5864 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
21:55:23.0525 5864 HpSAMD - ok
21:55:23.0589 5864 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
21:55:23.0639 5864 HTTP - ok
21:55:23.0676 5864 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
21:55:23.0684 5864 hwpolicy - ok
21:55:23.0731 5864 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
21:55:23.0745 5864 i8042prt - ok
21:55:23.0793 5864 iaStor (42e00996dfc13c46366689c0ea8abc5e) C:\Windows\system32\DRIVERS\iaStor.sys
21:55:23.0800 5864 iaStor - ok
21:55:23.0850 5864 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
21:55:23.0870 5864 iaStorV - ok
21:55:24.0143 5864 igfx (c6238c6abd6ac99f5d152da4e9439a3d) C:\Windows\system32\DRIVERS\igdkmd64.sys
21:55:24.0432 5864 igfx - ok
21:55:24.0502 5864 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\DRIVERS\iirsp.sys
21:55:24.0511 5864 iirsp - ok
21:55:24.0565 5864 Impcd (36fdf367a1dabff903e2214023d71368) C:\Windows\system32\DRIVERS\Impcd.sys
21:55:24.0578 5864 Impcd - ok
21:55:24.0669 5864 IntcAzAudAddService (53019327813ff5ab2964b33b2c61307c) C:\Windows\system32\drivers\RTKVHD64.sys
21:55:24.0763 5864 IntcAzAudAddService - ok
21:55:24.0789 5864 IntcDAud (408b401cd7cdb075c7470b0ff7ba8d0b) C:\Windows\system32\DRIVERS\IntcDAud.sys
21:55:24.0804 5864 IntcDAud - ok
21:55:24.0837 5864 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
21:55:24.0845 5864 intelide - ok
21:55:24.0881 5864 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
21:55:24.0882 5864 intelppm - ok
21:55:24.0935 5864 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:55:24.0947 5864 IpFilterDriver - ok
21:55:24.0984 5864 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
21:55:24.0996 5864 IPMIDRV - ok
21:55:25.0019 5864 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
21:55:25.0032 5864 IPNAT - ok
21:55:25.0065 5864 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
21:55:25.0071 5864 IRENUM - ok
21:55:25.0094 5864 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
21:55:25.0103 5864 isapnp - ok
21:55:25.0131 5864 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
21:55:25.0154 5864 iScsiPrt - ok
21:55:25.0249 5864 ISWKL (9d7ac39e2f3a45d6fc277ec10c2732eb) C:\Program Files\CheckPoint\ZAForceField\ISWKL.sys
21:55:25.0250 5864 ISWKL - ok
21:55:25.0295 5864 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
21:55:25.0306 5864 kbdclass - ok
21:55:25.0328 5864 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
21:55:25.0335 5864 kbdhid - ok
21:55:25.0372 5864 kbfiltr (e63ef8c3271d014f14e2469ce75fecb4) C:\Windows\system32\DRIVERS\kbfiltr.sys
21:55:25.0379 5864 kbfiltr - ok
21:55:25.0426 5864 KSecDD (ccd53b5bd33ce0c889e830d839c8b66e) C:\Windows\system32\Drivers\ksecdd.sys
21:55:25.0438 5864 KSecDD - ok
21:55:25.0481 5864 KSecPkg (9ff918a261752c12639e8ad4208d2c2f) C:\Windows\system32\Drivers\ksecpkg.sys
21:55:25.0497 5864 KSecPkg - ok
21:55:25.0525 5864 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
21:55:25.0532 5864 ksthunk - ok
21:55:25.0576 5864 L1C (b4a3a05b0f9c81d098b96ab6aa915042) C:\Windows\system32\DRIVERS\L1C62x64.sys
21:55:25.0585 5864 L1C - ok
21:55:25.0634 5864 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
21:55:25.0645 5864 lltdio - ok
21:55:25.0714 5864 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:55:25.0727 5864 LSI_FC - ok
21:55:25.0756 5864 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:55:25.0767 5864 LSI_SAS - ok
21:55:25.0797 5864 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:55:25.0807 5864 LSI_SAS2 - ok
21:55:25.0850 5864 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:55:25.0861 5864 LSI_SCSI - ok
21:55:25.0898 5864 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
21:55:25.0910 5864 luafv - ok
21:55:25.0963 5864 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\DRIVERS\megasas.sys
21:55:25.0973 5864 megasas - ok
21:55:25.0991 5864 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\DRIVERS\MegaSR.sys
21:55:26.0008 5864 MegaSR - ok
21:55:26.0051 5864 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
21:55:26.0059 5864 Modem - ok
21:55:26.0083 5864 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
21:55:26.0085 5864 monitor - ok
21:55:26.0124 5864 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\drivers\mouclass.sys
21:55:26.0134 5864 mouclass - ok
21:55:26.0156 5864 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
21:55:26.0163 5864 mouhid - ok
21:55:26.0212 5864 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
21:55:26.0224 5864 mountmgr - ok
21:55:26.0249 5864 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
21:55:26.0267 5864 mpio - ok
21:55:26.0297 5864 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
21:55:26.0306 5864 mpsdrv - ok
21:55:26.0355 5864 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
21:55:26.0369 5864 MRxDAV - ok
21:55:26.0412 5864 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:55:26.0426 5864 mrxsmb - ok
21:55:26.0467 5864 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:55:26.0487 5864 mrxsmb10 - ok
21:55:26.0525 5864 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:55:26.0539 5864 mrxsmb20 - ok
21:55:26.0557 5864 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
21:55:26.0566 5864 msahci - ok
21:55:26.0596 5864 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
21:55:26.0610 5864 msdsm - ok
21:55:26.0646 5864 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
21:55:26.0653 5864 Msfs - ok
21:55:26.0672 5864 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
21:55:26.0677 5864 mshidkmdf - ok
21:55:26.0694 5864 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
21:55:26.0701 5864 msisadrv - ok
21:55:26.0732 5864 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
21:55:26.0738 5864 MSKSSRV - ok
21:55:26.0757 5864 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
21:55:26.0762 5864 MSPCLOCK - ok
21:55:26.0783 5864 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
21:55:26.0789 5864 MSPQM - ok
21:55:26.0846 5864 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
21:55:26.0864 5864 MsRPC - ok
21:55:26.0896 5864 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
21:55:26.0899 5864 mssmbios - ok
21:55:26.0925 5864 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
21:55:26.0931 5864 MSTEE - ok
21:55:26.0958 5864 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\DRIVERS\MTConfig.sys
21:55:26.0965 5864 MTConfig - ok
21:55:27.0001 5864 MTsensor (032d35c996f21d19a205a7c8f0b76f3c) C:\Windows\system32\DRIVERS\ATK64AMD.sys
21:55:27.0008 5864 MTsensor - ok
21:55:27.0039 5864 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
21:55:27.0049 5864 Mup - ok
21:55:27.0102 5864 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
21:55:27.0122 5864 NativeWifiP - ok
21:55:27.0191 5864 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
21:55:27.0214 5864 NDIS - ok
21:55:27.0241 5864 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
21:55:27.0253 5864 NdisCap - ok
21:55:27.0289 5864 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
21:55:27.0297 5864 NdisTapi - ok
21:55:27.0337 5864 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
21:55:27.0347 5864 Ndisuio - ok
21:55:27.0392 5864 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
21:55:27.0408 5864 NdisWan - ok
21:55:27.0459 5864 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
21:55:27.0468 5864 NDProxy - ok
21:55:27.0496 5864 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
21:55:27.0504 5864 NetBIOS - ok
21:55:27.0547 5864 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
21:55:27.0567 5864 NetBT - ok
21:55:27.0622 5864 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\DRIVERS\nfrd960.sys
21:55:27.0632 5864 nfrd960 - ok
21:55:27.0680 5864 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
21:55:27.0690 5864 Npfs - ok
21:55:27.0715 5864 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
21:55:27.0723 5864 nsiproxy - ok
21:55:27.0795 5864 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
21:55:27.0886 5864 Ntfs - ok
21:55:27.0904 5864 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
21:55:27.0912 5864 Null - ok
21:55:27.0958 5864 nusb3hub (f5bc2345e8c89d4e90fafd23a2239935) C:\Windows\system32\DRIVERS\nusb3hub.sys
21:55:27.0968 5864 nusb3hub - ok
21:55:28.0007 5864 nusb3xhc (5d42578241bc2a9b4a64837077436d5f) C:\Windows\system32\DRIVERS\nusb3xhc.sys
21:55:28.0021 5864 nusb3xhc - ok
21:55:28.0337 5864 nvlddmkm (f12c5f17d48d9f5c70e4408b3ccb5443) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:55:28.0729 5864 nvlddmkm - ok
21:55:28.0782 5864 nvpciflt (91aa115e6bd2104d79cadd8b1cbaeb4a) C:\Windows\system32\DRIVERS\nvpciflt.sys
21:55:28.0790 5864 nvpciflt - ok
21:55:28.0826 5864 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
21:55:28.0839 5864 nvraid - ok
21:55:28.0874 5864 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
21:55:28.0888 5864 nvstor - ok
21:55:28.0955 5864 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
21:55:28.0969 5864 nv_agp - ok
21:55:28.0997 5864 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
21:55:29.0009 5864 ohci1394 - ok
21:55:29.0065 5864 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\DRIVERS\parport.sys
21:55:29.0077 5864 Parport - ok
21:55:29.0109 5864 partmgr (871eadac56b0a4c6512bbe32753ccf79) C:\Windows\system32\drivers\partmgr.sys
21:55:29.0120 5864 partmgr - ok
21:55:29.0172 5864 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
21:55:29.0191 5864 pci - ok
21:55:29.0219 5864 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
21:55:29.0227 5864 pciide - ok
21:55:29.0251 5864 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\DRIVERS\pcmcia.sys
21:55:29.0270 5864 pcmcia - ok
21:55:29.0325 5864 pcouffin (af7ce12c4f3dc8cb2b07685c916bbcfe) C:\Windows\system32\Drivers\pcouffin.sys
21:55:29.0335 5864 pcouffin - ok
21:55:29.0359 5864 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
21:55:29.0369 5864 pcw - ok
21:55:29.0402 5864 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
21:55:29.0451 5864 PEAUTH - ok
21:55:29.0510 5864 pfc - ok
21:55:29.0594 5864 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
21:55:29.0609 5864 PptpMiniport - ok
21:55:29.0635 5864 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\DRIVERS\processr.sys
21:55:29.0646 5864 Processor - ok
21:55:29.0705 5864 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
21:55:29.0708 5864 Psched - ok
21:55:29.0771 5864 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\DRIVERS\ql2300.sys
21:55:29.0854 5864 ql2300 - ok
21:55:29.0878 5864 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\DRIVERS\ql40xx.sys
21:55:29.0899 5864 ql40xx - ok
21:55:29.0932 5864 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
21:55:29.0941 5864 QWAVEdrv - ok
21:55:29.0976 5864 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
21:55:29.0982 5864 RasAcd - ok
21:55:30.0026 5864 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:55:30.0035 5864 RasAgileVpn - ok
21:55:30.0082 5864 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:55:30.0095 5864 Rasl2tp - ok
21:55:30.0123 5864 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
21:55:30.0135 5864 RasPppoe - ok
21:55:30.0172 5864 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
21:55:30.0182 5864 RasSstp - ok
21:55:30.0226 5864 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
21:55:30.0256 5864 rdbss - ok
21:55:30.0276 5864 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
21:55:30.0283 5864 rdpbus - ok
21:55:30.0315 5864 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:55:30.0320 5864 RDPCDD - ok
21:55:30.0366 5864 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
21:55:30.0380 5864 RDPDR - ok
21:55:30.0405 5864 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
21:55:30.0410 5864 RDPENCDD - ok
21:55:30.0437 5864 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
21:55:30.0443 5864 RDPREFMP - ok
21:55:30.0487 5864 RdpVideoMiniport (70cba1a0c98600a2aa1863479b35cb90) C:\Windows\system32\drivers\rdpvideominiport.sys
21:55:30.0494 5864 RdpVideoMiniport - ok
21:55:30.0530 5864 RDPWD (15b66c206b5cb095bab980553f38ed23) C:\Windows\system32\drivers\RDPWD.sys
21:55:30.0544 5864 RDPWD - ok
21:55:30.0604 5864 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
21:55:30.0624 5864 rdyboost - ok
21:55:30.0700 5864 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\Windows\system32\DRIVERS\revoflt.sys
21:55:30.0708 5864 Revoflt - ok
21:55:30.0768 5864 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
21:55:30.0778 5864 rspndr - ok
21:55:30.0815 5864 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
21:55:30.0821 5864 s3cap - ok
21:55:30.0861 5864 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
21:55:30.0873 5864 sbp2port - ok
21:55:30.0918 5864 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
21:55:30.0927 5864 scfilter - ok
21:55:30.0963 5864 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
21:55:30.0969 5864 secdrv - ok
21:55:31.0012 5864 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\DRIVERS\serenum.sys
21:55:31.0019 5864 Serenum - ok
21:55:31.0061 5864 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\DRIVERS\serial.sys
21:55:31.0072 5864 Serial - ok
21:55:31.0113 5864 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\DRIVERS\sermouse.sys
21:55:31.0120 5864 sermouse - ok
21:55:31.0160 5864 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
21:55:31.0166 5864 sffdisk - ok
21:55:31.0184 5864 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
21:55:31.0191 5864 sffp_mmc - ok
21:55:31.0211 5864 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
21:55:31.0217 5864 sffp_sd - ok
21:55:31.0238 5864 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\DRIVERS\sfloppy.sys
21:55:31.0244 5864 sfloppy - ok
21:55:31.0291 5864 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:55:31.0301 5864 SiSRaid2 - ok
21:55:31.0331 5864 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\DRIVERS\sisraid4.sys
21:55:31.0344 5864 SiSRaid4 - ok
21:55:31.0369 5864 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
21:55:31.0381 5864 Smb - ok
21:55:31.0485 5864 SNP2UVC (2114518e55b380a3acc28b2c27fd499a) C:\Windows\system32\DRIVERS\snp2uvc.sys
21:55:31.0554 5864 SNP2UVC - ok
21:55:31.0585 5864 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
21:55:31.0593 5864 spldr - ok
21:55:31.0661 5864 sptd (4c33f139236fd9bd14a920f60c1cb072) C:\Windows\system32\Drivers\sptd.sys
21:55:31.0661 5864 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 4c33f139236fd9bd14a920f60c1cb072
21:55:31.0663 5864 sptd ( LockedFile.Multi.Generic ) - warning
21:55:31.0663 5864 sptd - detected LockedFile.Multi.Generic (1)
21:55:31.0715 5864 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
21:55:31.0733 5864 srv - ok
21:55:31.0782 5864 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
21:55:31.0807 5864 srv2 - ok
21:55:31.0834 5864 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
21:55:31.0849 5864 srvnet - ok
21:55:31.0920 5864 StarOpen (e57b778208c783d8debab320c16a1b82) C:\Windows\system32\drivers\StarOpen.sys
21:55:31.0928 5864 StarOpen - ok
21:55:31.0984 5864 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\DRIVERS\stexstor.sys
21:55:31.0993 5864 stexstor - ok
21:55:32.0052 5864 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
21:55:32.0062 5864 storflt - ok
21:55:32.0111 5864 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
21:55:32.0120 5864 storvsc - ok
21:55:32.0158 5864 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
21:55:32.0165 5864 swenum - ok
21:55:32.0198 5864 Synth3dVsc - ok
21:55:32.0297 5864 Tcpip (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\drivers\tcpip.sys
21:55:32.0403 5864 Tcpip - ok
21:55:32.0471 5864 TCPIP6 (f0e98c00a09fdf791525829a1d14240f) C:\Windows\system32\DRIVERS\tcpip.sys
21:55:32.0494 5864 TCPIP6 - ok
21:55:32.0541 5864 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
21:55:32.0555 5864 tcpipreg - ok
21:55:32.0609 5864 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
21:55:32.0615 5864 TDPIPE - ok
21:55:32.0640 5864 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\Windows\system32\drivers\tdtcp.sys
21:55:32.0647 5864 TDTCP - ok
21:55:32.0707 5864 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
21:55:32.0719 5864 tdx - ok
21:55:32.0760 5864 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
21:55:32.0773 5864 TermDD - ok
21:55:32.0862 5864 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:55:32.0871 5864 tssecsrv - ok
21:55:32.0922 5864 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
21:55:32.0937 5864 TsUsbFlt - ok
21:55:32.0953 5864 tsusbhub - ok
21:55:33.0024 5864 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
21:55:33.0026 5864 tunnel - ok
21:55:33.0062 5864 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\DRIVERS\uagp35.sys
21:55:33.0075 5864 uagp35 - ok
21:55:33.0123 5864 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
21:55:33.0144 5864 udfs - ok
21:55:33.0205 5864 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
21:55:33.0216 5864 uliagpkx - ok
21:55:33.0255 5864 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\drivers\umbus.sys
21:55:33.0266 5864 umbus - ok
21:55:33.0308 5864 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\DRIVERS\umpass.sys
21:55:33.0315 5864 UmPass - ok
21:55:33.0370 5864 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
21:55:33.0381 5864 usbccgp - ok
21:55:33.0427 5864 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
21:55:33.0443 5864 usbcir - ok
21:55:33.0470 5864 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
21:55:33.0479 5864 usbehci - ok
21:55:33.0528 5864 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
21:55:33.0551 5864 usbhub - ok
21:55:33.0588 5864 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
21:55:33.0596 5864 usbohci - ok
21:55:33.0632 5864 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\DRIVERS\usbprint.sys
21:55:33.0640 5864 usbprint - ok
21:55:33.0686 5864 usbscan (aaa2513c8aed8b54b189fd0c6b1634c0) C:\Windows\system32\DRIVERS\usbscan.sys
21:55:33.0695 5864 usbscan - ok
21:55:33.0738 5864 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\drivers\USBSTOR.SYS
21:55:33.0750 5864 USBSTOR - ok
21:55:33.0778 5864 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
21:55:33.0786 5864 usbuhci - ok
21:55:33.0819 5864 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\System32\Drivers\usbvideo.sys
21:55:33.0836 5864 usbvideo - ok
21:55:33.0915 5864 VBoxDrv (c40fecb0bd5da4e40690ef9ae4558a8c) C:\Windows\system32\DRIVERS\VBoxDrv.sys
21:55:33.0942 5864 VBoxDrv - ok
21:55:33.0967 5864 VBoxNetAdp (b3fc2d5f35e05e12c28f786c140d1cbd) C:\Windows\system32\DRIVERS\VBoxNetAdp.sys
21:55:33.0983 5864 VBoxNetAdp - ok
21:55:34.0016 5864 VBoxNetFlt (91ef7f61587323cb1658fe919d091ec3) C:\Windows\system32\DRIVERS\VBoxNetFlt.sys
21:55:34.0033 5864 VBoxNetFlt - ok
21:55:34.0089 5864 VBoxUSBMon (cf8b6507670127041ca78ef82c56ee45) C:\Windows\system32\DRIVERS\VBoxUSBMon.sys
21:55:34.0104 5864 VBoxUSBMon - ok
21:55:34.0157 5864 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
21:55:34.0166 5864 vdrvroot - ok
21:55:34.0213 5864 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
21:55:34.0220 5864 vga - ok
21:55:34.0260 5864 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
21:55:34.0267 5864 VgaSave - ok
21:55:34.0292 5864 VGPU - ok
21:55:34.0324 5864 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
21:55:34.0343 5864 vhdmp - ok
21:55:34.0365 5864 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
21:55:34.0372 5864 viaide - ok
21:55:34.0405 5864 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
21:55:34.0424 5864 vmbus - ok
21:55:34.0449 5864 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
21:55:34.0458 5864 VMBusHID - ok
21:55:34.0482 5864 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
21:55:34.0493 5864 volmgr - ok
21:55:34.0538 5864 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
21:55:34.0572 5864 volmgrx - ok
21:55:34.0610 5864 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
21:55:34.0629 5864 volsnap - ok
21:55:34.0712 5864 Vsdatant (48bfa6276bcc0535f5f8898107ed489a) C:\Windows\system32\DRIVERS\vsdatant.sys
21:55:34.0730 5864 Vsdatant - ok
21:55:34.0780 5864 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\DRIVERS\vsmraid.sys
21:55:34.0795 5864 vsmraid - ok
21:55:34.0823 5864 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
21:55:34.0830 5864 vwifibus - ok
21:55:34.0862 5864 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
21:55:34.0872 5864 vwififlt - ok
21:55:34.0910 5864 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
21:55:34.0917 5864 vwifimp - ok
21:55:34.0953 5864 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\DRIVERS\wacompen.sys
21:55:34.0962 5864 WacomPen - ok
21:55:35.0018 5864 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:35.0029 5864 WANARP - ok
21:55:35.0040 5864 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
21:55:35.0042 5864 Wanarpv6 - ok
21:55:35.0087 5864 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\DRIVERS\wd.sys
21:55:35.0098 5864 Wd - ok
21:55:35.0136 5864 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
21:55:35.0178 5864 Wdf01000 - ok
21:55:35.0233 5864 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
21:55:35.0238 5864 WfpLwf - ok
21:55:35.0273 5864 WimFltr (52ded146e4797e6ccf94799e8e22bb2a) C:\Windows\system32\DRIVERS\wimfltr.sys
21:55:35.0287 5864 WimFltr - ok
21:55:35.0314 5864 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
21:55:35.0328 5864 WIMMount - ok
21:55:35.0433 5864 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
21:55:35.0445 5864 WinUsb - ok
21:55:35.0495 5864 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
21:55:35.0497 5864 WmiAcpi - ok
21:55:35.0546 5864 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
21:55:35.0553 5864 ws2ifsl - ok
21:55:35.0616 5864 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
21:55:35.0628 5864 WudfPf - ok
21:55:35.0652 5864 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:55:35.0666 5864 WUDFRd - ok
21:55:35.0738 5864 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
21:55:35.0756 5864 \Device\Harddisk0\DR0 - ok
21:55:35.0767 5864 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk1\DR1
21:55:35.0847 5864 \Device\Harddisk1\DR1 - ok
21:55:35.0869 5864 Boot (0x1200) (fba16a8ea35bdc26e21d381eae5d7896) \Device\Harddisk0\DR0\Partition0
21:55:35.0872 5864 \Device\Harddisk0\DR0\Partition0 - ok
21:55:35.0886 5864 Boot (0x1200) (1ee9565bbc6274e75d3fa88f3574a604) \Device\Harddisk0\DR0\Partition1
21:55:35.0888 5864 \Device\Harddisk0\DR0\Partition1 - ok
21:55:35.0905 5864 Boot (0x1200) (1629c7fcce88a7b400d5bdb1bf54892a) \Device\Harddisk0\DR0\Partition2
21:55:35.0908 5864 \Device\Harddisk0\DR0\Partition2 - ok
21:55:35.0917 5864 Boot (0x1200) (5642f5de832dc8751ff72918ab98227f) \Device\Harddisk1\DR1\Partition0
21:55:35.0918 5864 \Device\Harddisk1\DR1\Partition0 - ok
21:55:35.0922 5864 ============================================================
21:55:35.0922 5864 Scan finished
21:55:35.0922 5864 ============================================================
21:55:35.0944 1400 Detected object count: 1
21:55:35.0944 1400 Actual detected object count: 1
21:55:44.0064 1400 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:55:44.0064 1400 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
Re: najdený virus v ntb, prosim o kontrolu logu...
Nevzpomene si, kde ESET havet hlasil 
PROSIM CTETE DUKLADNE NAVOD - TATO UTILITA MA VELKOU SCHOPNOST MAZAT A JE NUTNE JI APLIKOVAT JEN NA DOPORUCENI, JINAK VAM MUZE JIT SYSTEM DO KYTEK
Stahnete a ulozte na plochu Combofix http://download.bleepingcomputer.com/sUBs/ComboFix.exe
- Vypnete vsechny rezidentni bezpecnostní programy - firewally, antiviry, antispywary apod.
- Pokud mate Win XP spustte pod uctem Spravce\Administratora
- Pokud mate Win Vista ci Win 7, kliknete na Combofix pravym a dejte Run As Administrator ci Spustit jako spravce
- Ihned po startu se zobrazi stranka s licencnim ujednanim, pokracujte kliknutim na Ano
- Pokud Vam CF nabidne instalaci Konzoly pro zotaveni, tak souhlaste
- Dale postupujte dle pokynu, behem scanu nechte PC naprosto v klidu - nespoustejte zadne aplikace a neklikejte do zobrazujiciho se okna
- Scan by mel trvat cca 10 min, ale pokud bude PC hodne zaneseno, muze se cas prodlouzit
- Po dokonceni skenu a pripadnem restartu CF zobrazi log, pripadne jej najdete zde C:\ComboFix.txt, jeho obsah sem vlozte
- Detailni postup vc. obrazku mate zde http://www.bleepingcomputer.com/combofi ... t-combofix
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: najdený virus v ntb, prosim o kontrolu logu...
eset hlasil virus - c:windows\reset.exe... myslim, ze take niečo
Re: najdený virus v ntb, prosim o kontrolu logu...
Takze upozornoval na ten svuj crack, ktery tam je - ono totoz 99% cracku\keygenu ma v sobe i dalsi darecek v podobe nejake te haveti 
Takze prosim udelejte ComboFix jak jsem psal a smazem havet...
Takze prosim udelejte ComboFix jak jsem psal a smazem havet...
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: najdený virus v ntb, prosim o kontrolu logu...
tu je log z combofix :
ComboFix 11-10-28.04 - Stano . 10. 2011 19:13:03.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3886.2360 [GMT 2:00]
Running from: c:\users\Stano\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stano\AppData\Local\Temp\IswTmp\WH\0
.
---- Previous Run -------
.
c:\users\Stano\AppData\Roaming\inst.exe
c:\users\Stano\AppData\Roaming\Stanolog.dat
c:\users\Stano\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:23 . 2011-10-28 17:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\offreg.dll
2011-10-28 17:19 . 2011-10-28 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 06:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\mpengine.dll
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Roaming\CheckPoint
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Local\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-10-27 18:54 . 2011-10-27 18:54 -------- d-----w- c:\programdata\CheckPoint
2011-10-27 18:54 . 2011-10-28 17:27 -------- d-----w- c:\windows\Internet Logs
2011-10-27 18:41 . 2011-10-27 18:41 -------- d-----w- c:\users\Stano\AppData\Roaming\Avira
2011-10-27 18:36 . 2011-10-19 14:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-27 18:36 . 2011-10-19 14:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-27 18:36 . 2011-10-19 14:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\programdata\Avira
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\program files (x86)\Avira
2011-10-27 16:40 . 2011-10-27 19:27 -------- d-----w- c:\program files\trend micro
2011-10-27 16:40 . 2011-10-27 16:40 -------- d-----w- C:\rsit
2011-10-26 16:05 . 2011-10-26 16:05 -------- d-----w- c:\program files (x86)\FinalWire
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\tischtennis.exe_34F2FB4882074605891069ECDF0EBACF.exe
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\DXSETUP.exe_B4F27C9878284B7BB8A4D55FD79EE209.exe
2011-10-26 13:09 . 2011-10-26 13:24 -------- d-----w- c:\program files (x86)\Pixelbreaker
2011-10-26 13:08 . 2000-08-19 17:29 268048 ----a-w- c:\windows\SysWow64\dxtmeta2.dll
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\users\Stano\AppData\Local\Innovative Solutions
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\programdata\Innovative Solutions
2011-10-23 17:35 . 2011-10-23 17:36 -------- d-----w- c:\program files (x86)\CyberLink
2011-10-23 17:08 . 2011-10-23 17:08 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-10-23 16:58 . 2011-10-23 16:58 -------- d-----w- c:\users\Stano\AppData\Local\Facebook
2011-10-23 15:34 . 2011-10-23 15:34 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-22 04:54 . 2005-07-30 02:54 674816 ----a-w- c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSTBox.exe
2011-10-17 18:00 . 2011-10-17 18:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-10-13 18:17 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 18:17 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 18:17 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 17:37 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 17:37 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 17:37 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 17:37 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-06 18:53 . 2011-10-06 18:53 -------- d-----w- c:\users\Stano\AppData\Local\playlogic
2011-10-06 18:43 . 2011-10-06 18:43 -------- d-----w- c:\program files (x86)\PlayLogic
2011-09-29 18:07 . 2011-09-29 18:08 -------- d-----w- c:\users\Stano\.VirtualBox
2011-09-29 18:02 . 2011-08-15 12:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-29 18:02 . 2011-08-15 12:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-29 18:01 . 2011-09-29 18:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-29 18:01 . 2011-09-29 18:01 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 20:35 . 2011-07-07 18:37 82816 ----a-w- c:\users\Stano\AppData\Roaming\pcouffin.sys
2011-09-12 20:32 . 2011-09-12 20:32 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-29 08:51 . 2011-03-12 15:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-29 08:51 . 2011-03-12 15:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-08-08 19:46 . 2011-08-08 19:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-08 19:46 . 2011-08-08 19:46 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-07 19:09 . 2011-08-07 19:09 0 ---h--w- c:\users\Stano\AppData\Roaming\Stano1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-27 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-03 3058304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-26 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-18 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-02-18 162912]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CSTBox.exe [2005-7-30 674816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
- c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 11:53]
.
2011-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
- c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 11:53]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 15:24]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 15:24]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
- c:\users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:35]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
- c:\users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Nektra OEAPI - (no file)
Wow6432Node-HKCU-Run-OEXPRESS - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WEBTRAN - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-combofix - c:\combofix\CF2047.3XE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
AddRemove-WSC2005_1.0 - c:\windows\iun6002.exe
AddRemove-UB - c:\poker application\_uninstallation_info\UB\CasinoUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\TechSmith\Snagit 10\TSCHelp.exe
c:\program files (x86)\TechSmith\Snagit 10\SnagPriv.exe
c:\program files (x86)\TechSmith\Snagit 10\snagiteditor.exe
.
**************************************************************************
.
Completion time: 2011-10-28 19:31:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-28 17:31
.
Pre-Run: 46 528 786 432 bytes free
Post-Run: 46 130 941 952 bytes free
.
- - End Of File - - 00A78915D4ADC344982A919E1C89C5E9
ComboFix 11-10-28.04 - Stano . 10. 2011 19:13:03.2.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3886.2360 [GMT 2:00]
Running from: c:\users\Stano\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Firewall *Enabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stano\AppData\Local\Temp\IswTmp\WH\0
.
---- Previous Run -------
.
c:\users\Stano\AppData\Roaming\inst.exe
c:\users\Stano\AppData\Roaming\Stanolog.dat
c:\users\Stano\AppData\Roaming\vso_ts_preview.xml
c:\windows\iun6002.exe
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_NPF
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-28 )))))))))))))))))))))))))))))))
.
.
2011-10-28 17:23 . 2011-10-28 17:23 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\offreg.dll
2011-10-28 17:19 . 2011-10-28 17:19 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 06:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\mpengine.dll
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Roaming\CheckPoint
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Local\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-10-27 18:54 . 2011-10-27 18:54 -------- d-----w- c:\programdata\CheckPoint
2011-10-27 18:54 . 2011-10-28 17:27 -------- d-----w- c:\windows\Internet Logs
2011-10-27 18:41 . 2011-10-27 18:41 -------- d-----w- c:\users\Stano\AppData\Roaming\Avira
2011-10-27 18:36 . 2011-10-19 14:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-27 18:36 . 2011-10-19 14:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-27 18:36 . 2011-10-19 14:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\programdata\Avira
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\program files (x86)\Avira
2011-10-27 16:40 . 2011-10-27 19:27 -------- d-----w- c:\program files\trend micro
2011-10-27 16:40 . 2011-10-27 16:40 -------- d-----w- C:\rsit
2011-10-26 16:05 . 2011-10-26 16:05 -------- d-----w- c:\program files (x86)\FinalWire
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\tischtennis.exe_34F2FB4882074605891069ECDF0EBACF.exe
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\DXSETUP.exe_B4F27C9878284B7BB8A4D55FD79EE209.exe
2011-10-26 13:09 . 2011-10-26 13:24 -------- d-----w- c:\program files (x86)\Pixelbreaker
2011-10-26 13:08 . 2000-08-19 17:29 268048 ----a-w- c:\windows\SysWow64\dxtmeta2.dll
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\users\Stano\AppData\Local\Innovative Solutions
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\programdata\Innovative Solutions
2011-10-23 17:35 . 2011-10-23 17:36 -------- d-----w- c:\program files (x86)\CyberLink
2011-10-23 17:08 . 2011-10-23 17:08 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-10-23 16:58 . 2011-10-23 16:58 -------- d-----w- c:\users\Stano\AppData\Local\Facebook
2011-10-23 15:34 . 2011-10-23 15:34 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-22 04:54 . 2005-07-30 02:54 674816 ----a-w- c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSTBox.exe
2011-10-17 18:00 . 2011-10-17 18:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-10-13 18:17 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 18:17 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 18:17 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 17:37 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 17:37 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 17:37 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 17:37 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-06 18:53 . 2011-10-06 18:53 -------- d-----w- c:\users\Stano\AppData\Local\playlogic
2011-10-06 18:43 . 2011-10-06 18:43 -------- d-----w- c:\program files (x86)\PlayLogic
2011-09-29 18:07 . 2011-09-29 18:08 -------- d-----w- c:\users\Stano\.VirtualBox
2011-09-29 18:02 . 2011-08-15 12:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-29 18:02 . 2011-08-15 12:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-29 18:01 . 2011-09-29 18:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-29 18:01 . 2011-09-29 18:01 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 20:35 . 2011-07-07 18:37 82816 ----a-w- c:\users\Stano\AppData\Roaming\pcouffin.sys
2011-09-12 20:32 . 2011-09-12 20:32 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-29 08:51 . 2011-03-12 15:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-29 08:51 . 2011-03-12 15:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-08-08 19:46 . 2011-08-08 19:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-08 19:46 . 2011-08-08 19:46 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-07 19:09 . 2011-08-07 19:09 0 ---h--w- c:\users\Stano\AppData\Roaming\Stano1.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Facebook Update"="c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2011-10-27 137536]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-03 3058304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-26 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-18 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-02-18 162912]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CSTBox.exe [2005-7-30 674816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 .EsetTrialReset;Eset Trial Reset;c:\windows\reset.exe [x]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Služba Google Update (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 gupdatem;Služba Google Update (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 136176]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
Contents of the 'Scheduled Tasks' folder
.
2011-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
- c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 11:53]
.
2011-10-28 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
- c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe [2011-10-23 11:53]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 15:24]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-05-13 15:24]
.
2011-10-26 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
- c:\users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:35]
.
2011-10-28 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
- c:\users\Stano\AppData\Local\Google\Update\GoogleUpdate.exe [2011-08-01 18:35]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2645238
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2645238&SearchSource=2&q=
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKCU-Run-Nektra OEAPI - (no file)
Wow6432Node-HKCU-Run-OEXPRESS - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-WEBTRAN - (no file)
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
HKLM-Run-combofix - c:\combofix\CF2047.3XE
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
AddRemove-WSC2005_1.0 - c:\windows\iun6002.exe
AddRemove-UB - c:\poker application\_uninstallation_info\UB\CasinoUninstall.exe
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.032"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.abr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ani"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.apd"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.arw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bay"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bmp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.bw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cr2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.crw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cs1"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.cur"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dcx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dib"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djv"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.djvu"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.dng"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.emf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.eps"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.erf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fff"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.fpx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.gif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.hdr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icl"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.icn"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iff"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ilbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.int"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.inta"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.iw4"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2c"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.j2k"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jbr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jfif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jp2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpc"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpe"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpeg"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpg"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpk"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.jpx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.kdc"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.lbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mef"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mos"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.mrw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nef"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.nrw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.orf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pbr"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcd"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pct"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pcx"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pef"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pgm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pic"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pict"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pix"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.png"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ppm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psd"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.psp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspbrush"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.pspimage"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ras"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.raw"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgb"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rgba"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rle"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rsb"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rw2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.rwl"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sgi"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.sr2"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.srf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tga"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.thm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.tiff"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttc"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.ttf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30po"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30pp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.v30ppf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wbmp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.wmf"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xbm"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xif"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xmp"
.
[HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="ACDSee Photo Manager 12.xpm"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\TechSmith\Snagit 10\TSCHelp.exe
c:\program files (x86)\TechSmith\Snagit 10\SnagPriv.exe
c:\program files (x86)\TechSmith\Snagit 10\snagiteditor.exe
.
**************************************************************************
.
Completion time: 2011-10-28 19:31:46 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-28 17:31
.
Pre-Run: 46 528 786 432 bytes free
Post-Run: 46 130 941 952 bytes free
.
- - End Of File - - 00A78915D4ADC344982A919E1C89C5E9
Re: najdený virus v ntb, prosim o kontrolu logu...
Pokud nemate, tak presunte Combofix na plochu
- Spustte poznamkovy blok (Start-spustit-notepad)
- Zkopirujte skript nize
Kód: Vybrat vše
KillAll:: Collect:: C:\Windows\reset.exe Driver:: .EsetTrialReset gupdate gupdatem File:: c:\users\stano\appdata\local\vs revo group\revo uninstaller pro\keygen.exe c:\windows\prefetch\keygen.exe-7f2e5f5b.pf C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job C:\Windows\tasks\GoogleUpdateTaskMachineCore.job C:\Windows\tasks\GoogleUpdateTaskMachineUA.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job Folder:: c:\users\Stano\AppData\Local\Facebook\Update Registry:: [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Facebook Update"=- "Google Update"=- [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS5ServiceManager] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ADSMTray] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AlcoholAutomount] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard] [-HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\T3Desk] DDS:: uStart Page = hxxp://search.conduit.com?SearchSource= ... =CT2645238 Firefox:: FF - ProfilePath - c:\users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.as ... ource=3&q={searchTerms} FF - prefs.js: browser.search.selectedEngine - ZoneAlarm Security Customized Web Search FF - prefs.js: keyword.URL - hxxp://search.conduit.com/ResultsExt.as ... ource=2&q= RegLock:: [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.032\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.abr\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ani\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.apd\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.arw\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bay\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bmp\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bw\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cr2\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.crw\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cs1\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cur\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcr\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dcx\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dib\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djv\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.djvu\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dng\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.emf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eps\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.erf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fff\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.fpx\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.gif\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdr\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icl\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.icn\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iff\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ilbm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.int\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.inta\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iw4\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2c\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.j2k\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jbr\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jfif\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jif\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jp2\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpc\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpe\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpeg\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpg\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpk\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.jpx\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.kdc\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.lbm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mef\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mos\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mrw\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nef\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.nrw\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.orf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pbr\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcd\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pct\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcx\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pef\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pgm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pic\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pict\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pix\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.png\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ppm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psd\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.psp\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspbrush\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pspimage\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ras\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.raw\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgb\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rgba\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rle\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rsb\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rw2\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rwl\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sgi\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.sr2\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.srf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tga\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.thm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tif\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tiff\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttc\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ttf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30po\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30pp\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.v30ppf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wbmp\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmf\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xbm\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xif\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xmp\UserChoice] [HKEY_USERS\S-1-5-21-223967131-339517205-2418397834-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xpm\UserChoice] [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] Reboot::- Ulozte vytvoreny TXT jako CFScript.txt
- Pretahnete vytvoreny CFScript.txt nad Combofix a pustte (viz obrazek nize)
- Po aplikaci skriptu (a pripadnem restartu) na Vas vypadne log, jeho obsah sem vlozte
Muze se stat, ze po aplikaci skriptu nenabehnou windows, v tomto pripade restartuje PC a mackejte F8 a zvolte Posledni znamou konfiguraci"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: najdený virus v ntb, prosim o kontrolu logu...
ComboFix 11-10-29.03 - Stano . 10. 2011 16:43:19.3.4 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3886.2432 [GMT 2:00]
Running from: c:\users\Stano\Desktop\ComboFix.exe
Command switches used :: c:\users\Stano\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\stano\appdata\local\vs revo group\revo uninstaller pro\keygen.exe"
"c:\windows\prefetch\keygen.exe-7f2e5f5b.pf"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stano\AppData\Local\Facebook\Update
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\stano\appdata\local\vs revo group\revo uninstaller pro\keygen.exe
c:\users\Stano\AppData\Roaming\Stanolog.dat
c:\windows\prefetch\keygen.exe-7f2e5f5b.pf
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.EsetTrialReset
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-29 14:53 . 2011-10-29 14:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\offreg.dll
2011-10-29 14:49 . 2011-10-29 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 06:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\mpengine.dll
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Roaming\CheckPoint
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Local\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-10-27 18:54 . 2011-10-27 18:54 -------- d-----w- c:\programdata\CheckPoint
2011-10-27 18:54 . 2011-10-29 15:32 -------- d-----w- c:\windows\Internet Logs
2011-10-27 18:41 . 2011-10-27 18:41 -------- d-----w- c:\users\Stano\AppData\Roaming\Avira
2011-10-27 18:36 . 2011-10-19 14:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-27 18:36 . 2011-10-19 14:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-27 18:36 . 2011-10-19 14:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\programdata\Avira
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\program files (x86)\Avira
2011-10-27 16:40 . 2011-10-27 19:27 -------- d-----w- c:\program files\trend micro
2011-10-27 16:40 . 2011-10-27 16:40 -------- d-----w- C:\rsit
2011-10-26 16:05 . 2011-10-26 16:05 -------- d-----w- c:\program files (x86)\FinalWire
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\tischtennis.exe_34F2FB4882074605891069ECDF0EBACF.exe
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\DXSETUP.exe_B4F27C9878284B7BB8A4D55FD79EE209.exe
2011-10-26 13:09 . 2011-10-26 13:24 -------- d-----w- c:\program files (x86)\Pixelbreaker
2011-10-26 13:08 . 2000-08-19 17:29 268048 ----a-w- c:\windows\SysWow64\dxtmeta2.dll
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\users\Stano\AppData\Local\Innovative Solutions
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\programdata\Innovative Solutions
2011-10-23 17:35 . 2011-10-23 17:36 -------- d-----w- c:\program files (x86)\CyberLink
2011-10-23 17:08 . 2011-10-23 17:08 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-10-23 16:58 . 2011-10-23 16:58 -------- d-----w- c:\users\Stano\AppData\Local\Facebook
2011-10-23 15:34 . 2011-10-23 15:34 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-22 04:54 . 2005-07-30 02:54 674816 ----a-w- c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSTBox.exe
2011-10-17 18:00 . 2011-10-17 18:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-10-13 18:17 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 18:17 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 18:17 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 17:37 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 17:37 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 17:37 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 17:37 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-06 18:53 . 2011-10-06 18:53 -------- d-----w- c:\users\Stano\AppData\Local\playlogic
2011-10-06 18:43 . 2011-10-06 18:43 -------- d-----w- c:\program files (x86)\PlayLogic
2011-09-29 18:07 . 2011-09-29 18:08 -------- d-----w- c:\users\Stano\.VirtualBox
2011-09-29 18:02 . 2011-08-15 12:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-29 18:02 . 2011-08-15 12:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-29 18:01 . 2011-09-29 18:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-29 18:01 . 2011-09-29 18:01 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 20:35 . 2011-07-07 18:37 82816 ----a-w- c:\users\Stano\AppData\Roaming\pcouffin.sys
2011-09-12 20:32 . 2011-09-12 20:32 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-29 08:51 . 2011-03-12 15:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-29 08:51 . 2011-03-12 15:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-08-08 19:46 . 2011-08-08 19:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-08 19:46 . 2011-08-08 19:46 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-07 19:09 . 2011-08-07 19:09 0 ---h--w- c:\users\Stano\AppData\Roaming\Stano1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_17.27.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-19 21:03 . 2011-02-19 21:03 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 51024 c:\windows\SysWOW64\vcomp100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 63824 c:\windows\SysWOW64\mfc100esn.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2009-07-14 04:54 . 2011-10-28 17:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-29 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-29 14:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-28 17:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-28 17:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-29 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-01 09:54 . 2011-10-29 07:35 58064 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-29 07:35 37038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-01 09:43 . 2011-10-29 07:35 17944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223967131-339517205-2418397834-1000_UserData.bin
+ 2011-10-29 14:51 . 2011-10-29 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-28 17:21 . 2011-10-28 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-29 14:51 . 2011-10-29 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-28 17:21 . 2011-10-28 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 421200 c:\windows\SysWOW64\msvcp100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 138056 c:\windows\SysWOW64\atl100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\SysWOW64\atl100.dll
+ 2011-02-01 11:11 . 2011-10-29 14:27 359714 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-10-28 17:25 619146 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-29 14:55 619146 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-28 17:25 107466 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-29 14:55 107466 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-10-29 14:50 475948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-28 17:20 475948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-10 23:58 . 2011-06-10 23:58 4422992 c:\windows\SysWOW64\mfc100u.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 4397384 c:\windows\SysWOW64\mfc100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 4397384 c:\windows\SysWOW64\mfc100.dll
+ 2011-06-28 19:27 . 2011-06-28 19:27 4028928 c:\windows\Installer\44bf5.msp
+ 2011-02-09 00:08 . 2011-10-29 14:50 30020640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-223967131-339517205-2418397834-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-03 3058304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-26 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-18 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-02-18 162912]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CSTBox.exe [2005-7-30 674816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
"combofix"="c:\combofix\CF31367.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\TechSmith\Snagit 10\TSCHelp.exe
c:\program files (x86)\TechSmith\Snagit 10\SnagPriv.exe
c:\program files (x86)\TechSmith\Snagit 10\snagiteditor.exe
.
**************************************************************************
.
Completion time: 2011-10-29 17:35:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-29 15:35
ComboFix2.txt 2011-10-28 17:31
.
Pre-Run: 46 998 315 008 bytes free
Post-Run: 46 740 766 720 bytes free
.
- - End Of File - - 8625A1DB4E6B6A7FA5C38F57847C15CB
Microsoft Windows 7 Ultimate 6.1.7601.1.1250.421.1051.18.3886.2432 [GMT 2:00]
Running from: c:\users\Stano\Desktop\ComboFix.exe
Command switches used :: c:\users\Stano\Desktop\CFScript.txt.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: ZoneAlarm Firewall *Disabled* {D17DF357-CFF5-F001-D1C1-FCD21DFE3D5E}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
FILE ::
"c:\users\stano\appdata\local\vs revo group\revo uninstaller pro\keygen.exe"
"c:\windows\prefetch\keygen.exe-7f2e5f5b.pf"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job"
"c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job"
"c:\windows\tasks\GoogleUpdateTaskMachineCore.job"
"c:\windows\tasks\GoogleUpdateTaskMachineUA.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job"
"c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Stano\AppData\Local\Facebook\Update
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\FacebookCrashHandler.exe
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdate.exe
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\FacebookUpdateHelper.msi
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdate.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ar.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bg.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_bn.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ca.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_cs.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_da.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_de.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_el.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en-GB.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_en.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es-419.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_es.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_et.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fa.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fi.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fil.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_fr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_gu.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hi.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_hu.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_id.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_is.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_it.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_iw.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ja.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_kn.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ko.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lt.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_lv.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ml.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_mr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ms.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_nl.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_no.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_or.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pl.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-BR.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_pt-PT.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ro.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ru.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sk.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sl.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_sv.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ta.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_te.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_th.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_tr.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_uk.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_ur.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_vi.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-CN.dll
c:\users\Stano\AppData\Local\Facebook\Update\1.2.203.0\goopdateres_zh-TW.dll
c:\users\Stano\AppData\Local\Facebook\Update\FacebookUpdate.exe
c:\users\stano\appdata\local\vs revo group\revo uninstaller pro\keygen.exe
c:\users\Stano\AppData\Roaming\Stanolog.dat
c:\windows\prefetch\keygen.exe-7f2e5f5b.pf
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
c:\windows\tasks\FacebookUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
c:\windows\tasks\GoogleUpdateTaskMachineCore.job
c:\windows\tasks\GoogleUpdateTaskMachineUA.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000Core.job
c:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-223967131-339517205-2418397834-1000UA.job
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_.EsetTrialReset
-------\Service_gupdate
-------\Service_gupdatem
.
.
((((((((((((((((((((((((( Files Created from 2011-09-28 to 2011-10-29 )))))))))))))))))))))))))))))))
.
.
2011-10-29 14:53 . 2011-10-29 14:53 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\offreg.dll
2011-10-29 14:49 . 2011-10-29 14:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2011-10-28 06:35 . 2011-10-07 04:16 8570192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{69C95966-4BEE-4648-B2EB-ACD0F7EC0C4F}\mpengine.dll
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Roaming\CheckPoint
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 0 ----a-w- c:\windows\SysWow64\ConduitEngine.tmp
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\users\Stano\AppData\Local\Conduit
2011-10-27 18:58 . 2011-10-27 18:58 -------- d-----w- c:\program files (x86)\ZoneAlarm_Security
2011-10-27 18:54 . 2011-10-27 18:54 -------- d-----w- c:\programdata\CheckPoint
2011-10-27 18:54 . 2011-10-29 15:32 -------- d-----w- c:\windows\Internet Logs
2011-10-27 18:41 . 2011-10-27 18:41 -------- d-----w- c:\users\Stano\AppData\Roaming\Avira
2011-10-27 18:36 . 2011-10-19 14:56 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2011-10-27 18:36 . 2011-10-19 14:56 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2011-10-27 18:36 . 2011-10-19 14:56 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\programdata\Avira
2011-10-27 18:36 . 2011-10-27 18:36 -------- d-----w- c:\program files (x86)\Avira
2011-10-27 16:40 . 2011-10-27 19:27 -------- d-----w- c:\program files\trend micro
2011-10-27 16:40 . 2011-10-27 16:40 -------- d-----w- C:\rsit
2011-10-26 16:05 . 2011-10-26 16:05 -------- d-----w- c:\program files (x86)\FinalWire
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\tischtennis.exe_34F2FB4882074605891069ECDF0EBACF.exe
2011-10-26 13:11 . 2011-10-26 13:17 40960 ----a-r- c:\users\Stano\AppData\Roaming\Microsoft\Installer\{1B9AE6F8-4554-46D3-AE85-7EF52EE0C4B7}\DXSETUP.exe_B4F27C9878284B7BB8A4D55FD79EE209.exe
2011-10-26 13:09 . 2011-10-26 13:24 -------- d-----w- c:\program files (x86)\Pixelbreaker
2011-10-26 13:08 . 2000-08-19 17:29 268048 ----a-w- c:\windows\SysWow64\dxtmeta2.dll
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\users\Stano\AppData\Local\Innovative Solutions
2011-10-23 17:44 . 2011-10-23 17:44 -------- d-----w- c:\programdata\Innovative Solutions
2011-10-23 17:35 . 2011-10-23 17:36 -------- d-----w- c:\program files (x86)\CyberLink
2011-10-23 17:08 . 2011-10-23 17:08 -------- d-----w- c:\program files (x86)\Mozilla Firefox 4.0 Beta 11
2011-10-23 16:58 . 2011-10-23 16:58 -------- d-----w- c:\users\Stano\AppData\Local\Facebook
2011-10-23 15:34 . 2011-10-23 15:34 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2011-10-22 04:54 . 2005-07-30 02:54 674816 ----a-w- c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CSTBox.exe
2011-10-17 18:00 . 2011-10-17 18:00 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2011-10-13 18:17 . 2011-09-06 03:03 3138048 ----a-w- c:\windows\system32\win32k.sys
2011-10-13 18:17 . 2011-08-17 05:26 613888 ----a-w- c:\windows\system32\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 04:19 75776 ----a-w- c:\windows\SysWow64\psisrndr.ax
2011-10-13 18:17 . 2011-08-17 04:24 465408 ----a-w- c:\windows\SysWow64\psisdecd.dll
2011-10-13 18:17 . 2011-08-17 05:25 108032 ----a-w- c:\windows\system32\psisrndr.ax
2011-10-13 17:37 . 2011-08-27 05:37 331776 ----a-w- c:\windows\system32\oleacc.dll
2011-10-13 17:37 . 2011-08-27 04:26 233472 ----a-w- c:\windows\SysWow64\oleacc.dll
2011-10-13 17:37 . 2011-08-27 05:37 861696 ----a-w- c:\windows\system32\oleaut32.dll
2011-10-13 17:37 . 2011-08-27 04:26 571904 ----a-w- c:\windows\SysWow64\oleaut32.dll
2011-10-06 18:53 . 2011-10-06 18:53 -------- d-----w- c:\users\Stano\AppData\Local\playlogic
2011-10-06 18:43 . 2011-10-06 18:43 -------- d-----w- c:\program files (x86)\PlayLogic
2011-09-29 18:07 . 2011-09-29 18:08 -------- d-----w- c:\users\Stano\.VirtualBox
2011-09-29 18:02 . 2011-08-15 12:32 224048 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2011-09-29 18:02 . 2011-08-15 12:32 128816 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2011-09-29 18:01 . 2011-09-29 18:02 -------- dc----w- c:\windows\system32\DRVSTORE
2011-09-29 18:01 . 2011-09-29 18:01 -------- d-----w- c:\program files\Oracle
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-10-19 20:35 . 2011-07-07 18:37 82816 ----a-w- c:\users\Stano\AppData\Roaming\pcouffin.sys
2011-09-12 20:32 . 2011-09-12 20:32 627600 ----a-w- c:\windows\system32\deployJava1.dll
2011-08-29 08:51 . 2011-03-12 15:55 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2011-08-29 08:51 . 2011-03-12 15:55 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2011-08-15 12:32 . 2011-08-15 12:32 165680 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2011-08-15 12:32 . 2011-08-15 12:32 146736 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2011-08-15 12:32 . 2011-08-15 12:32 320816 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2011-08-08 19:46 . 2011-08-08 19:46 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2011-08-08 19:46 . 2011-08-08 19:46 458048 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2011-08-07 19:09 . 2011-08-07 19:09 0 ---h--w- c:\users\Stano\AppData\Roaming\Stano1.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2011-10-28_17.27.37 )))))))))))))))))))))))))))))))))))))))))
.
- 2011-02-19 21:03 . 2011-02-19 21:03 51024 c:\windows\SysWOW64\vcomp100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 51024 c:\windows\SysWOW64\vcomp100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 81744 c:\windows\SysWOW64\mfcm100u.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 81744 c:\windows\SysWOW64\mfcm100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 60752 c:\windows\SysWOW64\mfc100rus.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 43344 c:\windows\SysWOW64\mfc100kor.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 43856 c:\windows\SysWOW64\mfc100jpn.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 43856 c:\windows\SysWOW64\mfc100jpn.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 62288 c:\windows\SysWOW64\mfc100ita.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 36176 c:\windows\SysWOW64\mfc100cht.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\SysWOW64\mfc100cht.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 36176 c:\windows\SysWOW64\mfc100chs.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 64336 c:\windows\SysWOW64\mfc100fra.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 63824 c:\windows\SysWOW64\mfc100esn.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 63824 c:\windows\SysWOW64\mfc100esn.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 55120 c:\windows\SysWOW64\mfc100enu.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 55120 c:\windows\SysWOW64\mfc100enu.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 64336 c:\windows\SysWOW64\mfc100deu.dll
- 2009-07-14 04:54 . 2011-10-28 17:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-29 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2011-10-29 14:51 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-28 17:21 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2011-10-28 17:21 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2011-10-29 14:51 16384 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-02-01 09:54 . 2011-10-29 07:35 58064 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2011-10-29 07:35 37038 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-02-01 09:43 . 2011-10-29 07:35 17944 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-223967131-339517205-2418397834-1000_UserData.bin
+ 2011-10-29 14:51 . 2011-10-29 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2011-10-28 17:21 . 2011-10-28 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2011-10-29 14:51 . 2011-10-29 14:51 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-10-28 17:21 . 2011-10-28 17:21 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2011-02-18 22:40 . 2011-02-18 22:40 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 773968 c:\windows\SysWOW64\msvcr100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 421200 c:\windows\SysWOW64\msvcp100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 421200 c:\windows\SysWOW64\msvcp100.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 138056 c:\windows\SysWOW64\atl100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 138056 c:\windows\SysWOW64\atl100.dll
+ 2011-02-01 11:11 . 2011-10-29 14:27 359714 c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
- 2009-07-14 02:36 . 2011-10-28 17:25 619146 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2011-10-29 14:55 619146 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2011-10-28 17:25 107466 c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2011-10-29 14:55 107466 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:01 . 2011-10-29 14:50 475948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2011-10-28 17:20 475948 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2011-06-10 23:58 . 2011-06-10 23:58 4422992 c:\windows\SysWOW64\mfc100u.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 4422992 c:\windows\SysWOW64\mfc100u.dll
+ 2011-06-10 23:58 . 2011-06-10 23:58 4397384 c:\windows\SysWOW64\mfc100.dll
- 2011-02-19 21:03 . 2011-02-19 21:03 4397384 c:\windows\SysWOW64\mfc100.dll
+ 2011-06-28 19:27 . 2011-06-28 19:27 4028928 c:\windows\Installer\44bf5.msp
+ 2011-02-09 00:08 . 2011-10-29 14:50 30020640 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-223967131-339517205-2418397834-1000-12288.dat
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ConduitEngine\prxConduitEngin.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
2011-03-28 16:22 176936 ----a-w- c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{91da5e8a-3318-4f8c-b67e-5964de3ab546}"= "c:\program files (x86)\ZoneAlarm_Security\prxtbZone.dll" [2011-03-28 176936]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\prxConduitEngin.dll" [2011-03-28 176936]
.
[HKEY_CLASSES_ROOT\clsid\{91da5e8a-3318-4f8c-b67e-5964de3ab546}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ASUS Screen Saver Protector"="c:\windows\AsScrPro.exe" [2011-06-03 3058304]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2009-10-26 6998656]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2009-08-19 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"YouCam Mirage"="c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe" [2011-02-18 136488]
"YouCam Tray"="c:\program files (x86)\CyberLink\YouCam\YouCamTray.exe" [2011-02-18 162912]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"ZoneAlarm Client"="c:\program files (x86)\Zone Labs\ZoneAlarm\zlclient.exe" [2011-03-17 1043968]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
[HKEY_CURRENT_USER\software\microsoft\windows\Currentversion\policies\explorer\Run]
"CanoScan Toolbox Ver5.0"="c:\program files (x86)\Canon\CSTBox.exe" [2005-07-30 674816]
.
c:\users\Stano\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CSTBox.exe [2005-7-30 674816]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Snagit 10.lnk - c:\program files (x86)\TechSmith\Snagit 10\Snagit32.exe [2010-4-13 7046984]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [N/A]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [x]
R3 pcouffin;VSO Software pcouffin;c:\windows\system32\Drivers\pcouffin.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [x]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [x]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-02 15416]
S2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2011-02-15 33528]
S2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2011-02-15 822264]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-01-08 1997416]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2314240]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [x]
S3 IntcDAud;Intel(R) Zvuk pre obrazovky;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [x]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-12-10 9643552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2011-02-15 1123320]
"combofix"="c:\combofix\CF31367.3XE" [2010-11-20 345088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748450} - {CC963627-B1DC-40E0-B52A-CF21EE748450} - c:\translat\WebIE.dll
IE: {{CC963627-B1DC-40E0-B52A-CF21EE748452} - {CC963627-B1DC-40E0-B52A-CF21EE748452} - c:\translat\WebIE.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Stano\AppData\Roaming\Mozilla\Firefox\Profiles\044n96lf.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.sk/
.
- - - - ORPHANS REMOVED - - - -
.
WebBrowser-{8FF5E180-ABDE-46EB-B09E-D2AAB95CABE3} - (no file)
.
.
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe
c:\program files (x86)\Google\Update\GoogleUpdate.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
c:\program files (x86)\TechSmith\Snagit 10\TSCHelp.exe
c:\program files (x86)\TechSmith\Snagit 10\SnagPriv.exe
c:\program files (x86)\TechSmith\Snagit 10\snagiteditor.exe
.
**************************************************************************
.
Completion time: 2011-10-29 17:35:16 - machine was rebooted
ComboFix-quarantined-files.txt 2011-10-29 15:35
ComboFix2.txt 2011-10-28 17:31
.
Pre-Run: 46 998 315 008 bytes free
Post-Run: 46 740 766 720 bytes free
.
- - End Of File - - 8625A1DB4E6B6A7FA5C38F57847C15CB
Re: najdený virus v ntb, prosim o kontrolu logu...
Jak se chova PC
"Kdo víno má a nepije,kdo hrozny má a nejí je, kdo ženu má a nelíbá, kdo zábavě se vyhýbá, na toho vemte bič a hůl, to není člověk, to je vůl."
Člen od 1. února 2011.
Člen
od 1. února 2011.Re: najdený virus v ntb, prosim o kontrolu logu...
vsetko slape ako ma, teda aspon myslim
Přispějete na provoz fóra?