Zavireny notebook

[Walky]

Tento notebook dlho fungoval bez antivirusu...

Logfile of random's system information tool 1.09 (written by random/random)
Run by iwka at 2012-01-09 15:57:31
Microsoft Windows 7 Home Premium
System drive C: has 167 GB (58%) free of 288 GB
Total RAM: 2806 MB (47% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 15:57:35, on 9. 1. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Windows\update.tray-2-0-lnk\svchost.exe
C:\Program Files\totalcmd\TOTALCMD.EXE
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\windows\SysWOW64\rundll32.exe
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\iwka.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.bing.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [tray_ico0] C:\windows\update.tray-2-0\svchost.exe
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.siteadvisor.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.siteadvisor.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB7A69E8-B97E-4074-866C-6908AE06C13B}: NameServer = 172.22.19.254,88.212.8.8
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: ddservice - Unknown owner - C:\windows\update.7.1\svchostdriver.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: srvbtcclient - Unknown owner - C:\windows\update.5.0\svchost.exe
O23 - Service: srviecheck - Unknown owner - C:\windows\update.2\svchost.exe
O23 - Service: srvsysdriver32 - Unknown owner - C:\windows\sysdriver32.exe
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: wxpdrivers - Cronosoft - C:\windows\update.1\svchost.exe

--
End of file - 13017 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=consrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\windows\system32\services.exe
C:\windows\system32\lsass.exe
C:\windows\system32\lsm.exe
C:\windows\system32\svchost.exe -k DcomLaunch
"C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe"
"c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe"
winlogon.exe
C:\windows\system32\svchost.exe -k RPCSS
C:\windows\system32\atiesrxx.exe
C:\windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\windows\system32\svchost.exe -k netsvcs
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
C:\windows\system32\svchost.exe -k LocalService
C:\windows\system32\Hpservice.exe
atieclxx
C:\windows\system32\svchost.exe -k NetworkService
C:\windows\System32\spoolsv.exe
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe"
C:\windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
"C:\Program Files\LSI SoftModem\agr64svc.exe"
"C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe"
C:\windows\update.7.1\svchostdriver.exe srv
"c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe"
"c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe"
"C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe"
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\PDF Complete\pdfsvc.exe" /startedbyscm:66B66708-40E2BE4D-pdfcService
"C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE"
C:\windows\update.5.0\svchost.exe srv
C:\windows\update.2\svchost.exe srv
"C:\windows\update.5.0\svchost.exe" stand
C:\windows\sysdriver32.exe srv
C:\windows\system32\svchost.exe -k imgsvc
C:\windows\system\uArcCapture.exe
"C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE"
C:\windows\update.1\svchost.exe srv
C:\windows\system32\wbem\unsecapp.exe -Embedding
C:\windows\system32\wbem\wmiprvse.exe
"taskhost.exe"
"c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\windows\system32\Dwm.exe"
C:\windows\Explorer.EXE
C:\windows\system32\SearchIndexer.exe /Embedding
WLIDSvcM.exe 2696
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
"C:\Program Files\IDT\WDM\sttray64.exe"
"C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
C:\windows\system32\svchost.exe -k bthsvcs
"C:\windows\update.2\svchost.exe" stand
C:\windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
"c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe"
"c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe"
"C:\windows\update.2\svchost.exe" spamer
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM"
"C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe" 0
"C:\windows\update.2\svchost.exe" spamer
"C:\windows\update.2\svchost.exe" spamer
"C:\windows\update.2\svchost.exe" spamer
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe" /hidden
"C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe"
"C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe"
C:\windows\System32\svchost.exe -k secsvcs
C:\windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpCaslNotification.exe" "<hpNotification><Toast><Title>HP Wireless Assistant</Title><Text>Combo: On</Text><IconPath>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WA_tray_32_on.ico</IconPath><ID>774023589</ID><Path>C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Main.exe</Path><Parameters></Parameters></Toast></hpNotification>"
"C:\Windows\update.tray-2-0-lnk\svchost.exe" tray 2-0 1
C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\windows\system32\svchost.exe -k SDRSVC
C:\windows\system32\WLANExt.exe 5423136
\??\C:\windows\system32\conhost.exe "1527164721-6943842-1131295736-14147134781047972254-19452636781665170540741768115
"C:\Program Files\totalcmd\TOTALCMD.EXE"
"C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=3564.06355C00.718213553 /prefetch:3
C:\windows\system32\rundll32.exe "C:\Users\iwka\AppData\Local\Google\Chrome\APPLIC~1\160912~1.75\gcswf32.dll",BrokerMain browser=chrome
"C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=plugin --plugin-path="C:\Users\iwka\AppData\Local\Google\Chrome\Application\16.0.912.75\gcswf32.dll" --lang=sk --channel=3564.04DA51C0.1977166239 --flash-broker=5296 /prefetch:4
taskmgr.exe /3
C:\windows\system32\sppsvc.exe
"C:\windows\update.7.1\svchostdriver.exe" stand
C:\windows\splwow64.exe 1
"C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=sk --force-fieldtest=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/DnsParallelism/parallel_default/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/Instant/Inactive/Prefetch/ContentPrefetchPrerender1/PrerenderFromOmniboxHeuristic/ConservativeAlgorithm/ProxyConnectionImpact/proxy_connections_32/SpdyImpact/npn_with_spdy/WarmSocketImpact/warm_socket/ --enable-print-preview --channel=3564.05309780.704475833 /prefetch:3
"C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service --lang=sk
"C:\Users\iwka\Downloads\RSITx64.exe"

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-22 2132232]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7DB2D5A0-7241-4E79-B68D-6309F01C5231}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 532336]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-22 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll [2011-01-05 1582912]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-05 988480]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"=C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe [2010-01-27 8192]
"SysTrayApp"=C:\Program Files\IDT\WDM\sttray64.exe [2010-01-29 487424]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-05-14 2095912]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DTRun]
c:\Program Files (x86)\ArcSoft\TotalMedia Suite\TotalMedia Theatre 3\uDTRun.exe [2009-11-19 518656]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
C:\Program Files (x86)\Origin\Origin.exe [2011-12-27 28198536]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\File Sanitizer]
C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\CoreShredder.exe [2010-01-19 11266048]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\iwka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 136176]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPAdvisorDock]
C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPPowerAssistant]
C:\Program Files\Hewlett-Packard\HP Power Assistant\HPPA_Main.exe /hidden []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LightScribe Control Panel]
C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe [2010-01-22 2363392]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Microsoft Default Manager]
C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [2010-05-10 439568]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Nokia FastStart]
C:\Program Files (x86)\Nokia\Nokia Music\NokiaMusic.exe [2009-02-26 2376992]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NokiaMServer]
C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer /watchfiles []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe [2011-06-16 1500160]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QLBController]
C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe [2010-03-01 256056]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32.exe]
C:\windows\sysdriver32.exe [2011-11-02 257024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sysdriver32_.exe]
C:\windows\sysdriver32_.exe [2011-11-02 257024]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\wxpdrv]
C:\windows\services32.exe [2011-10-31 1204736]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Bluetooth.lnk]
C:\PROGRA~1\WIDCOMM\BLUETO~1\BTTray.exe [2010-06-09 1128224]

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-01-12 563736]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-05 98304]
"tray_ico"= []
"tray_ico0"=C:\windows\update.tray-2-0\svchost.exe [2011-10-31 1204736]
"tray_ico1"= []
"tray_ico2"= []
"tray_ico3"= []
"tray_ico4"= []
"NPSStartup"= []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\wxpdrivers]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\wxpdrivers]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-01-09 15:57:32 ----D---- C:\Program Files\trend micro
2012-01-09 15:51:19 ----A---- C:\windows\system32\drivers\gqmxyjsc.sys
2012-01-09 15:49:24 ----D---- C:\rsit
2012-01-09 15:49:24 ----D---- C:\Program Files (x86)\trend micro
2012-01-04 21:10:18 ----A---- C:\windows\system32\drivers\revoflt.sys
2012-01-04 21:10:16 ----D---- C:\Program Files\VS Revo Group
2012-01-04 20:25:33 ----N---- C:\windows\system32\MpSigStub.exe
2012-01-04 20:11:51 ----D---- C:\windows\pss
2012-01-04 20:06:11 ----HD---- C:\windows\update.tray-2-0-lnk
2012-01-04 20:06:11 ----HD---- C:\windows\update.tray-2-0
2012-01-04 19:18:26 ----D---- C:\Program Files\CCleaner
2011-12-14 17:23:46 ----HD---- C:\windows\update.7.1

======List of files/folders modified in the last 1 month======

2012-01-09 15:57:32 ----RD---- C:\Program Files
2012-01-09 15:57:30 ----D---- C:\windows\Temp
2012-01-09 15:51:19 ----D---- C:\windows\system32\drivers
2012-01-09 15:50:38 ----A---- C:\windows\iplist.txt
2012-01-09 15:50:36 ----A---- C:\windows\btc_client_iplist.txt
2012-01-09 15:49:24 ----RD---- C:\Program Files (x86)
2012-01-09 15:44:45 ----D---- C:\windows\System32
2012-01-09 15:44:45 ----D---- C:\windows\inf
2012-01-09 15:44:45 ----A---- C:\windows\system32\PerfStringBackup.INI
2012-01-09 15:43:34 ----A---- C:\windows\iecheck_iplist.txt
2012-01-09 15:41:35 ----D---- C:\windows\ufa
2012-01-09 15:41:05 ----SHD---- C:\System Volume Information
2012-01-09 15:34:55 ----D---- C:\ProgramData\HPQLOG
2012-01-08 14:56:04 ----D---- C:\Windows
2012-01-05 17:35:01 ----D---- C:\Users\iwka\AppData\Roaming\Winamp
2012-01-05 17:29:54 ----D---- C:\PerfLogs
2012-01-05 17:19:25 ----SD---- C:\ProgramData\Microsoft
2012-01-05 09:36:15 ----D---- C:\windows\Logs
2012-01-05 09:15:53 ----A---- C:\windows\unrar.exe
2012-01-04 21:23:53 ----SHD---- C:\windows\Installer
2012-01-04 21:11:57 ----D---- C:\windows\system32\catroot2
2012-01-04 20:36:40 ----D---- C:\windows\system32\Tasks
2012-01-04 20:16:02 ----SHD---- C:\Config.Msi
2012-01-04 20:16:01 ----D---- C:\windows\SysWOW64
2012-01-04 20:07:47 ----D---- C:\windows\av_ico
2012-01-04 20:06:12 ----HD---- C:\ProgramData
2012-01-04 20:04:24 ----A---- C:\windows\winlog-ids.txt
2012-01-04 20:04:24 ----A---- C:\windows\winlog-dirs.txt
2012-01-04 20:04:17 ----D---- C:\windows\system32\DriverStore
2012-01-04 20:04:17 ----D---- C:\windows\system32\catroot
2012-01-04 19:56:54 ----D---- C:\windows\system32\config
2012-01-04 19:51:33 ----D---- C:\Program Files (x86)\Origin
2012-01-04 19:19:06 ----D---- C:\Users\iwka\AppData\Roaming\DAEMON Tools Lite
2012-01-04 19:19:00 ----D---- C:\windows\Panther
2012-01-04 19:19:00 ----D---- C:\windows\ModemLogs
2012-01-04 19:18:59 ----D---- C:\windows\SoftwareDistribution
2012-01-04 19:18:59 ----D---- C:\windows\debug
2012-01-04 08:15:20 ----D---- C:\ProgramData\PDFC
2012-01-03 17:09:46 ----D---- C:\Program Files\VAG-COM
2012-01-03 16:49:45 ----D---- C:\film
2011-12-27 18:13:40 ----D---- C:\Program Files (x86)\Common Files
2011-12-18 18:38:00 ----D---- C:\Fotky

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie64.sys [2010-03-09 16440]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2009-07-08 30008]
R0 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2010-02-08 527592]
R0 mfewfpk;McAfee Inc. mfewfpk; C:\windows\system32\drivers\mfewfpk.sys [2010-02-08 280008]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2009-07-14 214096]
R0 SafeBoot;SafeBoot; C:\windows\system32\drivers\SafeBoot.sys [2010-01-26 56648]
R0 SbAlg;SbAlg; C:\windows\system32\drivers\SbAlg.sys [2009-06-04 60160]
R0 SbFsLock;SbFsLock; C:\windows\system32\drivers\SbFsLock.sys [2010-01-26 15688]
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys [2011-08-04 146432]
R1 MPFP;MPFP; C:\windows\System32\Drivers\Mpfp.sys [2009-04-09 176144]
R1 RsvLock;RsvLock; C:\windows\system32\drivers\RsvLock.sys [2010-01-26 58184]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys [2011-08-09 202576]
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys [2011-08-04 137144]
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys [2009-07-08 41272]
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys [2009-11-02 1209856]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-08-05 6859776]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-08-04 264192]
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys [2009-12-04 32640]
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys [2010-08-11 125456]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys [2010-11-11 3060800]
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys [2010-06-10 342056]
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2010-06-10 102952]
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys [2010-06-10 135720]
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2010-06-10 39464]
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2010-06-10 21544]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-01-10 254528]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-16 25912]
R3 mfeavfk;McAfee Inc. mfeavfk; C:\windows\system32\drivers\mfeavfk.sys [2010-02-08 190136]
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys [2010-01-19 1803904]
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys [2010-01-29 505856]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-05-14 319536]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S1 gqmxyjsc;gqmxyjsc; \??\C:\windows\system32\drivers\gqmxyjsc.sys [2012-01-09 48464]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2011-04-28 552448]
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys [2009-10-21 40760]
S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys [2011-03-18 74376]
S3 FTSER2K;USB Serial Port Driver; C:\windows\system32\drivers\ftser2k.sys [2011-03-18 85384]
S3 mfeapfk;McAfee Inc. mfeapfk; C:\windows\system32\drivers\mfeapfk.sys [2010-02-08 121760]
S3 mferkdet;McAfee Inc. mferkdet; C:\windows\system32\drivers\mferkdet.sys [2010-02-08 94224]
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\windows\system32\DRIVERS\netr28x.sys [2009-06-10 620544]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys [2008-08-28 25600]
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys [2009-07-14 12352]
S3 Revoflt;Revoflt; C:\windows\system32\DRIVERS\revoflt.sys [2009-12-30 31800]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys [2010-02-08 239136]
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys [2010-01-12 325152]
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys [2009-07-14 109056]
S3 TFsExDisk;TFsExDisk; \??\C:\windows\System32\Drivers\TFsExDisk.sys []
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 38400]
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys [2009-07-14 40448]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-11-02 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-08-05 203264]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-09 952096]
R2 ddservice;ddservice; C:\windows\update.7.1\svchostdriver.exe [2011-12-14 378880]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-01-22 462088]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-30 121344]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2009-07-08 30520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 srvbtcclient;srvbtcclient; C:\windows\update.5.0\svchost.exe [2011-11-15 347648]
R2 srviecheck;srviecheck; C:\windows\update.2\svchost.exe [2011-10-31 1942528]
R2 srvsysdriver32;srvsysdriver32; C:\windows\sysdriver32.exe [2011-11-02 257024]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [2010-01-29 244736]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R2 wxpdrivers;wxpdrivers; C:\windows\update.1\svchost.exe [2011-10-31 1204736]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-16 660536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2011-01-19 1255736]

-----------------EOF-----------------

[Walky]

mam problem uz s prvym krokom po kliknuti mi nezmizne plocha ale napr ak je zapnuti nejaky program tak ho vypne mam pokracovat dalej?

[Walky]

Pri robeni kontroli cez OTL mi vypisalo couldn'd create cmd.bat
A virus total nenasiel virus v tom subore http://www.virustotal.com/file-scan/rep ... 1326206972

log s MBR

Kód: Vybrat vše

MBRScan v1.0.4

OS        : Windows 7  (64 bit)
PROCESSOR : AMD64 Family 16 Model 6 Stepping 3, AuthenticAMD
BOOT      : Normal Boot
DATE      : 2012/01/10 (ISO 8601) at 15:53:11

================================================================================

\Device\Harddisk0\DR0     	298 Go	 [Fixed]  ==> 7 MBR Code..

MBR_MD5   : EFB0A247668AD039C36464E893135777
MBR_SHA-1 : E16E2AE8B932921EDD8F085DD48E2C8E86192D61

\Device\Harddisk0\Partition1	300 Mo	 [Fixed]  0x07 NTFS / HPFS ___ BOOTABLE ___
\Device\Harddisk0\Partition2	280 Go	 [Fixed]  0x07 NTFS / HPFS
\Device\Harddisk0\Partition3	15.0 Go	 [Fixed]  0x07 NTFS / HPFS
\Device\Harddisk0\Partition4	2.0 Go	 [Fixed]  0x0C FAT32 [LBA] 

================================================================================


_______MBR   \Device\Harddisk0\DR0  

0x00000000   33 C0 8E D0 BC 00 7C 8E C0 8E D8 BE 00 7C BF 00   3À.м.|.À.ؾ.|¿.
0x00000010   06 B9 00 02 FC F3 A4 50 68 1C 06 CB FB B9 04 00   .¹..üó¤Ph..Ëû¹..
0x00000020   BD BE 07 80 7E 00 00 7C 0B 0F 85 0E 01 83 C5 10   ½¾..~..|......Å.
0x00000030   E2 F1 CD 18 88 56 00 55 C6 46 11 05 C6 46 10 00   âñÍ..V.UÆF..ÆF..
0x00000040   B4 41 BB AA 55 CD 13 5D 72 0F 81 FB 55 AA 75 09   ´A»ªUÍ.]r..ûUªu.
0x00000050   F7 C1 01 00 74 03 FE 46 10 66 60 80 7E 10 00 74   ÷Á..t.þF.f`.~..t
0x00000060   26 66 68 00 00 00 00 66 FF 76 08 68 00 00 68 00   &fh....f.v.h..h.
0x00000070   7C 68 01 00 68 10 00 B4 42 8A 56 00 8B F4 CD 13   |h..h..´B.V..ôÍ.
0x00000080   9F 83 C4 10 9E EB 14 B8 01 02 BB 00 7C 8A 56 00   ..Ä..ë.¸..».|.V.
0x00000090   8A 76 01 8A 4E 02 8A 6E 03 CD 13 66 61 73 1C FE   .v..N..n.Í.fas.þ
0x000000A0   4E 11 75 0C 80 7E 00 80 0F 84 8A 00 B2 80 EB 84   N.u..~......².ë.
0x000000B0   55 32 E4 8A 56 00 CD 13 5D EB 9E 81 3E FE 7D 55   U2ä.V.Í.]ë..>þ}U
0x000000C0   AA 75 6E FF 76 00 E8 8D 00 75 17 FA B0 D1 E6 64   ªun.v.è..u.ú°Ñæd
0x000000D0   E8 83 00 B0 DF E6 60 E8 7C 00 B0 FF E6 64 E8 75   è..°ßæ`è|.°.ædèu
0x000000E0   00 FB B8 00 BB CD 1A 66 23 C0 75 3B 66 81 FB 54   .û¸.»Í.f#Àu;f.ûT
0x000000F0   43 50 41 75 32 81 F9 02 01 72 2C 66 68 07 BB 00   CPAu2.ù..r,fh.».
0x00000100   00 66 68 00 02 00 00 66 68 08 00 00 00 66 53 66   .fh....fh....fSf
0x00000110   53 66 55 66 68 00 00 00 00 66 68 00 7C 00 00 66   SfUfh....fh.|..f
0x00000120   61 68 00 00 07 CD 1A 5A 32 F6 EA 00 7C 00 00 CD   ah...Í.Z2öê.|..Í
0x00000130   18 A0 B7 07 EB 08 A0 B6 07 EB 03 A0 B5 07 32 E4   ..·.ë..¶.ë..µ.2ä
0x00000140   05 00 07 8B F0 AC 3C 00 74 09 BB 07 00 B4 0E CD   ....ð¬<.t.»..´.Í
0x00000150   10 EB F2 F4 EB FD 2B C9 E4 64 EB 00 24 02 E0 F8   .ëòôëý+Éädë.$.àø
0x00000160   24 02 C3 49 6E 76 61 6C 69 64 20 70 61 72 74 69   $.ÃInvalid parti
0x00000170   74 69 6F 6E 20 74 61 62 6C 65 00 45 72 72 6F 72   tion table.Error
0x00000180   20 6C 6F 61 64 69 6E 67 20 6F 70 65 72 61 74 69    loading operati
0x00000190   6E 67 20 73 79 73 74 65 6D 00 4D 69 73 73 69 6E   ng system.Missin
0x000001A0   67 20 6F 70 65 72 61 74 69 6E 67 20 73 79 73 74   g operating syst
0x000001B0   65 6D 00 00 00 63 7B 9A 82 59 9E B9 00 00 80 20   em...c{..Y.¹... 
0x000001C0   21 00 07 5E 38 26 00 08 00 00 00 60 09 00 00 5E   !..^8&.....`...^
0x000001D0   39 26 07 FE FF FF 00 68 09 00 00 80 19 23 00 10   9&.þ...h.....#..
0x000001E0   FB 56 07 30 B4 FC 00 E8 22 23 00 00 E0 01 00 30   ûV.0´ü.è"#..à..0
0x000001F0   B5 FC 0C A2 22 00 00 E8 02 25 00 D8 3F 00 55 AA   µü.¢"..è.%.Ø?.Uª

[Walky]

Tu je log z combofixu

ComboFix 12-01-10.01 - iwka . 01. 2012 17:20:28.1.2 - x64
Running from: c:\users\iwka\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\iwka\Desktop\Setup.exe
c:\windows\assembly\tmp\U
c:\windows\assembly\tmp\U\00000001.@
c:\windows\assembly\tmp\U\000000c0.@
c:\windows\assembly\tmp\U\000000cb.@
c:\windows\assembly\tmp\U\000000cf.@
c:\windows\assembly\tmp\U\80000000.@
c:\windows\assembly\tmp\U\800000c0.@
c:\windows\assembly\tmp\U\800000cb.@
c:\windows\assembly\tmp\U\800000cf.@
c:\windows\av_ico
c:\windows\av_ico\ico_mcafee_start.ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\services32.exe
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\config\systemprofile\AppData\Local\48e7ca57\X
c:\windows\system32\consrv.dll
c:\windows\system32\drivers\etc\hosts.ics
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\ufa.rar
c:\windows\update.1
c:\windows\update.1\svchost.exe
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.7.1\svchostdriver.exe
c:\windows\winlog-dirs.txt
c:\windows\winlog-ids.txt
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_ddservice
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
-------\Service_wxpdrivers
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 16:31 . 2012-01-10 16:31 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{432C8E52-4C38-47AE-AD03-5A8308FFF430}\offreg.dll
2012-01-10 16:27 . 2012-01-10 16:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-09 21:12 . 2012-01-10 15:17 512 ----a-w- C:\PhysicalMBR.bin
2012-01-09 14:57 . 2012-01-09 14:57 -------- d-----w- c:\program files\trend micro
2012-01-09 14:49 . 2012-01-09 14:49 -------- d-----w- C:\rsit
2012-01-09 14:49 . 2012-01-09 14:49 -------- d-----w- c:\program files (x86)\trend micro
2012-01-04 20:10 . 2012-01-04 20:10 -------- d-----w- c:\users\iwka\AppData\Local\VS Revo Group
2012-01-04 20:10 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-01-04 20:10 . 2012-01-04 20:10 -------- d-----w- c:\program files\VS Revo Group
2012-01-04 19:25 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{432C8E52-4C38-47AE-AD03-5A8308FFF430}\mpengine.dll
2012-01-04 19:25 . 2011-11-15 13:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 19:06 . 2012-01-04 19:06 -------- d--h--w- c:\windows\update.tray-2-0
2012-01-04 19:06 . 2012-01-04 19:06 -------- d--h--w- c:\windows\update.tray-2-0-lnk
2012-01-04 18:18 . 2012-01-04 18:18 -------- d-----w- c:\program files\CCleaner
2011-12-27 17:13 . 2011-12-27 17:13 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 14:50 . 2011-10-31 16:21 246272 ----a-w- c:\windows\unrar.exe
2011-10-31 17:15 . 2011-10-31 17:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"tray_ico0"="c:\windows\update.tray-2-0\svchost.exe" [2011-10-31 1204736]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
"FirewallDisableNotify"=dword:00000001
"UpdatesDisableNotify"=dword:00000001
"AntiVirusDisableNotify"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002Core.job
- c:\users\iwka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 22:53]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002UA.job
- c:\users\iwka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 22:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
"combofix"="c:\combofix\CF3239.3XE" [2009-07-14 344576]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.254
TCP: Interfaces\{DB7A69E8-B97E-4074-866C-6908AE06C13B}: NameServer = 172.22.19.254,88.212.8.8
.
- - - - ORPHANS REMOVED - - - -
.
Wow6432Node-HKLM-Run-tray_ico - (no file)
Wow6432Node-HKLM-Run-tray_ico1 - (no file)
Wow6432Node-HKLM-Run-tray_ico2 - (no file)
Wow6432Node-HKLM-Run-tray_ico3 - (no file)
Wow6432Node-HKLM-Run-tray_ico4 - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
SafeBoot-wxpdrivers
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-{FC17E0A7-EAA9-4902-92F8-C83B9FD02246} - c:\program files (x86)\InstallShield Installation Information\{FC17E0A7-EAA9-4902-92F8-C83B9FD02246}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\program files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DPAgent.exe
.
**************************************************************************
.
Completion time: 2012-01-10 17:36:44 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 16:36
.
Pre-Run: 174 335 709 184 bytes free
Post-Run: 173 740 281 856 bytes free
.
- - End Of File - - E6B8ED8B6E2ACAE445E600EB09F79600

[Walky]

Qoobox sa mi nepodarilo vlozit do prilohy tak som to uploadol tu : http://www.uloz.to/12451504/qoobox-rar
Anrivirus teraz instalujem.
Na ploche sa mi zobrazili 2 skryte subory desktop.ini a je v nich:

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21799

a toto je v druhom desktop.ini

[.ShellClassInfo]
LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769
IconResource=%SystemRoot%\system32\imageres.dll,-183


Tu je log:
ComboFix 12-01-10.02 - iwka . 01. 2012 18:13:29.2.2 - x64
Running from: c:\users\iwka\Desktop\ComboFix.exe
Command switches used :: c:\users\iwka\Desktop\CFScript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\av_ico
c:\windows\av_ico\ico_NOD_AV_START.ico
c:\windows\av_ico\ico_NOD_SYSINSP.ico
c:\windows\av_ico\ico_NOD_SYSRESC.ico
c:\windows\av_ico\ico_NOD_TXT.ico
c:\windows\av_ico\ico_NOD_UNINSTALL.ico
c:\windows\btc_client_iplist.txt
c:\windows\front_ip_list.txt
c:\windows\geoiplist
c:\windows\geoiplist.rar
c:\windows\iecheck_iplist.txt
c:\windows\info1
c:\windows\iplist.txt
c:\windows\loader2.exe_ok
c:\windows\phoenix
c:\windows\phoenix.rar
c:\windows\phoenix\kernels\phatk\__init__.py
c:\windows\phoenix\kernels\phatk\__init__.pyc
c:\windows\phoenix\kernels\phatk\BFIPatcher.py
c:\windows\phoenix\kernels\phatk\kernel.cl
c:\windows\phoenix\kernels\poclbm\__init__.py
c:\windows\phoenix\kernels\poclbm\__init__.pyc
c:\windows\phoenix\kernels\poclbm\BFIPatcher.py
c:\windows\phoenix\kernels\poclbm\kernel.cl
c:\windows\phoenix\phoenix.exe
c:\windows\proc_list1.log
c:\windows\rpcminer
c:\windows\rpcminer.rar
c:\windows\rpcminer\bitcoinminercuda_10.cubin
c:\windows\rpcminer\bitcoinminercuda_11.cubin
c:\windows\rpcminer\bitcoinminercuda_20.cubin
c:\windows\rpcminer\bitcoinmineropencl.cl
c:\windows\rpcminer\cudart32_32_16.dll
c:\windows\rpcminer\curllib.dll
c:\windows\rpcminer\libeay32.dll
c:\windows\rpcminer\libsasl.dll
c:\windows\rpcminer\openldap.dll
c:\windows\rpcminer\rpcminer-4way.exe
c:\windows\rpcminer\rpcminer-cpu.exe
c:\windows\rpcminer\rpcminer-cuda.exe
c:\windows\rpcminer\rpcminer-opencl.exe
c:\windows\rpcminer\ssleay32.dll
c:\windows\sysdriver32.exe
c:\windows\sysdriver32_.exe
c:\windows\system32\config\systemprofile\AppData\Local\48e7ca57\X
c:\windows\system32\drivers\etc\HSTS~1
c:\windows\TEMP\679565.exe
c:\windows\ufa.rar
c:\windows\update.2
c:\windows\update.2\svchost.exe
c:\windows\update.5.0
c:\windows\update.5.0\svchost.exe
c:\windows\update.7.1
c:\windows\update.tray-2-0-lnk
c:\windows\update.tray-2-0-lnk\svchost.exe
c:\windows\update.tray-2-0
c:\windows\update.tray-2-0\svchost.exe
c:\windows\winsetupapi.log
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_srvbtcclient
-------\Service_srviecheck
-------\Service_srvsysdriver32
.
.
((((((((((((((((((((((((( Files Created from 2011-12-10 to 2012-01-10 )))))))))))))))))))))))))))))))
.
.
2012-01-10 17:33 . 2012-01-10 17:33 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{432C8E52-4C38-47AE-AD03-5A8308FFF430}\offreg.dll
2012-01-09 21:12 . 2012-01-10 15:17 512 ----a-w- C:\PhysicalMBR.bin
2012-01-09 14:57 . 2012-01-09 14:57 -------- d-----w- c:\program files\trend micro
2012-01-09 14:49 . 2012-01-09 14:49 -------- d-----w- C:\rsit
2012-01-09 14:49 . 2012-01-09 14:49 -------- d-----w- c:\program files (x86)\trend micro
2012-01-04 20:10 . 2012-01-04 20:10 -------- d-----w- c:\users\iwka\AppData\Local\VS Revo Group
2012-01-04 20:10 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-01-04 20:10 . 2012-01-04 20:10 -------- d-----w- c:\program files\VS Revo Group
2012-01-04 19:25 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{432C8E52-4C38-47AE-AD03-5A8308FFF430}\mpengine.dll
2012-01-04 19:25 . 2011-11-15 13:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 18:18 . 2012-01-04 18:18 -------- d-----w- c:\program files\CCleaner
2011-12-27 17:13 . 2011-12-27 17:13 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 16:46 . 2011-10-31 16:21 246272 ----a-w- c:\windows\unrar.exe
2011-10-31 17:15 . 2011-10-31 17:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\system32\drivers\revoflt.sys ---
Company: VS Revo Group
File Description: Revo Uninstaller Minifilter
File Version: 1, 0, 0, 4 built by: WinDDK
Product Name: Revo Uninstaller Pro
Copyright: © VS Revo Group, Ltd. All rights reserved.
Original Filename: revoflt.sys
File size: 31800
Created time: 2012-01-04 20:10
Modified time: 2009-12-30 09:21
MD5: 9C3AC71A9934B884FAC567A8807E9C4D
SHA1: B10B5F98D00BD5054D57531FC998BDBBBBD84A75
.
.
--- c:\windows\system32\MpSigStub.exe ---
Company: Microsoft Corporation
File Description: Microsoft Malware Protection Signature Update Stub
File Version: 10.3.1781.0
Product Name: Microsoft Malware Protection
Copyright: © Microsoft Corporation. All rights reserved.
Original Filename: MpSigStub.exe
File size: 270720
Created time: 2012-01-04 19:25
Modified time: 2011-11-15 13:29
MD5: 2E6BD16AA62E5E95C7B256B10D637F8F
SHA1: 350BE084477B1FE581AF83CA79EB58D4DEFE260F
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-10_16.32.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-10 15:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-10 17:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2009-07-14 04:54 . 2012-01-10 15:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-10 17:00 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:10 . 2012-01-10 16:33 49434 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-09 16:22 . 2012-01-10 16:33 21820 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-367710519-3172954664-1994959074-1002_UserData.bin
+ 2011-01-09 17:00 . 2012-01-10 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-09 17:00 . 2012-01-10 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-09 17:00 . 2012-01-10 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-09 17:00 . 2012-01-10 17:13 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-01-10 17:30 . 2012-01-10 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-10 16:29 . 2012-01-10 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-10 17:30 . 2012-01-10 17:30 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-01-10 16:29 . 2012-01-10 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-10 16:46 . 2011-06-29 11:20 743936 c:\windows\ufa\ufa.exe
- 2009-07-14 04:54 . 2012-01-10 15:08 720896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2009-07-14 04:54 . 2012-01-10 17:00 720896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 05:01 . 2012-01-10 16:28 397128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-01-10 17:30 397128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-01-10 07:26 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-10 16:56 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-07-14 1475072]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [x]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 mfewfpk;McAfee Inc. mfewfpk;c:\windows\system32\drivers\mfewfpk.sys [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002Core.job
- c:\users\iwka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 22:53]
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002UA.job
- c:\users\iwka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 22:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"combofix"="c:\combofix\CF13558.3XE" [2009-07-14 344576]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.254
TCP: Interfaces\{DB7A69E8-B97E-4074-866C-6908AE06C13B}: NameServer = 172.22.19.254,88.212.8.8
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
c:\users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
c:\users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
.
**************************************************************************
.
Completion time: 2012-01-10 18:51:32 - machine was rebooted
ComboFix-quarantined-files.txt 2012-01-10 17:51
ComboFix2.txt 2012-01-10 16:36
.
Pre-Run: 173 762 777 088 bytes free
Post-Run: 173 749 481 472 bytes free
.
- - End Of File - - BF6DCDE5A065EB83C166B38DB5BB086E

[Walky]

Nainstaloval som aviru a uz nasla 16 virusov ale este skenuje. A nevies nahodou ako preinstalujem gadgets tzv miniaplikacie na plochu?

[Walky]

Tu je log z aviry



Avira Free Antivirus
Report file date: 10. januára 2012 19:33

Scanning for 3054522 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - Free Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows 7 x64
Windows version : (plain) [6.1.7600]
Boot mode : Normally booted
Username : iwka
Computer name : IWKA-HP

Version information:
BUILD.DAT : 12.0.0.872 41826 Bytes 15. 12. 2011 17:24:00
AVSCAN.EXE : 12.1.0.18 490448 Bytes 15. 12. 2011 14:00:13
AVSCAN.DLL : 12.1.0.17 54224 Bytes 15. 12. 2011 14:00:31
LUKE.DLL : 12.1.0.17 68304 Bytes 15. 12. 2011 14:00:21
AVSCPLR.DLL : 12.1.0.21 99536 Bytes 15. 12. 2011 14:00:13
AVREG.DLL : 12.1.0.27 227536 Bytes 15. 12. 2011 14:00:13
VBASE000.VDF : 7.10.0.0 19875328 Bytes 6. 11. 2009 18:18:34
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14. 12. 2010 23:33:08
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20. 12. 2011 18:19:45
VBASE003.VDF : 7.11.19.171 2048 Bytes 20. 12. 2011 18:19:47
VBASE004.VDF : 7.11.19.172 2048 Bytes 20. 12. 2011 18:19:49
VBASE005.VDF : 7.11.19.173 2048 Bytes 20. 12. 2011 18:19:51
VBASE006.VDF : 7.11.19.174 2048 Bytes 20. 12. 2011 18:19:53
VBASE007.VDF : 7.11.19.175 2048 Bytes 20. 12. 2011 18:19:55
VBASE008.VDF : 7.11.19.176 2048 Bytes 20. 12. 2011 18:19:58
VBASE009.VDF : 7.11.19.177 2048 Bytes 20. 12. 2011 18:19:58
VBASE010.VDF : 7.11.19.178 2048 Bytes 20. 12. 2011 18:19:58
VBASE011.VDF : 7.11.19.179 2048 Bytes 20. 12. 2011 18:19:58
VBASE012.VDF : 7.11.19.180 2048 Bytes 20. 12. 2011 18:19:59
VBASE013.VDF : 7.11.19.217 182784 Bytes 22. 12. 2011 18:19:59
VBASE014.VDF : 7.11.19.255 148480 Bytes 24. 12. 2011 18:20:00
VBASE015.VDF : 7.11.20.29 164352 Bytes 27. 12. 2011 18:20:00
VBASE016.VDF : 7.11.20.70 180224 Bytes 29. 12. 2011 18:20:01
VBASE017.VDF : 7.11.20.102 240640 Bytes 2. 1. 2012 18:20:01
VBASE018.VDF : 7.11.20.139 164864 Bytes 4. 1. 2012 18:20:02
VBASE019.VDF : 7.11.20.178 167424 Bytes 6. 1. 2012 18:20:04
VBASE020.VDF : 7.11.20.207 230400 Bytes 10. 1. 2012 18:20:04
VBASE021.VDF : 7.11.20.208 2048 Bytes 10. 1. 2012 18:20:06
VBASE022.VDF : 7.11.20.209 2048 Bytes 10. 1. 2012 18:20:06
VBASE023.VDF : 7.11.20.210 2048 Bytes 10. 1. 2012 18:20:06
VBASE024.VDF : 7.11.20.211 2048 Bytes 10. 1. 2012 18:20:06
VBASE025.VDF : 7.11.20.212 2048 Bytes 10. 1. 2012 18:20:07
VBASE026.VDF : 7.11.20.213 2048 Bytes 10. 1. 2012 18:20:14
VBASE027.VDF : 7.11.20.214 2048 Bytes 10. 1. 2012 18:20:14
VBASE028.VDF : 7.11.20.215 2048 Bytes 10. 1. 2012 18:20:14
VBASE029.VDF : 7.11.20.216 2048 Bytes 10. 1. 2012 18:20:15
VBASE030.VDF : 7.11.20.217 2048 Bytes 10. 1. 2012 18:20:15
VBASE031.VDF : 7.11.20.226 78336 Bytes 10. 1. 2012 18:20:15
Engineversion : 8.2.8.22
AEVDF.DLL : 8.1.2.2 106868 Bytes 15. 12. 2011 14:00:10
AESCRIPT.DLL : 8.1.3.96 434554 Bytes 10. 1. 2012 18:20:24
AESCN.DLL : 8.1.7.2 127349 Bytes 14. 12. 2011 23:32:23
AESBX.DLL : 8.2.4.5 434549 Bytes 15. 12. 2011 14:00:09
AERDL.DLL : 8.1.9.15 639348 Bytes 14. 12. 2011 23:32:23
AEPACK.DLL : 8.2.15.1 770423 Bytes 15. 12. 2011 14:00:09
AEOFFICE.DLL : 8.1.2.25 201084 Bytes 10. 1. 2012 18:20:23
AEHEUR.DLL : 8.1.3.15 4264310 Bytes 10. 1. 2012 18:20:23
AEHELP.DLL : 8.1.18.0 254327 Bytes 15. 12. 2011 14:00:06
AEGEN.DLL : 8.1.5.17 405877 Bytes 15. 12. 2011 14:00:06
AEEMU.DLL : 8.1.3.0 393589 Bytes 14. 12. 2011 23:32:19
AECORE.DLL : 8.1.24.3 201079 Bytes 10. 1. 2012 18:20:16
AEBB.DLL : 8.1.1.0 53618 Bytes 14. 12. 2011 23:32:19
AVWINLL.DLL : 12.1.0.17 27344 Bytes 15. 12. 2011 14:00:16
AVPREF.DLL : 12.1.0.17 51920 Bytes 15. 12. 2011 14:00:12
AVREP.DLL : 12.1.0.17 179408 Bytes 15. 12. 2011 14:00:13
AVARKT.DLL : 12.1.0.19 208848 Bytes 15. 12. 2011 14:00:10
AVEVTLOG.DLL : 12.1.0.17 169168 Bytes 15. 12. 2011 14:00:12
SQLITE3.DLL : 3.7.0.0 398288 Bytes 15. 12. 2011 14:00:24
AVSMTP.DLL : 12.1.0.17 62928 Bytes 15. 12. 2011 14:00:14
NETNT.DLL : 12.1.0.17 17104 Bytes 15. 12. 2011 14:00:21
RCIMAGE.DLL : 12.1.0.17 4450000 Bytes 15. 12. 2011 14:00:34
RCTEXT.DLL : 12.1.1.16 96208 Bytes 15. 12. 2011 14:00:34

Configuration settings for the scan:
Jobname.............................: Complete system scan
Configuration file..................: C:\Program Files (x86)\Avira\AntiVir Desktop\sysscan.avp
Logging.............................: default
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Boot sectors........................: C:, F:,
Process scan........................: on
Extended process scan...............: on
Scan registry.......................: on
Search for rootkits.................: on
Integrity checking of system files..: off
Scan all files......................: All files
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: extended

Start of the scan: 10. januára 2012 19:33

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!

Start scanning boot sectors:
Boot sector 'C:\'
[INFO] No virus was found!
Boot sector 'F:\'
[INFO] No virus was found!

Starting search for hidden objects.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership\Group27
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Group Policy\GroupMembership\Group28
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0017\Linkage\UpperBind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7A539240-B4B2-4C4C-9D4F-F34880FD5B38}\Connection\Name
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7A539240-B4B2-4C4C-9D4F-F34880FD5B38}\Connection\Name
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7A539240-B4B2-4C4C-9D4F-F34880FD5B38}\Connection\Name
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7A539240-B4B2-4C4C-9D4F-F34880FD5B38}\Connection\Name
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet001\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0016
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Class\{4D36E972-E325-11CE-BFC1-08002BE10318}\0017\Linkage\UpperBind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0000#{ad498944-762f-11d0-8dcb-00c04fc3358c}\#{7665F4AF-1EF8-4FEC-A102-1B4FD6DC9020}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\DeviceClasses\{ad498944-762f-11d0-8dcb-00c04fc3358c}\##?#ROOT#*ISATAP#0001#{ad498944-762f-11d0-8dcb-00c04fc3358c}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\DeviceClasses\{cac88484-7515-4c03-82e6-71a87abac361}\##?#ROOT#*ISATAP#0001#{cac88484-7515-4c03-82e6-71a87abac361}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\GroupOrderList\FSFilter Anti-Virus
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\Config
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\Descriptions\Microsoft ISATAP Adapter
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{09BEA9E6-0C89-4F7E-A209-02490C370E25}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4D36E972-E325-11CE-BFC1-08002BE10318}\{7665F4AF-1EF8-4FEC-A102-1B4FD6DC9020}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\Network\{4d36e975-e325-11ce-bfc1-08002be10318}\{2B07FAA1-8217-4E30-B5EC-FD4501E773BB}\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Minimal\PEVSystemStart
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Minimal\procexp90.Sys
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Network\PEVSystemStart
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Control\SafeBoot\Network\procexp90.Sys
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\Enum\Root\*ISATAP\0001
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Parameters\Isatap\{09BEA9E6-0C89-4F7E-A209-02490C370E25}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\iphlpsvc\Parameters\Isatap\{7665F4AF-1EF8-4FEC-A102-1B4FD6DC9020}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanServer\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanServer\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanServer\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanWorkstation\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanWorkstation\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\LanmanWorkstation\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\LanaMap
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBIOS\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBT\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBT\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\NetBT\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Smb\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Smb\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\Smb\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Linkage\Bind
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Linkage\Route
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Linkage\Export
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Parameters\Interfaces\{09bea9e6-0c89-4f7e-a209-02490c370e25}
[NOTE] The registry entry is invisible.
HKEY_LOCAL_MACHINE\System\ControlSet002\services\TCPIP6\Parameters\Interfaces\{7665f4af-1ef8-4fec-a102-1b4fd6dc9020}
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\AppDomains\Communications.CCC.exe.CCC.4624
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\AppDomains\Communications.MOM.exe.MOM.4556
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Processes\4556
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Processes\4624
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Constructor ProcTime
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize LoadDEM ProcTime
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize LoadDEM ProcTime
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize InitializeGraphicsAdapter
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize Finishing
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\Runtime Graphics Caste Initialize
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\Runtime HydraVision Caste Constructor ProcTime
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\ATI\ACE\Settings\Runtime\RuntimePublish
[NOTE] The registry entry is invisible.
Explorer.EXE
C:\windows\system32\Explorer.EXE
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}.check.101\CheckSetting
[NOTE] The registry entry is invisible.
HKEY_USERS\S-1-5-21-367710519-3172954664-1994959074-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Wpad\WpadLastNetwork
[NOTE] The registry entry is invisible.

The scan of running processes will be started
Scan process 'chrome.exe' - '62' Module(s) have been scanned
Scan process 'rundll32.exe' - '50' Module(s) have been scanned
Scan process 'chrome.exe' - '46' Module(s) have been scanned
Scan process 'chrome.exe' - '100' Module(s) have been scanned
Scan process 'avscan.exe' - '75' Module(s) have been scanned
Scan process 'avcenter.exe' - '112' Module(s) have been scanned
Scan process 'hpqwmiex.exe' - '38' Module(s) have been scanned
Scan process 'SbHpAuthenticatorService.exe' - '33' Module(s) have been scanned
Scan process 'avgnt.exe' - '69' Module(s) have been scanned
Scan process 'DTLite.exe' - '56' Module(s) have been scanned
Scan process 'uArcCapture.exe' - '48' Module(s) have been scanned
Scan process 'SeaPort.EXE' - '45' Module(s) have been scanned
Scan process 'pdfsvc.exe' - '34' Module(s) have been scanned
Scan process 'LSSrvc.exe' - '25' Module(s) have been scanned
Scan process 'hpHotkeyMonitor.exe' - '46' Module(s) have been scanned
Scan process 'HPDrvMntSvc.exe' - '19' Module(s) have been scanned
Scan process 'HPDayStarterService.exe' - '28' Module(s) have been scanned
Scan process 'PTChangeFilterService.exe' - '45' Module(s) have been scanned
Scan process 'avguard.exe' - '69' Module(s) have been scanned
Scan process 'sched.exe' - '40' Module(s) have been scanned
Scan process 'HpFkCrypt.exe' - '16' Module(s) have been scanned
Scan process 'HPFSService.exe' - '21' Module(s) have been scanned

Starting to scan executable files (registry).
C:\Windows\update.tray-9-0-lnk\svchost.exe
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan

The registry was scanned ( '1475' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\Qoobox.rar
[0] Archive type: RAR
--> Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cb.@.vir
[DETECTION] Is the TR/Redirector.BF Trojan
--> Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir
[DETECTION] Is the TR/Conedex.A Trojan
--> Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
--> Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cb.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
--> Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cf.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
--> Qoobox\Quarantine\C\Windows\phoenix\phoenix.exe.vir
[1] Archive type: RSRC
--> Qoobox\Quarantine\C\Windows\services32.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> Qoobox\Quarantine\C\Windows\sysdriver32.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> Qoobox\Quarantine\C\Windows\sysdriver32_.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir
[DETECTION] Is the TR/Gendal.6662579 Trojan
--> Qoobox\Quarantine\C\Windows\update.1\svchost.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> Qoobox\Quarantine\C\Windows\update.2\svchost.exe.vir
[DETECTION] Is the TR/Offend.6836319.1 Trojan
--> Qoobox\Quarantine\C\Windows\update.5.0\svchost.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> Qoobox\Quarantine\C\Windows\update.7.1\svchostdriver.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
--> Qoobox\Quarantine\C\Windows\update.tray-2-0\svchost.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
--> Qoobox\Quarantine\C\Windows\update.tray-2-0-lnk\svchost.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\services32.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\sysdriver32.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\sysdriver32_.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cb.@.vir
[DETECTION] Is the TR/Redirector.BF Trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir
[DETECTION] Is the TR/Conedex.A Trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cb.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cf.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir
[DETECTION] Is the TR/Gendal.6662579 Trojan
C:\Qoobox\Quarantine\C\Windows\update.1\svchost.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\update.2\svchost.exe.vir
[DETECTION] Is the TR/Offend.6836319.1 Trojan
C:\Qoobox\Quarantine\C\Windows\update.5.0\svchost.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\update.7.1\svchostdriver.exe.vir
--> Object
[DETECTION] Is the TR/ATRAPS.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\update.tray-2-0\svchost.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Qoobox\Quarantine\C\Windows\update.tray-2-0-lnk\svchost.exe.vir
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Users\iwka\Downloads\Flash-Player.exe
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Users\iwka\Downloads\PIC04402011.JPG.scr
[DETECTION] Is the TR/Drop.Fignotok.8 Trojan
C:\Windows\assembly\GAC_32\Desktop.ini
[DETECTION] Is the TR/Sirefef.P.172 Trojan
C:\Windows\assembly\GAC_64\Desktop.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\48e7ca57\X
[DETECTION] Is the TR/Shadow.B Trojan
C:\Windows\update.tray-9-0\svchost.exe
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
C:\Windows\update.tray-9-0-lnk\svchost.exe
--> Object
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
Begin scan in 'F:\' <HP_TOOLS>

Beginning disinfection:
The file '\\?\C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\Managed Services\McAfee.lnk' was moved to the quarantine folder.
C:\Windows\update.tray-9-0\svchost.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4ac333b1.qua'.
C:\Windows\SysWOW64\config\systemprofile\AppData\Local\48e7ca57\X
[DETECTION] Is the TR/Shadow.B Trojan
[NOTE] The file was moved to the quarantine directory under the name '52781dd5.qua'.
C:\Windows\assembly\GAC_64\Desktop.ini
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '001b7ea1.qua'.
C:\Windows\assembly\GAC_32\Desktop.ini
[DETECTION] Is the TR/Sirefef.P.172 Trojan
[NOTE] The file was moved to the quarantine directory under the name '662c3164.qua'.
C:\Users\iwka\Downloads\PIC04402011.JPG.scr
[DETECTION] Is the TR/Drop.Fignotok.8 Trojan
[NOTE] The file was moved to the quarantine directory under the name '2398242e.qua'.
C:\Users\iwka\Downloads\Flash-Player.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '5ca11660.qua'.
C:\Qoobox\Quarantine\C\Windows\update.tray-2-0-lnk\svchost.exe.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '101b3a30.qua'.
C:\Qoobox\Quarantine\C\Windows\update.tray-2-0\svchost.exe.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '6c037a60.qua'.
C:\Qoobox\Quarantine\C\Windows\update.7.1\svchostdriver.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '4159552a.qua'.
C:\Qoobox\Quarantine\C\Windows\update.5.0\svchost.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '58316eb0.qua'.
C:\Qoobox\Quarantine\C\Windows\update.2\svchost.exe.vir
[DETECTION] Is the TR/Offend.6836319.1 Trojan
[NOTE] The file was moved to the quarantine directory under the name '346d4280.qua'.
C:\Qoobox\Quarantine\C\Windows\update.1\svchost.exe.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '45d47b15.qua'.
C:\Qoobox\Quarantine\C\Windows\System32\consrv.dll.vir
[DETECTION] Is the TR/Gendal.6662579 Trojan
[NOTE] The file was moved to the quarantine directory under the name '4bdb4bcb.qua'.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cf.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '0eb4334a.qua'.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\800000cb.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '07bf37e1.qua'.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\80000000.@.vir
[DETECTION] Is the TR/ATRAPS.Gen2 Trojan
[NOTE] The file was moved to the quarantine directory under the name '5ffe2e88.qua'.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cf.@.vir
[DETECTION] Is the TR/Conedex.A Trojan
[NOTE] The file was moved to the quarantine directory under the name '730a5744.qua'.
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000cb.@.vir
[DETECTION] Is the TR/Redirector.BF Trojan
[NOTE] The file was moved to the quarantine directory under the name '4df4379e.qua'.
C:\Qoobox\Quarantine\C\Windows\sysdriver32_.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '2eb91d34.qua'.
C:\Qoobox\Quarantine\C\Windows\sysdriver32.exe.vir
[DETECTION] Is the TR/ATRAPS.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '08715d29.qua'.
C:\Qoobox\Quarantine\C\Windows\services32.exe.vir
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '3ae42698.qua'.
C:\Qoobox.rar
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '30a40de8.qua'.
C:\Windows\update.tray-9-0-lnk\svchost.exe
[DETECTION] Is the TR/Crypt.ULPM.Gen Trojan
[NOTE] The file was moved to the quarantine directory under the name '71cf6590.qua'.


End of the scan: 10. januára 2012 21:17
Used time: 1:05:43 Hour(s)

The scan has been done completely.

28753 Scanned directories
564754 Files were scanned
38 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 Files were deleted
0 Viruses and unwanted programs were repaired
23 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
564716 Files not concerned
2490 Archives were scanned
0 Warnings
85 Notes
672661 Objects were scanned with rootkit scan
66 Hidden objects were found

[Walky]

Tu je log RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by iwka at 2012-01-10 21:26:05
Microsoft Windows 7 Home Premium
System drive C: has 165 GB (57%) free of 288 GB
Total RAM: 2806 MB (60% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 21:26:10, on 10. 1. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Users\iwka\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\iwka.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - (no file)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.siteadvisor.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.siteadvisor.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB7A69E8-B97E-4074-866C-6908AE06C13B}: NameServer = 172.22.19.254,88.212.8.8
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11900 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-22 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064}
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-05 988480]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-01-12 563736]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-05 98304]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-12-15 258512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\windows\system32\DeviceNP.dll [2009-12-07 75320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\SysWow64\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfehidk.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\mfevtp]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\update.tray-2-0\svchost.exe"="C:\Windows\update.tray-2-0\svchost.exe:*:Enabled:C:\Windows\update.tray-2-0\svchost.exe"
"C:\windows\update.1\svchost.exe"="C:\windows\update.1\svchost.exe:*:Enabled:C:\windows\update.1\svchost.exe"
"C:\windows\update.2\svchost.exe"="C:\windows\update.2\svchost.exe:*:Enabled:C:\windows\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-01-10 19:32:31 ----D---- C:\Users\iwka\AppData\Roaming\Avira
2012-01-10 19:31:10 ----SHD---- C:\$RECYCLE.BIN
2012-01-10 19:13:04 ----D---- C:\ProgramData\Avira
2012-01-10 19:13:04 ----D---- C:\Program Files (x86)\Avira
2012-01-10 18:51:42 ----A---- C:\ComboFix.txt
2012-01-10 18:29:01 ----D---- C:\windows\temp
2012-01-10 18:11:43 ----D---- C:\ComboFix
2012-01-10 17:19:10 ----A---- C:\windows\zip.exe
2012-01-10 17:19:10 ----A---- C:\windows\SWSC.exe
2012-01-10 17:19:10 ----A---- C:\windows\SWREG.exe
2012-01-10 17:19:10 ----A---- C:\windows\sed.exe
2012-01-10 17:19:10 ----A---- C:\windows\PEV.exe
2012-01-10 17:19:10 ----A---- C:\windows\NIRCMD.exe
2012-01-10 17:19:10 ----A---- C:\windows\MBR.exe
2012-01-10 17:19:10 ----A---- C:\windows\grep.exe
2012-01-10 17:18:14 ----D---- C:\windows\ERDNT
2012-01-10 17:18:10 ----D---- C:\Qoobox
2012-01-09 15:49:24 ----D---- C:\rsit
2012-01-09 15:49:24 ----D---- C:\Program Files (x86)\trend micro
2012-01-04 20:11:51 ----D---- C:\windows\pss
2011-12-27 18:13:40 ----D---- C:\Program Files (x86)\Common Files\Spigot

======List of files/folders modified in the last 1 month======

2012-01-10 21:23:29 ----D---- C:\ProgramData\HPQLOG
2012-01-10 21:17:09 ----SHD---- C:\System Volume Information
2012-01-10 21:17:05 ----HD---- C:\windows\update.tray-9-0-lnk
2012-01-10 21:16:52 ----HD---- C:\windows\update.tray-9-0
2012-01-10 19:49:09 ----SHD---- C:\windows\Installer
2012-01-10 19:48:56 ----D---- C:\Config.Msi
2012-01-10 19:48:23 ----D---- C:\windows\inf
2012-01-10 19:45:40 ----D---- C:\Program Files (x86)\Winamp
2012-01-10 19:13:04 ----RD---- C:\Program Files (x86)
2012-01-10 19:13:04 ----D---- C:\ProgramData
2012-01-10 18:35:11 ----D---- C:\Windows
2012-01-10 18:35:11 ----A---- C:\windows\system.ini
2012-01-10 18:16:36 ----D---- C:\windows\SysWOW64\drivers
2012-01-10 18:16:36 ----D---- C:\windows\SysWOW64
2012-01-10 18:16:36 ----D---- C:\windows\System32
2012-01-10 18:16:35 ----D---- C:\windows\AppPatch
2012-01-10 18:16:31 ----D---- C:\Program Files (x86)\Common Files
2012-01-10 17:46:16 ----D---- C:\windows\ufa
2012-01-10 17:46:15 ----A---- C:\windows\unrar.exe
2012-01-10 17:32:19 ----D---- C:\windows\SoftwareDistribution
2012-01-10 17:20:29 ----D---- C:\windows\Prefetch
2012-01-10 08:26:31 ----D---- C:\windows\winsxs
2012-01-10 08:09:11 ----D---- C:\windows\rescache
2012-01-09 15:57:32 ----RD---- C:\Program Files
2012-01-05 17:35:01 ----D---- C:\Users\iwka\AppData\Roaming\Winamp
2012-01-05 17:29:54 ----D---- C:\PerfLogs
2012-01-05 17:19:25 ----SD---- C:\ProgramData\Microsoft
2012-01-05 09:36:15 ----D---- C:\windows\Logs
2012-01-04 19:51:33 ----D---- C:\Program Files (x86)\Origin
2012-01-04 19:19:06 ----D---- C:\Users\iwka\AppData\Roaming\DAEMON Tools Lite
2012-01-04 19:19:00 ----D---- C:\windows\Panther
2012-01-04 19:19:00 ----D---- C:\windows\ModemLogs
2012-01-04 19:18:59 ----D---- C:\windows\debug
2012-01-04 08:15:20 ----D---- C:\ProgramData\PDFC
2012-01-03 16:49:45 ----D---- C:\film
2011-12-18 18:38:00 ----D---- C:\Fotky

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie64.sys []
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys []
R0 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys []
R0 mfewfpk;McAfee Inc. mfewfpk; C:\windows\system32\drivers\mfewfpk.sys []
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R0 SafeBoot;SafeBoot; C:\windows\SysWOW64\drivers\SafeBoot.sys [2010-01-26 110520]
R0 SbAlg;SbAlg; C:\windows\SysWOW64\drivers\SbAlg.sys [2010-01-26 51800]
R0 SbFsLock;SbFsLock; C:\windows\SysWOW64\drivers\SbFsLock.sys [2010-01-26 13256]
R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys []
R1 avkmgr;avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys []
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys []
R1 MPFP;MPFP; C:\windows\System32\Drivers\Mpfp.sys []
R1 RsvLock;RsvLock; C:\windows\SysWOW64\drivers\RsvLock.sys [2010-01-26 40088]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys []
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys []
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys []
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys []
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys []
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys []
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys []
R3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys []
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 mfeavfk;McAfee Inc. mfeavfk; C:\windows\system32\drivers\mfeavfk.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys []
S3 FTSER2K;USB Serial Port Driver; C:\windows\system32\drivers\ftser2k.sys []
S3 mfeapfk;McAfee Inc. mfeapfk; C:\windows\system32\drivers\mfeapfk.sys []
S3 mferkdet;McAfee Inc. mferkdet; C:\windows\system32\drivers\mferkdet.sys []
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\windows\system32\DRIVERS\netr28x.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys []
S3 Revoflt;Revoflt; C:\windows\system32\DRIVERS\revoflt.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys []
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys []
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys []
S3 TFsExDisk;TFsExDisk; \??\C:\windows\System32\Drivers\TFsExDisk.sys [2009-03-31 16392]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys []
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-11-02 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe []
R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-15 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-09 952096]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-01-22 462088]
R2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-30 121344]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
R2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe []
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [2010-01-29 244736]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-16 660536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

[Walky]

Mcafee sa nedari odinstalovat pri konci odinstalacie vypise incompled uninstalation.
Notebook bol minimalne 3 mesiace.
tu je log z tdsskiller

17:36:45.0829 4736 TDSS rootkit removing tool 2.7.0.0 Jan 10 2012 09:14:26
17:36:46.0114 4736 ============================================================
17:36:46.0115 4736 Current date / time: 2012/01/11 17:36:46.0114
17:36:46.0115 4736 SystemInfo:
17:36:46.0115 4736
17:36:46.0115 4736 OS Version: 6.1.7600 ServicePack: 0.0
17:36:46.0115 4736 Product type: Workstation
17:36:46.0115 4736 ComputerName: IWKA-HP
17:36:46.0115 4736 UserName: iwka
17:36:46.0115 4736 Windows directory: C:\windows
17:36:46.0115 4736 System windows directory: C:\windows
17:36:46.0115 4736 Running under WOW64
17:36:46.0115 4736 Processor architecture: Intel x64
17:36:46.0115 4736 Number of processors: 2
17:36:46.0115 4736 Page size: 0x1000
17:36:46.0115 4736 Boot type: Normal boot
17:36:46.0115 4736 ============================================================
17:36:47.0408 4736 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000, SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K', Flags 0x00000040
17:36:47.0511 4736 Initialize success
17:39:03.0604 4924 ============================================================
17:39:03.0604 4924 Scan started
17:39:03.0604 4924 Mode: Manual; SigCheck; TDLFS;
17:39:03.0604 4924 ============================================================
17:39:04.0232 4924 1394ohci (1b00662092f9f9568b995902f0cc40d5) C:\windows\system32\DRIVERS\1394ohci.sys
17:39:04.0430 4924 1394ohci - ok
17:39:04.0580 4924 Accelerometer (1cffe9c06e66a57dae1452e449a58240) C:\windows\system32\DRIVERS\Accelerometer.sys
17:39:04.0732 4924 Accelerometer - ok
17:39:04.0771 4924 ACPI (6f11e88748cdefd2f76aa215f97ddfe5) C:\windows\system32\DRIVERS\ACPI.sys
17:39:04.0790 4924 ACPI - ok
17:39:04.0979 4924 AcpiPmi (63b05a0420ce4bf0e4af6dcc7cada254) C:\windows\system32\DRIVERS\acpipmi.sys
17:39:05.0596 4924 AcpiPmi - ok
17:39:05.0795 4924 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\windows\system32\DRIVERS\adp94xx.sys
17:39:05.0854 4924 adp94xx - ok
17:39:05.0913 4924 adpahci (597f78224ee9224ea1a13d6350ced962) C:\windows\system32\DRIVERS\adpahci.sys
17:39:05.0951 4924 adpahci - ok
17:39:06.0036 4924 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\windows\system32\DRIVERS\adpu320.sys
17:39:06.0084 4924 adpu320 - ok
17:39:06.0103 4924 Afc - ok
17:39:06.0152 4924 AFD (6ef20ddf3172e97d69f596fb90602f29) C:\windows\system32\drivers\afd.sys
17:39:06.0243 4924 AFD - ok
17:39:06.0585 4924 AgereSoftModem (a6ab6f0ace87da76b4c401813d18be95) C:\windows\system32\DRIVERS\agrsm64.sys
17:39:06.0653 4924 AgereSoftModem - ok
17:39:06.0762 4924 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\windows\system32\DRIVERS\agp440.sys
17:39:06.0808 4924 agp440 - ok
17:39:06.0854 4924 aliide (5812713a477a3ad7363c7438ca2ee038) C:\windows\system32\DRIVERS\aliide.sys
17:39:06.0868 4924 aliide - ok
17:39:06.0889 4924 amdide (1ff8b4431c353ce385c875f194924c0c) C:\windows\system32\DRIVERS\amdide.sys
17:39:06.0905 4924 amdide - ok
17:39:06.0932 4924 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\windows\system32\DRIVERS\amdk8.sys
17:39:06.0980 4924 AmdK8 - ok
17:39:07.0851 4924 amdkmdag (650ddccd6657e20737433cb774521b81) C:\windows\system32\DRIVERS\atikmdag.sys
17:39:08.0146 4924 amdkmdag - ok
17:39:08.0313 4924 amdkmdap (f51b013c55b30dbe3ad59a7fe197c5ba) C:\windows\system32\DRIVERS\atikmpag.sys
17:39:08.0385 4924 amdkmdap - ok
17:39:08.0430 4924 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\windows\system32\DRIVERS\amdppm.sys
17:39:08.0482 4924 AmdPPM - ok
17:39:08.0697 4924 amdsata (ec7ebab00a4d8448bab68d1e49b4beb9) C:\windows\system32\drivers\amdsata.sys
17:39:08.0750 4924 amdsata - ok
17:39:08.0914 4924 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\windows\system32\DRIVERS\amdsbs.sys
17:39:08.0962 4924 amdsbs - ok
17:39:09.0002 4924 amdxata (db27766102c7bf7e95140a2aa81d042e) C:\windows\system32\drivers\amdxata.sys
17:39:09.0033 4924 amdxata - ok
17:39:09.0227 4924 AppID (42fd751b27fa0e9c69bb39f39e409594) C:\windows\system32\drivers\appid.sys
17:39:09.0351 4924 AppID - ok
17:39:09.0503 4924 arc (c484f8ceb1717c540242531db7845c4e) C:\windows\system32\DRIVERS\arc.sys
17:39:09.0552 4924 arc - ok
17:39:09.0569 4924 arcsas (019af6924aefe7839f61c830227fe79c) C:\windows\system32\DRIVERS\arcsas.sys
17:39:09.0593 4924 arcsas - ok
17:39:09.0642 4924 ARCVCAM (ce2168c926927ba926301baf172bc693) C:\windows\system32\DRIVERS\ArcSoftVCapture.sys
17:39:09.0670 4924 ARCVCAM - ok
17:39:09.0754 4924 AsyncMac (769765ce2cc62867468cea93969b2242) C:\windows\system32\DRIVERS\asyncmac.sys
17:39:09.0904 4924 AsyncMac - ok
17:39:09.0980 4924 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\windows\system32\DRIVERS\atapi.sys
17:39:10.0016 4924 atapi - ok
17:39:10.0098 4924 AtiHdmiService (2d648572ba9a610952fcafba1e119c2d) C:\windows\system32\drivers\AtiHdmi.sys
17:39:10.0139 4924 AtiHdmiService - ok
17:39:10.0168 4924 AtiPcie (e82e61f46d1336447f4deff8c074f13e) C:\windows\system32\DRIVERS\AtiPcie64.sys
17:39:10.0184 4924 AtiPcie - ok
17:39:10.0339 4924 avgntflt (aa8f79a1bdfc03b3bc70c44ab00589b4) C:\windows\system32\DRIVERS\avgntflt.sys
17:39:10.0369 4924 avgntflt - ok
17:39:10.0439 4924 avipbb (f1c9db5f7b2a56a0b29667d22ba540fc) C:\windows\system32\DRIVERS\avipbb.sys
17:39:10.0459 4924 avipbb - ok
17:39:10.0501 4924 avkmgr (248db59fc86de44d2779f4c7fb1a567d) C:\windows\system32\DRIVERS\avkmgr.sys
17:39:10.0530 4924 avkmgr - ok
17:39:10.0633 4924 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\windows\system32\DRIVERS\bxvbda.sys
17:39:10.0693 4924 b06bdrv - ok
17:39:10.0761 4924 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\windows\system32\DRIVERS\b57nd60a.sys
17:39:10.0799 4924 b57nd60a - ok
17:39:11.0176 4924 BCM43XX (6c95dd14cfd30b0617b91dc6a0b1a1fb) C:\windows\system32\DRIVERS\bcmwl664.sys
17:39:11.0283 4924 BCM43XX - ok
17:39:11.0467 4924 Beep (16a47ce2decc9b099349a5f840654746) C:\windows\system32\drivers\Beep.sys
17:39:11.0530 4924 Beep - ok
17:39:11.0621 4924 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\windows\system32\DRIVERS\blbdrive.sys
17:39:11.0677 4924 blbdrive - ok
17:39:11.0869 4924 bowser (19d20159708e152267e53b66677a4995) C:\windows\system32\DRIVERS\bowser.sys
17:39:11.0934 4924 bowser - ok
17:39:12.0050 4924 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\windows\system32\DRIVERS\BrFiltLo.sys
17:39:12.0087 4924 BrFiltLo - ok
17:39:12.0104 4924 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\windows\system32\DRIVERS\BrFiltUp.sys
17:39:12.0133 4924 BrFiltUp - ok
17:39:12.0203 4924 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\windows\system32\DRIVERS\bridge.sys
17:39:12.0257 4924 BridgeMP - ok
17:39:12.0466 4924 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\windows\System32\Drivers\Brserid.sys
17:39:12.0531 4924 Brserid - ok
17:39:12.0651 4924 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\windows\System32\Drivers\BrSerWdm.sys
17:39:12.0689 4924 BrSerWdm - ok
17:39:12.0715 4924 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\windows\System32\Drivers\BrUsbMdm.sys
17:39:12.0747 4924 BrUsbMdm - ok
17:39:12.0765 4924 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\windows\System32\Drivers\BrUsbSer.sys
17:39:12.0803 4924 BrUsbSer - ok
17:39:12.0978 4924 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\windows\system32\drivers\BthEnum.sys
17:39:13.0038 4924 BthEnum - ok
17:39:13.0083 4924 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\windows\system32\DRIVERS\bthmodem.sys
17:39:13.0136 4924 BTHMODEM - ok
17:39:13.0283 4924 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\windows\system32\DRIVERS\bthpan.sys
17:39:13.0362 4924 BthPan - ok
17:39:13.0430 4924 BTHPORT (538392664fee486620dfea146f2500bc) C:\windows\System32\Drivers\BTHport.sys
17:39:13.0500 4924 BTHPORT - ok
17:39:13.0702 4924 BTHUSB (6e71522e317b22257d8e37a1584b5829) C:\windows\System32\Drivers\BTHUSB.sys
17:39:13.0770 4924 BTHUSB - ok
17:39:13.0835 4924 btwampfl (59e3510784548c6939c1b3b985c232e3) C:\windows\system32\drivers\btwampfl.sys
17:39:13.0872 4924 btwampfl - ok
17:39:14.0022 4924 btwaudio (1872074ed0a3fb22e3f1e3197b984bfa) C:\windows\system32\drivers\btwaudio.sys
17:39:14.0067 4924 btwaudio - ok
17:39:14.0118 4924 btwavdt (691cf076c33ab1c3a5b2fd5450300733) C:\windows\system32\DRIVERS\btwavdt.sys
17:39:14.0157 4924 btwavdt - ok
17:39:14.0314 4924 btwl2cap (07096d2bc22ccb6cea5a532df0be8a75) C:\windows\system32\DRIVERS\btwl2cap.sys
17:39:14.0342 4924 btwl2cap - ok
17:39:14.0393 4924 btwrchid (c9273b20dec8ce38dbce5d29de63c907) C:\windows\system32\DRIVERS\btwrchid.sys
17:39:14.0411 4924 btwrchid - ok
17:39:14.0458 4924 catchme - ok
17:39:14.0543 4924 cdfs (b8bd2bb284668c84865658c77574381a) C:\windows\system32\DRIVERS\cdfs.sys
17:39:14.0638 4924 cdfs - ok
17:39:14.0684 4924 cdrom (83d2d75e1efb81b3450c18131443f7db) C:\windows\system32\DRIVERS\cdrom.sys
17:39:14.0722 4924 cdrom - ok
17:39:14.0798 4924 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\windows\system32\DRIVERS\circlass.sys
17:39:14.0864 4924 circlass - ok
17:39:15.0011 4924 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\windows\system32\CLFS.sys
17:39:15.0058 4924 CLFS - ok
17:39:15.0276 4924 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\windows\system32\DRIVERS\CmBatt.sys
17:39:15.0337 4924 CmBatt - ok
17:39:15.0381 4924 cmdide (e19d3f095812725d88f9001985b94edd) C:\windows\system32\DRIVERS\cmdide.sys
17:39:15.0417 4924 cmdide - ok
17:39:15.0673 4924 CNG (f95fd4cb7da00ba2a63ce9f6b5c053e1) C:\windows\system32\Drivers\cng.sys
17:39:15.0748 4924 CNG - ok
17:39:15.0950 4924 Compbatt (102de219c3f61415f964c88e9085ad14) C:\windows\system32\DRIVERS\compbatt.sys
17:39:15.0996 4924 Compbatt - ok
17:39:16.0012 4924 CompositeBus (f26b3a86f6fa87ca360b879581ab4123) C:\windows\system32\DRIVERS\CompositeBus.sys
17:39:16.0055 4924 CompositeBus - ok
17:39:16.0198 4924 crcdisk (1c827878a998c18847245fe1f34ee597) C:\windows\system32\DRIVERS\crcdisk.sys
17:39:16.0249 4924 crcdisk - ok
17:39:16.0321 4924 DAMDrv (a8ba4da23ac20bda23ca15234d42a3fa) C:\windows\system32\DRIVERS\DAMDrv64.sys
17:39:16.0350 4924 DAMDrv - ok
17:39:16.0561 4924 DfsC (9c253ce7311ca60fc11c774692a13208) C:\windows\system32\Drivers\dfsc.sys
17:39:16.0643 4924 DfsC - ok
17:39:16.0674 4924 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\windows\system32\drivers\discache.sys
17:39:16.0743 4924 discache - ok
17:39:16.0913 4924 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\windows\system32\DRIVERS\disk.sys
17:39:16.0956 4924 Disk - ok
17:39:17.0013 4924 drmkaud (9b19f34400d24df84c858a421c205754) C:\windows\system32\drivers\drmkaud.sys
17:39:17.0041 4924 drmkaud - ok
17:39:17.0163 4924 dtsoftbus01 (9f98d7afa293947a0dfc6ffd4671fe70) C:\windows\system32\DRIVERS\dtsoftbus01.sys
17:39:17.0221 4924 dtsoftbus01 - ok
17:39:17.0260 4924 DXGKrnl (1633b9abf52784a1331476397a48cbef) C:\windows\System32\drivers\dxgkrnl.sys
17:39:17.0297 4924 DXGKrnl - ok
17:39:17.0463 4924 eamonm (13533557d01b88c83110d5cf749f14d7) C:\windows\system32\DRIVERS\eamonm.sys
17:39:17.0505 4924 eamonm - ok
17:39:17.0614 4924 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\windows\system32\DRIVERS\evbda.sys
17:39:17.0703 4924 ebdrv - ok
17:39:17.0868 4924 ehdrv (e097728129e7b79bf1089d7aef42332b) C:\windows\system32\DRIVERS\ehdrv.sys
17:39:17.0907 4924 ehdrv - ok
17:39:17.0964 4924 elxstor (0e5da5369a0fcaea12456dd852545184) C:\windows\system32\DRIVERS\elxstor.sys
17:39:17.0992 4924 elxstor - ok
17:39:18.0113 4924 epfwwfpr (2380976cf8a4a56611f35633acd2a74f) C:\windows\system32\DRIVERS\epfwwfpr.sys
17:39:18.0149 4924 epfwwfpr - ok
17:39:18.0172 4924 ErrDev (34a3c54752046e79a126e15c51db409b) C:\windows\system32\DRIVERS\errdev.sys
17:39:18.0205 4924 ErrDev - ok
17:39:18.0251 4924 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\windows\system32\drivers\exfat.sys
17:39:18.0314 4924 exfat - ok
17:39:18.0449 4924 fastfat (0adc83218b66a6db380c330836f3e36d) C:\windows\system32\drivers\fastfat.sys
17:39:18.0520 4924 fastfat - ok
17:39:18.0561 4924 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\windows\system32\DRIVERS\fdc.sys
17:39:18.0599 4924 fdc - ok
17:39:18.0771 4924 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\windows\system32\drivers\fileinfo.sys
17:39:18.0809 4924 FileInfo - ok
17:39:18.0841 4924 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\windows\system32\drivers\filetrace.sys
17:39:18.0908 4924 Filetrace - ok
17:39:19.0073 4924 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\windows\system32\DRIVERS\flpydisk.sys
17:39:19.0117 4924 flpydisk - ok
17:39:19.0171 4924 FltMgr (f7866af72abbaf84b1fa5aa195378c59) C:\windows\system32\drivers\fltmgr.sys
17:39:19.0216 4924 FltMgr - ok
17:39:19.0354 4924 FsDepends (d43703496149971890703b4b1b723eac) C:\windows\system32\drivers\FsDepends.sys
17:39:19.0386 4924 FsDepends - ok
17:39:19.0403 4924 Fs_Rec (e95ef8547de20cf0603557c0cf7a9462) C:\windows\system32\drivers\Fs_Rec.sys
17:39:19.0419 4924 Fs_Rec - ok
17:39:19.0450 4924 FTDIBUS (fa169871d8fadcc6539c4e8726610286) C:\windows\system32\drivers\ftdibus.sys
17:39:19.0466 4924 FTDIBUS - ok
17:39:19.0497 4924 FTSER2K (24237091348d1efb5635a1cf9649e311) C:\windows\system32\drivers\ftser2k.sys
17:39:19.0513 4924 FTSER2K - ok
17:39:19.0715 4924 fvevol (ae87ba80d0ec3b57126ed2cdc15b24ed) C:\windows\system32\DRIVERS\fvevol.sys
17:39:19.0765 4924 fvevol - ok
17:39:19.0807 4924 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\windows\system32\DRIVERS\gagp30kx.sys
17:39:19.0848 4924 gagp30kx - ok
17:39:19.0999 4924 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\windows\system32\drivers\hcw85cir.sys
17:39:20.0097 4924 hcw85cir - ok
17:39:20.0236 4924 HdAudAddService (6410f6f415b2a5a9037224c41da8bf12) C:\windows\system32\drivers\HdAudio.sys
17:39:20.0303 4924 HdAudAddService - ok
17:39:20.0347 4924 HDAudBus (0a49913402747a0b67de940fb42cbdbb) C:\windows\system32\DRIVERS\HDAudBus.sys
17:39:20.0384 4924 HDAudBus - ok
17:39:20.0398 4924 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\windows\system32\DRIVERS\HidBatt.sys
17:39:20.0433 4924 HidBatt - ok
17:39:20.0524 4924 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\windows\system32\DRIVERS\hidbth.sys
17:39:20.0563 4924 HidBth - ok
17:39:20.0570 4924 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\windows\system32\DRIVERS\hidir.sys
17:39:20.0602 4924 HidIr - ok
17:39:20.0633 4924 HidUsb (b3bf6b5b50006def50b66306d99fcf6f) C:\windows\system32\DRIVERS\hidusb.sys
17:39:20.0680 4924 HidUsb - ok
17:39:20.0906 4924 hpdskflt (05712fddbd45a5864eb326faabc6a4e3) C:\windows\system32\DRIVERS\hpdskflt.sys
17:39:20.0921 4924 hpdskflt - ok
17:39:20.0988 4924 HpqKbFiltr (b98ee5d4535a685634b90f7e04de0df7) C:\windows\system32\DRIVERS\HpqKbFiltr.sys
17:39:21.0004 4924 HpqKbFiltr - ok
17:39:21.0131 4924 HpSAMD (0886d440058f203eba0e1825e4355914) C:\windows\system32\DRIVERS\HpSAMD.sys
17:39:21.0156 4924 HpSAMD - ok
17:39:21.0211 4924 HTTP (cee049cac4efa7f4e1e4ad014414a5d4) C:\windows\system32\drivers\HTTP.sys
17:39:21.0286 4924 HTTP - ok
17:39:21.0415 4924 hwpolicy (f17766a19145f111856378df337a5d79) C:\windows\system32\drivers\hwpolicy.sys
17:39:21.0427 4924 hwpolicy - ok
17:39:21.0475 4924 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\windows\system32\DRIVERS\i8042prt.sys
17:39:21.0502 4924 i8042prt - ok
17:39:21.0535 4924 iaStorV (b75e45c564e944a2657167d197ab29da) C:\windows\system32\drivers\iaStorV.sys
17:39:21.0563 4924 iaStorV - ok
17:39:21.0683 4924 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\windows\system32\DRIVERS\iirsp.sys
17:39:21.0701 4924 iirsp - ok
17:39:21.0716 4924 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\windows\system32\DRIVERS\intelide.sys
17:39:21.0732 4924 intelide - ok
17:39:21.0770 4924 intelppm (ada036632c664caa754079041cf1f8c1) C:\windows\system32\DRIVERS\intelppm.sys
17:39:21.0802 4924 intelppm - ok
17:39:21.0833 4924 IpFilterDriver (722dd294df62483cecaae6e094b4d695) C:\windows\system32\DRIVERS\ipfltdrv.sys
17:39:21.0906 4924 IpFilterDriver - ok
17:39:21.0999 4924 IPMIDRV (e2b4a4494db7cb9b89b55ca268c337c5) C:\windows\system32\DRIVERS\IPMIDrv.sys
17:39:22.0055 4924 IPMIDRV - ok
17:39:22.0097 4924 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\windows\system32\drivers\ipnat.sys
17:39:22.0156 4924 IPNAT - ok
17:39:22.0376 4924 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\windows\system32\drivers\irenum.sys
17:39:22.0436 4924 IRENUM - ok
17:39:22.0545 4924 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\windows\system32\DRIVERS\isapnp.sys
17:39:22.0563 4924 isapnp - ok
17:39:22.0586 4924 iScsiPrt (fa4d2557de56d45b0a346f93564be6e1) C:\windows\system32\DRIVERS\msiscsi.sys
17:39:22.0623 4924 iScsiPrt - ok
17:39:22.0655 4924 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\windows\system32\DRIVERS\kbdclass.sys
17:39:22.0674 4924 kbdclass - ok
17:39:22.0705 4924 kbdhid (6def98f8541e1b5dceb2c822a11f7323) C:\windows\system32\DRIVERS\kbdhid.sys
17:39:22.0736 4924 kbdhid - ok
17:39:22.0870 4924 KSecDD (e8b6fcc9c83535c67f835d407620bd27) C:\windows\system32\Drivers\ksecdd.sys
17:39:22.0899 4924 KSecDD - ok
17:39:22.0920 4924 KSecPkg (a8c63880ef6f4d3fec7b616b9c060215) C:\windows\system32\Drivers\ksecpkg.sys
17:39:22.0935 4924 KSecPkg - ok
17:39:22.0966 4924 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\windows\system32\drivers\ksthunk.sys
17:39:23.0032 4924 ksthunk - ok
17:39:23.0284 4924 lltdio (1538831cf8ad2979a04c423779465827) C:\windows\system32\DRIVERS\lltdio.sys
17:39:23.0328 4924 lltdio - ok
17:39:23.0475 4924 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\windows\system32\DRIVERS\lsi_fc.sys
17:39:23.0514 4924 LSI_FC - ok
17:39:23.0545 4924 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\windows\system32\DRIVERS\lsi_sas.sys
17:39:23.0563 4924 LSI_SAS - ok
17:39:23.0580 4924 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\windows\system32\DRIVERS\lsi_sas2.sys
17:39:23.0610 4924 LSI_SAS2 - ok
17:39:23.0687 4924 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\windows\system32\DRIVERS\lsi_scsi.sys
17:39:23.0728 4924 LSI_SCSI - ok
17:39:23.0778 4924 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\windows\system32\drivers\luafv.sys
17:39:23.0857 4924 luafv - ok
17:39:23.0962 4924 MBAMProtector (79da94b35371b9e7104460c7693dcb2c) C:\windows\system32\drivers\mbam.sys
17:39:23.0987 4924 MBAMProtector - ok
17:39:24.0039 4924 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\windows\system32\DRIVERS\megasas.sys
17:39:24.0056 4924 megasas - ok
17:39:24.0085 4924 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\windows\system32\DRIVERS\MegaSR.sys
17:39:24.0117 4924 MegaSR - ok
17:39:24.0245 4924 Modem (800ba92f7010378b09f9ed9270f07137) C:\windows\system32\drivers\modem.sys
17:39:24.0324 4924 Modem - ok
17:39:24.0359 4924 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\windows\system32\DRIVERS\monitor.sys
17:39:24.0385 4924 monitor - ok
17:39:24.0428 4924 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\windows\system32\DRIVERS\mouclass.sys
17:39:24.0457 4924 mouclass - ok
17:39:24.0604 4924 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\windows\system32\DRIVERS\mouhid.sys
17:39:24.0659 4924 mouhid - ok
17:39:24.0695 4924 mountmgr (791af66c4d0e7c90a3646066386fb571) C:\windows\system32\drivers\mountmgr.sys
17:39:24.0708 4924 mountmgr - ok
17:39:24.0740 4924 MPFP (ae2e68527013eb4f761eccc630f7f1a3) C:\windows\system32\Drivers\Mpfp.sys
17:39:24.0760 4924 MPFP - ok
17:39:24.0877 4924 mpio (609d1d87649ecc19796f4d76d4c15cea) C:\windows\system32\DRIVERS\mpio.sys
17:39:24.0913 4924 mpio - ok
17:39:24.0929 4924 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\windows\system32\drivers\mpsdrv.sys
17:39:24.0981 4924 mpsdrv - ok
17:39:25.0020 4924 MRxDAV (30524261bb51d96d6fcbac20c810183c) C:\windows\system32\drivers\mrxdav.sys
17:39:25.0061 4924 MRxDAV - ok
17:39:25.0156 4924 mrxsmb (040d62a9d8ad28922632137acdd984f2) C:\windows\system32\DRIVERS\mrxsmb.sys
17:39:25.0202 4924 mrxsmb - ok
17:39:25.0251 4924 mrxsmb10 (f0067552f8f9b33d7c59403ab808a3cb) C:\windows\system32\DRIVERS\mrxsmb10.sys
17:39:25.0283 4924 mrxsmb10 - ok
17:39:25.0314 4924 mrxsmb20 (3c142d31de9f2f193218a53fe2632051) C:\windows\system32\DRIVERS\mrxsmb20.sys
17:39:25.0345 4924 mrxsmb20 - ok
17:39:25.0448 4924 msahci (5e939cf91ea4a841dbafe4627e0292bb) C:\windows\system32\DRIVERS\msahci.sys
17:39:25.0473 4924 msahci - ok
17:39:25.0523 4924 msdsm (8d27b597229aed79430fb9db3bcbfbd0) C:\windows\system32\DRIVERS\msdsm.sys
17:39:25.0543 4924 msdsm - ok
17:39:25.0606 4924 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\windows\system32\drivers\Msfs.sys
17:39:25.0683 4924 Msfs - ok
17:39:25.0829 4924 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\windows\System32\drivers\mshidkmdf.sys
17:39:25.0880 4924 mshidkmdf - ok
17:39:25.0925 4924 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\windows\system32\DRIVERS\msisadrv.sys
17:39:25.0941 4924 msisadrv - ok
17:39:26.0043 4924 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\windows\system32\drivers\MSKSSRV.sys
17:39:26.0128 4924 MSKSSRV - ok
17:39:26.0182 4924 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\windows\system32\drivers\MSPCLOCK.sys
17:39:26.0266 4924 MSPCLOCK - ok
17:39:26.0304 4924 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\windows\system32\drivers\MSPQM.sys
17:39:26.0373 4924 MSPQM - ok
17:39:26.0481 4924 MsRPC (89cb141aa8616d8c6a4610fa26c60964) C:\windows\system32\drivers\MsRPC.sys
17:39:26.0539 4924 MsRPC - ok
17:39:26.0591 4924 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\windows\system32\DRIVERS\mssmbios.sys
17:39:26.0632 4924 mssmbios - ok
17:39:26.0755 4924 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\windows\system32\drivers\MSTEE.sys
17:39:26.0807 4924 MSTEE - ok
17:39:26.0863 4924 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\windows\system32\DRIVERS\MTConfig.sys
17:39:26.0892 4924 MTConfig - ok
17:39:26.0969 4924 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\windows\system32\Drivers\mup.sys
17:39:27.0023 4924 Mup - ok
17:39:27.0090 4924 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\windows\system32\DRIVERS\nwifi.sys
17:39:27.0160 4924 NativeWifiP - ok
17:39:27.0267 4924 NDIS (cad515dbd07d082bb317d9928ce8962c) C:\windows\system32\drivers\ndis.sys
17:39:27.0311 4924 NDIS - ok
17:39:27.0525 4924 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\windows\system32\DRIVERS\ndiscap.sys
17:39:27.0570 4924 NdisCap - ok
17:39:27.0617 4924 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\windows\system32\DRIVERS\ndistapi.sys
17:39:27.0775 4924 NdisTapi - ok
17:39:27.0950 4924 Ndisuio (f105ba1e22bf1f2ee8f005d4305e4bec) C:\windows\system32\DRIVERS\ndisuio.sys
17:39:28.0037 4924 Ndisuio - ok
17:39:28.0057 4924 NdisWan (557dfab9ca1fcb036ac77564c010dad3) C:\windows\system32\DRIVERS\ndiswan.sys
17:39:28.0115 4924 NdisWan - ok
17:39:28.0226 4924 NDProxy (659b74fb74b86228d6338d643cd3e3cf) C:\windows\system32\drivers\NDProxy.sys
17:39:28.0286 4924 NDProxy - ok
17:39:28.0326 4924 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\windows\system32\DRIVERS\netbios.sys
17:39:28.0370 4924 NetBIOS - ok
17:39:28.0387 4924 NetBT (9162b273a44ab9dce5b44362731d062a) C:\windows\system32\DRIVERS\netbt.sys
17:39:28.0442 4924 NetBT - ok
17:39:28.0579 4924 netr28x (b72bb9496a126fcfc7fc5945ded9b411) C:\windows\system32\DRIVERS\netr28x.sys
17:39:28.0619 4924 netr28x - ok
17:39:28.0663 4924 nfrd960 (77889813be4d166cdab78ddba990da92) C:\windows\system32\DRIVERS\nfrd960.sys
17:39:28.0680 4924 nfrd960 - ok
17:39:28.0799 4924 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\windows\system32\drivers\Npfs.sys
17:39:28.0867 4924 Npfs - ok
17:39:28.0898 4924 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\windows\system32\drivers\nsiproxy.sys
17:39:28.0957 4924 nsiproxy - ok
17:39:29.0028 4924 Ntfs (378e0e0dfea67d98ae6ea53adbbd76bc) C:\windows\system32\drivers\Ntfs.sys
17:39:29.0084 4924 Ntfs - ok
17:39:29.0207 4924 Null (9899284589f75fa8724ff3d16aed75c1) C:\windows\system32\drivers\Null.sys
17:39:29.0294 4924 Null - ok
17:39:29.0392 4924 nvraid (a4d9c9a608a97f59307c2f2600edc6a4) C:\windows\system32\drivers\nvraid.sys
17:39:29.0430 4924 nvraid - ok
17:39:29.0492 4924 nvstor (6c1d5f70e7a6a3fd1c90d840edc048b9) C:\windows\system32\drivers\nvstor.sys
17:39:29.0516 4924 nvstor - ok
17:39:29.0545 4924 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\windows\system32\DRIVERS\nv_agp.sys
17:39:29.0564 4924 nv_agp - ok
17:39:29.0623 4924 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\windows\system32\DRIVERS\ohci1394.sys
17:39:29.0653 4924 ohci1394 - ok
17:39:29.0808 4924 Parport (0086431c29c35be1dbc43f52cc273887) C:\windows\system32\DRIVERS\parport.sys
17:39:29.0852 4924 Parport - ok
17:39:29.0892 4924 partmgr (7daa117143316c4a1537e074a5a9eaf0) C:\windows\system32\drivers\partmgr.sys
17:39:29.0907 4924 partmgr - ok
17:39:30.0045 4924 pccsmcfd (bc0018c2d29f655188a0ed3fa94fdb24) C:\windows\system32\DRIVERS\pccsmcfdx64.sys
17:39:30.0100 4924 pccsmcfd - ok
17:39:30.0137 4924 pci (f36f6504009f2fb0dfd1b17a116ad74b) C:\windows\system32\DRIVERS\pci.sys
17:39:30.0157 4924 pci - ok
17:39:30.0179 4924 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\windows\system32\DRIVERS\pciide.sys
17:39:30.0198 4924 pciide - ok
17:39:30.0222 4924 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\windows\system32\DRIVERS\pcmcia.sys
17:39:30.0245 4924 pcmcia - ok
17:39:30.0448 4924 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\windows\system32\drivers\pcw.sys
17:39:30.0468 4924 pcw - ok
17:39:30.0553 4924 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\windows\system32\drivers\peauth.sys
17:39:30.0664 4924 PEAUTH - ok
17:39:30.0824 4924 PptpMiniport (27cc19e81ba5e3403c48302127bda717) C:\windows\system32\DRIVERS\raspptp.sys
17:39:30.0929 4924 PptpMiniport - ok
17:39:30.0954 4924 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\windows\system32\DRIVERS\processr.sys
17:39:30.0999 4924 Processor - ok
17:39:31.0133 4924 Psched (ee992183bd8eaefd9973f352e587a299) C:\windows\system32\DRIVERS\pacer.sys
17:39:31.0197 4924 Psched - ok
17:39:31.0281 4924 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\windows\system32\DRIVERS\ql2300.sys
17:39:31.0339 4924 ql2300 - ok
17:39:31.0484 4924 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\windows\system32\DRIVERS\ql40xx.sys
17:39:31.0506 4924 ql40xx - ok
17:39:31.0541 4924 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\windows\system32\drivers\qwavedrv.sys
17:39:31.0591 4924 QWAVEdrv - ok
17:39:31.0609 4924 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\windows\system32\DRIVERS\rasacd.sys
17:39:31.0664 4924 RasAcd - ok
17:39:31.0779 4924 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\windows\system32\DRIVERS\AgileVpn.sys
17:39:31.0848 4924 RasAgileVpn - ok
17:39:31.0884 4924 Rasl2tp (87a6e852a22991580d6d39adc4790463) C:\windows\system32\DRIVERS\rasl2tp.sys
17:39:31.0941 4924 Rasl2tp - ok
17:39:31.0959 4924 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\windows\system32\DRIVERS\raspppoe.sys
17:39:32.0018 4924 RasPppoe - ok
17:39:32.0037 4924 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\windows\system32\DRIVERS\rassstp.sys
17:39:32.0088 4924 RasSstp - ok
17:39:32.0402 4924 rdbss (3bac8142102c15d59a87757c1d41dce5) C:\windows\system32\DRIVERS\rdbss.sys
17:39:32.0541 4924 rdbss - ok
17:39:32.0638 4924 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\windows\system32\DRIVERS\rdpbus.sys
17:39:32.0756 4924 rdpbus - ok
17:39:32.0798 4924 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\windows\system32\DRIVERS\RDPCDD.sys
17:39:32.0862 4924 RDPCDD - ok
17:39:32.0984 4924 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\windows\system32\drivers\rdpencdd.sys
17:39:33.0041 4924 RDPENCDD - ok
17:39:33.0066 4924 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\windows\system32\drivers\rdprefmp.sys
17:39:33.0144 4924 RDPREFMP - ok
17:39:33.0240 4924 RDPWD (8a3e6bea1c53ea6177fe2b6eba2c80d7) C:\windows\system32\drivers\RDPWD.sys
17:39:33.0321 4924 RDPWD - ok
17:39:33.0368 4924 rdyboost (634b9a2181d98f15941236886164ec8b) C:\windows\system32\drivers\rdyboost.sys
17:39:33.0431 4924 rdyboost - ok
17:39:33.0612 4924 Revoflt (9c3ac71a9934b884fac567a8807e9c4d) C:\windows\system32\DRIVERS\revoflt.sys
17:39:33.0646 4924 Revoflt - ok
17:39:33.0710 4924 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\windows\system32\DRIVERS\rfcomm.sys
17:39:33.0748 4924 RFCOMM - ok
17:39:33.0796 4924 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\windows\system32\DRIVERS\rspndr.sys
17:39:33.0840 4924 rspndr - ok
17:39:33.0971 4924 RSUSBSTOR (3ceee53bbf8ba284ff44585cec0162fe) C:\windows\system32\Drivers\RtsUStor.sys
17:39:34.0020 4924 RSUSBSTOR - ok
17:39:34.0055 4924 RsvLock (ac2bf5ee4eb57685b6ecb066ab0b0ef6) C:\windows\system32\drivers\RsvLock.sys
17:39:34.0070 4924 RsvLock - ok
17:39:34.0121 4924 RTL8167 (fd978b2bf8a9b2390dcbef435e9c1f9f) C:\windows\system32\DRIVERS\Rt64win7.sys
17:39:34.0167 4924 RTL8167 - ok
17:39:34.0258 4924 SafeBoot (17d9fb7665247c4094e707bd68044ec3) C:\windows\system32\drivers\SafeBoot.sys
17:39:34.0260 4924 Suspicious file (NoAccess): C:\windows\system32\drivers\SafeBoot.sys. md5: 17d9fb7665247c4094e707bd68044ec3
17:39:34.0261 4924 SafeBoot ( LockedFile.Multi.Generic ) - warning
17:39:34.0261 4924 SafeBoot - detected LockedFile.Multi.Generic (1)
17:39:34.0330 4924 SbAlg (fd8714a36c4646de22ddc7e36f6d09ef) C:\windows\system32\drivers\SbAlg.sys
17:39:34.0363 4924 SbAlg - ok
17:39:34.0410 4924 SbFsLock (3dff91cd782c299806690ad37ee14c73) C:\windows\system32\drivers\SbFsLock.sys
17:39:34.0423 4924 SbFsLock - ok
17:39:34.0533 4924 sbp2port (e3bbb89983daf5622c1d50cf49f28227) C:\windows\system32\DRIVERS\sbp2port.sys
17:39:34.0564 4924 sbp2port - ok
17:39:34.0596 4924 scfilter (c94da20c7e3ba1dca269bc8460d98387) C:\windows\system32\DRIVERS\scfilter.sys
17:39:34.0683 4924 scfilter - ok
17:39:34.0806 4924 sdbus (54e47ad086782d3ae9417c155cdceb9b) C:\windows\system32\DRIVERS\sdbus.sys
17:39:34.0846 4924 sdbus - ok
17:39:34.0887 4924 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\windows\system32\drivers\secdrv.sys
17:39:34.0940 4924 secdrv - ok
17:39:34.0980 4924 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\windows\system32\DRIVERS\serenum.sys
17:39:34.0999 4924 Serenum - ok
17:39:35.0042 4924 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\windows\system32\DRIVERS\serial.sys
17:39:35.0099 4924 Serial - ok
17:39:35.0213 4924 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\windows\system32\DRIVERS\sermouse.sys
17:39:35.0285 4924 sermouse - ok
17:39:35.0507 4924 sffdisk (a554811bcd09279536440c964ae35bbf) C:\windows\system32\DRIVERS\sffdisk.sys
17:39:35.0588 4924 sffdisk - ok
17:39:35.0623 4924 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\windows\system32\DRIVERS\sffp_mmc.sys
17:39:35.0658 4924 sffp_mmc - ok
17:39:35.0674 4924 sffp_sd (178298f767fe638c9fedcbdef58bb5e4) C:\windows\system32\DRIVERS\sffp_sd.sys
17:39:35.0705 4924 sffp_sd - ok
17:39:35.0839 4924 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\windows\system32\DRIVERS\sfloppy.sys
17:39:35.0878 4924 sfloppy - ok
17:39:35.0953 4924 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\windows\system32\DRIVERS\SiSRaid2.sys
17:39:35.0980 4924 SiSRaid2 - ok
17:39:35.0998 4924 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\windows\system32\DRIVERS\sisraid4.sys
17:39:36.0016 4924 SiSRaid4 - ok
17:39:36.0123 4924 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\windows\system32\DRIVERS\smb.sys
17:39:36.0189 4924 Smb - ok
17:39:36.0327 4924 SNP2UVC (1c987dc868af856362b11bf35328057f) C:\windows\system32\DRIVERS\snp2uvc.sys
17:39:36.0378 4924 SNP2UVC - ok
17:39:36.0521 4924 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\windows\system32\drivers\spldr.sys
17:39:36.0545 4924 spldr - ok
17:39:36.0586 4924 srv (2408c0366d96bcdf63e8f1c78e4a29c5) C:\windows\system32\DRIVERS\srv.sys
17:39:36.0661 4924 srv - ok
17:39:36.0756 4924 srv2 (76548f7b818881b47d8d1ae1be9c11f8) C:\windows\system32\DRIVERS\srv2.sys
17:39:36.0824 4924 srv2 - ok
17:39:36.0855 4924 srvnet (0af6e19d39c70844c5caa8fb0183c36e) C:\windows\system32\DRIVERS\srvnet.sys
17:39:36.0902 4924 srvnet - ok
17:39:36.0950 4924 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\windows\system32\DRIVERS\stexstor.sys
17:39:36.0965 4924 stexstor - ok
17:39:37.0114 4924 STHDA (c962f5c90bdbefb6446b5b252c70fe33) C:\windows\system32\DRIVERS\stwrt64.sys
17:39:37.0175 4924 STHDA - ok
17:39:37.0290 4924 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\windows\system32\DRIVERS\swenum.sys
17:39:37.0306 4924 swenum - ok
17:39:37.0361 4924 SynTP (1f298c285d48ce42eb6b7f8d4f0d8120) C:\windows\system32\DRIVERS\SynTP.sys
17:39:37.0390 4924 SynTP - ok
17:39:37.0461 4924 Tcpip (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\drivers\tcpip.sys
17:39:37.0529 4924 Tcpip - ok
17:39:37.0707 4924 TCPIP6 (b9d87c7707f058ac652a398cd28de14b) C:\windows\system32\DRIVERS\tcpip.sys
17:39:37.0746 4924 TCPIP6 - ok
17:39:37.0872 4924 tcpipreg (76d078af6f587b162d50210f761eb9ed) C:\windows\system32\drivers\tcpipreg.sys
17:39:37.0934 4924 tcpipreg - ok
17:39:37.0972 4924 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\windows\system32\drivers\tdpipe.sys
17:39:38.0017 4924 TDPIPE - ok
17:39:38.0048 4924 TDTCP (e4245bda3190a582d55ed09e137401a9) C:\windows\system32\drivers\tdtcp.sys
17:39:38.0095 4924 TDTCP - ok
17:39:38.0211 4924 tdx (079125c4b17b01fcaeebce0bcb290c0f) C:\windows\system32\DRIVERS\tdx.sys
17:39:38.0267 4924 tdx - ok
17:39:38.0292 4924 TermDD (c448651339196c0e869a355171875522) C:\windows\system32\DRIVERS\termdd.sys
17:39:38.0309 4924 TermDD - ok
17:39:38.0350 4924 TFsExDisk - ok
17:39:38.0387 4924 TPM (dbcc20c02e8a3e43b03c304a4e40a84f) C:\windows\system32\drivers\tpm.sys
17:39:38.0418 4924 TPM - ok
17:39:38.0563 4924 tssecsrv (61b96c26131e37b24e93327a0bd1fb95) C:\windows\system32\DRIVERS\tssecsrv.sys
17:39:38.0638 4924 tssecsrv - ok
17:39:38.0694 4924 tunnel (3836171a2cdf3af8ef10856db9835a70) C:\windows\system32\DRIVERS\tunnel.sys
17:39:38.0775 4924 tunnel - ok
17:39:38.0904 4924 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\windows\system32\DRIVERS\uagp35.sys
17:39:38.0957 4924 uagp35 - ok
17:39:38.0995 4924 udfs (c06e6f4679ceb8f430b90a51d76d8d3c) C:\windows\system32\DRIVERS\udfs.sys
17:39:39.0044 4924 udfs - ok
17:39:39.0199 4924 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\windows\system32\DRIVERS\uliagpkx.sys
17:39:39.0246 4924 uliagpkx - ok
17:39:39.0262 4924 umbus (eab6c35e62b1b0db0d1b48b671d3a117) C:\windows\system32\DRIVERS\umbus.sys
17:39:39.0308 4924 umbus - ok
17:39:39.0334 4924 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\windows\system32\DRIVERS\umpass.sys
17:39:39.0359 4924 UmPass - ok
17:39:39.0482 4924 upperdev - ok
17:39:39.0532 4924 usbccgp (537a4e03d7103c12d42dfd8ffdb5bdc9) C:\windows\system32\DRIVERS\usbccgp.sys
17:39:39.0583 4924 usbccgp - ok
17:39:39.0614 4924 usbcir (af0892a803fdda7492f595368e3b68e7) C:\windows\system32\DRIVERS\usbcir.sys
17:39:39.0688 4924 usbcir - ok
17:39:39.0831 4924 usbehci (fbb21ebe49f6d560db37ac25fbc68e66) C:\windows\system32\DRIVERS\usbehci.sys
17:39:39.0891 4924 usbehci - ok
17:39:39.0934 4924 usbhub (6b7a8a99c4a459e73c286a6763ea24cc) C:\windows\system32\DRIVERS\usbhub.sys
17:39:39.0996 4924 usbhub - ok
17:39:40.0019 4924 usbohci (8c88aa7617b4cbc2e4bed61d26b33a27) C:\windows\system32\DRIVERS\usbohci.sys
17:39:40.0054 4924 usbohci - ok
17:39:40.0149 4924 usbprint (73188f58fb384e75c4063d29413cee3d) C:\windows\system32\DRIVERS\usbprint.sys
17:39:40.0212 4924 usbprint - ok
17:39:40.0293 4924 USBSTOR (f39983647bc1f3e6100778ddfe9dce29) C:\windows\system32\DRIVERS\USBSTOR.SYS
17:39:40.0352 4924 USBSTOR - ok
17:39:40.0399 4924 usbuhci (0b5b3b2df3fd1709618acfa50b8392b0) C:\windows\system32\drivers\usbuhci.sys
17:39:40.0430 4924 usbuhci - ok
17:39:40.0487 4924 usbvideo (7cb8c573c6e4a2714402cc0a36eab4fe) C:\windows\System32\Drivers\usbvideo.sys
17:39:40.0545 4924 usbvideo - ok
17:39:40.0700 4924 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\windows\system32\DRIVERS\vdrvroot.sys
17:39:40.0716 4924 vdrvroot - ok
17:39:40.0762 4924 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\windows\system32\DRIVERS\vgapnp.sys
17:39:40.0785 4924 vga - ok
17:39:40.0801 4924 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\windows\System32\drivers\vga.sys
17:39:40.0868 4924 VgaSave - ok
17:39:40.0939 4924 vhdmp (c82e748660f62a242b2dfac1442f22a4) C:\windows\system32\DRIVERS\vhdmp.sys
17:39:40.0966 4924 vhdmp - ok
17:39:41.0044 4924 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\windows\system32\DRIVERS\viaide.sys
17:39:41.0060 4924 viaide - ok
17:39:41.0088 4924 volmgr (2b1a3dae2b4e70dbba822b7a03fbd4a3) C:\windows\system32\DRIVERS\volmgr.sys
17:39:41.0123 4924 volmgr - ok
17:39:41.0179 4924 volmgrx (99b0cbb569ca79acaed8c91461d765fb) C:\windows\system32\drivers\volmgrx.sys
17:39:41.0198 4924 volmgrx - ok
17:39:41.0326 4924 volsnap (58f82eed8ca24b461441f9c3e4f0bf5c) C:\windows\system32\DRIVERS\volsnap.sys
17:39:41.0351 4924 volsnap - ok
17:39:41.0389 4924 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\windows\system32\DRIVERS\vsmraid.sys
17:39:41.0410 4924 vsmraid - ok
17:39:41.0434 4924 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\windows\system32\DRIVERS\vwifibus.sys
17:39:41.0481 4924 vwifibus - ok
17:39:41.0512 4924 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\windows\system32\DRIVERS\vwififlt.sys
17:39:41.0538 4924 vwififlt - ok
17:39:41.0678 4924 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\windows\system32\DRIVERS\vwifimp.sys
17:39:41.0714 4924 vwifimp - ok
17:39:41.0748 4924 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\windows\system32\DRIVERS\wacompen.sys
17:39:41.0836 4924 WacomPen - ok
17:39:41.0914 4924 WANARP (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
17:39:41.0972 4924 WANARP - ok
17:39:41.0976 4924 Wanarpv6 (47ca49400643effd3f1c9a27e1d69324) C:\windows\system32\DRIVERS\wanarp.sys
17:39:42.0019 4924 Wanarpv6 - ok
17:39:42.0211 4924 Wd (72889e16ff12ba0f235467d6091b17dc) C:\windows\system32\DRIVERS\wd.sys
17:39:42.0227 4924 Wd - ok
17:39:42.0266 4924 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\windows\system32\drivers\Wdf01000.sys
17:39:42.0300 4924 Wdf01000 - ok
17:39:42.0489 4924 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\windows\system32\DRIVERS\wfplwf.sys
17:39:42.0551 4924 WfpLwf - ok
17:39:42.0570 4924 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\windows\system32\drivers\wimmount.sys
17:39:42.0585 4924 WIMMount - ok
17:39:42.0775 4924 WinUsb (817eaff5d38674edd7713b9dfb8e9791) C:\windows\system32\DRIVERS\WinUsb.sys
17:39:42.0822 4924 WinUsb - ok
17:39:42.0850 4924 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\windows\system32\DRIVERS\wmiacpi.sys
17:39:42.0881 4924 WmiAcpi - ok
17:39:42.0936 4924 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\windows\system32\drivers\ws2ifsl.sys
17:39:42.0988 4924 ws2ifsl - ok
17:39:43.0220 4924 WudfPf (7cadc74271dd6461c452c271b30bd378) C:\windows\system32\drivers\WudfPf.sys
17:39:43.0288 4924 WudfPf - ok
17:39:43.0341 4924 WUDFRd (3b197af0fff08aa66b6b2241ca538d64) C:\windows\system32\DRIVERS\WUDFRd.sys
17:39:43.0389 4924 WUDFRd - ok
17:39:43.0444 4924 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
17:39:43.0551 4924 \Device\Harddisk0\DR0 - ok
17:39:43.0554 4924 Boot (0x1200) (4b52434314f0ca2c3a6fe1158789abf9) \Device\Harddisk0\DR0\Partition0
17:39:43.0555 4924 \Device\Harddisk0\DR0\Partition0 - ok
17:39:43.0587 4924 Boot (0x1200) (6a5abe391a72336281643cc9adb7f20c) \Device\Harddisk0\DR0\Partition1
17:39:43.0605 4924 \Device\Harddisk0\DR0\Partition1 - ok
17:39:43.0641 4924 Boot (0x1200) (60c52a6ef91b235572dfef5849b25062) \Device\Harddisk0\DR0\Partition2
17:39:43.0674 4924 \Device\Harddisk0\DR0\Partition2 - ok
17:39:43.0707 4924 Boot (0x1200) (5104767b01ba7275c0e0875f9f963333) \Device\Harddisk0\DR0\Partition3
17:39:43.0736 4924 \Device\Harddisk0\DR0\Partition3 - ok
17:39:43.0736 4924 ============================================================
17:39:43.0736 4924 Scan finished
17:39:43.0736 4924 ============================================================
17:39:43.0783 4236 Detected object count: 1
17:39:43.0783 4236 Actual detected object count: 1
17:39:58.0215 4236 SafeBoot ( LockedFile.Multi.Generic ) - skipped by user
17:39:58.0215 4236 SafeBoot ( LockedFile.Multi.Generic ) - User select action: Skip


Tu je log z mslesre bytes:


alwarebytes Anti-Malware (Skúšobná verzia) 1.60.0.1800
http://www.malwarebytes.org

Verzia databázy: v2012.01.11.05

Windows 7 x64 NTFS
Internet Explorer 8.0.7600.16385
iwka :: IWKA-HP [administrátor]

Ochrana: Zapnuté

11. 1. 2012 16:21:30
mbam-log-2012-01-11 (17-34-37).txt

Typ kontroly: Úplná kontrola
Možnosti kontroly zapnuté: Pamäť | Po spustení | Registre | Systémové súbory | Heuristika/Extra | Heuristika/Shuriken | PUP | PUM
Možnosti kontroly vypnuté: P2P
Objektov kontrolovaných: 349666
Uplynutý čas: 1 hod, 5 min, 34 sek

Detegované služby pamäte: 0
(Škodlivé položky neboli zistené)

Detegované moduly pamäte: 0
(Škodlivé položky neboli zistené)

Detegované registračné kľúče: 0
(Škodlivé položky neboli zistené)

Detegované registračné hodnoty: 0
(Škodlivé položky neboli zistené)

Detegované položky registračných dát: 0
(Škodlivé položky neboli zistené)

Detegované priečinky: 0
(Škodlivé položky neboli zistené)

Detegované súbory: 3
C:\Qoobox\Quarantine\C\Windows\assembly\tmp\U\000000c0.@.vir (Trojan.Agent) -> Žiadna úloha nevykonaná.
C:\Qoobox\Quarantine\C\Windows\rpcminer\rpcminer-cpu.exe.vir (PUP.BitCoinMiner) -> Žiadna úloha nevykonaná.
C:\Windows\ufa\ufa.exe (PUP.BitMiner) -> Žiadna úloha nevykonaná.

(koniec)

[Walky]

UP som editoval ten predosli prispevok.

[Walky]

V nudzovom rezime napise uninstal incomplete error obtaining full permision to .... Skusal som to spustit ako administrator ale nepomohlo.

[Walky]

Tak neviem ktory to bol ale pri odinstalovany vypise chybu pri MSC

[Walky]

Log RSIT

Logfile of random's system information tool 1.09 (written by random/random)
Run by iwka at 2012-01-11 20:37:12
Microsoft Windows 7 Home Premium
System drive C: has 164 GB (57%) free of 288 GB
Total RAM: 2806 MB (53% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 20:37:27, on 11. 1. 2012
Platform: Windows 7 (WinNT 6.00.3504)
MSIE: Internet Explorer v8.00 (8.00.7600.16869)
Boot mode: Normal

Running processes:
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe
C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe
C:\PROGRA~2\MICROS~1\Office12\WINWORD.EXE
C:\Users\iwka\Downloads\RSIT.exe
C:\Program Files (x86)\trend micro\iwka.exe
C:\Users\iwka\AppData\Local\Google\Chrome\Application\chrome.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.sk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.bing.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
R3 - URLSearchHook: Winamp Toolbar Search Class - {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: Winamp Toolbar Loader - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O2 - BHO: BHO_Startup - {3134413B-49B4-425C-98A5-893C1F195601} - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll
O2 - BHO: HP ProtectTools Security Manager Extension - {395610AE-C624-4f58-B89E-23733EA00F9A} - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - (no file)
O2 - BHO: Bing Bar Helper - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: DAEMON Tools Toolbar - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll
O3 - Toolbar: Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - "C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll" (file missing)
O3 - Toolbar: Winamp Toolbar - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll
O4 - HKLM\..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
O4 - HKCU\..\Run: [DAEMON Tools Lite] "C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe" -autorun
O4 - HKUS\S-1-5-18\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden (User 'Default user')
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O15 - Trusted Zone: http://*.mcafee.com (HKLM)
O15 - Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - Trusted Zone: http://www.siteadvisor.com (HKLM)
O15 - ESC Trusted Zone: http://*.mcafee.com (HKLM)
O15 - ESC Trusted Zone: http://betavscan.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://vs.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.mcafeeasap.com (HKLM)
O15 - ESC Trusted Zone: http://www.siteadvisor.com (HKLM)
O17 - HKLM\System\CCS\Services\Tcpip\..\{DB7A69E8-B97E-4074-866C-6908AE06C13B}: NameServer = 172.22.19.254,88.212.8.8
O18 - Protocol: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: DeviceNP - DeviceNP.dll (file missing)
O23 - Service: ArcSoft Connect Daemon (ACDaemon) - ArcSoft Inc. - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agr64svc.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\windows\system32\atiesrxx.exe (file missing)
O23 - Service: Avira Scheduler (AntiVirSchedulerService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
O23 - Service: Avira Realtime Protection (AntiVirService) - Avira Operations GmbH & Co. KG - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: DEBridge - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe
O23 - Service: @c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128 (DpHost) - DigitalPersona, Inc. - c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\windows\system32\fxssvc.exe (file missing)
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - c:\Windows\SysWOW64\flcdlock.exe
O23 - Service: HP Health Check Service - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: HP ProtectTools Service - Hewlett-Packard Development Company, L.P - c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe
O23 - Service: HP Wireless Assistant Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe
O23 - Service: HP DayStarter Service (HPDayStarterService) - Hewlett-Packard Company - c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe
O23 - Service: HP Quick Synchronization Service (HPDrvMntSvc.exe) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - McAfee, Inc. - c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: File Sanitizer for HP ProtectTools (HPFSService) - Hewlett-Packard - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe
O23 - Service: HP Hotkey Monitor (hpHotkeyMonitor) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe
O23 - Service: HP Software Framework Service (hpqwmiex) - Hewlett-Packard Company - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: PDF Document Manager (pdfcDispatcher) - PDF Complete Inc - C:\Program Files (x86)\PDF Complete\pdfsvc.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe
O23 - Service: ArcCapture (uArcCapture) - ArcSoft, Inc. - C:\windows\system\uArcCapture.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 12020 bytes

======Scheduled tasks folder======

C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002Core.job
C:\windows\tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002UA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{25CEE8EC-5730-41bc-8B58-22DDC8AB8C20}]
Winamp Toolbar Loader - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3134413B-49B4-425C-98A5-893C1F195601}]
File Sanitizer for HP ProtectTools - C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\IEBHO.dll [2010-01-19 117248]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{395610AE-C624-4f58-B89E-23733EA00F9A}]
HP ProtectTools Security Manager Extension - c:\Program Files (x86)\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpOtsPluginIe8.dll [2010-01-22 1471752]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B164E929-A1B6-4A06-B104-2CD0E90A88FF}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{d2ce3e00-f94a-4740-988e-03dc2f38c34f}]
Bing Bar Helper - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{32099AAC-C132-4136-9E9A-4E364A424E17} - DAEMON Tools Toolbar - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll [2011-01-05 988480]
{8dcb7100-df86-4384-8842-8fa844297b3f} - Bing Bar - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll [2011-02-28 1089288]
{EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - Winamp Toolbar - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll [2011-03-11 1373512]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"=C:\Program Files (x86)\PDF Complete\pdfsty.exe [2010-01-12 563736]
"StartCCC"=C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-08-05 98304]
"avgnt"=C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [2011-12-15 258512]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"=C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [2011-01-05 1305408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\DeviceNP]
C:\windows\system32\DeviceNP.dll [2009-12-07 75320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\windows\SysWow64\webcheck.dll [2009-07-14 229376]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=DPPassFilter
scecli

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MpfService]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=5
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableSecureUIAPaths"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDrives"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"C:\Windows\update.tray-2-0\svchost.exe"="C:\Windows\update.tray-2-0\svchost.exe:*:Enabled:C:\Windows\update.tray-2-0\svchost.exe"
"C:\windows\update.1\svchost.exe"="C:\windows\update.1\svchost.exe:*:Enabled:C:\windows\update.1\svchost.exe"
"C:\windows\update.2\svchost.exe"="C:\windows\update.2\svchost.exe:*:Enabled:C:\windows\update.2\svchost.exe"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"vidc.uyvy"=msyuv.dll
"vidc.yuy2"=msyuv.dll
"vidc.yvyu"=msyuv.dll
"vidc.iyuv"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"vidc.yvu9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\SysWOW64\l3codeca.acm
"vidc.cvid"=iccvid.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1

======List of files/folders created in the last 1 month======

2012-01-11 20:36:32 ----SHD---- C:\$RECYCLE.BIN
2012-01-11 20:32:22 ----A---- C:\ComboFix.txt
2012-01-11 20:13:32 ----D---- C:\windows\temp
2012-01-11 18:58:38 ----A---- C:\windows\ntbtlog.txt
2012-01-11 17:36:45 ----A---- C:\TDSSKiller.2.7.0.0_11.01.2012_17.36.45_log.txt
2012-01-11 16:18:08 ----D---- C:\Users\iwka\AppData\Roaming\Malwarebytes
2012-01-11 16:18:01 ----D---- C:\ProgramData\Malwarebytes
2012-01-11 16:13:57 ----SD---- C:\windows\SysWOW64\Microsoft
2012-01-10 19:32:31 ----D---- C:\Users\iwka\AppData\Roaming\Avira
2012-01-10 19:13:04 ----D---- C:\ProgramData\Avira
2012-01-10 19:13:04 ----D---- C:\Program Files (x86)\Avira
2012-01-10 17:19:10 ----A---- C:\windows\zip.exe
2012-01-10 17:19:10 ----A---- C:\windows\SWSC.exe
2012-01-10 17:19:10 ----A---- C:\windows\SWREG.exe
2012-01-10 17:19:10 ----A---- C:\windows\sed.exe
2012-01-10 17:19:10 ----A---- C:\windows\PEV.exe
2012-01-10 17:19:10 ----A---- C:\windows\NIRCMD.exe
2012-01-10 17:19:10 ----A---- C:\windows\MBR.exe
2012-01-10 17:19:10 ----A---- C:\windows\grep.exe
2012-01-10 17:18:14 ----D---- C:\windows\ERDNT
2012-01-10 17:18:10 ----D---- C:\Qoobox
2012-01-09 15:49:24 ----D---- C:\rsit
2012-01-09 15:49:24 ----D---- C:\Program Files (x86)\trend micro
2012-01-04 20:11:51 ----D---- C:\windows\pss
2011-12-27 18:13:40 ----D---- C:\Program Files (x86)\Common Files\Spigot

======List of files/folders modified in the last 1 month======

2012-01-11 20:36:56 ----D---- C:\ProgramData\HPQLOG
2012-01-11 20:14:16 ----D---- C:\Windows
2012-01-11 20:14:16 ----A---- C:\windows\system.ini
2012-01-11 20:05:43 ----D---- C:\windows\SysWOW64\drivers
2012-01-11 20:05:43 ----D---- C:\windows\SysWOW64
2012-01-11 20:05:43 ----D---- C:\windows\System32
2012-01-11 20:05:43 ----D---- C:\windows\AppPatch
2012-01-11 20:05:41 ----D---- C:\Program Files (x86)\Common Files
2012-01-11 19:31:31 ----D---- C:\windows\Tasks
2012-01-11 19:31:29 ----D---- C:\ProgramData
2012-01-11 19:06:50 ----D---- C:\windows\inf
2012-01-11 18:58:37 ----RD---- C:\Program Files (x86)
2012-01-11 18:55:00 ----D---- C:\windows\ufa
2012-01-11 16:07:55 ----D---- C:\ProgramData\PDFC
2012-01-10 21:17:09 ----SHD---- C:\System Volume Information
2012-01-10 21:17:05 ----HD---- C:\windows\update.tray-9-0-lnk
2012-01-10 21:16:52 ----HD---- C:\windows\update.tray-9-0
2012-01-10 19:49:09 ----SHD---- C:\windows\Installer
2012-01-10 19:48:56 ----D---- C:\Config.Msi
2012-01-10 19:45:40 ----D---- C:\Program Files (x86)\Winamp
2012-01-10 17:46:15 ----A---- C:\windows\unrar.exe
2012-01-10 17:32:19 ----D---- C:\windows\SoftwareDistribution
2012-01-10 17:20:29 ----D---- C:\windows\Prefetch
2012-01-10 08:26:31 ----D---- C:\windows\winsxs
2012-01-10 08:09:11 ----D---- C:\windows\rescache
2012-01-09 15:57:32 ----RD---- C:\Program Files
2012-01-05 17:35:01 ----D---- C:\Users\iwka\AppData\Roaming\Winamp
2012-01-05 17:29:54 ----D---- C:\PerfLogs
2012-01-05 17:19:25 ----SD---- C:\ProgramData\Microsoft
2012-01-05 09:36:15 ----D---- C:\windows\Logs
2012-01-04 19:51:33 ----D---- C:\Program Files (x86)\Origin
2012-01-04 19:19:06 ----D---- C:\Users\iwka\AppData\Roaming\DAEMON Tools Lite
2012-01-04 19:19:00 ----D---- C:\windows\Panther
2012-01-04 19:19:00 ----D---- C:\windows\ModemLogs
2012-01-04 19:18:59 ----D---- C:\windows\debug
2012-01-03 16:49:45 ----D---- C:\film
2011-12-18 18:38:00 ----D---- C:\Fotky

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 AtiPcie;AMD PCI Express (3GIO) Filter; C:\windows\system32\DRIVERS\AtiPcie64.sys []
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys []
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys []
R0 SafeBoot;SafeBoot; C:\windows\SysWOW64\drivers\SafeBoot.sys [2010-01-26 110520]
R0 SbAlg;SbAlg; C:\windows\SysWOW64\drivers\SbAlg.sys [2010-01-26 51800]
R0 SbFsLock;SbFsLock; C:\windows\SysWOW64\drivers\SbFsLock.sys [2010-01-26 13256]
R1 avipbb;avipbb; C:\windows\system32\DRIVERS\avipbb.sys []
R1 avkmgr;avkmgr; C:\windows\system32\DRIVERS\avkmgr.sys []
R1 ehdrv;ehdrv; C:\windows\system32\DRIVERS\ehdrv.sys []
R1 MPFP;MPFP; C:\windows\System32\Drivers\Mpfp.sys []
R1 RsvLock;RsvLock; C:\windows\SysWOW64\drivers\RsvLock.sys [2010-01-26 40088]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys []
R2 avgntflt;avgntflt; C:\windows\system32\DRIVERS\avgntflt.sys []
R2 eamonm;eamonm; C:\windows\system32\DRIVERS\eamonm.sys []
R2 epfwwfpr;epfwwfpr; C:\windows\system32\DRIVERS\epfwwfpr.sys []
R3 Accelerometer;HP Accelerometer; C:\windows\system32\DRIVERS\Accelerometer.sys []
R3 Afc;PPdus ASPI Shell; C:\windows\SysWOW64\drivers\Afc.sys [2006-11-14 22784]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\agrsm64.sys []
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys []
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys []
R3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver; C:\windows\system32\DRIVERS\ArcSoftVCapture.sys []
R3 AtiHdmiService;ATI Function Driver for High Definition Audio Service; C:\windows\system32\drivers\AtiHdmi.sys []
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\windows\system32\DRIVERS\bcmwl664.sys []
R3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys []
R3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys []
R3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys []
R3 btwampfl;Bluetooth AMP USB Filter; C:\windows\system32\drivers\btwampfl.sys []
R3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys []
R3 btwavdt;Bluetooth AVDT; C:\windows\system32\DRIVERS\btwavdt.sys []
R3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys []
R3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys []
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver; C:\windows\system32\DRIVERS\dtsoftbus01.sys []
R3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys []
R3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys []
R3 SNP2UVC;USB2.0 PC Camera (SNP2UVC); C:\windows\system32\DRIVERS\snp2uvc.sys []
R3 STHDA;IDT High Definition Audio CODEC; C:\windows\system32\DRIVERS\stwrt64.sys []
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys []
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys []
S3 BridgeMP;@%SystemRoot%\system32\bridgeres.dll,-1; C:\windows\system32\DRIVERS\bridge.sys []
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 DAMDrv;DAMDrv; C:\windows\system32\DRIVERS\DAMDrv64.sys []
S3 FTDIBUS;USB Serial Converter Driver; C:\windows\system32\drivers\ftdibus.sys []
S3 FTSER2K;USB Serial Port Driver; C:\windows\system32\drivers\ftser2k.sys []
S3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista; C:\windows\system32\DRIVERS\netr28x.sys []
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\windows\system32\DRIVERS\pccsmcfdx64.sys []
S3 pciide;pciide; C:\windows\system32\DRIVERS\pciide.sys []
S3 Revoflt;Revoflt; C:\windows\system32\DRIVERS\revoflt.sys []
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader; C:\windows\System32\Drivers\RtsUStor.sys []
S3 RTL8167;Realtek 8167 NT Driver; C:\windows\system32\DRIVERS\Rt64win7.sys []
S3 sdbus;sdbus; C:\windows\system32\DRIVERS\sdbus.sys []
S3 TFsExDisk;TFsExDisk; \??\C:\windows\System32\Drivers\TFsExDisk.sys [2009-03-31 16392]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys []
S3 upperdev;upperdev; C:\windows\system32\DRIVERS\usbser_lowerfltx64.sys []
S3 WinUsb;WinUsb; C:\windows\system32\DRIVERS\WinUsb.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AESTFilters;Andrea ST Filters Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agr64svc.exe [2009-11-02 16896]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe []
R2 AntiVirService;Avira Realtime Protection; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2011-12-15 110032]
R2 AntiVirSchedulerService;Avira Scheduler; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2010-06-09 952096]
R2 DpHost;@c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe,-128; c:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\Bin\DpHostW.exe [2010-01-22 462088]
R2 HP ProtectTools Service;HP ProtectTools Service; c:\Program Files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
R2 HPDayStarterService;HP DayStarter Service; c:\Program Files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
R2 HPDrvMntSvc.exe;HP Quick Synchronization Service; C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
R2 HpFkCryptService;Drive Encryption Service; c:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
R2 HPFSService;File Sanitizer for HP ProtectTools; C:\Program Files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
R2 hpHotkeyMonitor;HP Hotkey Monitor; C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe []
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2010-01-22 73728]
R2 pdfcDispatcher;PDF Document Manager; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
R2 SeaPort;SeaPort; C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-02-25 249648]
R2 STacSV;Audio Service; C:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\STacSV64.exe [2010-01-29 244736]
R2 uArcCapture;ArcCapture; C:\windows\system\uArcCapture.exe [2009-12-04 506472]
R2 wlidsvc;Windows Live ID Sign-in Assistant; C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [2009-08-18 2291568]
R3 DEBridge;DEBridge; c:\Program Files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
R3 hpqwmiex;HP Software Framework Service; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2010-06-16 660536]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 HP Health Check Service;HP Health Check Service; C:\Program Files (x86)\Hewlett-Packard\HP Health Check\hphc_service.exe [2010-06-30 121344]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service; C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 vcsFPService;Validity VCS Fingerprint Service; C:\windows\system32\vcsFPService.exe [2010-02-18 1664304]
S3 ACDaemon;ArcSoft Connect Daemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [2010-03-18 113152]
S3 BBSvc;Bing Bar Update Service; C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing; c:\Windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2008-11-04 441712]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2011-06-08 633856]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe []

-----------------EOF-----------------

Log combofix
ComboFix 12-01-10.02 - iwka . 01. 2012 20:01:57.3.2 - x64
Microsoft Windows 7 Home Premium 6.1.7600.0.1250.421.1051.18.2806.1374 [GMT 1:00]
Running from: c:\users\iwka\Desktop\ComboFix.exe
Command switches used :: c:\users\iwka\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((( Files Created from 2011-12-11 to 2012-01-11 )))))))))))))))))))))))))))))))
.
.
2012-01-11 19:13 . 2012-01-11 19:13 -------- d-----w- c:\windows\system32\config\systemprofile\AppData\Local\temp
2012-01-11 19:13 . 2012-01-11 19:13 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-01-11 18:05 . 2012-01-11 18:59 69000 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{432C8E52-4C38-47AE-AD03-5A8308FFF430}\offreg.dll
2012-01-11 15:18 . 2012-01-11 15:18 -------- d-----w- c:\users\iwka\AppData\Roaming\Malwarebytes
2012-01-11 15:18 . 2012-01-11 15:18 -------- d-----w- c:\programdata\Malwarebytes
2012-01-11 15:13 . 2012-01-11 15:13 -------- d-s---w- c:\windows\SysWow64\Microsoft
2012-01-10 18:32 . 2012-01-10 18:32 -------- d-----w- c:\users\iwka\AppData\Roaming\Avira
2012-01-10 18:13 . 2011-12-15 14:00 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-01-10 18:13 . 2011-12-15 14:00 130760 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-01-10 18:13 . 2011-12-15 14:00 97312 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-01-10 18:13 . 2012-01-10 18:13 -------- d-----w- c:\programdata\Avira
2012-01-10 18:13 . 2012-01-10 18:13 -------- d-----w- c:\program files (x86)\Avira
2012-01-09 21:12 . 2012-01-10 15:17 512 ----a-w- C:\PhysicalMBR.bin
2012-01-09 14:57 . 2012-01-09 14:57 -------- d-----w- c:\program files\trend micro
2012-01-09 14:49 . 2012-01-10 20:26 -------- d-----w- c:\program files (x86)\trend micro
2012-01-09 14:49 . 2012-01-09 14:49 -------- d-----w- C:\rsit
2012-01-04 20:10 . 2012-01-04 20:10 -------- d-----w- c:\users\iwka\AppData\Local\VS Revo Group
2012-01-04 20:10 . 2009-12-30 09:21 31800 ----a-w- c:\windows\system32\drivers\revoflt.sys
2012-01-04 20:10 . 2012-01-04 20:10 -------- d-----w- c:\program files\VS Revo Group
2012-01-04 19:25 . 2011-11-30 01:21 8822856 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{432C8E52-4C38-47AE-AD03-5A8308FFF430}\mpengine.dll
2012-01-04 19:25 . 2011-11-15 13:29 270720 ------w- c:\windows\system32\MpSigStub.exe
2012-01-04 18:18 . 2012-01-04 18:18 -------- d-----w- c:\program files\CCleaner
2011-12-27 17:13 . 2011-12-27 17:13 -------- d-----w- c:\program files (x86)\Common Files\Spigot
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-01-10 16:46 . 2011-10-31 16:21 246272 ----a-w- c:\windows\unrar.exe
2011-10-31 17:15 . 2011-10-31 17:15 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
.
.
((((((((((((((((((((((((((((( SnapShot@2012-01-10_16.32.19 )))))))))))))))))))))))))))))))))))))))))
.
- 2009-07-14 04:54 . 2012-01-10 15:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-11 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2009-07-14 04:54 . 2012-01-11 15:07 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-10 15:08 32768 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2010-09-02 19:31 . 2012-01-11 18:58 59232 c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-01-11 18:58 49750 c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-01-09 16:22 . 2012-01-11 18:58 22604 c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-367710519-3172954664-1994959074-1002_UserData.bin
- 2009-07-14 05:30 . 2012-01-04 19:04 86016 c:\windows\system32\DriverStore\infpub.dat
+ 2009-07-14 05:30 . 2012-01-10 18:13 86016 c:\windows\system32\DriverStore\infpub.dat
- 2011-01-10 00:13 . 2012-01-10 16:16 81920 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-10 00:13 . 2012-01-11 18:30 81920 c:\windows\system32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-09 17:00 . 2012-01-10 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2011-01-09 17:00 . 2012-01-11 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2011-01-09 17:00 . 2012-01-10 16:01 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-09 17:00 . 2012-01-11 19:06 16384 c:\windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2011-01-30 12:23 . 2012-01-10 18:30 3652 c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-01-10 16:29 . 2012-01-10 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-01-11 18:56 . 2012-01-11 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-01-10 16:29 . 2012-01-10 16:29 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 18:56 . 2012-01-11 18:56 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-01-11 15:13 . 2012-01-11 18:30 262144 c:\windows\SysWOW64\config\TxR\NTUSER.DAT
+ 2009-07-14 04:54 . 2012-01-11 15:07 720896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-10 15:08 720896 c:\windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-01-11 15:13 . 2012-01-11 18:30 262144 c:\windows\SysWOW64\config\RegBack\NTUSER.DAT
+ 2012-01-11 15:13 . 2012-01-11 18:30 262144 c:\windows\SysWOW64\config\Journal\NTUSER.DAT
+ 2009-07-14 02:36 . 2012-01-11 18:06 627348 c:\windows\system32\perfh009.dat
- 2009-07-14 02:36 . 2012-01-10 05:41 627348 c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-01-11 18:06 110798 c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-01-10 05:41 110798 c:\windows\system32\perfc009.dat
+ 2009-07-14 05:30 . 2012-01-10 18:13 143360 c:\windows\system32\DriverStore\infstrng.dat
- 2009-07-14 05:30 . 2012-01-04 19:04 143360 c:\windows\system32\DriverStore\infstrng.dat
+ 2009-07-14 05:30 . 2012-01-10 18:13 143360 c:\windows\system32\DriverStore\infstor.dat
- 2009-07-14 05:30 . 2012-01-04 19:04 143360 c:\windows\system32\DriverStore\infstor.dat
+ 2009-07-14 04:54 . 2012-01-11 18:30 294912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
- 2009-07-14 04:54 . 2012-01-10 16:16 294912 c:\windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 05:01 . 2012-01-11 18:43 397128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 05:01 . 2012-01-10 16:28 397128 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 02:34 . 2012-01-10 07:26 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
+ 2009-07-14 02:34 . 2012-01-11 19:10 10223616 c:\windows\system32\SMI\Store\Machine\SCHEMA.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{57BCA5FA-5DBB-45a2-B558-1755C3F6253B}"= "c:\program files (x86)\Winamp Toolbar\winamptb.dll" [2011-03-11 1373512]
.
[HKEY_CLASSES_ROOT\clsid\{57bca5fa-5dbb-45a2-b558-1755c3f6253b}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch.1]
[HKEY_CLASSES_ROOT\TypeLib\{538CD77C-BFDD-49b0-9562-77419CAB89D1}]
[HKEY_CLASSES_ROOT\WinampTb.AOLTBSearch]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-05 1305408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"PDF Complete"="c:\program files (x86)\PDF Complete\pdfsty.exe" [2010-01-12 563736]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-08-05 98304]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-12-15 258512]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2010-01-22 2363392]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableSecureUIAPaths"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2009-12-07 18:36 75320 ----a-w- c:\windows\System32\DeviceNP.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ DPPassFilter scecli
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"FirewallOverride"=dword:00000001
"DisableThumbnailCache"=dword:00000001
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-18 2045232]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-02-28 183560]
R3 DAMDrv;DAMDrv;c:\windows\system32\DRIVERS\DAMDrv64.sys [x]
R3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;c:\windows\SysWOW64\flcdlock.exe [2009-12-07 362040]
R3 netr28x;Ralink 802.11n Wireless Driver for Windows Vista;c:\windows\system32\DRIVERS\netr28x.sys [x]
R3 Revoflt;Revoflt;c:\windows\system32\DRIVERS\revoflt.sys [x]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [x]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S0 SafeBoot;SafeBoot; [x]
S0 SbAlg;SbAlg; [x]
S0 SbFsLock;SbFsLock; [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [x]
S1 RsvLock;RsvLock; [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_21dba265e7e67cda\AESTSr64.exe [2009-03-03 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Scheduler;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-12-15 86224]
S2 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [x]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [x]
S2 HP ProtectTools Service;HP ProtectTools Service;c:\program files (x86)\Hewlett-Packard\2009 Password Filter for HP ProtectTools\PTChangeFilterService.exe [2010-01-12 36864]
S2 HP Wireless Assistant Service;HP Wireless Assistant Service;c:\program files\Hewlett-Packard\HP Wireless Assistant\HPWA_Service.exe [2010-01-27 102968]
S2 HPDayStarterService;HP DayStarter Service;c:\program files\Hewlett-Packard\HP QuickLook\32-bit\HPDayStarterService.exe [2010-05-10 90112]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2010-06-16 92216]
S2 HpFkCryptService;Drive Encryption Service;c:\program files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2010-01-26 281192]
S2 HPFSService;File Sanitizer for HP ProtectTools;c:\program files (x86)\Hewlett-Packard\File Sanitizer\HPFSService.exe [2010-01-19 297984]
S2 hpHotkeyMonitor;HP Hotkey Monitor;c:\program files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe [2010-03-01 264248]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 pdfcDispatcher;PDF Document Manager;c:\program files (x86)\PDF Complete\pdfsvc.exe [2010-01-12 635416]
S2 uArcCapture;ArcCapture;c:\windows\system\uArcCapture.exe [2009-12-04 506472]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 ARCVCAM;ARCVCAM, ArcSoft Webcam Sharing Manager Driver;c:\windows\system32\DRIVERS\ArcSoftVCapture.sys [x]
S3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [x]
S3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
S3 DEBridge;DEBridge;c:\program files\Hewlett-Packard\Drive Encryption\SbHpAuthenticatorService.exe [2010-01-26 704512]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2010-01-22 18:06 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2012-01-10 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002Core.job
- c:\users\iwka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 22:53]
.
2012-01-11 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-367710519-3172954664-1994959074-1002UA.job
- c:\users\iwka\AppData\Local\Google\Update\GoogleUpdate.exe [2011-01-17 22:53]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"HPWirelessAssistant"="c:\program files\Hewlett-Packard\HP Wireless Assistant\DelayedAppStarter.exe" [2010-01-27 8192]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-01-29 487424]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.sk/
uLocal Page = c:\windows\system32\blank.htm
mStart Page = hxxp://www.bing.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: E&xportovať do programu Microsoft Excel - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Odoslať obrázok do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Odoslať stránku do &Zariadenia s rozhraním Bluetooth... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //FWEvent.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafee.com\*
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
Trusted Zone: siteadvisor.com\www
TCP: DhcpNameServer = 192.168.1.1 192.168.1.254
TCP: Interfaces\{DB7A69E8-B97E-4074-866C-6908AE06C13B}: NameServer = 172.22.19.254,88.212.8.8
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\pdfcDispatcher]
"ImagePath"="c:\program files (x86)\PDF Complete\pdfsvc.exe /startedbyscm:66B66708-40E2BE4D-pdfcService"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11c_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWOW64\\Macromed\\Flash\\Flash11c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\ManagedServices]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\mcafee\VSCORE]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Completion time: 2012-01-11 20:32:12
ComboFix-quarantined-files.txt 2012-01-11 19:32
ComboFix2.txt 2012-01-10 17:51
ComboFix3.txt 2012-01-10 16:36
.
Pre-Run: 172 511 858 688 bytes free
Post-Run: 172 234 895 360 bytes free
.
- - End Of File - - 77C28E736929E2DBDD6DFC65477AD950