Policie virus

[imicro]

Dobry den, aj moj NB navstivila policia CR. posiela log z RSITu.

Logfile of random's system information tool 1.09 (written by random/random)
Run by Tomas Spusta at 2013-01-11 17:16:07
WIN_7 Service Pack 1
System drive C: has 45 GB (16%) free of 288 GB
Total RAM: 3066 MB (66% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:23:19, on 11. 1. 2013
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\windows\system32\Dwm.exe
C:\windows\system32\taskhost.exe
C:\windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\acrotray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe
C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\Tomas Spusta\Downloads\Odstranovanie_Virov_RSIT\RSIT.exe
C:\Program Files\trend micro\Tomas Spusta.exe

R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
O2 - BHO: (no name) - {089FD14D-132B-48FC-8861-0048AE113215} - (no file)
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SynTPEnh] %ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\soundmax.exe /tray
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKCU\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun
O4 - HKCU\..\Run: [ISUSPM] "C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe" -scheduler
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - HKUS\S-1-5-21-2383188450-116661374-740416191-1001\..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2383188450-116661374-740416191-1021\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User '?')
O4 - HKUS\S-1-5-21-2383188450-116661374-740416191-1021\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User '?')
O4 - S-1-5-21-2383188450-116661374-740416191-1001 Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe (User '?')
O4 - Startup: Stardock ObjectDock.lnk = C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xportovať do programu Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: Odoslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&oslať do programu OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.clonewarsadventures.com
O15 - Trusted Zone: *.freerealms.com
O15 - Trusted Zone: *.soe.com
O15 - Trusted Zone: *.sony.com
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O17 - HKLM\Software\..\Telephony: DomainName = kn.vutbr.cz
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O17 - HKLM\System\CS2\Services\Tcpip\Parameters: Domain = kn.vutbr.cz
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O22 - SharedTaskScheduler: ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll
O23 - Service: Andrea ADI Filters Service (AEADIFilters) - Andrea Electronics Corporation - C:\windows\system32\AEADISRV.EXE
O23 - Service: Agere Modem Call Progress Audio (AgereModemAudio) - LSI Corporation - C:\Program Files\LSI SoftModem\agrsmsvc.exe
O23 - Service: AMD External Events Utility - AMD - C:\windows\system32\atiesrxx.exe
O23 - Service: Autodesk Licensing Service - Autodesk - C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Hewlett-Packard Company - C:\windows\system32\Hpservice.exe
O23 - Service: Intel(R) Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: PandoraService (PanService) - Pandora.TV - C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
O23 - Service: PostgreSQL Database Server 8.3 (pgsql-8.3) - PostgreSQL Global Development Group - C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
O23 - Service: PnkBstrA - Unknown owner - C:\windows\system32\PnkBstrA.exe
O23 - Service: Sandboxie Service (SbieSvc) - SANDBOXIE L.T.D - C:\POCITAC\TOMAS\HRY\sandbox\SbieSvc.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files\Common Files\Steam\SteamService.exe

--
End of file - 9771 bytes

=========Mozilla firefox=========

ProfilePath - C:\Users\Tomas Spusta\AppData\Roaming\Mozilla\Firefox\Profiles\0datutm4.default

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.265 Plugin
"Path"=C:\windows\system32\Macromed\Flash\NPSWF32_11_4_402_265.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@nexon.net/NxGame]
"Description"=Nexon Game Controller
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@ngm.nexoneu.com/NxGame]
"Description"=Nexon Game Controller
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@pandonetworks.com/PandoWebPlugin]
"Description"=This plugin detects and launches Pando Media Booster
"Path"=

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@soe.sony.com/installer,version=1.0.3]
"Description"=SOE Web Installer
"Path"=C:\Program Files\Sony Online Entertainment\npsoe.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@wolfram.com/Mathematica]
"Description"=Wolfram Mathematica Plug-in
"Path"=C:\Program Files\Common Files\Wolfram Research\Browser\8.0.1.2063897\npmathplugin.dll

C:\Program Files\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files\Mozilla Firefox\components\
binary.manifest
browsercomps.dll

C:\Program Files\Mozilla Firefox\searchplugins\
amazondotcom.xml
bing.xml
eBay.xml
google.xml
twitter.xml
wikipedia.xml
yahoo.xml

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{089FD14D-132B-48FC-8861-0048AE113215}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}]
Groove GFS Browser Helper - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9030D464-4C02-4ABF-8ECC-5164760863C6}]
Windows Live ID Sign-in Helper - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2009-08-18 403840]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2011-02-09 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll [2007-05-10 321120]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2010-06-04 1791272]
"SoundMAX"=C:\Program Files\Analog Devices\SoundMAX\soundmax.exe [2009-05-18 3866624]
"IAAnotif"=C:\Program Files\Intel\Intel Matrix Storage Manager\iaanotif.exe [2009-08-25 186904]
"StartCCC"=C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe [2010-05-27 98304]
"SoundMAXPnP"=C:\Program Files\Analog Devices\Core\smax4pnp.exe [2009-05-18 1314816]
"GrooveMonitor"=C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe [2009-02-26 30040]
"Acrobat Assistant 8.0"=C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe [2007-05-10 624248]
""= []
"MSC"=c:\Program Files\Microsoft Security Client\msseces.exe [2012-09-12 947176]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"=C:\Program Files\Windows Sidebar\sidebar.exe [2010-11-20 1174016]
"ISUSPM"=C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe [2006-09-11 218032]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KPeerNexonEU]
C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
C:\POCITAC\TOMAS\HRY\sandbox\SbieCtrl.exe [2012-08-25 545552]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
C:\POCITAC\TOMAS\HRY\steam\Steam.exe [2013-01-04 1354736]

C:\Users\Tomas Spusta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
Stardock ObjectDock.lnk - C:\Program Files\Stardock\ObjectDockFree\ObjectDock.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files\Stardock\ObjectDockFree\ODMenu.dll [2010-10-04 511344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{B5A7F190-DDA6-4420-B3BA-52453494E6CD}"=C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26 2217832]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\MsMpSvc]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=221

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"vidc.cvid"=iccvid.dll
"MSVideo8"=VfWWDM32.dll
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"wave2"=wdmaud.drv
"midi2"=wdmaud.drv
"mixer2"=wdmaud.drv
"wave3"=wdmaud.drv
"midi3"=wdmaud.drv
"mixer3"=wdmaud.drv
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"aux"=wdmaud.drv
"msacm.siren"=sirenacm.dll
"wave4"=wdmaud.drv
"midi4"=wdmaud.drv
"mixer4"=wdmaud.drv
"aux2"=wdmaud.drv
"VIDC.IV41"=IR41_32.AX
"vidc.mpeg"=bdmpegv.dll
"msacm.bdmpeg"=bdmpega.acm
"VIDC.FPS1"=frapsvid.dll
"vidc.mjpg"=bdmjpeg.dll
"wave5"=wdmaud.drv
"midi5"=wdmaud.drv
"mixer5"=wdmaud.drv
"aux3"=wdmaud.drv

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*
.scr - open - C:\windows\system32\notepad.exe "%1"
.scr - install -
.scr - config -

======List of files/folders created in the last 1 month======

2013-01-11 15:21:00 ----D---- C:\Users\Tomas Spusta\AppData\Roaming\Malwarebytes
2013-01-11 15:20:42 ----D---- C:\ProgramData\Malwarebytes
2013-01-11 15:20:38 ----A---- C:\windows\system32\drivers\mbam.sys
2013-01-11 14:13:42 ----A---- C:\windows\system32\dsgsdgdsgdsgw.js
2013-01-09 14:01:23 ----D---- C:\Program Files\Mozilla Thunderbird
2013-01-09 08:34:53 ----A---- C:\windows\system32\usp10.dll
2013-01-09 08:34:51 ----A---- C:\windows\system32\win32k.sys
2013-01-09 08:34:50 ----A---- C:\windows\system32\win32spl.dll
2013-01-09 08:34:30 ----A---- C:\windows\system32\msxml6.dll
2013-01-09 08:34:21 ----A---- C:\windows\system32\winsrv.dll
2013-01-09 08:34:21 ----A---- C:\windows\system32\KernelBase.dll
2013-01-09 08:34:21 ----A---- C:\windows\system32\kernel32.dll
2013-01-09 08:34:20 ----AH---- C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2013-01-09 08:34:20 ----AH---- C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2013-01-09 08:34:20 ----AH---- C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2013-01-09 08:34:20 ----A---- C:\windows\system32\conhost.exe
2013-01-09 08:34:19 ----AH---- C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2013-01-09 08:34:19 ----AH---- C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2013-01-09 08:34:19 ----AH---- C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2013-01-09 08:34:19 ----AH---- C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2013-01-09 08:34:18 ----AH---- C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2013-01-09 08:34:17 ----AH---- C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2013-01-09 08:33:46 ----A---- C:\windows\system32\gameux.dll
2013-01-09 08:33:45 ----A---- C:\windows\system32\Wpc.dll
2013-01-09 08:33:31 ----A---- C:\windows\system32\ncrypt.dll
2013-01-09 08:33:30 ----A---- C:\windows\system32\taskhost.exe
2013-01-03 09:36:39 ----A---- C:\windows\uninst.exe
2012-12-22 08:09:30 ----A---- C:\windows\system32\atmfd.dll
2012-12-22 08:09:29 ----A---- C:\windows\system32\atmlib.dll
2012-12-18 21:40:55 ----D---- C:\ProgramData\XHEO INC
2012-12-16 22:20:41 ----A---- C:\blitzerr.txt
2012-12-16 22:17:14 ----D---- C:\Users\Tomas Spusta\AppData\Roaming\HoldemManager
2012-12-16 16:17:36 ----D---- C:\windows\system32\catroot2
2012-12-16 14:07:16 ----RD---- C:\Sandbox
2012-12-16 13:28:26 ----A---- C:\windows\Sandboxie.ini
2012-12-13 07:14:04 ----A---- C:\windows\system32\mshtmled.dll
2012-12-13 07:14:03 ----A---- C:\windows\system32\vbscript.dll
2012-12-13 07:14:02 ----A---- C:\windows\system32\jsproxy.dll
2012-12-13 07:14:02 ----A---- C:\windows\system32\ieui.dll
2012-12-13 07:14:01 ----A---- C:\windows\system32\ieUnatt.exe
2012-12-13 07:14:00 ----A---- C:\windows\system32\msfeeds.dll
2012-12-13 07:13:59 ----A---- C:\windows\system32\wininet.dll
2012-12-13 07:13:59 ----A---- C:\windows\system32\jscript.dll
2012-12-13 07:13:58 ----A---- C:\windows\system32\url.dll
2012-12-13 07:13:58 ----A---- C:\windows\system32\jscript9.dll
2012-12-13 07:13:58 ----A---- C:\windows\system32\iertutil.dll
2012-12-13 07:13:57 ----A---- C:\windows\system32\urlmon.dll
2012-12-13 07:13:56 ----A---- C:\windows\system32\ieframe.dll
2012-12-13 07:13:54 ----A---- C:\windows\system32\mshtml.dll
2012-12-12 19:24:48 ----A---- C:\windows\system32\dpnet.dll
2012-12-12 19:24:39 ----A---- C:\windows\system32\tzres.dll

======List of files/folders modified in the last 1 month======

2013-01-11 17:17:10 ----D---- C:\Program Files\trend micro
2013-01-11 17:16:35 ----D---- C:\windows\Temp
2013-01-11 17:14:03 ----D---- C:\windows\system32\config
2013-01-11 17:12:41 ----D---- C:\windows\system32\drivers
2013-01-11 17:10:46 ----D---- C:\windows\Patches
2013-01-11 17:04:11 ----D---- C:\Users\Tomas Spusta\AppData\Roaming\Skype
2013-01-11 15:20:42 ----HD---- C:\ProgramData
2013-01-11 15:13:39 ----D---- C:\Users\Tomas Spusta\AppData\Roaming\uTorrent
2013-01-11 14:13:42 ----D---- C:\windows\System32
2013-01-10 19:54:28 ----D---- C:\Users\Tomas Spusta\AppData\Roaming\ApexDC++
2013-01-10 13:08:29 ----D---- C:\windows\Microsoft.NET
2013-01-10 13:08:28 ----RSD---- C:\windows\assembly
2013-01-10 09:01:46 ----D---- C:\windows\winsxs
2013-01-10 08:59:07 ----D---- C:\windows\system32\sk-SK
2013-01-09 21:13:34 ----SHD---- C:\windows\Installer
2013-01-09 21:13:17 ----A---- C:\windows\system32\PerfStringBackup.INI
2013-01-09 21:12:39 ----D---- C:\windows\inf
2013-01-09 21:09:20 ----D---- C:\ProgramData\Microsoft Help
2013-01-09 20:55:40 ----A---- C:\windows\system32\MRT.exe
2013-01-09 20:55:22 ----SHD---- C:\System Volume Information
2013-01-09 19:52:33 ----D---- C:\Program Files\Mozilla Maintenance Service
2013-01-09 19:52:32 ----RD---- C:\Program Files
2013-01-09 08:33:26 ----D---- C:\windows\system32\catroot
2013-01-08 19:07:08 ----D---- C:\POCITAC
2013-01-06 12:21:31 ----D---- C:\Users\Tomas Spusta\AppData\Roaming\Adobe
2013-01-05 13:10:21 ----D---- C:\Windows
2013-01-02 13:16:24 ----D---- C:\Program Files\Mozilla Firefox
2013-01-01 00:34:55 ----D---- C:\windows\rescache
2012-12-31 14:53:18 ----D---- C:\Poker
2012-12-19 09:14:09 ----D---- C:\Program Files\Opera
2012-12-18 21:40:49 ----D---- C:\Program Files\PSQLINSTALL
2012-12-18 19:49:58 ----D---- C:\windows\system32\Tasks
2012-12-18 16:48:39 ----D---- C:\HM2Archive
2012-12-16 15:04:36 ----D---- C:\Users\Tomas Spusta\AppData\Roaming\Wise Registry Cleaner
2012-12-13 07:24:43 ----D---- C:\windows\system32\migration
2012-12-13 07:24:43 ----D---- C:\Program Files\Internet Explorer

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 aic78xx;aic78xx; C:\windows\system32\DRIVERS\djsvs.sys [2009-07-14 70720]
R0 hpdskflt;HP Filter; C:\windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 25656]
R0 iaStor;Intel RAID Controller; C:\windows\system32\DRIVERS\iaStor.sys [2009-08-07 330264]
R0 MpFilter;Microsoft Malware Protection Driver; C:\windows\system32\DRIVERS\MpFilter.sys [2012-08-30 193552]
R0 pciide;pciide; C:\windows\system32\drivers\pciide.sys [2009-07-14 12368]
R0 PxHelp20;PxHelp20; C:\windows\System32\Drivers\PxHelp20.sys [2009-07-09 45200]
R0 rdyboost;ReadyBoost; C:\windows\System32\drivers\rdyboost.sys [2010-11-20 173440]
R0 sptd;sptd; C:\windows\System32\Drivers\sptd.sys [2010-09-22 691696]
R1 mfehidk;McAfee Inc. mfehidk; C:\windows\system32\drivers\mfehidk.sys [2009-05-16 214024]
R1 mfetdik;McAfee Inc. mfetdik; C:\windows\system32\drivers\mfetdik.sys [2009-05-16 55336]
R1 truecrypt;truecrypt; C:\windows\System32\drivers\truecrypt.sys [2012-11-23 231760]
R1 vwififlt;Virtual WiFi Filter Driver; C:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 48128]
R2 atksgt;atksgt; C:\windows\system32\DRIVERS\atksgt.sys [2011-11-13 281760]
R2 lirsgt;lirsgt; C:\windows\system32\DRIVERS\lirsgt.sys [2011-11-13 25888]
R2 NisDrv;Microsoft Network Inspection System; C:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-08-30 99272]
R3 5U876UVC;HP Webcam [2 MP series]; C:\windows\system32\DRIVERS\5U876.sys [2009-06-30 118656]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 35896]
R3 ADIHdAudAddService;ADI UAA Function Driver for High Definition Audio Service; C:\windows\system32\drivers\ADIHdAud.sys [2009-05-18 381440]
R3 AgereSoftModem;Agere Systems Soft Modem; C:\windows\system32\DRIVERS\AGRSM.sys [2010-01-26 1163328]
R3 amdkmdag;amdkmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
R3 amdkmdap;amdkmdap; C:\windows\system32\DRIVERS\atikmpag.sys [2010-05-27 209920]
R3 AtiHdmiService;ATI Service for HD Audio Codec; C:\windows\system32\drivers\AtiHdmi.sys [2009-07-24 103440]
R3 BCM43XX;Broadcom 802.11 - ovládač sieťového adaptéru; C:\windows\system32\DRIVERS\bcmwl6.sys [2010-06-09 2506232]
R3 SbieDrv;SbieDrv; \??\C:\POCITAC\TOMAS\HRY\sandbox\SbieDrv.sys [2012-08-25 157776]
R3 SynTP;Synaptics TouchPad Driver; C:\windows\system32\DRIVERS\SynTP.sys [2010-06-04 1303728]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service; C:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 14336]
S1 adjlbxgo;adjlbxgo; \??\C:\windows\system32\drivers\adjlbxgo.sys []
S1 ddduhsde;ddduhsde; \??\C:\windows\system32\drivers\ddduhsde.sys []
S1 gcdvcvjp;gcdvcvjp; \??\C:\windows\system32\drivers\gcdvcvjp.sys []
S1 gvadlwhn;gvadlwhn; \??\C:\windows\system32\drivers\gvadlwhn.sys []
S1 iseetmme;iseetmme; \??\C:\windows\system32\drivers\iseetmme.sys []
S1 jkstnpzn;jkstnpzn; \??\C:\windows\system32\drivers\jkstnpzn.sys []
S1 kaivuquc;kaivuquc; \??\C:\windows\system32\drivers\kaivuquc.sys []
S1 kcvhfkdv;kcvhfkdv; \??\C:\windows\system32\drivers\kcvhfkdv.sys []
S1 nbomqzhn;nbomqzhn; \??\C:\windows\system32\drivers\nbomqzhn.sys []
S1 nlatysep;nlatysep; \??\C:\windows\system32\drivers\nlatysep.sys []
S1 pcjffita;pcjffita; \??\C:\windows\system32\drivers\pcjffita.sys []
S1 qxjxjlhh;qxjxjlhh; \??\C:\windows\system32\drivers\qxjxjlhh.sys []
S1 sggdvcky;sggdvcky; \??\C:\windows\system32\drivers\sggdvcky.sys []
S1 ugswloij;ugswloij; \??\C:\windows\system32\drivers\ugswloij.sys []
S1 uuaavjtc;uuaavjtc; \??\C:\windows\system32\drivers\uuaavjtc.sys []
S2 Parvdm;Parvdm; C:\windows\system32\DRIVERS\parvdm.sys [2009-07-14 8704]
S3 ALSysIO;ALSysIO; \??\C:\Users\TOMASS~1\AppData\Local\Temp\ALSysIO.sys []
S3 amdagp;AMD AGP Bus Filter Driver; C:\windows\system32\drivers\amdagp.sys [2009-07-14 53312]
S3 atikmdag;atikmdag; C:\windows\system32\DRIVERS\atikmdag.sys [2010-05-27 5586432]
S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0; C:\windows\system32\DRIVERS\b57nd60x.sys [2009-07-13 229888]
S3 BthEnum;Bluetooth Request Block Driver; C:\windows\system32\drivers\BthEnum.sys [2009-07-14 34816]
S3 BthPan;Bluetooth Device (Personal Area Network); C:\windows\system32\DRIVERS\bthpan.sys [2009-07-14 93696]
S3 BTHPORT;Bluetooth Port Driver; C:\windows\System32\Drivers\BTHport.sys [2012-07-06 393728]
S3 BTHUSB;Bluetooth Radio USB Driver; C:\windows\System32\Drivers\BTHUSB.sys [2011-04-28 60416]
S3 btwaudio;Bluetooth Audio Device Service; C:\windows\system32\drivers\btwaudio.sys [2009-07-01 86056]
S3 btwavdt;Bluetooth AVDT Service; C:\windows\system32\DRIVERS\btwavdt.sys [2009-07-01 108072]
S3 btwl2cap;Bluetooth L2CAP Service; C:\windows\system32\DRIVERS\btwl2cap.sys [2009-04-08 29472]
S3 btwrchid;btwrchid; C:\windows\system32\DRIVERS\btwrchid.sys [2009-07-01 18344]
S3 dsnpfd;Dsnpfd Service; C:\windows\system32\DRIVERS\dsnpfd.sys []
S3 dsnpfdMP;dsnpfdMP; C:\windows\system32\DRIVERS\dsnpfd.sys []
S3 EagleNT;EagleNT; \??\C:\windows\system32\drivers\EagleNT.sys []
S3 EagleXNt;EagleXNt; \??\C:\windows\system32\drivers\EagleXNt.sys []
S3 gBTMouUsb;BT Mouse Device Drv; C:\windows\system32\DRIVERS\gBTMouUsb.sys []
S3 HpqKbFiltr;HpqKbFilter Driver; C:\windows\system32\DRIVERS\HpqKbFiltr.sys [2009-04-29 15872]
S3 igfx;igfx; C:\windows\system32\DRIVERS\igdkmd32.sys [2009-06-10 4756480]
S3 MfeAVFK;McAfee Inc. MfeAVFK; C:\windows\system32\drivers\MfeAVFK.sys [2009-05-16 79816]
S3 MfeBOPK;McAfee Inc. MfeBOPK; C:\windows\system32\drivers\MfeBOPK.sys [2009-05-16 35272]
S3 MfeRKDK;McAfee Inc. MfeRKDK; C:\windows\system32\drivers\MfeRKDK.sys [2009-05-16 34248]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit; C:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RFCOMM;Bluetooth Device (RFCOMM Protocol TDI); C:\windows\system32\DRIVERS\rfcomm.sys [2009-07-14 129536]
S3 sisagp;SIS AGP Bus Filter; C:\windows\system32\drivers\sisagp.sys [2009-07-14 52304]
S3 TPM;TPM; C:\windows\system32\drivers\tpm.sys [2009-07-14 30720]
S3 TsUsbFlt;TsUsbFlt; C:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
S3 usbscan;USB Scanner Driver; C:\windows\system32\DRIVERS\usbscan.sys [2009-07-14 35840]
S3 viaagp;VIA AGP Bus Filter; C:\windows\system32\drivers\viaagp.sys [2009-07-14 53328]
S3 ViaC7;VIA C7 Processor Driver; C:\windows\system32\DRIVERS\viac7.sys [2009-07-14 52736]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AEADIFilters;Andrea ADI Filters Service; C:\windows\system32\AEADISRV.EXE [2008-07-15 90112]
R2 AgereModemAudio;Agere Modem Call Progress Audio; C:\Program Files\LSI SoftModem\agrsmsvc.exe [2009-12-03 26112]
R2 AMD External Events Utility;AMD External Events Utility; C:\windows\system32\atiesrxx.exe [2010-05-27 176128]
R2 btwdins;Bluetooth Service; C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe [2009-07-30 582944]
R2 hpsrv;HP Service; C:\windows\system32\Hpservice.exe [2011-05-13 26168]
R2 MsMpSvc;Microsoft Antimalware Service; c:\Program Files\Microsoft Security Client\MsMpEng.exe [2012-09-12 20472]
R2 MSSQL$AUTODESKVAULT;SQL Server (AUTODESKVAULT); C:\Program Files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe [2010-12-10 29293408]
R2 PanService;PandoraService; C:\Program Files\PANDORA.TV\PanService\PandoraService.exe [2012-09-28 625304]
R2 pgsql-8.3;PostgreSQL Database Server 8.3; C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe [2009-12-10 65536]
R2 PnkBstrA;PnkBstrA; C:\windows\system32\PnkBstrA.exe [2012-09-16 76888]
R2 SbieSvc;Sandboxie Service; C:\POCITAC\TOMAS\HRY\sandbox\SbieSvc.exe [2012-08-25 85776]
R2 SQLBrowser;SQL Server Browser; C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe [2010-12-10 238944]
R2 SQLWriter;SQL Server VSS Writer; C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe [2010-12-10 86880]
R3 FLEXnet Licensing Service;FLEXnet Licensing Service; C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [2012-10-13 654848]
R3 NisSrv;@c:\Program Files\Microsoft Security Client\MpAsDesc.dll,-243; c:\Program Files\Microsoft Security Client\NisSrv.exe [2012-09-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 IAANTMON;Intel(R) Matrix Storage Event Monitor; C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe [2009-08-25 354840]
S2 SkypeUpdate;Skype Updater; C:\Program Files\Skype\Updater\Updater.exe [2012-11-09 160944]
S3 aspnet_state;ASP.NET State Service; C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe [2010-03-18 35160]
S3 Autodesk Licensing Service;Autodesk Licensing Service; C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe [2010-09-28 79360]
S3 Com4QLBEx;Com4QLBEx; C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2009-05-05 228408]
S3 hpqwmiex;hpqwmiex; C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
S3 Microsoft Office Groove Audit Service;Microsoft Office Groove Audit Service; C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe [2009-02-26 64856]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe [2013-01-09 115760]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2011-07-20 440696]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S3 Steam Client Service;Steam Client Service; C:\Program Files\Common Files\Steam\SteamService.exe [2012-11-19 489256]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\windows\system32\Wat\WatAdminSvc.exe [2010-06-12 1343400]
S4 Bonjour Service;##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762##; C:\Program Files\Bonjour\mDNSResponder.exe [2006-02-28 229376]
S4 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files\Common Files\LightScribe\LSSrvc.exe [2009-06-17 73728]
S4 MSSQLServerADHelper;SQL Server Active Directory Helper; C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe [2010-12-10 44384]
S4 myAgtSvc;McAfee Virus and Spyware Protection Service; C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe /ServiceStart []
S4 NetMsmqActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8195; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetPipeActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8197; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 NetTcpActivator;@C:\windows\Microsoft.NET\Framework\v4.0.30319\\ServiceModelInstallRC.dll,-8199; C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe [2010-03-18 124240]
S4 npggsvc;nProtect GameGuard Service; C:\windows\system32\GameMon.des [2010-06-15 3583592]
S4 RoxMediaDB10;RoxMediaDB10; c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [2009-06-13 1120752]
S4 stllssvr;stllssvr; c:\Program Files\Common Files\SureThing Shared\stllssvr.exe [2009-04-30 74392]

-----------------EOF-----------------

[imicro]

Preskenoval som to pomocou OTL, a po dlhsom case scannu vyhodilo tabulku, ze nemoze vytvorit cmd.bat na ploche. Dal som OK a pokracuje v scane (momentalne registrov)

[imicro]

Ja som si UAC vypol, takze stale to moze blokovat UAC ?
A dalsia otazka, kolko taky scan moze trvat ? Pretoze uz to scanuje 3hodiny...

[imicro]

Tak vypol som OTL. Co dalej?

Edit.: Dopr**le, nevsimol som si, ze na fore je iny cas ako mam kompe a ze este hodina nepresla.

[imicro]

LOG Z COMBOFIX

ComboFix 13-01-11.02 - Tomas Spusta . 01. 2013 21:15:39.1.2 - x86
Running from: c:\users\Tomas Spusta\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
c:\program files\RelevantKnowledge
c:\users\Tomas Spusta\AppData\Local\assembly\tmp
c:\users\Tomas Spusta\AppData\Roaming\58587.exe
c:\users\Tomas Spusta\AppData\Roaming\60340.exe
c:\users\Tomas Spusta\AppData\Roaming\89229.exe
c:\windows\Downloaded Program Files\IDropPTB.dll
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\system32\drivers\etc\hosts.ics
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 20:31 . 2013-01-11 20:36 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\temp
2013-01-11 20:31 . 2013-01-11 20:31 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-01-11 20:31 . 2013-01-11 20:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 20:12 . 2013-01-11 20:12 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\MpKslf0626fe0.sys ERROR(0x00000005)
2013-01-11 17:01 . 2013-01-11 17:01 512 ----a-w- C:\PhysicalMBR.bin
2013-01-11 16:14 . 2013-01-11 20:34 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\offreg.dll ERROR(0x00000005)
2013-01-11 14:21 . 2013-01-11 14:21 -------- d-----w- c:\users\Tomas Spusta\AppData\Roaming\Malwarebytes
2013-01-11 14:20 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-11 13:25 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\mpengine.dll ERROR(0x00000005)
2013-01-11 13:13 . 2013-01-11 13:13 2966 ----a-w- c:\windows\system32\dsgsdgdsgdsgw.js
2013-01-10 08:12 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2013-01-09 13:01 . 2013-01-09 18:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-01-09 07:33 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-03 13:01 . 2013-01-03 13:01 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\Little_Apps
2013-01-03 08:36 . 1996-07-18 12:06 297472 ----a-w- c:\windows\uninst.exe
2012-12-29 21:51 . 2013-01-03 09:08 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\join.me
2012-12-25 17:34 . 2012-12-25 17:34 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-12-22 07:09 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 07:09 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 20:43 . 2012-12-18 20:47 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\PokerTracker 4
2012-12-16 21:17 . 2012-12-18 20:41 -------- d-----w- c:\users\Tomas Spusta\AppData\Roaming\HoldemManager
2012-12-16 15:17 . 2013-01-09 07:33 -------- d-----w- c:\windows\system32\catroot2
2012-12-16 13:07 . 2012-12-16 13:07 -------- d-----r- C:\Sandbox
2012-12-13 06:14 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 06:14 . 2012-11-16 16:33 149536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-12-13 06:14 . 2012-11-14 01:51 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-12-13 06:14 . 2012-11-14 01:48 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-12-13 06:14 . 2012-11-14 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-13 06:14 . 2012-11-14 01:52 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-12-13 06:13 . 2012-11-14 01:57 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-12-13 06:13 . 2012-11-16 16:33 757280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-12-13 06:13 . 2012-11-14 02:09 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 06:13 . 2012-11-14 02:00 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 06:13 . 2012-11-14 02:01 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-12-13 06:13 . 2012-11-14 01:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 17:16 . 2012-11-28 17:17 740840 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{511114FE-9449-436F-82CE-C46D0A7C3FED}\gapaengine.dll ERROR(0x00000005)
2012-11-23 14:56 . 2012-11-23 14:56 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-11-09 04:42 . 2012-12-12 18:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 18:24 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 07:39 . 2012-11-28 05:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-12-25 17:34 . 2012-08-19 20:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
.
c:\users\Tomas Spusta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Stardock ObjectDock.lnk - c:\program files\Stardock\ObjectDockFree\ObjectDock.exe [2010-10-6 3768176]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-08-25 20:27 545552 ----a-w- c:\pocitac\TOMAS\HRY\sandbox\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-01-04 14:23 1354736 ----a-w- c:\pocitac\TOMAS\HRY\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R1 adjlbxgo;adjlbxgo;c:\windows\system32\drivers\adjlbxgo.sys [x]
R1 ddduhsde;ddduhsde;c:\windows\system32\drivers\ddduhsde.sys [x]
R1 gcdvcvjp;gcdvcvjp;c:\windows\system32\drivers\gcdvcvjp.sys [x]
R1 gvadlwhn;gvadlwhn;c:\windows\system32\drivers\gvadlwhn.sys [x]
R1 iseetmme;iseetmme;c:\windows\system32\drivers\iseetmme.sys [x]
R1 jkstnpzn;jkstnpzn;c:\windows\system32\drivers\jkstnpzn.sys [x]
R1 kaivuquc;kaivuquc;c:\windows\system32\drivers\kaivuquc.sys [x]
R1 kcvhfkdv;kcvhfkdv;c:\windows\system32\drivers\kcvhfkdv.sys [x]
R1 nbomqzhn;nbomqzhn;c:\windows\system32\drivers\nbomqzhn.sys [x]
R1 nlatysep;nlatysep;c:\windows\system32\drivers\nlatysep.sys [x]
R1 pcjffita;pcjffita;c:\windows\system32\drivers\pcjffita.sys [x]
R1 qxjxjlhh;qxjxjlhh;c:\windows\system32\drivers\qxjxjlhh.sys [x]
R1 sggdvcky;sggdvcky;c:\windows\system32\drivers\sggdvcky.sys [x]
R1 ugswloij;ugswloij;c:\windows\system32\drivers\ugswloij.sys [x]
R1 uuaavjtc;uuaavjtc;c:\windows\system32\drivers\uuaavjtc.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\TOMASS~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dsnpfd;Dsnpfd Service;c:\windows\system32\DRIVERS\dsnpfd.sys [x]
R3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gBTMouUsb;BT Mouse Device Drv;c:\windows\system32\DRIVERS\gBTMouUsb.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 MpKslf0626fe0;MpKslf0626fe0;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\MpKslf0626fe0.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [x]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [x]
S3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Trusted Zone: //about.htm/
Trusted Zone: //Exclude.htm/
Trusted Zone: //LanguageSelection.htm/
Trusted Zone: //Message.htm/
Trusted Zone: //MyAgttryCmd.htm/
Trusted Zone: //MyAgttryNag.htm/
Trusted Zone: //MyNotification.htm/
Trusted Zone: //NOCLessUpdate.htm/
Trusted Zone: //quarantine.htm/
Trusted Zone: //ScanNow.htm/
Trusted Zone: //strings.vbs/
Trusted Zone: //Template.htm/
Trusted Zone: //Update.htm/
Trusted Zone: //VirFound.htm/
Trusted Zone: mcafeeasap.com\betavscan
Trusted Zone: mcafeeasap.com\vs
Trusted Zone: mcafeeasap.com\www
TCP: DhcpNameServer = 147.229.191.143 147.229.190.143
FF - ProfilePath - c:\users\Tomas Spusta\AppData\Roaming\Mozilla\Firefox\Profiles\0datutm4.default\
.
.
------- File Associations -------
.
.scr=AutoCADScriptFile
.
- - - - ORPHANS REMOVED - - - -
.
SafeBoot-Wdf01000.sys
MSConfigStartUp-Adobe ARM - c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
MSConfigStartUp-KPeerNexonEU - c:\nexon\NEXON_EU_Downloader\nxEULauncher.exe
AddRemove-LSI Soft Modem - c:\windows\agrsmdel
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2383188450-116661374-740416191-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:08,90,1f,f4,a5,cc,5c,95,f0,f4,b8,ab,c1,fe,31,66,c3,65,12,a8,ed,a9,bf,
ef,c6,0e,1c,c9,2e,75,c5,18,6d,36,31,f4,0a,29,2a,96,41,19,3c,3a,0a,27,1c,13,\
"??"=hex:59,fc,fd,6d,35,44,d2,2a,87,ef,2c,46,f9,90,a7,fd
.
[HKEY_USERS\S-1-5-21-2383188450-116661374-740416191-1001\Software\SecuROM\License information*]
"datasecu"=hex:c6,62,28,2f,2b,d2,25,91,c9,28,25,20,c1,1b,f7,4d,b9,64,b0,88,d5,
66,3c,08,27,85,39,ab,df,89,a6,3d,4d,0a,f5,6a,8d,2a,c2,b5,95,b7,4d,5c,2f,c8,\
"rkeysecu"=hex:7e,6e,32,9d,e3,6b,f8,56,da,63,ba,55,55,d1,15,8e
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(1672)
c:\program files\Stardock\ObjectDockFree\DockShellHook.dll
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\pocitac\TOMAS\HRY\sandbox\SbieSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\Microsoft Security Client\MpCmdRun.exe
.
**************************************************************************
.
Completion time: 2013-01-11 21:43:48 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-11 20:43
.
Pre-Run: 45 168 218 112 bytes free
Post-Run: 45 185 847 296 bytes free
.
- - End Of File - - BE08DEB7111BDAA53B99BB8A8141248A

[imicro]

A ten druhy program sa mi nepodarilo spustit. Pise: " Vyskytol sa pokus o nepovolenu operaciu s klucom databazy Registry, ktory bol oznaceny na odstanenie".

[imicro]

LOG Z KILLERA

21:57:45.0775 4136 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
21:57:46.0114 4136 ============================================================
21:57:46.0114 4136 Current date / time: 2013/01/11 21:57:46.0114
21:57:46.0114 4136 SystemInfo:
21:57:46.0114 4136
21:57:46.0114 4136 OS Version: 6.1.7601 ServicePack: 1.0
21:57:46.0114 4136 Product type: Workstation
21:57:46.0114 4136 ComputerName: B07-120A
21:57:46.0114 4136 UserName: Tomas Spusta
21:57:46.0114 4136 Windows directory: C:\windows
21:57:46.0114 4136 System windows directory: C:\windows
21:57:46.0114 4136 Processor architecture: Intel x86
21:57:46.0114 4136 Number of processors: 2
21:57:46.0114 4136 Page size: 0x1000
21:57:46.0114 4136 Boot type: Normal boot
21:57:46.0114 4136 ============================================================
21:57:47.0576 4136 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:57:47.0578 4136 ============================================================
21:57:47.0578 4136 \Device\Harddisk0\DR0:
21:57:47.0579 4136 MBR partitions:
21:57:47.0579 4136 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x96000
21:57:47.0579 4136 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x96800, BlocksNum 0x23197800
21:57:47.0579 4136 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2322E000, BlocksNum 0x1E00000
21:57:47.0579 4136 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x2502E000, BlocksNum 0x3FD800
21:57:47.0579 4136 ============================================================
21:57:47.0611 4136 C: <-> \Device\Harddisk0\DR0\Partition2
21:57:47.0637 4136 E: <-> \Device\Harddisk0\DR0\Partition4
21:57:47.0638 4136 ============================================================
21:57:47.0638 4136 Initialize success
21:57:47.0638 4136 ============================================================
21:58:04.0164 3872 ============================================================
21:58:04.0165 3872 Scan started
21:58:04.0165 3872 Mode: Manual; SigCheck; TDLFS;
21:58:04.0165 3872 ============================================================
21:58:05.0904 3872 ================ Scan system memory ========================
21:58:05.0904 3872 System memory - ok
21:58:05.0905 3872 ================ Scan services =============================
21:58:06.0188 3872 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\windows\system32\drivers\1394ohci.sys
21:58:06.0434 3872 1394ohci - ok
21:58:06.0498 3872 [ 080A40550FB95A328917512F3F5A0409 ] 5U876UVC C:\windows\system32\DRIVERS\5U876.sys
21:58:06.0602 3872 5U876UVC - ok
21:58:06.0693 3872 [ CC1F1D3D70DC13C2C281488D347D4415 ] Accelerometer C:\windows\system32\DRIVERS\Accelerometer.sys
21:58:06.0726 3872 Accelerometer - ok
21:58:06.0803 3872 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\windows\system32\drivers\ACPI.sys
21:58:06.0855 3872 ACPI - ok
21:58:06.0938 3872 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\windows\system32\drivers\acpipmi.sys
21:58:07.0022 3872 AcpiPmi - ok
21:58:07.0132 3872 [ 6C61BCEB60C2C187E6F96001FD69493E ] ADIHdAudAddService C:\windows\system32\drivers\ADIHdAud.sys
21:58:07.0228 3872 ADIHdAudAddService - ok
21:58:07.0272 3872 adjlbxgo - ok
21:58:07.0366 3872 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
21:58:07.0426 3872 adp94xx - ok
21:58:07.0458 3872 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
21:58:07.0510 3872 adpahci - ok
21:58:07.0546 3872 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
21:58:07.0590 3872 adpu320 - ok
21:58:07.0619 3872 [ 4DC6B0772D1698F04FC79053A21C8260 ] AEADIFilters C:\windows\system32\AEADISRV.EXE
21:58:07.0644 3872 AEADIFilters - ok
21:58:07.0676 3872 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
21:58:07.0737 3872 AeLookupSvc - ok
21:58:07.0811 3872 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\windows\system32\drivers\afd.sys
21:58:07.0907 3872 AFD - ok
21:58:08.0001 3872 [ 48091A2374A69F473273C44951195452 ] AgereModemAudio C:\Program Files\LSI SoftModem\agrsmsvc.exe
21:58:08.0031 3872 AgereModemAudio - ok
21:58:08.0070 3872 [ C6FA08A8CCA9001F3197525B07331715 ] AgereSoftModem C:\windows\system32\DRIVERS\AGRSM.sys
21:58:08.0187 3872 AgereSoftModem - ok
21:58:08.0229 3872 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\windows\system32\drivers\agp440.sys
21:58:08.0266 3872 agp440 - ok
21:58:08.0337 3872 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\windows\system32\DRIVERS\djsvs.sys
21:58:08.0376 3872 aic78xx - ok
21:58:08.0426 3872 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\windows\System32\alg.exe
21:58:08.0523 3872 ALG - ok
21:58:08.0559 3872 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\windows\system32\drivers\aliide.sys
21:58:08.0596 3872 aliide - ok
21:58:08.0832 3872 ALSysIO - ok
21:58:08.0883 3872 [ 60201AD353105D8C6796C1B69E6C49F0 ] AMD External Events Utility C:\windows\system32\atiesrxx.exe
21:58:08.0985 3872 AMD External Events Utility - ok
21:58:09.0014 3872 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\windows\system32\drivers\amdagp.sys
21:58:09.0054 3872 amdagp - ok
21:58:09.0117 3872 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\windows\system32\drivers\amdide.sys
21:58:09.0153 3872 amdide - ok
21:58:09.0193 3872 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
21:58:09.0276 3872 AmdK8 - ok
21:58:09.0592 3872 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] amdkmdag C:\windows\system32\DRIVERS\atikmdag.sys
21:58:09.0931 3872 amdkmdag - ok
21:58:10.0014 3872 [ CD1D86AB81EECE67D7BD6F7EF9786CCC ] amdkmdap C:\windows\system32\DRIVERS\atikmpag.sys
21:58:10.0044 3872 amdkmdap - ok
21:58:10.0084 3872 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
21:58:10.0127 3872 AmdPPM - ok
21:58:10.0163 3872 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\windows\system32\drivers\amdsata.sys
21:58:10.0189 3872 amdsata - ok
21:58:10.0213 3872 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
21:58:10.0247 3872 amdsbs - ok
21:58:10.0261 3872 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\windows\system32\drivers\amdxata.sys
21:58:10.0285 3872 amdxata - ok
21:58:10.0328 3872 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\windows\system32\drivers\appid.sys
21:58:10.0448 3872 AppID - ok
21:58:10.0474 3872 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\windows\System32\appidsvc.dll
21:58:10.0548 3872 AppIDSvc - ok
21:58:10.0608 3872 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\windows\System32\appinfo.dll
21:58:10.0695 3872 Appinfo - ok
21:58:10.0751 3872 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\windows\system32\DRIVERS\arc.sys
21:58:10.0790 3872 arc - ok
21:58:10.0810 3872 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
21:58:10.0849 3872 arcsas - ok
21:58:10.0981 3872 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
21:58:11.0033 3872 aspnet_state - ok
21:58:11.0081 3872 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
21:58:11.0259 3872 AsyncMac - ok
21:58:11.0308 3872 [ 338C86357871C167A96AB976519BF59E ] atapi C:\windows\system32\drivers\atapi.sys
21:58:11.0351 3872 atapi - ok
21:58:11.0410 3872 [ E2398389648B5D44DC63CA43FDD5B3F8 ] AtiHdmiService C:\windows\system32\drivers\AtiHdmi.sys
21:58:11.0442 3872 AtiHdmiService - ok
21:58:11.0627 3872 [ 51610B74A9A1D84DC86FCE1019BEAFF4 ] atikmdag C:\windows\system32\DRIVERS\atikmdag.sys
21:58:11.0826 3872 atikmdag - ok
21:58:11.0899 3872 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\windows\system32\DRIVERS\atksgt.sys
21:58:11.0949 3872 atksgt - ok
21:58:12.0021 3872 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
21:58:12.0146 3872 AudioEndpointBuilder - ok
21:58:12.0165 3872 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\windows\System32\Audiosrv.dll
21:58:12.0251 3872 Audiosrv - ok
21:58:12.0382 3872 [ 91815C2481847A782C90117D10E2ED50 ] Autodesk Licensing Service C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe
21:58:12.0773 3872 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:58:12.0773 3872 Autodesk Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:58:12.0827 3872 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\windows\System32\AxInstSV.dll
21:58:12.0933 3872 AxInstSV - ok
21:58:12.0974 3872 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\windows\system32\DRIVERS\bxvbdx.sys
21:58:13.0071 3872 b06bdrv - ok
21:58:13.0120 3872 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\windows\system32\DRIVERS\b57nd60x.sys
21:58:13.0174 3872 b57nd60x - ok
21:58:13.0302 3872 [ B9E94D37FC08525D893B632A0CA2E18C ] BCM43XX C:\windows\system32\DRIVERS\bcmwl6.sys
21:58:13.0436 3872 BCM43XX - ok
21:58:13.0477 3872 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\windows\System32\bdesvc.dll
21:58:13.0563 3872 BDESVC - ok
21:58:13.0590 3872 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\windows\system32\drivers\Beep.sys
21:58:13.0659 3872 Beep - ok
21:58:13.0719 3872 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\windows\System32\bfe.dll
21:58:13.0778 3872 BFE - ok
21:58:13.0828 3872 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\windows\system32\qmgr.dll
21:58:13.0915 3872 BITS - ok
21:58:13.0956 3872 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
21:58:14.0011 3872 blbdrive - ok
21:58:14.0082 3872 [ 73686FE0B2E0469F89FD2075BE724704 ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
21:58:14.0297 3872 Bonjour Service ( UnsignedFile.Multi.Generic ) - warning
21:58:14.0297 3872 Bonjour Service - detected UnsignedFile.Multi.Generic (1)
21:58:14.0328 3872 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\windows\system32\DRIVERS\bowser.sys
21:58:14.0408 3872 bowser - ok
21:58:14.0429 3872 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
21:58:14.0534 3872 BrFiltLo - ok
21:58:14.0557 3872 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
21:58:14.0636 3872 BrFiltUp - ok
21:58:14.0671 3872 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\windows\system32\DRIVERS\bridge.sys
21:58:14.0759 3872 BridgeMP - ok
21:58:14.0806 3872 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\windows\System32\browser.dll
21:58:14.0885 3872 Browser - ok
21:58:14.0916 3872 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\windows\System32\Drivers\Brserid.sys
21:58:14.0996 3872 Brserid - ok
21:58:15.0028 3872 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
21:58:15.0074 3872 BrSerWdm - ok
21:58:15.0096 3872 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
21:58:15.0153 3872 BrUsbMdm - ok
21:58:15.0181 3872 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
21:58:15.0238 3872 BrUsbSer - ok
21:58:15.0303 3872 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\windows\system32\drivers\BthEnum.sys
21:58:15.0464 3872 BthEnum - ok
21:58:15.0491 3872 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
21:58:15.0536 3872 BTHMODEM - ok
21:58:15.0585 3872 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\windows\system32\DRIVERS\bthpan.sys
21:58:15.0646 3872 BthPan - ok
21:58:15.0690 3872 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\windows\System32\Drivers\BTHport.sys
21:58:15.0751 3872 BTHPORT - ok
21:58:15.0800 3872 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\windows\system32\bthserv.dll
21:58:15.0896 3872 bthserv - ok
21:58:15.0923 3872 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\windows\System32\Drivers\BTHUSB.sys
21:58:15.0961 3872 BTHUSB - ok
21:58:16.0010 3872 [ D57D29132EFE13A83133D9BD449E0CF1 ] btwaudio C:\windows\system32\drivers\btwaudio.sys
21:58:16.0044 3872 btwaudio - ok
21:58:16.0090 3872 [ D282C14A69357D0E1BAFAECC2CA98C3A ] btwavdt C:\windows\system32\DRIVERS\btwavdt.sys
21:58:16.0123 3872 btwavdt - ok
21:58:16.0218 3872 [ 7D2DD14E60CE4FF3308D66FDA7990546 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
21:58:16.0272 3872 btwdins - ok
21:58:16.0293 3872 [ AAFD7CB76BA61FBB08E302DA208C974A ] btwl2cap C:\windows\system32\DRIVERS\btwl2cap.sys
21:58:16.0319 3872 btwl2cap - ok
21:58:16.0364 3872 [ 02EB4D2B05967DF2D32F29C84AB1FB17 ] btwrchid C:\windows\system32\DRIVERS\btwrchid.sys
21:58:16.0393 3872 btwrchid - ok
21:58:16.0400 3872 catchme - ok
21:58:16.0460 3872 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
21:58:16.0551 3872 cdfs - ok
21:58:16.0612 3872 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
21:58:16.0671 3872 cdrom - ok
21:58:16.0721 3872 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\windows\System32\certprop.dll
21:58:16.0809 3872 CertPropSvc - ok
21:58:16.0854 3872 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\windows\system32\DRIVERS\circlass.sys
21:58:16.0905 3872 circlass - ok
21:58:16.0943 3872 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\windows\system32\CLFS.sys
21:58:16.0989 3872 CLFS - ok
21:58:17.0031 3872 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:58:17.0067 3872 clr_optimization_v2.0.50727_32 - ok
21:58:17.0123 3872 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:58:17.0235 3872 clr_optimization_v4.0.30319_32 - ok
21:58:17.0254 3872 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
21:58:17.0312 3872 CmBatt - ok
21:58:17.0349 3872 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\windows\system32\drivers\cmdide.sys
21:58:17.0385 3872 cmdide - ok
21:58:17.0435 3872 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\windows\system32\Drivers\cng.sys
21:58:17.0502 3872 CNG - ok
21:58:17.0578 3872 [ F9A79C5B27037821112C50A9C8FB367A ] Com4QLBEx C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
21:58:17.0615 3872 Com4QLBEx - ok
21:58:17.0665 3872 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
21:58:17.0701 3872 Compbatt - ok
21:58:17.0717 3872 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\windows\system32\drivers\CompositeBus.sys
21:58:17.0777 3872 CompositeBus - ok
21:58:17.0806 3872 COMSysApp - ok
21:58:17.0835 3872 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
21:58:17.0872 3872 crcdisk - ok
21:58:17.0921 3872 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\windows\system32\cryptsvc.dll
21:58:17.0999 3872 CryptSvc - ok
21:58:18.0058 3872 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\windows\system32\rpcss.dll
21:58:18.0157 3872 DcomLaunch - ok
21:58:18.0229 3872 ddduhsde - ok
21:58:18.0272 3872 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\windows\System32\defragsvc.dll
21:58:18.0385 3872 defragsvc - ok
21:58:18.0430 3872 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\windows\system32\Drivers\dfsc.sys
21:58:18.0523 3872 DfsC - ok
21:58:18.0568 3872 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\windows\system32\dhcpcore.dll
21:58:18.0656 3872 Dhcp - ok
21:58:18.0687 3872 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\windows\system32\drivers\discache.sys
21:58:18.0783 3872 discache - ok
21:58:18.0830 3872 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\windows\system32\DRIVERS\disk.sys
21:58:18.0869 3872 Disk - ok
21:58:18.0909 3872 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\windows\System32\dnsrslvr.dll
21:58:18.0999 3872 Dnscache - ok
21:58:19.0047 3872 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\windows\System32\dot3svc.dll
21:58:19.0142 3872 dot3svc - ok
21:58:19.0182 3872 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\windows\system32\dps.dll
21:58:19.0419 3872 DPS - ok
21:58:19.0467 3872 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
21:58:19.0530 3872 drmkaud - ok
21:58:19.0572 3872 dsnpfd - ok
21:58:19.0606 3872 dsnpfdMP - ok
21:58:19.0671 3872 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
21:58:19.0734 3872 DXGKrnl - ok
21:58:19.0780 3872 EagleNT - ok
21:58:19.0803 3872 EagleXNt - ok
21:58:19.0861 3872 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\windows\System32\eapsvc.dll
21:58:19.0962 3872 EapHost - ok
21:58:20.0094 3872 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\windows\system32\DRIVERS\evbdx.sys
21:58:20.0246 3872 ebdrv - ok
21:58:20.0293 3872 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\windows\System32\lsass.exe
21:58:20.0357 3872 EFS - ok
21:58:20.0434 3872 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\windows\ehome\ehRecvr.exe
21:58:20.0633 3872 ehRecvr - ok
21:58:20.0660 3872 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\windows\ehome\ehsched.exe
21:58:20.0810 3872 ehSched - ok
21:58:20.0874 3872 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
21:58:20.0932 3872 elxstor - ok
21:58:20.0951 3872 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\windows\system32\drivers\errdev.sys
21:58:21.0003 3872 ErrDev - ok
21:58:21.0081 3872 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\windows\system32\es.dll
21:58:21.0166 3872 EventSystem - ok
21:58:21.0203 3872 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\windows\system32\drivers\exfat.sys
21:58:21.0304 3872 exfat - ok
21:58:21.0338 3872 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\windows\system32\drivers\fastfat.sys
21:58:21.0430 3872 fastfat - ok
21:58:21.0483 3872 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\windows\system32\fxssvc.exe
21:58:21.0567 3872 Fax - ok
21:58:21.0598 3872 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\windows\system32\DRIVERS\fdc.sys
21:58:21.0624 3872 fdc - ok
21:58:21.0643 3872 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\windows\system32\fdPHost.dll
21:58:21.0709 3872 fdPHost - ok
21:58:21.0735 3872 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\windows\system32\fdrespub.dll
21:58:21.0808 3872 FDResPub - ok
21:58:21.0846 3872 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
21:58:21.0885 3872 FileInfo - ok
21:58:21.0909 3872 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\windows\system32\drivers\filetrace.sys
21:58:22.0002 3872 Filetrace - ok
21:58:22.0106 3872 [ 227846995AFEEFA70D328BF5334A86A5 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
21:58:22.0158 3872 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - warning
21:58:22.0158 3872 FLEXnet Licensing Service - detected UnsignedFile.Multi.Generic (1)
21:58:22.0185 3872 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
21:58:22.0225 3872 flpydisk - ok
21:58:22.0268 3872 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
21:58:22.0312 3872 FltMgr - ok
21:58:22.0376 3872 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\windows\system32\FntCache.dll
21:58:22.0478 3872 FontCache - ok
21:58:22.0528 3872 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:58:22.0559 3872 FontCache3.0.0.0 - ok
21:58:22.0588 3872 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\windows\system32\drivers\FsDepends.sys
21:58:22.0629 3872 FsDepends - ok
21:58:22.0667 3872 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
21:58:22.0704 3872 Fs_Rec - ok
21:58:22.0768 3872 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
21:58:22.0821 3872 fvevol - ok
21:58:22.0866 3872 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
21:58:22.0905 3872 gagp30kx - ok
21:58:22.0925 3872 gBTMouUsb - ok
21:58:22.0962 3872 gcdvcvjp - ok
21:58:23.0011 3872 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\windows\System32\gpsvc.dll
21:58:23.0116 3872 gpsvc - ok
21:58:23.0128 3872 gvadlwhn - ok
21:58:23.0153 3872 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
21:58:23.0232 3872 hcw85cir - ok
21:58:23.0314 3872 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
21:58:23.0391 3872 HdAudAddService - ok
21:58:23.0439 3872 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\windows\system32\drivers\HDAudBus.sys
21:58:23.0483 3872 HDAudBus - ok
21:58:23.0530 3872 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
21:58:23.0597 3872 HidBatt - ok
21:58:23.0644 3872 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
21:58:23.0709 3872 HidBth - ok
21:58:23.0721 3872 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\windows\system32\DRIVERS\hidir.sys
21:58:23.0789 3872 HidIr - ok
21:58:23.0814 3872 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\windows\System32\hidserv.dll
21:58:23.0911 3872 hidserv - ok
21:58:23.0954 3872 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
21:58:24.0005 3872 HidUsb - ok
21:58:24.0048 3872 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\windows\system32\kmsvc.dll
21:58:24.0139 3872 hkmsvc - ok
21:58:24.0168 3872 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\windows\system32\ListSvc.dll
21:58:24.0261 3872 HomeGroupListener - ok
21:58:24.0308 3872 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\windows\system32\provsvc.dll
21:58:24.0374 3872 HomeGroupProvider - ok
21:58:24.0414 3872 [ 4EF10B866C62ABBEAF7511CDD05A19BE ] hpdskflt C:\windows\system32\DRIVERS\hpdskflt.sys
21:58:24.0442 3872 hpdskflt - ok
21:58:24.0491 3872 [ 1210960FF8928950D2A786895B0C424A ] HpqKbFiltr C:\windows\system32\DRIVERS\HpqKbFiltr.sys
21:58:24.0503 3872 HpqKbFiltr ( UnsignedFile.Multi.Generic ) - warning
21:58:24.0504 3872 HpqKbFiltr - detected UnsignedFile.Multi.Generic (1)
21:58:24.0541 3872 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
21:58:24.0578 3872 hpqwmiex - ok
21:58:24.0634 3872 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\windows\system32\drivers\HpSAMD.sys
21:58:24.0673 3872 HpSAMD - ok
21:58:24.0717 3872 [ C0BEB56ED79B59B7B33D0AA6C38A0BA6 ] hpsrv C:\windows\system32\Hpservice.exe
21:58:24.0745 3872 hpsrv - ok
21:58:24.0799 3872 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\windows\system32\drivers\HTTP.sys
21:58:24.0886 3872 HTTP - ok
21:58:24.0931 3872 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
21:58:24.0968 3872 hwpolicy - ok
21:58:25.0023 3872 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
21:58:25.0091 3872 i8042prt - ok
21:58:25.0155 3872 [ F54B3DB096ABD6E9BBBD052FD3878A48 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
21:58:25.0209 3872 IAANTMON - ok
21:58:25.0245 3872 [ 01446278D4563B3013C92830AE6CBB26 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
21:58:25.0284 3872 iaStor - ok
21:58:25.0338 3872 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\windows\system32\drivers\iaStorV.sys
21:58:25.0388 3872 iaStorV - ok
21:58:25.0448 3872 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:58:25.0518 3872 idsvc - ok
21:58:25.0696 3872 [ AD626F6964F4D364D226C39E06872DD3 ] igfx C:\windows\system32\DRIVERS\igdkmd32.sys
21:58:25.0967 3872 igfx - ok
21:58:26.0020 3872 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
21:58:26.0057 3872 iirsp - ok
21:58:26.0123 3872 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\windows\System32\ikeext.dll
21:58:26.0231 3872 IKEEXT - ok
21:58:26.0266 3872 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\windows\system32\drivers\intelide.sys
21:58:26.0302 3872 intelide - ok
21:58:26.0353 3872 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
21:58:26.0409 3872 intelppm - ok
21:58:26.0445 3872 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\windows\system32\ipbusenum.dll
21:58:26.0540 3872 IPBusEnum - ok
21:58:26.0571 3872 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
21:58:26.0664 3872 IpFilterDriver - ok
21:58:26.0731 3872 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\windows\System32\iphlpsvc.dll
21:58:26.0824 3872 iphlpsvc - ok
21:58:26.0866 3872 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\windows\system32\drivers\IPMIDrv.sys
21:58:26.0924 3872 IPMIDRV - ok
21:58:26.0957 3872 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\windows\system32\drivers\ipnat.sys
21:58:27.0035 3872 IPNAT - ok
21:58:27.0076 3872 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\windows\system32\drivers\irenum.sys
21:58:27.0174 3872 IRENUM - ok
21:58:27.0192 3872 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\windows\system32\drivers\isapnp.sys
21:58:27.0232 3872 isapnp - ok
21:58:27.0276 3872 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\windows\system32\drivers\msiscsi.sys
21:58:27.0323 3872 iScsiPrt - ok
21:58:27.0350 3872 iseetmme - ok
21:58:27.0372 3872 jkstnpzn - ok
21:58:27.0407 3872 kaivuquc - ok
21:58:27.0442 3872 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
21:58:27.0478 3872 kbdclass - ok
21:58:27.0497 3872 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
21:58:27.0535 3872 kbdhid - ok
21:58:27.0546 3872 kcvhfkdv - ok
21:58:27.0585 3872 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\windows\system32\lsass.exe
21:58:27.0624 3872 KeyIso - ok
21:58:27.0663 3872 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
21:58:27.0702 3872 KSecDD - ok
21:58:27.0730 3872 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
21:58:27.0772 3872 KSecPkg - ok
21:58:27.0822 3872 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\windows\system32\msdtckrm.dll
21:58:27.0929 3872 KtmRm - ok
21:58:27.0979 3872 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\windows\System32\srvsvc.dll
21:58:28.0077 3872 LanmanServer - ok
21:58:28.0122 3872 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\windows\System32\wkssvc.dll
21:58:28.0215 3872 LanmanWorkstation - ok
21:58:28.0289 3872 [ 83D8BE94E1CBCBE2EA8372DB1A95A159 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
21:58:28.0450 3872 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
21:58:28.0450 3872 LightScribeService - detected UnsignedFile.Multi.Generic (1)
21:58:28.0533 3872 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\windows\system32\DRIVERS\lirsgt.sys
21:58:28.0564 3872 lirsgt - ok
21:58:28.0617 3872 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
21:58:28.0713 3872 lltdio - ok
21:58:28.0753 3872 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\windows\System32\lltdsvc.dll
21:58:28.0857 3872 lltdsvc - ok
21:58:28.0883 3872 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\windows\System32\lmhsvc.dll
21:58:28.0956 3872 lmhosts - ok
21:58:29.0007 3872 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
21:58:29.0047 3872 LSI_FC - ok
21:58:29.0079 3872 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
21:58:29.0119 3872 LSI_SAS - ok
21:58:29.0138 3872 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
21:58:29.0177 3872 LSI_SAS2 - ok
21:58:29.0199 3872 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
21:58:29.0242 3872 LSI_SCSI - ok
21:58:29.0320 3872 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\windows\system32\drivers\luafv.sys
21:58:29.0397 3872 luafv - ok
21:58:29.0457 3872 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
21:58:29.0500 3872 Mcx2Svc - ok
21:58:29.0526 3872 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\windows\system32\DRIVERS\megasas.sys
21:58:29.0562 3872 megasas - ok
21:58:29.0586 3872 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
21:58:29.0633 3872 MegaSR - ok
21:58:29.0680 3872 [ 64B96DE8C492BD435372D9130A535F1D ] MfeAVFK C:\windows\system32\drivers\MfeAVFK.sys
21:58:29.0713 3872 MfeAVFK - ok
21:58:29.0731 3872 [ 078E87A89D36CC3516F19D5FB518BDDC ] MfeBOPK C:\windows\system32\drivers\MfeBOPK.sys
21:58:29.0760 3872 MfeBOPK - ok
21:58:29.0795 3872 [ 168C565101FD5B9DB694EFDEC91FAFA9 ] mfehidk C:\windows\system32\drivers\mfehidk.sys
21:58:29.0830 3872 mfehidk - ok
21:58:29.0842 3872 [ E0842F67DC9BC4D21D1E319610EBE9E5 ] MfeRKDK C:\windows\system32\drivers\MfeRKDK.sys
21:58:29.0873 3872 MfeRKDK - ok
21:58:29.0892 3872 [ 43A7ACBBD70ECD62F0B63486C72089A3 ] mfetdik C:\windows\system32\drivers\mfetdik.sys
21:58:29.0925 3872 mfetdik - ok
21:58:30.0049 3872 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
21:58:30.0083 3872 Microsoft Office Groove Audit Service - ok
21:58:30.0113 3872 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\windows\system32\mmcss.dll
21:58:30.0202 3872 MMCSS - ok
21:58:30.0243 3872 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\windows\system32\drivers\modem.sys
21:58:30.0336 3872 Modem - ok
21:58:30.0371 3872 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\windows\system32\DRIVERS\monitor.sys
21:58:30.0412 3872 monitor - ok
21:58:30.0473 3872 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
21:58:30.0510 3872 mouclass - ok
21:58:30.0550 3872 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
21:58:30.0588 3872 mouhid - ok
21:58:30.0633 3872 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\windows\system32\drivers\mountmgr.sys
21:58:30.0673 3872 mountmgr - ok
21:58:30.0769 3872 [ ADFDD84260C9F66789F8E8061E9BD3A6 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:58:30.0811 3872 MozillaMaintenance - ok
21:58:30.0906 3872 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\windows\system32\DRIVERS\MpFilter.sys
21:58:30.0959 3872 MpFilter - ok
21:58:30.0989 3872 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\windows\system32\drivers\mpio.sys
21:58:31.0031 3872 mpio - ok
21:58:31.0226 3872 [ A69630D039C38018689190234F866D77 ] MpKsl1c9b0a6c c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\MpKsl1c9b0a6c.sys
21:58:31.0256 3872 MpKsl1c9b0a6c - ok
21:58:31.0296 3872 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
21:58:31.0386 3872 mpsdrv - ok
21:58:31.0439 3872 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\windows\system32\mpssvc.dll
21:58:31.0548 3872 MpsSvc - ok
21:58:31.0587 3872 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
21:58:31.0652 3872 MRxDAV - ok
21:58:31.0697 3872 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
21:58:31.0775 3872 mrxsmb - ok
21:58:31.0828 3872 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
21:58:31.0871 3872 mrxsmb10 - ok
21:58:31.0892 3872 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
21:58:31.0946 3872 mrxsmb20 - ok
21:58:31.0984 3872 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\windows\system32\drivers\msahci.sys
21:58:32.0020 3872 msahci - ok
21:58:32.0040 3872 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\windows\system32\drivers\msdsm.sys
21:58:32.0082 3872 msdsm - ok
21:58:32.0120 3872 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\windows\System32\msdtc.exe
21:58:32.0180 3872 MSDTC - ok
21:58:32.0234 3872 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\windows\system32\drivers\Msfs.sys
21:58:32.0328 3872 Msfs - ok
21:58:32.0359 3872 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
21:58:32.0435 3872 mshidkmdf - ok
21:58:32.0452 3872 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\windows\system32\drivers\msisadrv.sys
21:58:32.0488 3872 msisadrv - ok
21:58:32.0545 3872 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\windows\system32\iscsiexe.dll
21:58:32.0631 3872 MSiSCSI - ok
21:58:32.0643 3872 msiserver - ok
21:58:32.0693 3872 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
21:58:32.0783 3872 MSKSSRV - ok
21:58:32.0887 3872 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
21:58:32.0927 3872 MsMpSvc - ok
21:58:32.0974 3872 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
21:58:33.0058 3872 MSPCLOCK - ok
21:58:33.0094 3872 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
21:58:33.0179 3872 MSPQM - ok
21:58:33.0202 3872 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\windows\system32\drivers\MsRPC.sys
21:58:33.0250 3872 MsRPC - ok
21:58:33.0302 3872 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\windows\system32\drivers\mssmbios.sys
21:58:33.0338 3872 mssmbios - ok
21:58:33.0450 3872 MSSQL$AUTODESKVAULT - ok
21:58:33.0519 3872 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper C:\Program Files\Microsoft SQL Server\90\Shared\sqladhlp90.exe
21:58:33.0549 3872 MSSQLServerADHelper - ok
21:58:33.0566 3872 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
21:58:33.0641 3872 MSTEE - ok
21:58:33.0660 3872 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
21:58:33.0698 3872 MTConfig - ok
21:58:33.0717 3872 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\windows\system32\Drivers\mup.sys
21:58:33.0756 3872 Mup - ok
21:58:33.0778 3872 myAgtSvc - ok
21:58:33.0827 3872 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\windows\system32\qagentRT.dll
21:58:33.0932 3872 napagent - ok
21:58:33.0986 3872 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
21:58:34.0039 3872 NativeWifiP - ok
21:58:34.0051 3872 nbomqzhn - ok
21:58:34.0124 3872 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\windows\system32\drivers\ndis.sys
21:58:34.0193 3872 NDIS - ok
21:58:34.0233 3872 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
21:58:34.0307 3872 NdisCap - ok
21:58:34.0352 3872 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
21:58:34.0452 3872 NdisTapi - ok
21:58:34.0495 3872 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
21:58:34.0576 3872 Ndisuio - ok
21:58:34.0617 3872 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
21:58:34.0708 3872 NdisWan - ok
21:58:34.0753 3872 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
21:58:34.0841 3872 NDProxy - ok
21:58:34.0875 3872 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
21:58:34.0961 3872 NetBIOS - ok
21:58:35.0000 3872 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
21:58:35.0075 3872 NetBT - ok
21:58:35.0110 3872 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\windows\system32\lsass.exe
21:58:35.0148 3872 Netlogon - ok
21:58:35.0204 3872 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\windows\System32\netman.dll
21:58:35.0308 3872 Netman - ok
21:58:35.0366 3872 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:58:35.0437 3872 NetMsmqActivator - ok
21:58:35.0449 3872 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:58:35.0484 3872 NetPipeActivator - ok
21:58:35.0518 3872 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\windows\System32\netprofm.dll
21:58:35.0625 3872 netprofm - ok
21:58:35.0636 3872 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:58:35.0669 3872 NetTcpActivator - ok
21:58:35.0679 3872 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
21:58:35.0713 3872 NetTcpPortSharing - ok
21:58:35.0858 3872 [ 58218EC6B61B1169CF54AAB0D00F5FE2 ] netw5v32 C:\windows\system32\DRIVERS\netw5v32.sys
21:58:36.0046 3872 netw5v32 - ok
21:58:36.0140 3872 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
21:58:36.0178 3872 nfrd960 - ok
21:58:36.0237 3872 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\windows\system32\DRIVERS\NisDrvWFP.sys
21:58:36.0281 3872 NisDrv - ok
21:58:36.0327 3872 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
21:58:36.0382 3872 NisSrv - ok
21:58:36.0433 3872 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\windows\System32\nlasvc.dll
21:58:36.0479 3872 NlaSvc - ok
21:58:36.0491 3872 nlatysep - ok
21:58:36.0533 3872 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\windows\system32\drivers\Npfs.sys
21:58:36.0613 3872 Npfs - ok
21:58:36.0636 3872 npggsvc - ok
21:58:36.0674 3872 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\windows\system32\nsisvc.dll
21:58:36.0752 3872 nsi - ok
21:58:36.0769 3872 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
21:58:36.0861 3872 nsiproxy - ok
21:58:36.0946 3872 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
21:58:37.0041 3872 Ntfs - ok
21:58:37.0070 3872 [ F9756A98D69098DCA8945D62858A812C ] Null C:\windows\system32\drivers\Null.sys
21:58:37.0160 3872 Null - ok
21:58:37.0211 3872 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\windows\system32\drivers\nvraid.sys
21:58:37.0259 3872 nvraid - ok
21:58:37.0277 3872 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\windows\system32\drivers\nvstor.sys
21:58:37.0320 3872 nvstor - ok
21:58:37.0364 3872 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\windows\system32\drivers\nv_agp.sys
21:58:37.0405 3872 nv_agp - ok
21:58:37.0520 3872 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
21:58:37.0570 3872 odserv - ok
21:58:37.0596 3872 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\windows\system32\drivers\ohci1394.sys
21:58:37.0652 3872 ohci1394 - ok
21:58:37.0698 3872 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:58:37.0736 3872 ose - ok
21:58:37.0775 3872 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\windows\system32\pnrpsvc.dll
21:58:37.0859 3872 p2pimsvc - ok
21:58:37.0915 3872 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\windows\system32\p2psvc.dll
21:58:37.0966 3872 p2psvc - ok
21:58:38.0077 3872 [ 1011C779C9FCD01AFA96490C86A50421 ] PanService C:\Program Files\PANDORA.TV\PanService\PandoraService.exe
21:58:40.0715 3872 PanService - ok
21:58:40.0759 3872 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\windows\system32\DRIVERS\parport.sys
21:58:40.0815 3872 Parport - ok
21:58:40.0855 3872 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\windows\system32\drivers\partmgr.sys
21:58:40.0893 3872 partmgr - ok
21:58:40.0916 3872 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\windows\system32\DRIVERS\parvdm.sys
21:58:40.0969 3872 Parvdm - ok
21:58:41.0003 3872 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\windows\System32\pcasvc.dll
21:58:41.0055 3872 PcaSvc - ok
21:58:41.0097 3872 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\windows\system32\drivers\pci.sys
21:58:41.0139 3872 pci - ok
21:58:41.0156 3872 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\windows\system32\drivers\pciide.sys
21:58:41.0193 3872 pciide - ok
21:58:41.0245 3872 pcjffita - ok
21:58:41.0293 3872 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
21:58:41.0338 3872 pcmcia - ok
21:58:41.0368 3872 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\windows\system32\drivers\pcw.sys
21:58:41.0405 3872 pcw - ok
21:58:41.0451 3872 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\windows\system32\drivers\peauth.sys
21:58:41.0549 3872 PEAUTH - ok
21:58:41.0732 3872 [ ACC93675D78D1C07DAD09D7837F2397A ] pgsql-8.3 C:\Program Files\PostgreSQL\8.3\bin\pg_ctl.exe
21:58:41.0833 3872 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - warning
21:58:41.0833 3872 pgsql-8.3 - detected UnsignedFile.Multi.Generic (1)
21:58:41.0914 3872 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\windows\system32\pla.dll
21:58:42.0054 3872 pla - ok
21:58:42.0118 3872 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\windows\system32\umpnpmgr.dll
21:58:42.0202 3872 PlugPlay - ok
21:58:42.0297 3872 [ 3A2E85F7D90D15460C337CE80C2E3B29 ] PnkBstrA C:\windows\system32\PnkBstrA.exe
21:58:42.0335 3872 PnkBstrA - ok
21:58:42.0367 3872 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
21:58:42.0420 3872 PNRPAutoReg - ok
21:58:42.0451 3872 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\windows\system32\pnrpsvc.dll
21:58:42.0508 3872 PNRPsvc - ok
21:58:42.0565 3872 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\windows\System32\ipsecsvc.dll
21:58:42.0649 3872 PolicyAgent - ok
21:58:42.0702 3872 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\windows\system32\umpo.dll
21:58:42.0797 3872 Power - ok
21:58:42.0846 3872 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
21:58:42.0922 3872 PptpMiniport - ok
21:58:42.0946 3872 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\windows\system32\DRIVERS\processr.sys
21:58:42.0985 3872 Processor - ok
21:58:43.0036 3872 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\windows\system32\profsvc.dll
21:58:43.0121 3872 ProfSvc - ok
21:58:43.0153 3872 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\windows\system32\lsass.exe
21:58:43.0191 3872 ProtectedStorage - ok
21:58:43.0279 3872 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\windows\system32\DRIVERS\pacer.sys
21:58:43.0371 3872 Psched - ok
21:58:43.0398 3872 [ 40FEDD328F98245AD201CF5F9F311724 ] PxHelp20 C:\windows\system32\Drivers\PxHelp20.sys
21:58:43.0435 3872 PxHelp20 - ok
21:58:43.0504 3872 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
21:58:43.0610 3872 ql2300 - ok
21:58:43.0627 3872 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
21:58:43.0668 3872 ql40xx - ok
21:58:43.0702 3872 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\windows\system32\qwave.dll
21:58:43.0774 3872 QWAVE - ok
21:58:43.0805 3872 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
21:58:43.0851 3872 QWAVEdrv - ok
21:58:43.0862 3872 qxjxjlhh - ok
21:58:43.0888 3872 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
21:58:43.0977 3872 RasAcd - ok
21:58:44.0031 3872 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
21:58:44.0103 3872 RasAgileVpn - ok
21:58:44.0127 3872 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\windows\System32\rasauto.dll
21:58:44.0207 3872 RasAuto - ok
21:58:44.0231 3872 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
21:58:44.0327 3872 Rasl2tp - ok
21:58:44.0392 3872 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\windows\System32\rasmans.dll
21:58:44.0493 3872 RasMan - ok
21:58:44.0524 3872 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
21:58:44.0615 3872 RasPppoe - ok
21:58:44.0639 3872 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
21:58:44.0711 3872 RasSstp - ok
21:58:44.0761 3872 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
21:58:44.0839 3872 rdbss - ok
21:58:44.0873 3872 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
21:58:44.0916 3872 rdpbus - ok
21:58:44.0963 3872 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
21:58:45.0052 3872 RDPCDD - ok
21:58:45.0106 3872 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
21:58:45.0196 3872 RDPENCDD - ok
21:58:45.0230 3872 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
21:58:45.0312 3872 RDPREFMP - ok
21:58:45.0359 3872 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\windows\system32\drivers\RDPWD.sys
21:58:45.0431 3872 RDPWD - ok
21:58:45.0485 3872 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
21:58:45.0529 3872 rdyboost - ok
21:58:45.0554 3872 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\windows\System32\mprdim.dll
21:58:45.0630 3872 RemoteAccess - ok
21:58:45.0663 3872 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\windows\system32\regsvc.dll
21:58:45.0759 3872 RemoteRegistry - ok
21:58:45.0803 3872 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\windows\system32\DRIVERS\rfcomm.sys
21:58:45.0850 3872 RFCOMM - ok
21:58:45.0953 3872 [ 85F9924FB26D924C4A10DC620AE2C350 ] RoxMediaDB10 c:\Program Files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe
21:58:46.0040 3872 RoxMediaDB10 - ok
21:58:46.0089 3872 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
21:58:46.0171 3872 RpcEptMapper - ok
21:58:46.0195 3872 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\windows\system32\locator.exe
21:58:46.0253 3872 RpcLocator - ok
21:58:46.0301 3872 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\windows\System32\rpcss.dll
21:58:46.0385 3872 RpcSs - ok
21:58:46.0430 3872 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
21:58:46.0505 3872 rspndr - ok
21:58:46.0536 3872 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\windows\system32\lsass.exe
21:58:46.0575 3872 SamSs - ok
21:58:46.0745 3872 [ 224049C51E2C2D07B02B1BED262976A1 ] SbieDrv C:\POCITAC\TOMAS\HRY\sandbox\SbieDrv.sys
21:58:46.0788 3872 SbieDrv - ok
21:58:46.0841 3872 [ 3129023CEF1A2225665D44F9545DAED4 ] SbieSvc C:\POCITAC\TOMAS\HRY\sandbox\SbieSvc.exe
21:58:46.0877 3872 SbieSvc - ok
21:58:46.0933 3872 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\windows\system32\drivers\sbp2port.sys
21:58:46.0972 3872 sbp2port - ok
21:58:47.0012 3872 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\windows\System32\SCardSvr.dll
21:58:47.0107 3872 SCardSvr - ok
21:58:47.0141 3872 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
21:58:47.0211 3872 scfilter - ok
21:58:47.0272 3872 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\windows\system32\schedsvc.dll
21:58:47.0383 3872 Schedule - ok
21:58:47.0431 3872 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\windows\System32\certprop.dll
21:58:47.0500 3872 SCPolicySvc - ok
21:58:47.0530 3872 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\windows\System32\SDRSVC.dll
21:58:47.0605 3872 SDRSVC - ok
21:58:47.0657 3872 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\windows\system32\drivers\secdrv.sys
21:58:47.0730 3872 secdrv - ok
21:58:47.0764 3872 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\windows\system32\seclogon.dll
21:58:47.0861 3872 seclogon - ok
21:58:47.0897 3872 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\windows\system32\sens.dll
21:58:47.0991 3872 SENS - ok
21:58:48.0028 3872 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\windows\system32\sensrsvc.dll
21:58:48.0079 3872 SensrSvc - ok
21:58:48.0109 3872 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\windows\system32\DRIVERS\serenum.sys
21:58:48.0169 3872 Serenum - ok
21:58:48.0201 3872 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\windows\system32\DRIVERS\serial.sys
21:58:48.0250 3872 Serial - ok
21:58:48.0293 3872 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
21:58:48.0348 3872 sermouse - ok
21:58:48.0408 3872 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\windows\system32\sessenv.dll
21:58:48.0504 3872 SessionEnv - ok
21:58:48.0541 3872 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\windows\system32\drivers\sffdisk.sys
21:58:48.0602 3872 sffdisk - ok
21:58:48.0632 3872 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\windows\system32\drivers\sffp_mmc.sys
21:58:48.0685 3872 sffp_mmc - ok
21:58:48.0716 3872 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\windows\system32\drivers\sffp_sd.sys
21:58:48.0768 3872 sffp_sd - ok
21:58:48.0792 3872 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
21:58:48.0830 3872 sfloppy - ok
21:58:48.0862 3872 sggdvcky - ok
21:58:48.0938 3872 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\windows\System32\ipnathlp.dll
21:58:49.0027 3872 SharedAccess - ok
21:58:49.0088 3872 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\windows\System32\shsvcs.dll
21:58:49.0213 3872 ShellHWDetection - ok
21:58:49.0252 3872 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\windows\system32\drivers\sisagp.sys
21:58:49.0302 3872 sisagp - ok
21:58:49.0382 3872 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
21:58:49.0422 3872 SiSRaid2 - ok
21:58:49.0454 3872 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
21:58:49.0495 3872 SiSRaid4 - ok
21:58:49.0609 3872 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
21:58:49.0655 3872 SkypeUpdate - ok
21:58:49.0743 3872 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\windows\system32\DRIVERS\smb.sys
21:58:49.0841 3872 Smb - ok
21:58:49.0931 3872 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\windows\System32\snmptrap.exe
21:58:49.0987 3872 SNMPTRAP - ok
21:58:50.0003 3872 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\windows\system32\drivers\spldr.sys
21:58:50.0043 3872 spldr - ok
21:58:50.0103 3872 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\windows\System32\spoolsv.exe
21:58:50.0391 3872 Spooler - ok
21:58:50.0769 3872 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\windows\system32\sppsvc.exe
21:58:50.0972 3872 sppsvc - ok
21:58:51.0021 3872 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\windows\system32\sppuinotify.dll
21:58:51.0105 3872 sppuinotify - ok
21:58:51.0206 3872 [ CDDDEC541BC3C96F91ECB48759673505 ] sptd C:\windows\system32\Drivers\sptd.sys
21:58:51.0208 3872 Suspicious file (NoAccess): C:\windows\system32\Drivers\sptd.sys. md5: CDDDEC541BC3C96F91ECB48759673505
21:58:51.0213 3872 sptd ( LockedFile.Multi.Generic ) - warning
21:58:51.0213 3872 sptd - detected LockedFile.Multi.Generic (1)
21:58:51.0318 3872 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
21:58:51.0363 3872 SQLBrowser - ok
21:58:51.0419 3872 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
21:58:51.0464 3872 SQLWriter - ok
21:58:51.0510 3872 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\windows\system32\DRIVERS\srv.sys
21:58:51.0586 3872 srv - ok
21:58:51.0659 3872 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\windows\system32\DRIVERS\srv2.sys
21:58:51.0725 3872 srv2 - ok
21:58:51.0831 3872 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
21:58:51.0878 3872 srvnet - ok
21:58:51.0935 3872 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
21:58:52.0048 3872 SSDPSRV - ok
21:58:52.0073 3872 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\windows\system32\sstpsvc.dll
21:58:52.0168 3872 SstpSvc - ok
21:58:52.0206 3872 Steam Client Service - ok
21:58:52.0251 3872 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
21:58:52.0287 3872 stexstor - ok
21:58:52.0352 3872 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\windows\System32\wiaservc.dll
21:58:52.0435 3872 StiSvc - ok
21:58:52.0490 3872 [ FF5EB78AF7DFB68C2FB363537AAF753E ] stllssvr c:\Program Files\Common Files\SureThing Shared\stllssvr.exe
21:58:52.0614 3872 stllssvr - ok
21:58:52.0665 3872 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\windows\system32\drivers\swenum.sys
21:58:52.0705 3872 swenum - ok
21:58:52.0744 3872 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\windows\System32\swprv.dll
21:58:52.0853 3872 swprv - ok
21:58:52.0930 3872 [ 0E8676FB3BB95AA40FDF7A4A31018C8B ] SynTP C:\windows\system32\DRIVERS\SynTP.sys
21:58:53.0012 3872 SynTP - ok
21:58:53.0081 3872 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\windows\system32\sysmain.dll
21:58:53.0173 3872 SysMain - ok
21:58:53.0220 3872 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\windows\System32\TabSvc.dll
21:58:53.0307 3872 TabletInputService - ok
21:58:53.0357 3872 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\windows\System32\tapisrv.dll
21:58:53.0444 3872 TapiSrv - ok
21:58:53.0477 3872 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\windows\System32\tbssvc.dll
21:58:53.0571 3872 TBS - ok
21:58:53.0657 3872 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\windows\system32\drivers\tcpip.sys
21:58:53.0758 3872 Tcpip - ok
21:58:53.0811 3872 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
21:58:53.0896 3872 TCPIP6 - ok
21:58:53.0931 3872 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
21:58:53.0991 3872 tcpipreg - ok
21:58:54.0046 3872 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
21:58:54.0115 3872 TDPIPE - ok
21:58:54.0161 3872 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
21:58:54.0215 3872 TDTCP - ok
21:58:54.0266 3872 [ B459575348C20E8121D6039DA063C704 ] tdx C:\windows\system32\DRIVERS\tdx.sys
21:58:54.0357 3872 tdx - ok
21:58:54.0383 3872 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\windows\system32\drivers\termdd.sys
21:58:54.0421 3872 TermDD - ok
21:58:54.0478 3872 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\windows\System32\termsrv.dll
21:58:54.0570 3872 TermService - ok
21:58:54.0606 3872 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\windows\system32\themeservice.dll
21:58:54.0671 3872 Themes - ok
21:58:54.0705 3872 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\windows\system32\mmcss.dll
21:58:54.0783 3872 THREADORDER - ok
21:58:54.0842 3872 [ 5AD05191DC8B444A7BA4D79B76C42A30 ] TPM C:\windows\system32\drivers\tpm.sys
21:58:54.0881 3872 TPM - ok
21:58:54.0925 3872 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\windows\System32\trkwks.dll
21:58:55.0017 3872 TrkWks - ok
21:58:55.0109 3872 [ ED5E4CE36C54F55E7698642E94D32EC7 ] truecrypt C:\windows\system32\drivers\truecrypt.sys
21:58:55.0149 3872 truecrypt - ok
21:58:55.0236 3872 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
21:58:55.0330 3872 TrustedInstaller - ok
21:58:55.0365 3872 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
21:58:55.0436 3872 tssecsrv - ok
21:58:55.0490 3872 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\windows\system32\drivers\tsusbflt.sys
21:58:55.0544 3872 TsUsbFlt - ok
21:58:55.0608 3872 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
21:58:55.0710 3872 tunnel - ok
21:58:55.0740 3872 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
21:58:55.0778 3872 uagp35 - ok
21:58:55.0824 3872 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\windows\system32\DRIVERS\udfs.sys
21:58:55.0918 3872 udfs - ok
21:58:55.0953 3872 ugswloij - ok
21:58:55.0999 3872 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\windows\system32\UI0Detect.exe
21:58:56.0054 3872 UI0Detect - ok
21:58:56.0108 3872 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\windows\system32\drivers\uliagpkx.sys
21:58:56.0146 3872 uliagpkx - ok
21:58:56.0179 3872 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\windows\system32\drivers\umbus.sys
21:58:56.0238 3872 umbus - ok
21:58:56.0273 3872 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\windows\system32\DRIVERS\umpass.sys
21:58:56.0322 3872 UmPass - ok
21:58:56.0361 3872 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\windows\System32\upnphost.dll
21:58:56.0465 3872 upnphost - ok
21:58:56.0546 3872 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\windows\system32\drivers\usbaudio.sys
21:58:56.0602 3872 usbaudio - ok
21:58:56.0643 3872 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
21:58:56.0721 3872 usbccgp - ok
21:58:56.0750 3872 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\windows\system32\drivers\usbcir.sys
21:58:56.0806 3872 usbcir - ok
21:58:56.0847 3872 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\windows\system32\DRIVERS\usbehci.sys
21:58:56.0900 3872 usbehci - ok
21:58:56.0934 3872 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
21:58:57.0000 3872 usbhub - ok
21:58:57.0046 3872 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\windows\system32\DRIVERS\usbohci.sys
21:58:57.0085 3872 usbohci - ok
21:58:57.0142 3872 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
21:58:57.0207 3872 usbprint - ok
21:58:57.0262 3872 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
21:58:57.0307 3872 usbscan - ok
21:58:57.0354 3872 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
21:58:57.0405 3872 USBSTOR - ok
21:58:57.0437 3872 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\windows\system32\DRIVERS\usbuhci.sys
21:58:57.0475 3872 usbuhci - ok
21:58:57.0525 3872 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
21:58:57.0594 3872 usbvideo - ok
21:58:57.0607 3872 uuaavjtc - ok
21:58:57.0650 3872 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\windows\System32\uxsms.dll
21:58:57.0741 3872 UxSms - ok
21:58:57.0769 3872 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\windows\system32\lsass.exe
21:58:57.0807 3872 VaultSvc - ok
21:58:57.0861 3872 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\windows\system32\drivers\vdrvroot.sys
21:58:57.0898 3872 vdrvroot - ok
21:58:57.0961 3872 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\windows\System32\vds.exe
21:58:58.0061 3872 vds - ok
21:58:58.0126 3872 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\windows\system32\DRIVERS\vgapnp.sys
21:58:58.0168 3872 vga - ok
21:58:58.0193 3872 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\windows\System32\drivers\vga.sys
21:58:58.0268 3872 VgaSave - ok
21:58:58.0315 3872 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\windows\system32\drivers\vhdmp.sys
21:58:58.0358 3872 vhdmp - ok
21:58:58.0377 3872 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\windows\system32\drivers\viaagp.sys
21:58:58.0416 3872 viaagp - ok
21:58:58.0444 3872 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\windows\system32\DRIVERS\viac7.sys
21:58:58.0505 3872 ViaC7 - ok
21:58:58.0531 3872 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\windows\system32\drivers\viaide.sys
21:58:58.0567 3872 viaide - ok
21:58:58.0586 3872 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\windows\system32\drivers\volmgr.sys
21:58:58.0625 3872 volmgr - ok
21:58:58.0651 3872 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\windows\system32\drivers\volmgrx.sys
21:58:58.0700 3872 volmgrx - ok
21:58:58.0728 3872 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\windows\system32\drivers\volsnap.sys
21:58:58.0774 3872 volsnap - ok
21:58:58.0833 3872 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
21:58:58.0876 3872 vsmraid - ok
21:58:58.0946 3872 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\windows\system32\vssvc.exe
21:58:59.0061 3872 VSS - ok
21:58:59.0094 3872 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
21:58:59.0137 3872 vwifibus - ok
21:58:59.0174 3872 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
21:58:59.0225 3872 vwififlt - ok
21:58:59.0270 3872 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
21:58:59.0313 3872 vwifimp - ok
21:58:59.0355 3872 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\windows\system32\w32time.dll
21:58:59.0443 3872 W32Time - ok
21:58:59.0486 3872 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
21:58:59.0527 3872 WacomPen - ok
21:58:59.0574 3872 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
21:58:59.0644 3872 WANARP - ok
21:58:59.0655 3872 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
21:58:59.0725 3872 Wanarpv6 - ok
21:58:59.0834 3872 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\windows\system32\Wat\WatAdminSvc.exe
21:58:59.0939 3872 WatAdminSvc - ok
21:59:00.0018 3872 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\windows\system32\wbengine.exe
21:59:00.0141 3872 wbengine - ok
21:59:00.0183 3872 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
21:59:00.0254 3872 WbioSrvc - ok
21:59:00.0306 3872 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\windows\System32\wcncsvc.dll
21:59:00.0366 3872 wcncsvc - ok
21:59:00.0387 3872 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
21:59:00.0441 3872 WcsPlugInService - ok
21:59:00.0471 3872 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\windows\system32\DRIVERS\wd.sys
21:59:00.0509 3872 Wd - ok
21:59:00.0578 3872 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
21:59:00.0643 3872 Wdf01000 - ok
21:59:00.0684 3872 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\windows\system32\wdi.dll
21:59:00.0788 3872 WdiServiceHost - ok
21:59:00.0800 3872 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\windows\system32\wdi.dll
21:59:00.0851 3872 WdiSystemHost - ok
21:59:00.0902 3872 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\windows\System32\webclnt.dll
21:59:00.0972 3872 WebClient - ok
21:59:01.0007 3872 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\windows\system32\wecsvc.dll
21:59:01.0091 3872 Wecsvc - ok
21:59:01.0119 3872 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\windows\System32\wercplsupport.dll
21:59:01.0214 3872 wercplsupport - ok
21:59:01.0258 3872 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\windows\System32\WerSvc.dll
21:59:01.0338 3872 WerSvc - ok
21:59:01.0384 3872 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
21:59:01.0458 3872 WfpLwf - ok
21:59:01.0487 3872 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\windows\system32\drivers\wimmount.sys
21:59:01.0524 3872 WIMMount - ok
21:59:01.0580 3872 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
21:59:01.0681 3872 WinDefend - ok
21:59:01.0707 3872 WinHttpAutoProxySvc - ok
21:59:01.0785 3872 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
21:59:01.0926 3872 Winmgmt - ok
21:59:02.0002 3872 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\windows\system32\WsmSvc.dll
21:59:02.0121 3872 WinRM - ok
21:59:02.0207 3872 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\windows\System32\wlansvc.dll
21:59:02.0287 3872 Wlansvc - ok
21:59:02.0445 3872 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
21:59:02.0548 3872 wlidsvc - ok
21:59:02.0595 3872 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\windows\system32\drivers\wmiacpi.sys
21:59:02.0653 3872 WmiAcpi - ok
21:59:02.0707 3872 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
21:59:02.0862 3872 wmiApSrv - ok
21:59:02.0978 3872 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
21:59:03.0101 3872 WMPNetworkSvc - ok
21:59:03.0126 3872 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\windows\System32\wpcsvc.dll
21:59:03.0215 3872 WPCSvc - ok
21:59:03.0255 3872 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
21:59:03.0303 3872 WPDBusEnum - ok
21:59:03.0339 3872 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
21:59:03.0412 3872 ws2ifsl - ok
21:59:03.0441 3872 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\windows\system32\wscsvc.dll
21:59:03.0508 3872 wscsvc - ok
21:59:03.0526 3872 WSearch - ok
21:59:03.0672 3872 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\windows\system32\wuaueng.dll
21:59:03.0803 3872 wuauserv - ok
21:59:03.0870 3872 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\windows\system32\drivers\WudfPf.sys
21:59:03.0947 3872 WudfPf - ok
21:59:03.0993 3872 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
21:59:04.0036 3872 WUDFRd - ok
21:59:04.0087 3872 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\windows\System32\WUDFSvc.dll
21:59:04.0147 3872 wudfsvc - ok
21:59:04.0196 3872 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\windows\System32\wwansvc.dll
21:59:04.0256 3872 WwanSvc - ok
21:59:04.0302 3872 XDva349 - ok
21:59:04.0371 3872 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\windows\system32\DRIVERS\yk62x86.sys
21:59:04.0477 3872 yukonw7 - ok
21:59:04.0516 3872 ================ Scan global ===============================
21:59:04.0573 3872 [ DAB748AE0439955ED2FA22357533DDDB ] C:\windows\system32\basesrv.dll
21:59:04.0621 3872 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
21:59:04.0707 3872 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\windows\system32\winsrv.dll
21:59:04.0759 3872 [ 364455805E64882844EE9ACB72522830 ] C:\windows\system32\sxssrv.dll
21:59:04.0784 3872 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\windows\system32\services.exe
21:59:04.0795 3872 [Global] - ok
21:59:04.0796 3872 ================ Scan MBR ==================================
21:59:04.0814 3872 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
21:59:05.0158 3872 \Device\Harddisk0\DR0 - ok
21:59:05.0159 3872 ================ Scan VBR ==================================
21:59:05.0166 3872 [ 71A91550D1265D8A13C3BE3A9D3EE537 ] \Device\Harddisk0\DR0\Partition1
21:59:05.0169 3872 \Device\Harddisk0\DR0\Partition1 - ok
21:59:05.0200 3872 [ 32AE69FD2FD6A4DD720EDEBCF7A84CD5 ] \Device\Harddisk0\DR0\Partition2
21:59:05.0203 3872 \Device\Harddisk0\DR0\Partition2 - ok
21:59:05.0231 3872 [ 84985B662BB1C124854CFF929A0DB9FB ] \Device\Harddisk0\DR0\Partition3
21:59:05.0235 3872 \Device\Harddisk0\DR0\Partition3 - ok
21:59:05.0258 3872 [ FE1CCDF11EE69D64E122F744A7C24E99 ] \Device\Harddisk0\DR0\Partition4
21:59:05.0260 3872 \Device\Harddisk0\DR0\Partition4 - ok
21:59:05.0261 3872 ============================================================
21:59:05.0261 3872 Scan finished
21:59:05.0262 3872 ============================================================
21:59:05.0357 3140 Detected object count: 7
21:59:05.0357 3140 Actual detected object count: 7
21:59:25.0518 3140 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:25.0518 3140 Autodesk Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:25.0523 3140 Bonjour Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:25.0523 3140 Bonjour Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:25.0528 3140 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:25.0529 3140 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:25.0533 3140 HpqKbFiltr ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:25.0533 3140 HpqKbFiltr ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:25.0537 3140 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:25.0538 3140 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:25.0541 3140 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - skipped by user
21:59:25.0542 3140 pgsql-8.3 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:59:25.0547 3140 sptd ( LockedFile.Multi.Generic ) - skipped by user
21:59:25.0548 3140 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
21:59:36.0618 6124 Deinitialize success

[imicro]

Tak mam problem. Nedari sa mi vypnut Microsoft essentiels. Jeho Antimalware service executable sa neda vypnut ani cez taskmanagera, a ani ked som v msconfigu zakazal spustit microsoft security, aj tak antimalware nabehol.

[imicro]

Takze po umornom boji som antimalware vypol a spustil CF, tu je log:

ComboFix 13-01-11.02 - Tomas Spusta . 01. 2013 22:46:09.2.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1250.421.1051.18.3066.2009 [GMT 1:00]
Running from: c:\users\Tomas Spusta\Desktop\ComboFix.exe
Command switches used :: c:\users\Tomas Spusta\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Created a new restore point
.
FILE ::
"c:\windows\system32\dsgsdgdsgdsgw.js"
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_adjlbxgo
-------\Service_ddduhsde
-------\Service_gcdvcvjp
-------\Service_gvadlwhn
-------\Service_iseetmme
-------\Service_jkstnpzn
-------\Service_kaivuquc
-------\Service_kcvhfkdv
-------\Service_nbomqzhn
-------\Service_nlatysep
-------\Service_pcjffita
-------\Service_qxjxjlhh
-------\Service_sggdvcky
-------\Service_ugswloij
-------\Service_uuaavjtc
.
.
((((((((((((((((((((((((( Files Created from 2012-12-11 to 2013-01-11 )))))))))))))))))))))))))))))))
.
.
2013-01-11 21:59 . 2013-01-11 21:59 -------- d-----w- c:\users\postgres\AppData\Local\temp
2013-01-11 21:59 . 2013-01-11 21:59 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-11 21:36 . 2013-01-11 21:36 29904 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\MpKslb964e68d.sys ERROR(0x00000005)
2013-01-11 21:35 . 2013-01-11 22:01 60872 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\offreg.dll ERROR(0x00000005)
2013-01-11 20:31 . 2013-01-11 22:01 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\temp
2013-01-11 17:01 . 2013-01-11 17:01 512 ----a-w- C:\PhysicalMBR.bin
2013-01-11 14:21 . 2013-01-11 14:21 -------- d-----w- c:\users\Tomas Spusta\AppData\Roaming\Malwarebytes
2013-01-11 14:20 . 2012-12-14 15:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-11 13:25 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\mpengine.dll ERROR(0x00000005)
2013-01-11 13:13 . 2013-01-11 13:13 2966 ----a-w- c:\windows\system32\dsgsdgdsgdsgw.js
2013-01-10 08:12 . 2012-11-08 18:00 6812136 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll ERROR(0x00000005)
2013-01-09 13:01 . 2013-01-09 18:52 -------- d-----w- c:\program files\Mozilla Thunderbird
2013-01-09 07:33 . 2012-12-07 10:46 43520 ----a-w- c:\windows\system32\csrr.rs
2013-01-03 13:01 . 2013-01-03 13:01 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\Little_Apps
2013-01-03 08:36 . 1996-07-18 12:06 297472 ----a-w- c:\windows\uninst.exe
2012-12-29 21:51 . 2013-01-03 09:08 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\join.me
2012-12-25 17:34 . 2012-12-25 17:34 73696 ----a-w- c:\program files\Mozilla Firefox\breakpadinjector.dll
2012-12-22 07:09 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 07:09 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 20:43 . 2012-12-18 20:47 -------- d-----w- c:\users\Tomas Spusta\AppData\Local\PokerTracker 4
2012-12-16 21:17 . 2012-12-18 20:41 -------- d-----w- c:\users\Tomas Spusta\AppData\Roaming\HoldemManager
2012-12-16 15:17 . 2013-01-09 07:33 -------- d-----w- c:\windows\system32\catroot2
2012-12-16 13:07 . 2012-12-16 13:07 -------- d-----r- C:\Sandbox
2012-12-13 06:14 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 06:14 . 2012-11-16 16:33 149536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2012-12-13 06:14 . 2012-11-14 01:51 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll
2012-12-13 06:14 . 2012-11-14 01:48 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-12-13 06:14 . 2012-11-14 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-13 06:14 . 2012-11-14 01:52 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll
2012-12-13 06:13 . 2012-11-14 01:57 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-12-13 06:13 . 2012-11-16 16:33 757280 ----a-w- c:\program files\Internet Explorer\iexplore.exe
2012-12-13 06:13 . 2012-11-14 02:09 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 06:13 . 2012-11-14 02:00 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll
2012-12-13 06:13 . 2012-11-14 02:01 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll
2012-12-13 06:13 . 2012-11-14 01:58 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-11-28 17:16 . 2012-11-28 17:17 740840 ------w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{511114FE-9449-436F-82CE-C46D0A7C3FED}\gapaengine.dll ERROR(0x00000005)
2012-11-23 14:56 . 2012-11-23 14:56 231760 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-11-09 04:42 . 2012-12-12 18:24 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 18:24 376832 ----a-w- c:\windows\system32\dpnet.dll
2012-10-16 07:39 . 2012-11-28 05:04 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-12-25 17:34 . 2012-08-19 20:35 266720 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-09-11 218032]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2010-06-04 1791272]
"IAAnotif"="c:\program files\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-08-25 186904]
"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"SoundMAXPnP"="c:\program files\Analog Devices\Core\smax4pnp.exe" [2009-05-18 1314816]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2007-05-10 624248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files\Stardock\ObjectDockFree\ODMenu.dll" [2010-10-04 511344]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\startupfolder\C:^Users^Tomas Spusta^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Stardock ObjectDock.lnk]
path=c:\users\Tomas Spusta\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Stardock ObjectDock.lnk
backup=c:\windows\pss\Stardock ObjectDock.lnk.Startup
backupExtension=.Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSC]
2012-09-12 15:19 947176 ----a-w- c:\program files\Microsoft Security Client\msseces.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SandboxieControl]
2012-08-25 20:27 545552 ----a-w- c:\pocitac\TOMAS\HRY\sandbox\SbieCtrl.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2013-01-04 14:23 1354736 ----a-w- c:\pocitac\TOMAS\HRY\steam\Steam.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 ALSysIO;ALSysIO;c:\users\TOMASS~1\AppData\Local\Temp\ALSysIO.sys [x]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [x]
R3 dsnpfd;Dsnpfd Service;c:\windows\system32\DRIVERS\dsnpfd.sys [x]
R3 dsnpfdMP;dsnpfdMP;c:\windows\system32\DRIVERS\dsnpfd.sys [x]
R3 EagleXNt;EagleXNt;c:\windows\system32\drivers\EagleXNt.sys [x]
R3 gBTMouUsb;BT Mouse Device Drv;c:\windows\system32\DRIVERS\gBTMouUsb.sys [x]
R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Služba Windows Activation Technologies;c:\windows\system32\Wat\WatAdminSvc.exe [x]
R3 XDva349;XDva349;c:\windows\system32\XDva349.sys [x]
R4 myAgtSvc;McAfee Virus and Spyware Protection Service;c:\program files\McAfee\Managed VirusScan\Agent\myAgtSvc.Exe [x]
R4 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R4 RoxMediaDB10;RoxMediaDB10;c:\program files\Common Files\Roxio Shared\10.0\SharedCOM\RoxMediaDB10.exe [x]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [x]
S1 MpKslb964e68d;MpKslb964e68d;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{71FD61BD-E9C0-45F4-A114-F6CF1DF1D086}\MpKslb964e68d.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 PanService;PandoraService;c:\program files\PANDORA.TV\PanService\PandoraService.exe [x]
S2 pgsql-8.3;PostgreSQL Database Server 8.3;c:\program files\PostgreSQL\8.3\bin\pg_ctl.exe [x]
S3 5U876UVC;HP Webcam [2 MP series];c:\windows\system32\DRIVERS\5U876.sys [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-06-17 19:11 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
.
------- Supplementary Scan -------
.
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xportovať do programu Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 147.229.191.143 147.229.190.143
FF - ProfilePath - c:\users\Tomas Spusta\AppData\Roaming\Mozilla\Firefox\Profiles\0datutm4.default\
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2383188450-116661374-740416191-1001\Software\SecuROM\!CAUTION! NEVER A OR CHANGE ANY KEY*]
@Allowed: (Read) (RestrictedCode)
"??"=hex:08,90,1f,f4,a5,cc,5c,95,f0,f4,b8,ab,c1,fe,31,66,c3,65,12,a8,ed,a9,bf,
ef,c6,0e,1c,c9,2e,75,c5,18,6d,36,31,f4,0a,29,2a,96,41,19,3c,3a,0a,27,1c,13,\
"??"=hex:59,fc,fd,6d,35,44,d2,2a,87,ef,2c,46,f9,90,a7,fd
.
[HKEY_USERS\S-1-5-21-2383188450-116661374-740416191-1001\Software\SecuROM\License information*]
"datasecu"=hex:c6,62,28,2f,2b,d2,25,91,c9,28,25,20,c1,1b,f7,4d,b9,64,b0,88,d5,
66,3c,08,27,85,39,ab,df,89,a6,3d,4d,0a,f5,6a,8d,2a,c2,b5,95,b7,4d,5c,2f,c8,\
"rkeysecu"=hex:7e,6e,32,9d,e3,6b,f8,56,da,63,ba,55,55,d1,15,8e
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Cryptography\RNG*]
"Seed"=hex:49,31,f4,88,04,28,01,14,c5,ca,fa,5f,f5,cf,66,6e,1f,6c,42,48,3b,1d,
bb,84,6e,c3,98,a3,07,68,b8,a1,8e,3f,71,ca,a8,53,6d,af,a8,e5,29,51,a3,e5,99,\
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'Explorer.exe'(3808)
c:\program files\Stardock\ObjectDockFree\ODMenu.dll
c:\program files\WIDCOMM\Bluetooth Software\btncopy.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\pocitac\TOMAS\HRY\sandbox\SbieSvc.exe
c:\windows\system32\atieclxx.exe
c:\windows\system32\WLANExt.exe
c:\windows\system32\conhost.exe
c:\windows\system32\AEADISRV.EXE
c:\program files\LSI SoftModem\agrsmsvc.exe
c:\program files\WIDCOMM\Bluetooth Software\btwdins.exe
c:\program files\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe
c:\windows\system32\PnkBstrA.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\conhost.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
c:\program files\Microsoft SQL Server\90\Shared\sqlwriter.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\program files\PostgreSQL\8.3\bin\postgres.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
c:\windows\servicing\TrustedInstaller.exe
c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\program files\PANDORA.TV\PanService\PanProcess.exe
c:\windows\system32\taskhost.exe
.
**************************************************************************
.
Completion time: 2013-01-11 23:10:03 - machine was rebooted
ComboFix-quarantined-files.txt 2013-01-11 22:10
ComboFix2.txt 2013-01-11 20:43
.
Pre-Run: 45 282 238 464 bytes free
Post-Run: 44 739 276 800 bytes free
.
- - End Of File - - B3ED1F0972DE958590F3799BE23ADFAC

[imicro]

Pc vyzera v poriadku, essentiels nic nehlasi, a ani nezaznamenavam, ze by bol NB zavazne spomaleny. Ak je to vsetko velmi pekne dakujem. Este otazka - mozem vymazat Combo fix, OTL a killera ?

[imicro]

Tak zmazane.

Mohli by ste mi prosim blizsie vysvetlit co robit tento malware ? Respektive to modre v zavorke som nepochopil.

ale i druh malware Kryptik (spousta sys mazany pres CFko scriptem)

[imicro]

Ahaaa, chapem. Este raz dakujem. Ak je to vsetko, mozeme uzavriet vlakno.