Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

FakeAlert.BI - Windows Vista


  • Please log in to reply
36 replies to this topic

#1 pajasas

pajasas

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 30 December 2012 - 01:24 PM

Hello,

I'm creating a second post for my other infected computer as requested at http://www.bleepingcomputer.com/forums/topic479666.html .

DDS still freezes the computer (disk stops responding after few minutes), so i am unable to post any logs from it. AVG still finds the virus in Firefox process memory (and tells me that it was fixed, yet when run immediately afterwards, the virus is still there). I've noticed that one svchost sometimes eats up about 400 MB of ram (but there were always at least 100MB left) and normally is at about 60-70 MB. Not sure that it was there before (at this memory consumption level). Perfmon says in braces LocalSystemNetvorkRestricted. Right after boot it takes up 60MB.

Thank you for your time and reply in advance, have a nice day

Pajasas

BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 02 January 2013 - 10:34 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps.
===

Please Download
TDSSKiller.zip

>>> Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue
    Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue
    Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

Download http://public.avast.com/~gmerek/aswMBR.exe (aswMBR.exe) to your desktop. Double click the aswMBR.exe to run it

  • Click the "Scan" button to start scan.
  • Upon completion of the scan, click Save log, and save it to your desktop. (Note - do not select any Fix at this time) <- IMPORTANT
  • Please post the contents of that log in your next reply.
There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

===

Please post the logs for my review.

#3 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 03 January 2013 - 01:57 PM

Hello

TDSSKiller ran without reboot or infected files. Only suspicious vas sptd (I've got daemon tools lite).

AswMBR ran OK too. Just after it finished I've noticed that it was downloaded in my downloads folder, not desktop. I apologise and hope that's not a problem and will be more cautious from now on.

Logs follow, zip attached.

Have a nice day

04:18:21.0413 6260 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
04:18:22.0072 6260 ============================================================
04:18:22.0072 6260 Current date / time: 2013/01/03 04:18:22.0072
04:18:22.0072 6260 SystemInfo:
04:18:22.0072 6260
04:18:22.0072 6260 OS Version: 6.0.6002 ServicePack: 2.0
04:18:22.0072 6260 Product type: Workstation
04:18:22.0072 6260 ComputerName: PAVEL-NTB
04:18:22.0073 6260 UserName: Pavel
04:18:22.0073 6260 Windows directory: C:\Windows
04:18:22.0073 6260 System windows directory: C:\Windows
04:18:22.0073 6260 Processor architecture: Intel x86
04:18:22.0073 6260 Number of processors: 2
04:18:22.0073 6260 Page size: 0x1000
04:18:22.0073 6260 Boot type: Normal boot
04:18:22.0073 6260 ============================================================
04:18:30.0331 6260 Drive \Device\Harddisk1\DR1 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
04:18:30.0674 6260 Drive \Device\Harddisk2\DR2 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000058
04:18:30.0927 6260 ============================================================
04:18:30.0927 6260 \Device\Harddisk1\DR1:
04:18:30.0928 6260 MBR partitions:
04:18:30.0928 6260 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xEEDB000
04:18:30.0928 6260 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0xEEDB800, BlocksNum 0xE2E9000
04:18:30.0928 6260 \Device\Harddisk2\DR2:
04:18:30.0928 6260 MBR partitions:
04:18:30.0928 6260 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x1D1C4800
04:18:30.0928 6260 ============================================================
04:18:30.0982 6260 C: <-> \Device\Harddisk1\DR1\Partition1
04:18:31.0345 6260 F: <-> \Device\Harddisk1\DR1\Partition2
04:18:31.0558 6260 D: <-> \Device\Harddisk2\DR2\Partition1
04:18:31.0661 6260 ============================================================
04:18:31.0662 6260 Initialize success
04:18:31.0662 6260 ============================================================
04:18:37.0387 6896 ============================================================
04:18:37.0387 6896 Scan started
04:18:37.0387 6896 Mode: Manual;
04:18:37.0387 6896 ============================================================
04:18:38.0612 6896 ================ Scan system memory ========================
04:18:38.0612 6896 System memory - ok
04:18:38.0615 6896 ================ Scan services =============================
04:18:39.0052 6896 [ 01E81C84AD1D0ACC61CF3CFD06632210 ] !SASCORE C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
04:18:39.0075 6896 !SASCORE - ok
04:18:40.0201 6896 [ 585E64BB6DFBC0A2F1F0B554DED012DF ] 61883 C:\Windows\system32\DRIVERS\61883.sys
04:18:40.0368 6896 61883 - ok
04:18:40.0483 6896 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
04:18:40.0515 6896 ACPI - ok
04:18:41.0350 6896 [ D975C968DB8BEBA8D655AC2BAC33E4D8 ] AcrSch2Svc C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
04:18:41.0372 6896 AcrSch2Svc - ok
04:18:41.0921 6896 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
04:18:41.0980 6896 AdobeARMservice - ok
04:18:42.0131 6896 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
04:18:42.0204 6896 adp94xx - ok
04:18:42.0260 6896 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
04:18:42.0281 6896 adpahci - ok
04:18:42.0299 6896 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
04:18:42.0306 6896 adpu160m - ok
04:18:42.0315 6896 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
04:18:42.0322 6896 adpu320 - ok
04:18:42.0381 6896 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
04:18:42.0382 6896 AeLookupSvc - ok
04:18:42.0438 6896 [ EF1AFA9752E468013584585666A3B119 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
04:18:42.0444 6896 afcdp - ok
04:18:42.0804 6896 [ B8C03E224E49E0F9726CDDEF872237EB ] afcdpsrv C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
04:18:42.0962 6896 afcdpsrv - ok
04:18:43.0058 6896 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
04:18:43.0282 6896 AFD - ok
04:18:43.0351 6896 [ EF23439CDD587F64C2C1B8825CEAD7D8 ] agp440 C:\Windows\system32\drivers\agp440.sys
04:18:43.0371 6896 agp440 - ok
04:18:43.0411 6896 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
04:18:43.0433 6896 aic78xx - ok
04:18:43.0477 6896 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
04:18:43.0488 6896 ALG - ok
04:18:43.0543 6896 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
04:18:43.0558 6896 aliide - ok
04:18:43.0721 6896 [ 4B808991F51D50BC6A3A3C8541D52748 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
04:18:43.0789 6896 AMD External Events Utility - ok
04:18:43.0867 6896 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
04:18:43.0922 6896 amdagp - ok
04:18:43.0958 6896 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
04:18:43.0996 6896 amdide - ok
04:18:44.0031 6896 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
04:18:44.0072 6896 AmdK7 - ok
04:18:44.0116 6896 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
04:18:44.0125 6896 AmdK8 - ok
04:18:44.0624 6896 [ BC7C2154C4B23F74222859C4D93A3039 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
04:18:45.0068 6896 amdkmdag - ok
04:18:45.0196 6896 [ DC5D417390A70DB5583374A232BE622F ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
04:18:45.0561 6896 amdkmdap - ok
04:18:45.0593 6896 AmdLLD - ok
04:18:45.0653 6896 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
04:18:45.0844 6896 Appinfo - ok
04:18:45.0893 6896 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
04:18:46.0013 6896 arc - ok
04:18:46.0138 6896 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
04:18:46.0417 6896 arcsas - ok
04:18:46.0774 6896 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
04:18:46.0941 6896 aspnet_state - ok
04:18:46.0988 6896 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
04:18:47.0281 6896 AsyncMac - ok
04:18:47.0332 6896 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
04:18:47.0694 6896 atapi - ok
04:18:47.0784 6896 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys
04:18:47.0989 6896 atksgt - ok
04:18:48.0056 6896 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
04:18:48.0231 6896 AudioEndpointBuilder - ok
04:18:48.0267 6896 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
04:18:48.0335 6896 Audiosrv - ok
04:18:48.0402 6896 [ F4B56425A00BEB32F5FA6603FF7B0EA2 ] Avc C:\Windows\system32\DRIVERS\avc.sys
04:18:48.0658 6896 Avc - ok
04:18:48.0759 6896 [ C4D15594DB5BE042D3346EA58DF87D89 ] avg9wd C:\Program Files\AVG\AVG9\avgwdsvc.exe
04:18:49.0006 6896 avg9wd - ok
04:18:49.0072 6896 [ B8C187439D27ABA430DD69FDCF1FA657 ] AvgLdx86 C:\Windows\System32\Drivers\avgldx86.sys
04:18:49.0317 6896 AvgLdx86 - ok
04:18:49.0355 6896 [ 80FF2B1B7EEDA966394F0BAA895BBF4B ] AvgMfx86 C:\Windows\System32\Drivers\avgmfx86.sys
04:18:49.0468 6896 AvgMfx86 - ok
04:18:49.0518 6896 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
04:18:49.0673 6896 Beep - ok
04:18:49.0733 6896 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
04:18:49.0976 6896 BFE - ok
04:18:50.0084 6896 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
04:18:50.0317 6896 BITS - ok
04:18:50.0326 6896 blbdrive - ok
04:18:50.0374 6896 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
04:18:50.0537 6896 bowser - ok
04:18:50.0602 6896 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
04:18:50.0861 6896 BrFiltLo - ok
04:18:50.0903 6896 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
04:18:51.0007 6896 BrFiltUp - ok
04:18:51.0056 6896 [ B1564976D98E91FC764D5DC28A0297DA ] Bridge C:\Windows\system32\DRIVERS\bridge.sys
04:18:51.0137 6896 Bridge - ok
04:18:51.0184 6896 [ B1564976D98E91FC764D5DC28A0297DA ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
04:18:51.0283 6896 BridgeMP - ok
04:18:51.0346 6896 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
04:18:51.0541 6896 Browser - ok
04:18:51.0617 6896 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
04:18:51.0838 6896 Brserid - ok
04:18:51.0861 6896 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
04:18:52.0097 6896 BrSerWdm - ok
04:18:52.0122 6896 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
04:18:52.0341 6896 BrUsbMdm - ok
04:18:52.0370 6896 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
04:18:52.0400 6896 BrUsbSer - ok
04:18:52.0499 6896 [ 42EBCE48178CE5D0998EB1CA62DB1E9B ] btaudio C:\Windows\system32\drivers\btaudio.sys
04:18:52.0750 6896 btaudio - ok
04:18:52.0830 6896 [ 39309739BADD058C8F4B845D9A3C58D2 ] BTDriver C:\Windows\system32\DRIVERS\btport.sys
04:18:53.0031 6896 BTDriver - ok
04:18:53.0106 6896 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
04:18:53.0167 6896 BTHMODEM - ok
04:18:53.0244 6896 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
04:18:53.0294 6896 BthServ - ok
04:18:53.0504 6896 [ C9253AB5F6611FA2CA5C914D0FE384C5 ] BTKRNL C:\Windows\system32\DRIVERS\btkrnl.sys
04:18:53.0680 6896 BTKRNL - ok
04:18:53.0719 6896 BTSERIAL - ok
04:18:53.0738 6896 BTSLBCSP - ok
04:18:53.0917 6896 [ A1E2ED3E0640999DE683367A4F716F61 ] btwdins C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe
04:18:54.0125 6896 btwdins - ok
04:18:54.0265 6896 [ 9A794455B18D815DB25D991452D4266A ] BTWDNDIS C:\Windows\system32\DRIVERS\btwdndis.sys
04:18:54.0523 6896 BTWDNDIS - ok
04:18:54.0617 6896 [ 843E656DB562FFFF197AFAF98042FACA ] BTWUSB C:\Windows\system32\Drivers\btwusb.sys
04:18:54.0777 6896 BTWUSB - ok
04:18:54.0897 6896 [ 166EBA385178229475B6AEB950E0A082 ] Cam5603D C:\Windows\system32\Drivers\BisonCam.sys
04:18:55.0125 6896 Cam5603D - ok
04:18:55.0250 6896 [ 0F5CA31BB3FDB5C1E63C170CFBECC93B ] CamDrL C:\Windows\system32\DRIVERS\Camdrl.sys
04:18:55.0354 6896 CamDrL - ok
04:18:55.0519 6896 catchme - ok
04:18:55.0592 6896 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
04:18:55.0643 6896 cdfs - ok
04:18:55.0736 6896 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
04:18:55.0757 6896 cdrom - ok
04:18:55.0831 6896 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
04:18:55.0834 6896 CertPropSvc - ok
04:18:55.0871 6896 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
04:18:55.0894 6896 circlass - ok
04:18:55.0945 6896 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
04:18:56.0012 6896 CLFS - ok
04:18:56.0070 6896 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
04:18:56.0132 6896 clr_optimization_v2.0.50727_32 - ok
04:18:56.0240 6896 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
04:18:56.0359 6896 clr_optimization_v4.0.30319_32 - ok
04:18:56.0449 6896 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
04:18:56.0464 6896 CmBatt - ok
04:18:56.0509 6896 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
04:18:56.0534 6896 cmdide - ok
04:18:56.0591 6896 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
04:18:56.0616 6896 Compbatt - ok
04:18:56.0629 6896 COMSysApp - ok
04:18:56.0711 6896 cpuz135 - ok
04:18:56.0747 6896 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
04:18:56.0767 6896 crcdisk - ok
04:18:56.0796 6896 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
04:18:56.0814 6896 Crusoe - ok
04:18:56.0877 6896 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
04:18:56.0916 6896 CryptSvc - ok
04:18:56.0988 6896 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
04:18:57.0049 6896 DcomLaunch - ok
04:18:57.0100 6896 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
04:18:57.0320 6896 DfsC - ok
04:18:57.0483 6896 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
04:18:57.0531 6896 Dhcp - ok
04:18:58.0336 6896 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files\GNU\GnuPG\dirmngr.exe
04:18:58.0362 6896 DirMngr - ok
04:18:58.0427 6896 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
04:18:58.0441 6896 disk - ok
04:18:58.0520 6896 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
04:18:58.0561 6896 Dnscache - ok
04:18:58.0648 6896 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
04:18:58.0673 6896 dot3svc - ok
04:18:58.0720 6896 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
04:18:58.0726 6896 DPS - ok
04:18:58.0797 6896 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
04:18:58.0832 6896 drmkaud - ok
04:18:58.0959 6896 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
04:18:59.0071 6896 DXGKrnl - ok
04:18:59.0143 6896 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
04:18:59.0191 6896 E1G60 - ok
04:18:59.0280 6896 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
04:18:59.0300 6896 EapHost - ok
04:18:59.0517 6896 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
04:18:59.0548 6896 Ecache - ok
04:18:59.0915 6896 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
04:19:00.0036 6896 ehRecvr - ok
04:19:00.0117 6896 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
04:19:00.0193 6896 ehSched - ok
04:19:00.0290 6896 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
04:19:00.0312 6896 ehstart - ok
04:19:00.0555 6896 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
04:19:00.0566 6896 elxstor - ok
04:19:00.0925 6896 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
04:19:00.0970 6896 EMDMgmt - ok
04:19:01.0021 6896 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
04:19:01.0052 6896 EventSystem - ok
04:19:01.0201 6896 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
04:19:01.0227 6896 exfat - ok
04:19:01.0326 6896 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
04:19:01.0360 6896 fastfat - ok
04:19:01.0438 6896 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
04:19:01.0446 6896 fdc - ok
04:19:01.0515 6896 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
04:19:01.0528 6896 fdPHost - ok
04:19:01.0593 6896 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
04:19:01.0602 6896 FDResPub - ok
04:19:01.0660 6896 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
04:19:01.0674 6896 FileInfo - ok
04:19:01.0708 6896 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
04:19:01.0713 6896 Filetrace - ok
04:19:01.0780 6896 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
04:19:01.0799 6896 flpydisk - ok
04:19:01.0849 6896 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
04:19:01.0858 6896 FltMgr - ok
04:19:02.0513 6896 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
04:19:02.0652 6896 FontCache - ok
04:19:02.0811 6896 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
04:19:02.0838 6896 FontCache3.0.0.0 - ok
04:19:02.0876 6896 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
04:19:02.0913 6896 Fs_Rec - ok
04:19:02.0940 6896 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
04:19:02.0946 6896 gagp30kx - ok
04:19:03.0034 6896 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
04:19:03.0076 6896 gpsvc - ok
04:19:03.0425 6896 [ 626A24ED1228580B9518C01930936DF9 ] gupdate1c9c510217b5810 C:\Program Files\Google\Update\GoogleUpdate.exe
04:19:03.0437 6896 gupdate1c9c510217b5810 - ok
04:19:03.0509 6896 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
04:19:03.0511 6896 gupdatem - ok
04:19:03.0628 6896 [ 833051C6C6C42117191935F734CFBD97 ] hamachi C:\Windows\system32\DRIVERS\hamachi.sys
04:19:03.0658 6896 hamachi - ok
04:19:04.0453 6896 [ F31D7F8A7699575DBB3B3A3AB4AA6216 ] Hamachi2Svc C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
04:19:04.0510 6896 Hamachi2Svc - ok
04:19:04.0547 6896 [ E4D595B7B69483C71B1D0233B3F02EF6 ] hcmon C:\Windows\system32\Drivers\hcmon.sys
04:19:04.0572 6896 hcmon - ok
04:19:04.0759 6896 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
04:19:04.0787 6896 HdAudAddService - ok
04:19:05.0405 6896 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
04:19:05.0493 6896 HDAudBus - ok
04:19:05.0531 6896 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
04:19:05.0536 6896 HidBth - ok
04:19:05.0603 6896 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
04:19:05.0608 6896 HidIr - ok
04:19:05.0647 6896 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\System32\hidserv.dll
04:19:05.0662 6896 hidserv - ok
04:19:05.0696 6896 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
04:19:05.0717 6896 HidUsb - ok
04:19:05.0845 6896 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
04:19:05.0854 6896 hkmsvc - ok
04:19:05.0887 6896 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
04:19:05.0891 6896 HpCISSs - ok
04:19:05.0941 6896 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
04:19:05.0987 6896 HTTP - ok
04:19:06.0078 6896 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
04:19:06.0085 6896 i2omp - ok
04:19:06.0151 6896 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
04:19:06.0157 6896 i8042prt - ok
04:19:06.0258 6896 [ 284B6A4EE20B3CDEBFCF43B0CF8FDA28 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
04:19:06.0282 6896 IAANTMON - ok
04:19:06.0315 6896 [ 5A665FFDD5C08A5BBD469CB006993017 ] iaNvStor C:\Windows\system32\DRIVERS\iaNvStor.sys
04:19:06.0339 6896 iaNvStor - ok
04:19:06.0394 6896 [ FD7F9D74C2B35DBDA400804A3F5ED5D8 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
04:19:06.0428 6896 iaStor - ok
04:19:06.0489 6896 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
04:19:06.0499 6896 iaStorV - ok
04:19:06.0920 6896 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
04:19:07.0155 6896 IDriverT - ok
04:19:07.0471 6896 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
04:19:07.0560 6896 idsvc - ok
04:19:07.0586 6896 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
04:19:07.0590 6896 iirsp - ok
04:19:07.0974 6896 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
04:19:08.0030 6896 IKEEXT - ok
04:19:08.0607 6896 [ 5D854CBAC8B7B4B964406F9808C95FAE ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
04:19:08.0671 6896 IntcAzAudAddService - ok
04:19:08.0731 6896 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
04:19:08.0735 6896 intelide - ok
04:19:08.0805 6896 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
04:19:08.0834 6896 intelppm - ok
04:19:09.0219 6896 [ 692BCDCEAB912922A6BB015F45ABE862 ] InterBaseGuardian C:\Program Files\Borland\InterBase\bin\ibguard.exe
04:19:09.0222 6896 InterBaseGuardian - ok
04:19:09.0332 6896 [ 1DF5DB8996EC9D5FFCE0A60135C33F8F ] InterBaseServer C:\Program Files\Borland\InterBase\bin\ibserver.exe
04:19:09.0418 6896 InterBaseServer - ok
04:19:09.0494 6896 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
04:19:09.0503 6896 IPBusEnum - ok
04:19:09.0532 6896 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
04:19:09.0539 6896 IpFilterDriver - ok
04:19:09.0600 6896 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
04:19:09.0612 6896 iphlpsvc - ok
04:19:09.0622 6896 IpInIp - ok
04:19:09.0669 6896 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
04:19:09.0675 6896 IPMIDRV - ok
04:19:09.0702 6896 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
04:19:09.0709 6896 IPNAT - ok
04:19:09.0740 6896 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
04:19:09.0746 6896 IRENUM - ok
04:19:09.0776 6896 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
04:19:09.0790 6896 isapnp - ok
04:19:09.0908 6896 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
04:19:09.0923 6896 iScsiPrt - ok
04:19:09.0946 6896 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
04:19:09.0961 6896 iteatapi - ok
04:19:10.0045 6896 [ E4B04A0D8B237ECF026D849439F1BCCE ] itecir C:\Windows\system32\DRIVERS\itecir.sys
04:19:10.0070 6896 itecir - ok
04:19:10.0102 6896 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
04:19:10.0106 6896 iteraid - ok
04:19:10.0155 6896 [ 222E263CC06E47BDA386FE19B88E8583 ] JRAID C:\Windows\system32\drivers\jraid.sys
04:19:10.0157 6896 JRAID - ok
04:19:10.0243 6896 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
04:19:10.0258 6896 kbdclass - ok
04:19:10.0298 6896 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
04:19:10.0303 6896 kbdhid - ok
04:19:10.0339 6896 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
04:19:10.0354 6896 KeyIso - ok
04:19:10.0549 6896 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
04:19:10.0605 6896 KSecDD - ok
04:19:10.0654 6896 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
04:19:10.0699 6896 KtmRm - ok
04:19:10.0837 6896 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\System32\srvsvc.dll
04:19:10.0968 6896 LanmanServer - ok
04:19:11.0066 6896 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
04:19:11.0100 6896 LanmanWorkstation - ok
04:19:11.0198 6896 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys
04:19:11.0210 6896 lirsgt - ok
04:19:11.0241 6896 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
04:19:11.0265 6896 lltdio - ok
04:19:11.0301 6896 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
04:19:11.0312 6896 lltdsvc - ok
04:19:11.0348 6896 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
04:19:11.0369 6896 lmhosts - ok
04:19:11.0487 6896 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
04:19:11.0511 6896 LSI_FC - ok
04:19:11.0543 6896 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
04:19:11.0550 6896 LSI_SAS - ok
04:19:11.0620 6896 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
04:19:11.0626 6896 LSI_SCSI - ok
04:19:11.0682 6896 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
04:19:11.0695 6896 luafv - ok
04:19:11.0779 6896 [ 64BC29C3A0388BFC580BB8B1346F7659 ] LVUSBSta C:\Windows\system32\drivers\LVUSBSta.sys
04:19:11.0785 6896 LVUSBSta - ok
04:19:11.0823 6896 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
04:19:11.0845 6896 Mcx2Svc - ok
04:19:11.0899 6896 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
04:19:11.0917 6896 megasas - ok
04:19:11.0956 6896 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
04:19:11.0977 6896 MMCSS - ok
04:19:12.0520 6896 [ C4FEE5E6C41B3C5A7257B33AD624BB10 ] mod7700 C:\Windows\system32\Drivers\mod7700.sys
04:19:12.0619 6896 mod7700 - ok
04:19:12.0655 6896 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
04:19:12.0669 6896 Modem - ok
04:19:12.0743 6896 [ 370E88453EC0D7BEA6EB24BE8D865DBE ] MODRC C:\Windows\system32\DRIVERS\modrc.sys
04:19:12.0787 6896 MODRC - ok
04:19:12.0835 6896 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
04:19:12.0858 6896 monitor - ok
04:19:12.0902 6896 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
04:19:12.0920 6896 mouclass - ok
04:19:12.0949 6896 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
04:19:12.0974 6896 mouhid - ok
04:19:13.0040 6896 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
04:19:13.0045 6896 MountMgr - ok
04:19:13.0270 6896 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
04:19:13.0422 6896 MpFilter - ok
04:19:13.0484 6896 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
04:19:13.0509 6896 mpio - ok
04:19:13.0782 6896 [ A69630D039C38018689190234F866D77 ] MpKsl38849605 c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{874841F8-D75D-400B-890D-AC3302930030}\MpKsl38849605.sys
04:19:13.0783 6896 MpKsl38849605 - ok
04:19:14.0084 6896 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
04:19:14.0159 6896 mpsdrv - ok
04:19:14.0239 6896 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
04:19:14.0351 6896 MpsSvc - ok
04:19:14.0412 6896 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
04:19:14.0418 6896 Mraid35x - ok
04:19:14.0542 6896 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
04:19:14.0564 6896 MRxDAV - ok
04:19:14.0620 6896 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
04:19:14.0672 6896 mrxsmb - ok
04:19:15.0120 6896 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
04:19:15.0272 6896 mrxsmb10 - ok
04:19:15.0300 6896 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
04:19:15.0329 6896 mrxsmb20 - ok
04:19:15.0550 6896 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
04:19:15.0622 6896 msahci - ok
04:19:15.0748 6896 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
04:19:15.0774 6896 msdsm - ok
04:19:15.0824 6896 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
04:19:15.0839 6896 MSDTC - ok
04:19:15.0908 6896 [ 343291A4DFD7C923C3F71F550830EC1C ] MSDV C:\Windows\system32\DRIVERS\msdv.sys
04:19:15.0914 6896 MSDV - ok
04:19:15.0950 6896 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
04:19:15.0967 6896 Msfs - ok
04:19:16.0012 6896 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
04:19:16.0035 6896 msisadrv - ok
04:19:16.0107 6896 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
04:19:16.0129 6896 MSiSCSI - ok
04:19:16.0139 6896 msiserver - ok
04:19:16.0180 6896 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
04:19:16.0189 6896 MSKSSRV - ok
04:19:16.0366 6896 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
04:19:16.0468 6896 MsMpSvc - ok
04:19:16.0517 6896 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
04:19:16.0538 6896 MSPCLOCK - ok
04:19:16.0574 6896 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
04:19:16.0590 6896 MSPQM - ok
04:19:16.0671 6896 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
04:19:16.0705 6896 MsRPC - ok
04:19:16.0736 6896 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
04:19:16.0741 6896 mssmbios - ok
04:19:17.0494 6896 MSSQL$SQLEXPRESS - ok
04:19:17.0643 6896 [ F1761C8FB2B25A32C6D63E36BB88C3AE ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE
04:19:17.0650 6896 MSSQLServerADHelper100 - ok
04:19:17.0697 6896 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
04:19:17.0704 6896 MSTEE - ok
04:19:17.0745 6896 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
04:19:17.0748 6896 Mup - ok
04:19:17.0791 6896 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
04:19:17.0814 6896 napagent - ok
04:19:18.0006 6896 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
04:19:18.0114 6896 NativeWifiP - ok
04:19:18.0495 6896 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
04:19:18.0596 6896 NDIS - ok
04:19:18.0621 6896 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
04:19:18.0625 6896 NdisTapi - ok
04:19:18.0656 6896 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
04:19:18.0660 6896 Ndisuio - ok
04:19:18.0780 6896 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
04:19:18.0788 6896 NdisWan - ok
04:19:18.0829 6896 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
04:19:18.0857 6896 NDProxy - ok
04:19:18.0887 6896 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
04:19:18.0891 6896 NetBIOS - ok
04:19:19.0259 6896 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
04:19:19.0323 6896 netbt - ok
04:19:19.0351 6896 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
04:19:19.0355 6896 Netlogon - ok
04:19:19.0631 6896 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
04:19:19.0659 6896 Netman - ok
04:19:21.0060 6896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:19:21.0272 6896 NetMsmqActivator - ok
04:19:21.0321 6896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:19:21.0325 6896 NetPipeActivator - ok
04:19:21.0815 6896 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
04:19:21.0836 6896 netprofm - ok
04:19:22.0570 6896 [ 0AB8D9D7C5AC81FC736D7C208F737570 ] netr73 C:\Windows\system32\DRIVERS\netr73.sys
04:19:22.0823 6896 netr73 - ok
04:19:22.0894 6896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:19:22.0898 6896 NetTcpActivator - ok
04:19:23.0038 6896 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
04:19:23.0040 6896 NetTcpPortSharing - ok
04:19:23.0760 6896 [ 6522DD40A5F67CED020BD81B856613FB ] NETw4v32 C:\Windows\system32\DRIVERS\NETw4v32.sys
04:19:23.0860 6896 NETw4v32 - ok
04:19:26.0360 6896 [ D4EF7A9767C05905500EC312CB29EF46 ] NETwLv32 C:\Windows\system32\DRIVERS\NETwLv32.sys
04:19:26.0627 6896 NETwLv32 - ok
04:19:26.0740 6896 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
04:19:26.0744 6896 nfrd960 - ok
04:19:26.0868 6896 [ 37260A293B6A89373AE76791E6CC5A12 ] nhcDriverDevice C:\Windows\system32\drivers\nhcDriver.sys
04:19:26.0883 6896 nhcDriverDevice - ok
04:19:26.0913 6896 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
04:19:26.0918 6896 NisDrv - ok
04:19:27.0427 6896 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
04:19:27.0500 6896 NisSrv - ok
04:19:27.0557 6896 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
04:19:27.0596 6896 NlaSvc - ok
04:19:27.0740 6896 [ B48DC6ABCD3AEFF8618350CCBDC6B09A ] NPF C:\Windows\system32\drivers\npf.sys
04:19:27.0746 6896 NPF - ok
04:19:27.0795 6896 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
04:19:27.0812 6896 Npfs - ok
04:19:27.0857 6896 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
04:19:27.0862 6896 nsi - ok
04:19:27.0882 6896 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
04:19:27.0889 6896 nsiproxy - ok
04:19:28.0752 6896 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
04:19:28.0809 6896 Ntfs - ok
04:19:28.0845 6896 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
04:19:28.0862 6896 ntrigdigi - ok
04:19:28.0915 6896 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
04:19:28.0937 6896 Null - ok
04:19:32.0581 6896 [ BD409DE5681C74C1DE51D72427DC202D ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
04:19:32.0981 6896 nvlddmkm - ok
04:19:33.0298 6896 [ 6F785DB62A6D8F3FAFD3E5695277E849 ] nvraid C:\Windows\system32\drivers\nvraid.sys
04:19:33.0522 6896 nvraid - ok
04:19:33.0574 6896 [ 4A5FCAB82D9BF6AF8A023A66802FE9E9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
04:19:33.0632 6896 nvstor - ok
04:19:33.0690 6896 [ E55877BE77A8A31B0416B4E7C3DBE3F2 ] NVSvc C:\Windows\system32\nvvsvc.exe
04:19:33.0769 6896 NVSvc - ok
04:19:33.0823 6896 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
04:19:33.0834 6896 nv_agp - ok
04:19:33.0845 6896 NwlnkFlt - ok
04:19:33.0854 6896 NwlnkFwd - ok
04:19:33.0926 6896 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
04:19:33.0942 6896 ohci1394 - ok
04:19:34.0921 6896 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
04:19:34.0966 6896 p2pimsvc - ok
04:19:34.0999 6896 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
04:19:35.0008 6896 p2psvc - ok
04:19:35.0361 6896 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
04:19:35.0491 6896 Parport - ok
04:19:35.0524 6896 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
04:19:35.0533 6896 partmgr - ok
04:19:35.0568 6896 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
04:19:35.0588 6896 Parvdm - ok
04:19:35.0627 6896 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
04:19:35.0645 6896 PcaSvc - ok
04:19:35.0685 6896 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
04:19:35.0692 6896 pci - ok
04:19:35.0718 6896 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
04:19:35.0723 6896 pciide - ok
04:19:35.0753 6896 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
04:19:35.0761 6896 pcmcia - ok
04:19:35.0880 6896 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
04:19:35.0914 6896 PEAUTH - ok
04:19:36.0598 6896 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
04:19:36.0654 6896 pla - ok
04:19:36.0918 6896 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
04:19:36.0929 6896 PlugPlay - ok
04:19:36.0998 6896 [ 2B81B089D9364083F5046AD1307A65BE ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
04:19:37.0016 6896 Pml Driver HPZ12 - ok
04:19:37.0055 6896 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
04:19:37.0064 6896 PNRPAutoReg - ok
04:19:37.0921 6896 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
04:19:37.0931 6896 PNRPsvc - ok
04:19:38.0748 6896 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
04:19:38.0870 6896 PolicyAgent - ok
04:19:38.0904 6896 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
04:19:38.0920 6896 PptpMiniport - ok
04:19:38.0968 6896 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
04:19:38.0988 6896 Processor - ok
04:19:39.0055 6896 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
04:19:39.0073 6896 ProfSvc - ok
04:19:39.0109 6896 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
04:19:39.0113 6896 ProtectedStorage - ok
04:19:39.0404 6896 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
04:19:39.0423 6896 PSched - ok
04:19:39.0554 6896 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
04:19:39.0611 6896 ql2300 - ok
04:19:39.0856 6896 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
04:19:39.0883 6896 ql40xx - ok
04:19:40.0498 6896 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
04:19:40.0643 6896 QWAVE - ok
04:19:40.0675 6896 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
04:19:40.0681 6896 QWAVEdrv - ok
04:19:40.0735 6896 [ 2DAA6CF9773F22B72A1A98EF2A6EAFDF ] RalinkRegistryWriter C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe
04:19:40.0960 6896 RalinkRegistryWriter - ok
04:19:41.0355 6896 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll
04:19:41.0511 6896 RapiMgr - ok
04:19:41.0540 6896 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
04:19:41.0547 6896 RasAcd - ok
04:19:41.0590 6896 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
04:19:41.0602 6896 RasAuto - ok
04:19:41.0850 6896 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
04:19:41.0865 6896 Rasl2tp - ok
04:19:42.0246 6896 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
04:19:42.0316 6896 RasMan - ok
04:19:42.0383 6896 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
04:19:42.0405 6896 RasPppoe - ok
04:19:42.0440 6896 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
04:19:42.0465 6896 RasSstp - ok
04:19:42.0699 6896 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
04:19:42.0767 6896 rdbss - ok
04:19:42.0804 6896 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
04:19:42.0808 6896 RDPCDD - ok
04:19:42.0846 6896 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
04:19:42.0872 6896 rdpdr - ok
04:19:42.0884 6896 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
04:19:42.0888 6896 RDPENCDD - ok
04:19:43.0051 6896 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
04:19:43.0143 6896 RDPWD - ok
04:19:43.0190 6896 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
04:19:43.0196 6896 RemoteAccess - ok
04:19:43.0230 6896 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
04:19:43.0254 6896 RemoteRegistry - ok
04:19:43.0315 6896 [ 75E8A6BFA7374ABA833AE92BF41AE4E6 ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
04:19:43.0319 6896 ROOTMODEM - ok
04:19:43.0478 6896 [ B60F58F175DE20A6739194E85B035178 ] rpcapd C:\Program Files\WinPcap\rpcapd.exe
04:19:43.0564 6896 rpcapd - ok
04:19:43.0601 6896 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
04:19:43.0610 6896 RpcLocator - ok
04:19:43.0638 6896 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
04:19:43.0652 6896 RpcSs - ok
04:19:43.0723 6896 [ FEDD2710B75BE3ECF078ADACE790C423 ] RsFx0102 C:\Windows\system32\DRIVERS\RsFx0102.sys
04:19:43.0734 6896 RsFx0102 - ok
04:19:43.0771 6896 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
04:19:43.0785 6896 rspndr - ok
04:19:43.0855 6896 [ 2D19A7469EA19993D0C12E627F4530BC ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
04:19:43.0926 6896 RTL8169 - ok
04:19:43.0954 6896 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
04:19:43.0956 6896 SamSs - ok
04:19:44.0029 6896 [ 39763504067962108505BFF25F024345 ] SASDIFSV C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
04:19:44.0086 6896 SASDIFSV - ok
04:19:44.0107 6896 [ 77B9FC20084B48408AD3E87570EB4A85 ] SASKUTIL C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
04:19:44.0178 6896 SASKUTIL - ok
04:19:44.0223 6896 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
04:19:44.0229 6896 sbp2port - ok
04:19:44.0286 6896 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
04:19:44.0297 6896 SCardSvr - ok
04:19:44.0764 6896 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
04:19:44.0958 6896 Schedule - ok
04:19:45.0005 6896 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
04:19:45.0007 6896 SCPolicySvc - ok
04:19:45.0403 6896 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
04:19:45.0515 6896 SDRSVC - ok
04:19:45.0532 6896 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
04:19:45.0535 6896 secdrv - ok
04:19:45.0549 6896 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
04:19:45.0559 6896 seclogon - ok
04:19:45.0593 6896 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
04:19:45.0602 6896 SENS - ok
04:19:45.0645 6896 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
04:19:45.0651 6896 Serenum - ok
04:19:45.0684 6896 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
04:19:45.0691 6896 Serial - ok
04:19:45.0716 6896 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
04:19:45.0721 6896 sermouse - ok
04:19:45.0809 6896 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
04:19:45.0822 6896 SessionEnv - ok
04:19:45.0836 6896 [ 103B79418DA647736EE95645F305F68A ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
04:19:45.0840 6896 sffdisk - ok
04:19:45.0856 6896 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
04:19:45.0860 6896 sffp_mmc - ok
04:19:45.0874 6896 [ 9CFA05FCFCB7124E69CFC812B72F9614 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
04:19:45.0877 6896 sffp_sd - ok
04:19:45.0905 6896 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
04:19:45.0909 6896 sfloppy - ok
04:19:46.0514 6896 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
04:19:46.0626 6896 SharedAccess - ok
04:19:46.0670 6896 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
04:19:46.0704 6896 ShellHWDetection - ok
04:19:46.0817 6896 [ 93BEACC3815A4653A655C8BD7622FF63 ] Si3531 C:\Windows\system32\DRIVERS\Si3531.sys
04:19:46.0826 6896 Si3531 - ok
04:19:46.0866 6896 [ 165448BC832D424B97270C8D1276E24A ] SiFilter C:\Windows\system32\DRIVERS\SiWinAcc.sys
04:19:46.0871 6896 SiFilter - ok
04:19:46.0970 6896 [ 9BE8EA3A8C7E6D47E710F6FA14B7442B ] SiRemFil C:\Windows\system32\DRIVERS\SiRemFil.sys
04:19:47.0001 6896 SiRemFil - ok
04:19:47.0189 6896 [ D2A595D6EEBEEAF4334F8E50EFBC9931 ] sisagp C:\Windows\system32\drivers\sisagp.sys
04:19:47.0309 6896 sisagp - ok
04:19:47.0351 6896 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
04:19:47.0356 6896 SiSRaid2 - ok
04:19:47.0533 6896 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
04:19:47.0694 6896 SiSRaid4 - ok
04:19:48.0856 6896 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
04:19:48.0990 6896 slsvc - ok
04:19:49.0051 6896 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
04:19:49.0070 6896 SLUINotify - ok
04:19:49.0123 6896 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
04:19:49.0143 6896 Smb - ok
04:19:49.0496 6896 [ D9BFD2298F5CF116D8EAAE3B02DCEE2E ] smserial C:\Windows\system32\DRIVERS\smserial.sys
04:19:49.0640 6896 smserial - ok
04:19:49.0860 6896 [ 5BCEB1B306878035DACBA6DD18366EDA ] snapman C:\Windows\system32\DRIVERS\snapman.sys
04:19:49.0867 6896 snapman - ok
04:19:49.0898 6896 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
04:19:49.0909 6896 SNMPTRAP - ok
04:19:50.0017 6896 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe
04:19:50.0025 6896 Sony PC Companion - ok
04:19:50.0056 6896 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
04:19:50.0073 6896 spldr - ok
04:19:50.0135 6896 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
04:19:50.0144 6896 Spooler - ok
04:19:50.0192 6896 [ 71E276F6D189413266EA22171806597B ] sptd C:\Windows\system32\Drivers\sptd.sys
04:19:50.0193 6896 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 71E276F6D189413266EA22171806597B
04:19:50.0195 6896 sptd ( LockedFile.Multi.Generic ) - warning
04:19:50.0195 6896 sptd - detected LockedFile.Multi.Generic (1)
04:19:50.0832 6896 [ EB2FD937449B7ACEB39372F875EB8E78 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE
04:19:50.0888 6896 SQLAgent$SQLEXPRESS - ok
04:19:51.0550 6896 [ 99DE6ACFA5CA83FAD6A765C81C6F129F ] SQLBrowser C:\Program Files\Microsoft SQL Server\90\Shared\sqlbrowser.exe
04:19:51.0784 6896 SQLBrowser - ok
04:19:51.0833 6896 [ 637A0F23F9012358E92E6F99835494D1 ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
04:19:51.0836 6896 SQLWriter - ok
04:19:51.0881 6896 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
04:19:51.0937 6896 srv - ok
04:19:52.0315 6896 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
04:19:52.0374 6896 srv2 - ok
04:19:52.0414 6896 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
04:19:52.0460 6896 srvnet - ok
04:19:52.0662 6896 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
04:19:52.0811 6896 SSDPSRV - ok
04:19:52.0896 6896 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
04:19:52.0923 6896 SstpSvc - ok
04:19:52.0956 6896 Steam Client Service - ok
04:19:53.0867 6896 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
04:19:53.0958 6896 stisvc - ok
04:19:53.0988 6896 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
04:19:53.0993 6896 swenum - ok
04:19:54.0642 6896 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
04:19:54.0689 6896 swprv - ok
04:19:54.0717 6896 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
04:19:54.0721 6896 Symc8xx - ok
04:19:54.0747 6896 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
04:19:54.0764 6896 Sym_hi - ok
04:19:54.0784 6896 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
04:19:54.0788 6896 Sym_u3 - ok
04:19:54.0833 6896 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
04:19:54.0867 6896 SysMain - ok
04:19:54.0915 6896 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
04:19:54.0933 6896 TabletInputService - ok
04:19:55.0059 6896 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
04:19:55.0172 6896 TapiSrv - ok
04:19:55.0202 6896 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
04:19:55.0221 6896 TBS - ok
04:19:55.0908 6896 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
04:19:55.0964 6896 Tcpip - ok
04:19:56.0898 6896 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
04:19:56.0907 6896 Tcpip6 - ok
04:19:57.0094 6896 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
04:19:57.0230 6896 tcpipreg - ok
04:19:57.0268 6896 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
04:19:57.0273 6896 TDPIPE - ok
04:19:57.0673 6896 [ 8DE3E45000BA8C9EBB16737D3F83E216 ] tdrpman258 C:\Windows\system32\DRIVERS\tdrpm258.sys
04:19:57.0707 6896 tdrpman258 - ok
04:19:57.0739 6896 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
04:19:57.0743 6896 TDTCP - ok
04:19:57.0789 6896 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
04:19:57.0810 6896 tdx - ok
04:19:57.0848 6896 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
04:19:57.0868 6896 TermDD - ok
04:19:57.0912 6896 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
04:19:57.0959 6896 TermService - ok
04:19:57.0983 6896 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
04:19:57.0992 6896 Themes - ok
04:19:58.0028 6896 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
04:19:58.0032 6896 THREADORDER - ok
04:19:58.0490 6896 [ 3E06987FEDBCDFBFF8E85EF8108565F9 ] timounter C:\Windows\system32\DRIVERS\timntr.sys
04:19:58.0511 6896 timounter - ok
04:19:58.0621 6896 [ 5E1BC006CB4A26507D4512795CF08373 ] TlntSvr C:\Windows\System32\tlntsvr.exe
04:19:58.0634 6896 TlntSvr - ok
04:19:58.0790 6896 [ 2E7315B147E524E055026E6634B14EA6 ] TOSHIBA Bluetooth Service C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
04:19:59.0124 6896 TOSHIBA Bluetooth Service - ok
04:19:59.0272 6896 [ 2C15B4856F929AC7DD144044D8334B54 ] tosporte C:\Windows\system32\DRIVERS\tosporte.sys
04:19:59.0336 6896 tosporte - ok
04:19:59.0456 6896 [ 4AC571026155442678E3A0B564A374B1 ] tosrfbd C:\Windows\system32\DRIVERS\tosrfbd.sys
04:19:59.0640 6896 tosrfbd - ok
04:19:59.0720 6896 [ 181E217A7A326817D97946D045B3CB46 ] tosrfbnp C:\Windows\system32\Drivers\tosrfbnp.sys
04:19:59.0735 6896 tosrfbnp - ok
04:19:59.0792 6896 [ E90ACE3B4FA7A85F992BC21EB779C407 ] Tosrfcom C:\Windows\system32\Drivers\tosrfcom.sys
04:19:59.0810 6896 Tosrfcom - ok
04:19:59.0989 6896 [ D3F87C46C7C9E5DB99FBD3D17121B891 ] Tosrfhid C:\Windows\system32\DRIVERS\Tosrfhid.sys
04:20:00.0040 6896 Tosrfhid - ok
04:20:00.0119 6896 [ C52FD27B9ADF3A1F22CB90E6BCF9B0CB ] tosrfnds C:\Windows\system32\DRIVERS\tosrfnds.sys
04:20:00.0210 6896 tosrfnds - ok
04:20:00.0271 6896 [ 156D63F6898E4D95F2962F2B72862868 ] TosRfSnd C:\Windows\system32\drivers\tosrfsnd.sys
04:20:00.0314 6896 TosRfSnd - ok
04:20:00.0343 6896 [ 98C04A6432CE9C2AD328F57B9384D348 ] Tosrfusb C:\Windows\system32\DRIVERS\tosrfusb.sys
04:20:00.0433 6896 Tosrfusb - ok
04:20:00.0496 6896 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
04:20:00.0528 6896 TrkWks - ok
04:20:00.0647 6896 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
04:20:00.0651 6896 TrustedInstaller - ok
04:20:00.0705 6896 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
04:20:00.0741 6896 tssecsrv - ok
04:20:00.0819 6896 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
04:20:00.0838 6896 tunmp - ok
04:20:00.0882 6896 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
04:20:00.0889 6896 tunnel - ok
04:20:00.0940 6896 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
04:20:00.0959 6896 uagp35 - ok
04:20:01.0321 6896 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
04:20:01.0384 6896 udfs - ok
04:20:01.0530 6896 [ D658D57EC9B1D2CB001C1EED7CCC6AE0 ] ufad-ws60 C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe
04:20:01.0541 6896 ufad-ws60 - ok
04:20:01.0741 6896 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
04:20:01.0762 6896 UI0Detect - ok
04:20:01.0828 6896 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
04:20:01.0834 6896 uliagpkx - ok
04:20:01.0915 6896 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
04:20:01.0926 6896 uliahci - ok
04:20:01.0956 6896 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
04:20:01.0963 6896 UlSata - ok
04:20:01.0999 6896 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
04:20:02.0006 6896 ulsata2 - ok
04:20:02.0038 6896 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
04:20:02.0043 6896 umbus - ok
04:20:02.0272 6896 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
04:20:02.0333 6896 upnphost - ok
04:20:02.0392 6896 [ 32DB9517628FF0D070682AAB61E688F0 ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
04:20:02.0397 6896 usbaudio - ok
04:20:02.0427 6896 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
04:20:02.0432 6896 usbccgp - ok
04:20:02.0473 6896 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
04:20:02.0478 6896 usbcir - ok
04:20:02.0515 6896 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
04:20:02.0519 6896 usbehci - ok
04:20:02.0711 6896 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
04:20:02.0741 6896 usbhub - ok
04:20:02.0764 6896 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
04:20:02.0768 6896 usbohci - ok
04:20:02.0806 6896 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
04:20:02.0820 6896 usbprint - ok
04:20:02.0887 6896 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
04:20:02.0899 6896 usbscan - ok
04:20:02.0945 6896 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
04:20:02.0980 6896 USBSTOR - ok
04:20:03.0172 6896 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
04:20:03.0188 6896 usbuhci - ok
04:20:03.0262 6896 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
04:20:03.0279 6896 usb_rndisx - ok
04:20:03.0330 6896 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
04:20:03.0341 6896 UxSms - ok
04:20:03.0481 6896 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
04:20:03.0605 6896 vds - ok
04:20:03.0745 6896 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
04:20:03.0764 6896 vga - ok
04:20:04.0087 6896 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
04:20:04.0107 6896 VgaSave - ok
04:20:04.0174 6896 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
04:20:04.0198 6896 viaagp - ok
04:20:04.0244 6896 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
04:20:04.0332 6896 ViaC7 - ok
04:20:04.0357 6896 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys
04:20:04.0385 6896 viaide - ok
04:20:04.0467 6896 [ 23EBB1312F6F3E1AF2832E88F306C9D6 ] VMAuthdService C:\Program Files\VMware\VMware Workstation\vmware-authd.exe
04:20:04.0501 6896 VMAuthdService - ok
04:20:04.0569 6896 [ E33AA2E8FACE1C0B99B6467BA9E72414 ] vmkbd C:\Windows\system32\drivers\VMkbd.sys
04:20:04.0578 6896 vmkbd - ok
04:20:04.0646 6896 [ F68C99F41C3CF6E1C3C542FADD2E20CF ] VMnetAdapter C:\Windows\system32\DRIVERS\vmnetadapter.sys
04:20:04.0682 6896 VMnetAdapter - ok
04:20:04.0746 6896 [ 121FBDA3A14F0744A8C213D3E9F14D63 ] VMnetBridge C:\Windows\system32\DRIVERS\vmnetbridge.sys
04:20:04.0768 6896 VMnetBridge - ok
04:20:04.0884 6896 [ 55FB465FCC50C9F28896DAA37D7BEF6C ] VMnetDHCP C:\Windows\system32\vmnetdhcp.exe
04:20:04.0932 6896 VMnetDHCP - ok
04:20:05.0014 6896 [ 2DA97E0E6AB7CCC44F6C945068C134F4 ] VMnetuserif C:\Windows\system32\drivers\vmnetuserif.sys
04:20:05.0032 6896 VMnetuserif - ok
04:20:05.0219 6896 [ 7BECF16932ABBCD71627C500E31A8BE6 ] vmount2 C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe
04:20:05.0249 6896 vmount2 - ok
04:20:05.0321 6896 [ CD379A617FCE2910A71A2DCCA4F6B126 ] vmusb C:\Windows\system32\Drivers\vmusb.sys
04:20:05.0329 6896 vmusb - ok
04:20:05.0368 6896 [ E86B0CC5EC735D8BE790061EB58DEF45 ] VMware NAT Service C:\Windows\system32\vmnat.exe
04:20:05.0381 6896 VMware NAT Service - ok
04:20:05.0888 6896 [ E330118315000254F5F56D1085B2FBB4 ] vmx86 C:\Windows\system32\Drivers\vmx86.sys
04:20:05.0934 6896 vmx86 - ok
04:20:05.0960 6896 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
04:20:05.0974 6896 volmgr - ok
04:20:06.0328 6896 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
04:20:06.0530 6896 volmgrx - ok
04:20:06.0934 6896 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
04:20:06.0960 6896 volsnap - ok
04:20:07.0059 6896 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
04:20:07.0074 6896 vsmraid - ok
04:20:07.0894 6896 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
04:20:07.0940 6896 VSS - ok
04:20:07.0986 6896 [ 9E4FF401725FE6A26D8FE492BF0EA2B1 ] vstor2 C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys
04:20:07.0993 6896 vstor2 - ok
04:20:08.0047 6896 [ F0C66EB65C5E705F5775C3ACEF2C7F2E ] vstor2-ws60 C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys
04:20:08.0058 6896 vstor2-ws60 - ok
04:20:08.0086 6896 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
04:20:08.0120 6896 W32Time - ok
04:20:08.0154 6896 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
04:20:08.0162 6896 WacomPen - ok
04:20:08.0282 6896 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
04:20:08.0328 6896 Wanarp - ok
04:20:08.0342 6896 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
04:20:08.0345 6896 Wanarpv6 - ok
04:20:08.0819 6896 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll
04:20:08.0928 6896 WcesComm - ok
04:20:09.0163 6896 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
04:20:09.0197 6896 wcncsvc - ok
04:20:09.0221 6896 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
04:20:09.0231 6896 WcsPlugInService - ok
04:20:09.0284 6896 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
04:20:09.0303 6896 Wd - ok
04:20:09.0877 6896 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
04:20:09.0938 6896 Wdf01000 - ok
04:20:09.0976 6896 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
04:20:09.0990 6896 WdiServiceHost - ok
04:20:10.0000 6896 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
04:20:10.0010 6896 WdiSystemHost - ok
04:20:10.0597 6896 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
04:20:10.0619 6896 WebClient - ok
04:20:10.0708 6896 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
04:20:10.0966 6896 Wecsvc - ok
04:20:11.0180 6896 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
04:20:11.0338 6896 wercplsupport - ok
04:20:11.0639 6896 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
04:20:11.0758 6896 WerSvc - ok
04:20:11.0858 6896 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
04:20:11.0892 6896 WinDefend - ok
04:20:11.0912 6896 WinHttpAutoProxySvc - ok
04:20:12.0001 6896 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
04:20:12.0009 6896 Winmgmt - ok
04:20:12.0917 6896 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
04:20:13.0089 6896 WinRM - ok
04:20:13.0143 6896 [ 676F4B665BDD8053EAA53AC1695B8074 ] winusb C:\Windows\system32\DRIVERS\winusb.sys
04:20:13.0150 6896 winusb - ok
04:20:13.0761 6896 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
04:20:13.0868 6896 Wlansvc - ok
04:20:13.0900 6896 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
04:20:13.0918 6896 WmiAcpi - ok
04:20:14.0145 6896 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
04:20:14.0180 6896 wmiApSrv - ok
04:20:14.0881 6896 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
04:20:14.0916 6896 WMPNetworkSvc - ok
04:20:15.0079 6896 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
04:20:15.0218 6896 WPCSvc - ok
04:20:15.0247 6896 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
04:20:15.0417 6896 WPDBusEnum - ok
04:20:15.0463 6896 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
04:20:15.0491 6896 WpdUsb - ok
04:20:16.0014 6896 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
04:20:16.0092 6896 WPFFontCache_v0400 - ok
04:20:16.0177 6896 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
04:20:16.0281 6896 ws2ifsl - ok
04:20:16.0324 6896 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\system32\wscsvc.dll
04:20:16.0344 6896 wscsvc - ok
04:20:16.0370 6896 WSearch - ok
04:20:16.0900 6896 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
04:20:16.0999 6896 wuauserv - ok
04:20:17.0064 6896 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
04:20:17.0086 6896 WUDFRd - ok
04:20:17.0116 6896 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
04:20:17.0135 6896 wudfsvc - ok
04:20:17.0226 6896 wxpSvc - ok
04:20:17.0466 6896 ================ Scan global ===============================
04:20:17.0500 6896 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
04:20:17.0589 6896 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
04:20:17.0624 6896 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
04:20:17.0674 6896 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
04:20:17.0719 6896 [Global] - ok
04:20:17.0720 6896 ================ Scan MBR ==================================
04:20:17.0734 6896 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
04:20:22.0401 6896 \Device\Harddisk1\DR1 - ok
04:20:22.0443 6896 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk2\DR2
04:20:22.0534 6896 \Device\Harddisk2\DR2 - ok
04:20:22.0534 6896 ================ Scan VBR ==================================
04:20:22.0562 6896 [ C4AA4E9895D171101CCF343563B51E10 ] \Device\Harddisk1\DR1\Partition1
04:20:22.0566 6896 \Device\Harddisk1\DR1\Partition1 - ok
04:20:22.0603 6896 [ 7E94BC35B37CB6356F9FD0FEBDC6261E ] \Device\Harddisk1\DR1\Partition2
04:20:22.0605 6896 \Device\Harddisk1\DR1\Partition2 - ok
04:20:22.0610 6896 [ 30458E1EE11FCE3A6C7A474A0BB53BCD ] \Device\Harddisk2\DR2\Partition1
04:20:22.0612 6896 \Device\Harddisk2\DR2\Partition1 - ok
04:20:22.0615 6896 ============================================================
04:20:22.0615 6896 Scan finished
04:20:22.0615 6896 ============================================================
04:20:22.0635 7996 Detected object count: 1
04:20:22.0635 7996 Actual detected object count: 1
04:21:13.0536 7996 sptd ( LockedFile.Multi.Generic ) - skipped by user
04:21:13.0536 7996 sptd ( LockedFile.Multi.Generic ) - User select action: Skip
04:21:31.0458 6736 Deinitialize success

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-03 17:12:31
-----------------------------
17:12:31.816 OS Version: Windows 6.0.6002 Service Pack 2
17:12:31.816 Number of processors: 2 586 0xF0B
17:12:31.818 ComputerName: PAVEL-NTB UserName: Pavel
17:12:44.415 Initialize success
17:13:20.974 AVAST engine defs: 13010201
17:13:24.317 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\RobsonImd-0
17:13:24.322 Disk 0 Vendor: Size: 513MB BusType: 0
17:13:24.329 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port3Path0Target0Lun0
17:13:24.334 Disk 1 Vendor: FUJITSU_ Size: 238475MB BusType: 1
17:13:24.341 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\JRAID1Port3Path0Target1Lun0
17:13:24.348 Disk 2 Vendor: Hitachi_ Size: 238475MB BusType: 1
17:13:24.401 Disk 1 MBR read successfully
17:13:24.409 Disk 1 MBR scan
17:13:24.427 Disk 1 Windows VISTA default MBR code
17:13:24.449 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122294 MB offset 2048
17:13:24.478 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 116178 MB offset 250460160
17:13:24.496 Disk 1 scanning sectors +488392704
17:13:24.581 Disk 1 scanning C:\Windows\system32\drivers
17:15:44.822 Service scanning
17:18:57.898 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:19:37.631 Modules scanning
17:20:38.231 Disk 1 trace - called modules:
17:20:38.275 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866321f8]<<
17:20:38.287 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8872f030]
17:20:38.300 3 CLASSPNP.SYS[899cf8b3] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port3Path0Target0Lun0[0x8825f030]
17:20:38.314 \Driver\JRAID[0x8671c8a8] -> IRP_MJ_CREATE -> 0x866321f8
17:20:45.880 AVAST engine scan C:\Windows
17:21:06.003 AVAST engine scan C:\Windows\system32
17:30:26.336 AVAST engine scan C:\Windows\system32\drivers
17:31:08.409 AVAST engine scan C:\Users\Pavel
18:34:48.104 File: C:\Users\Pavel\Downloads\puzzles\puzzles\bridges.exe **INFECTED** Win32:Susn-N [Trj]
18:34:48.586 File: C:\Users\Pavel\Downloads\puzzles\puzzles\cube.exe **INFECTED** Win32:Susn-N [Trj]
18:34:48.994 File: C:\Users\Pavel\Downloads\puzzles\puzzles\dominosa.exe **INFECTED** Win32:Susn-N [Trj]
18:34:49.334 File: C:\Users\Pavel\Downloads\puzzles\puzzles\fifteen.exe **INFECTED** Win32:Susn-N [Trj]
18:34:49.699 File: C:\Users\Pavel\Downloads\puzzles\puzzles\filling.exe **INFECTED** Win32:Susn-N [Trj]
18:34:50.239 File: C:\Users\Pavel\Downloads\puzzles\puzzles\flip.exe **INFECTED** Win32:Susn-N [Trj]
18:34:50.658 File: C:\Users\Pavel\Downloads\puzzles\puzzles\galaxies.exe **INFECTED** Win32:Susn-N [Trj]
18:34:51.082 File: C:\Users\Pavel\Downloads\puzzles\puzzles\guess.exe **INFECTED** Win32:Susn-N [Trj]
18:34:51.464 File: C:\Users\Pavel\Downloads\puzzles\puzzles\inertia.exe **INFECTED** Win32:Susn-N [Trj]
18:34:51.778 File: C:\Users\Pavel\Downloads\puzzles\puzzles\lightup.exe **INFECTED** Win32:Susn-N [Trj]
18:34:52.079 File: C:\Users\Pavel\Downloads\puzzles\puzzles\loopy.exe **INFECTED** Win32:Susn-N [Trj]
18:34:52.448 File: C:\Users\Pavel\Downloads\puzzles\puzzles\map.exe **INFECTED** Win32:Susn-N [Trj]
18:34:52.785 File: C:\Users\Pavel\Downloads\puzzles\puzzles\mines.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.037 File: C:\Users\Pavel\Downloads\puzzles\puzzles\netgame.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.306 File: C:\Users\Pavel\Downloads\puzzles\puzzles\netslide.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.581 File: C:\Users\Pavel\Downloads\puzzles\puzzles\pattern.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.825 File: C:\Users\Pavel\Downloads\puzzles\puzzles\pegs.exe **INFECTED** Win32:Susn-N [Trj]
18:34:54.406 File: C:\Users\Pavel\Downloads\puzzles\puzzles\rect.exe **INFECTED** Win32:Susn-N [Trj]
18:34:54.706 File: C:\Users\Pavel\Downloads\puzzles\puzzles\samegame.exe **INFECTED** Win32:Susn-N [Trj]
18:34:54.925 File: C:\Users\Pavel\Downloads\puzzles\puzzles\sixteen.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.194 File: C:\Users\Pavel\Downloads\puzzles\puzzles\slant.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.409 File: C:\Users\Pavel\Downloads\puzzles\puzzles\solo.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.659 File: C:\Users\Pavel\Downloads\puzzles\puzzles\tents.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.918 File: C:\Users\Pavel\Downloads\puzzles\puzzles\twiddle.exe **INFECTED** Win32:Susn-N [Trj]
18:34:56.181 File: C:\Users\Pavel\Downloads\puzzles\puzzles\unequal.exe **INFECTED** Win32:Susn-N [Trj]
18:34:56.429 File: C:\Users\Pavel\Downloads\puzzles\puzzles\untangle.exe **INFECTED** Win32:Susn-N [Trj]
18:38:49.312 AVAST engine scan C:\ProgramData
18:56:34.127 Scan finished successfully
18:58:26.065 Disk 1 MBR has been saved successfully to "C:\Users\Pavel\Downloads\MBR.dat"
18:58:26.114 The log file has been saved successfully to "C:\Users\Pavel\Downloads\aswMBR.txt"

#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 04 January 2013 - 08:58 AM

You probably still have the DDS tool. Just run it as suggested here.

  • Please download DDS.exe from here.
  • Double-click to start the tool.
  • In the panel, click Options for dds.txt to expand the choices.

    • Check the box next to attach.txt.
    • Uncheck the box next to check mbr.
    • Click Start.
  • Post the new log when it has completed.
===

I would also like you to run this tool.

Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

#5 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 04 January 2013 - 05:06 PM

DDS ran without problems (i've tried it before posting first topic here and it did freeze the computer).

Combofix froze the computer again, antiviruses were disabled, everything i was aware of was disabled/closed. I'm not aware of mousclicking it while it's running, but the whole computer was not responsive.

DDS logs:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-09-30.01)
.
Microsoft® Windows Vista™ Home Premium
Boot Device: \Device\HarddiskVolume2
Install Date: 7.4.2009 22:02:22
System Uptime: 4.1.2013 7:42:07 (14 hours ago)
.
Motherboard: FUJITSU SIEMENS | | F41_____
Processor: Intel® Core™2 Duo CPU T7700 @ 2.40GHz | U2E1 | 800/mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 3,153 GiB free.
D: is FIXED (NTFS) - 233 GiB total, 10,814 GiB free.
E: is CDROM ()
F: is FIXED (NTFS) - 113 GiB total, 0,846 GiB free.
G: is CDROM ()
H: is CDROM ()
.
==== Disabled Device Manager Items =============
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet1
Device ID: ROOT\VMWARE\0000
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet1
PNP Device ID: ROOT\VMWARE\0000
Service: VMnetAdapter
.
Class GUID: {4d36e972-e325-11ce-bfc1-08002be10318}
Description: VMware Virtual Ethernet Adapter for VMnet8
Device ID: ROOT\VMWARE\0001
Manufacturer: VMware, Inc.
Name: VMware Virtual Ethernet Adapter for VMnet8
PNP Device ID: ROOT\VMWARE\0001
Service: VMnetAdapter
.
==== System Restore Points ===================
.
RP562: 1.1.2013 16:38:22 - Windows Update
.
==== Installed Programs ======================
.
"Minimal SYStem 1.0.10"
3531-W-I32-D SATARAID5
Acrobat.com
Acronis True Image Home
Active WebCam
Adobe AIR
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader X (10.1.4) - Czech
Aktualizace ovladače pro aplikaci Centrum zařízení Windows Mobile
Alien Swarm
Alien Swarm - SDK
AMD Catalyst Install Manager
Audacity 1.3.14 (Unicode)
Audiosurf
AVG Free 9.0
Balíček ovladače systému Windows - Intel (NETwLv32) net (10/07/2010 13.4.0.139)
Balíček ovladače systému Windows - Intel (NETwNv32) net (01/19/2011 13.5.0.6)
Balíček ovladače systému Windows - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
Battlefield 2™
BF2ALL64
Bluetooth Stack for Windows by Toshiba
Borland Delphi 7
Burnout™ Paradise The Ultimate Box
CardRecovery
Catalyst Control Center InstallProxy
Centrum zařízení Windows Mobile
Command & Conquer Generals
Command and ConquerTM Generals Zero Hour
Corel Graphics Suite 11
CorelDRAW Graphics Suite X3
Counter-Strike 1.6
Creeper World
Creeper World 2
Creeper World 2 Demo
Creeper World 2 Editor
Creeper World Map Editor
CZ
DancingGorilla 1.1.4/1.06
DebugBar v5.4.1 for Internet Explorer (remove only)
Dev-C++ 5 beta 9 release (4.9.9.2)
EatCam Webcam Recorder Pro 4.0
Edimax Wireless LAN
Erlang OTP R13B02 (5.7.3)
Fiddler
FontNav
Free Download Manager 3.0
FreeMind
GIMP 2.6.6
Git version 1.7.4-preview20110204
Google Gears
Google Chrome
Google Talk (remove only)
Google Update Helper
Gpg4win (2.1.0)
GPGNet
Half-Life 2
Half-Life 2: Episode One
Half-Life 2: Episode Two
Half-Life 2: Lost Coast
Half-Life Dedicated Server Update Tool
HijackThis 2.0.2
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB953595)
Hotfix for Microsoft .NET Framework 3.5 SP1 (KB958484)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB945282)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946040)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB946308)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947540)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB947789)
Hotfix for Microsoft Visual C++ 2008 Express Edition with SP1 - ENU (KB948127)
Cheat Engine 6.2
iMacros Version 8.0.1.1895
Intel® Turbo Memory a Intel® Matrix Storage Manager
InterBase 6.5
ITECIR Driver
Java 2 Runtime Environment Standard Edition v1.2.2
Java Auto Updater
Java™ 6 Update 14
Java™ 7 Update 4
JavaFX 2.1.0
JDownloader 0.9
K-Lite Codec Pack 6.9.0 (Full)
KaM Remake Full r3392
Knights and Merchants - The Peasants Rebellion
Left 4 Dead 2 Demo
Left 4 Dead Authoring Tools Beta
Left 4 Dead Dedicated Server
LibreOffice 3.4
libsndfile-1.0.25
LogMeIn Hamachi
LOTR The Return of the King tm
LyX 2.0.2-1
Magic The Gathering
MagicTG
Machinarium
Malwarebytes Anti-Malware verze 1.65.1.1000
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Security Update (KB2656370)
Microsoft .NET Framework 1.1 Security Update (KB2698023)
Microsoft .NET Framework 3.5 SP1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Multi-Targeting Pack
Microsoft Application Compatibility Toolkit 5.0
Microsoft Application Error Reporting
Microsoft Help Viewer 1.0
Microsoft Security Client
Microsoft Security Essentials
Microsoft Silverlight
Microsoft SQL Server 2008
Microsoft SQL Server 2008 Browser
Microsoft SQL Server 2008 Common Files
Microsoft SQL Server 2008 Database Engine Services
Microsoft SQL Server 2008 Database Engine Shared
Microsoft SQL Server 2008 Native Client
Microsoft SQL Server 2008 R2 Management Objects
Microsoft SQL Server 2008 RsFx Driver
Microsoft SQL Server 2008 Setup Support Files (English)
Microsoft SQL Server Compact 3.5 SP2 ENU
Microsoft SQL Server System CLR Types
Microsoft SQL Server VSS Writer
Microsoft Visual C# 2010 Express - ENU
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
Microsoft Visual J# 2.0 Redistributable Package
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
Microsoft Windows Performance Toolkit
Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
Microsoft Windows SDK for Windows 7 (7.1)
Motorola SM56 Data Fax Modem
Mozilla Firefox (3.0.19)
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP2 Parser and SDK
MSXML4 Parser
Mumble 1.2.3
NetBeans IDE 6.8
NetBeans IDE 6.9
NetBeans IDE 7.1.2
Notebook Hardware Control 2.0 Pre-Release-06
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA Install Application
NVIDIA PhysX
NVIDIA Systémový software PhysX 260.99
NX Client for Windows 2.1.0-16
OpenAL
OpenOffice.org 3.0
Opera 12.00
PC Translator
Pharaoh - Including Cleopatra Expansion
Picturenaut 3.2
Pinnacle DistanTV Server
Pinnacle TVCenter Pro
Plants Vs Zombies
Portal
Portal 2
Power Toys for the Microsoft .NET Compact Framework 3.5
Psaní všemi deseti 1.5
PSPad editor
PVSonyDll
Python 2.6.2
QIP 2005 8092
Qt SDK 2010.02.1
RAD Video Tools
Real Alternative 2.0.2
Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
Realtek High Definition Audio Driver
Rise Of Legends
Rise of Nations
Sea3D 1.2.0a
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2604111)
Security Update for Microsoft .NET Framework 3.5 SP1 (KB2657424)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019)
Security Update for Microsoft .NET Framework 4 Extended (KB2487367)
Security Update for Microsoft .NET Framework 4 Extended (KB2656351)
Sins Editor
Sins of a Solar Empire Trinity
Skype™ 3.8
Sony Ericsson Update Engine
Sony PC Companion 2.10.115
Sql Server Customer Experience Improvement Program
Star Wars Battlefront II
Steam
Strawberry Perl
SUPERAntiSpyware
Supreme Commander - Forged Alliance
SWI-Prolog (remove only)
Synergy
Team Fortress 2
TeamSpeak 2 RC2
TeX Live 2012
Total Commander (Remove or Repair)
Total Video Converter 3.11
TrackMania Nations Forever
Traffic Giant
Ubisoft Game Launcher
Update for Microsoft .NET Framework 3.5 SP1 (KB963707)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
Update for Microsoft .NET Framework 4 Extended (KB2533523)
Update for Microsoft .NET Framework 4 Extended (KB2600217)
Update Manager
VBA
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
VMware Workstation
WebCam
WIDCOMM Bluetooth Software
WinDjView 1.0.3
Windows Media Player Firefox Plugin
WinPcap 4.1.2
WinRAR
WinSCP 4.2.1 beta
Wireshark 1.8.3 (32-bit)
Xming 6.9.0.31
.
==== End Of File ===========================


DDS (Ver_2011-09-30.01) - NTFS_x86
Internet Explorer: 9.0.8112.16421 BrowserJavaVersion: 10.4.1
Run by Pavel at 21:17:47 on 2013-01-04
#Option MBR scan is disabled.
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1250.420.1029.18.2046.938 [GMT 1:00]
.
AV: Microsoft Security Essentials *Enabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
AV: AVG Anti-Virus Free *Disabled/Updated* {5A2746B1-DEE9-F85A-FBCD-ADB11639C5F0}
SP: Microsoft Security Essentials *Enabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: AVG Anti-Virus Free *Disabled/Updated* {E146A755-F8D3-F7D4-C17D-96C36DBE8F4D}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ================
.
C:\Windows\system32\wininit.exe
C:\Program Files\AVG\AVG9\avgchsvx.exe
C:\Program Files\AVG\AVG9\avgrsx.exe
C:\Windows\system32\lsm.exe
C:\Program Files\AVG\AVG9\avgcsrvx.exe
c:\Program Files\Microsoft Security Client\MsMpEng.exe
C:\Windows\system32\atiesrxx.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\taskeng.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files\AVG\AVG9\avgwdsvc.exe
C:\Program Files\GNU\GnuPG\dirmngr.exe
C:\Program Files\LogMeIn Hamachi\hamachi-2.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Borland\InterBase\bin\ibguard.exe
C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\RtHDVCpl.exe
C:\Program Files\AVG\AVG9\avgtray.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Downloads\Software\pageant.exe
C:\Program Files\Borland\InterBase\bin\ibserver.exe
C:\Windows\System32\alg.exe
C:\Windows\system32\wuauclt.exe
C:\totalcmd\TOTALCMD.EXE
C:\Program Files\Notebook Hardware Control\nhc.exe
C:\Windows\system32\conime.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
c:\Program Files\Microsoft Security Client\NisSrv.exe
C:\Windows\system32\Taskmgr.exe
C:\Users\Pavel\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxps://intranet.mensa.cz/index.php
uProxyServer = socks=127.0.0.1:25
uProxyOverride = <local>
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: DebugBar BHO: {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - c:\program files\core services\debugbar\DebugInfoBar.dll
BHO: Java™ Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\oracle\javafx 2.1 runtime\bin\ssv.dll
BHO: FDMIECookiesBHO Class: {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - c:\program files\free download manager\iefdm2.dll
BHO: Java™ Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\oracle\javafx 2.1 runtime\bin\jp2ssv.dll
BHO: Google Gears Helper: {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
TB: DebugBar: {3E1201F4-1707-409F-BB45-A5F192381DA0} - c:\program files\core services\debugbar\DebugToolBar.dll
TB: DebugBar: {3E1201F4-1707-409F-BB45-A5F192381DA0} - c:\program files\core services\debugbar\DebugToolBar.dll
uRun: [Google Update] "c:\users\pavel\appdata\local\google\update\GoogleUpdate.exe" /c
uRun: [ISUSPM Startup] "c:\program files\common files\installshield\updateservice\ISUSPM.exe" -startup
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [Windows Defender] c:\program files\windows defender\MSASCui.exe -hide
mRun: [IAAnotif] c:\program files\intel\intel matrix storage manager\iaanotif.exe
mRun: [IaNvSrv] c:\program files\intel\intel matrix storage manager\orom\ianvsrv\IaNvSrv.exe
mRun: [RtHDVCpl] RtHDVCpl.exe
mRun: [Skytel] Skytel.exe
mRun: [AVG9_TRAY] c:\progra~1\avg\avg9\avgtray.exe
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
StartupFolder: c:\users\pavel\appdata\roaming\micros~1\windows\startm~1\programs\startup\pagean~1.lnk - c:\downloads\software\pageant.exe
mPolicies-Explorer: NoDriveTypeAutoRun = dword:255
mPolicies-Explorer: BindDirectlyToPropertySetStorage = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
IE: Send To &Bluetooth - c:\program files\msi\star key bluetooth software\btsendto_ie_ctx.htm
IE: Sothink SWF Catcher - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
IE: {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC} - c:\program files\java\jre7\bin\jp2iexp.dll
IE: {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - {0B4350D1-055F-47A3-B112-5F2F2B0D6F08} - c:\program files\google\google gears\internet explorer\0.5.36.0\gears.dll
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\windows\windowsmobile\INetRepl.dll
IE: {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - {50C3F0BE-A832-45AB-BB6E-352D173AFD8C}
IE: {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - "f:\program files\fiddler2\Fiddler.exe"
IE: {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - c:\program files\common files\sourcetec\swf catcher\InternetExplorer.htm
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {A1F6C4EF-042D-4367-8750-CEA469D497E9} - hxxp://192.168.1.220/DvrOcx.cab
DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab
TCP: Interfaces\{05A6441F-6A8E-4B20-9757-59DC8AF59993} : NameServer = 8.8.8.8
TCP: Interfaces\{106E0229-903C-46F9-84DB-69E26FEAF1B3} : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{4EF90C7A-DA64-4633-996C-41FDD88BB07E} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{57B00E16-4688-4B2A-98E5-4329AB699F74} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{D219F20D-0E14-41BF-961C-A85821DD36A4} : DHCPNameServer = 8.8.8.8
TCP: Interfaces\{DD6FEF1A-B411-44AC-BF17-BB4B99FE5ABD} : NameServer = 8.8.8.8,8.8.4.4
TCP: Interfaces\{DD6FEF1A-B411-44AC-BF17-BB4B99FE5ABD} : DHCPNameServer = 192.168.0.1
SEH: SABShellExecuteHook Class - {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - c:\program files\superantispyware\SASSEH.DLL
LSA: Security Packages = kerberos msv1_0 schannel wdigest tspkg
.
================= FIREFOX ===================
.
FF - ProfilePath - c:\users\pavel\appdata\roaming\mozilla\firefox\profiles\v7foib45.default\
FF - component: c:\program files\google\google gears\firefox\lib\ff30\gears.dll
FF - plugin: c:\program files\adobe\reader 10.0\reader\air\nppdf32.dll
FF - plugin: c:\program files\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\program files\java\jre7\bin\npjpi170_04.dll
FF - plugin: c:\program files\java\jre7\bin\npoji610.dll
FF - plugin: c:\program files\oracle\javafx 2.1 runtime\bin\plugin2\npjp2.dll
FF - plugin: c:\users\pavel\appdata\local\google\update\1.3.21.123\npGoogleUpdate3.dll
FF - plugin: c:\windows\system32\npDeployJava1.dll
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Java Console: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension
FF - Ext: Google Gears: {000a9d1c-beef-4f90-9363-039d445309b8} - c:\program files\google\google gears\Firefox
FF - Ext: FiddlerHook: fiddlerhook@fiddler2.com - f:\program files\fiddler2\FiddlerHook
FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}
FF - Ext: Adblock Plus: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} - %profile%\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
FF - Ext: NoScript: {73a6fe31-595d-460b-a920-fcc0f8843232} - %profile%\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
.
============= SERVICES / DRIVERS ===============
.
R0 iaNvStor;Intel® Turbo Memory Technology NAND Controller;c:\windows\system32\drivers\iaNvStor.sys [2009-4-8 208896]
R0 MpFilter;Microsoft Malware Protection Driver;c:\windows\system32\drivers\MpFilter.sys [2012-8-30 193552]
R0 Si3531;SiI-3531 SATA Controller;c:\windows\system32\drivers\Si3531.sys [2009-2-5 212520]
R0 tdrpman258;Acronis Try&Decide and Restore Points filter (build 258);c:\windows\system32\drivers\tdrpm258.sys [2010-3-13 911680]
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-4-8 216400]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-4-8 29712]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2011-7-22 12880]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2011-7-12 67664]
R2 !SASCORE;SAS Core Service;c:\program files\superantispyware\SASCore.exe [2012-7-11 116608]
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\common files\adobe\arm\1.0\armsvc.exe [2012-7-27 63960]
R2 afcdpsrv;Acronis Nonstop Backup service;c:\program files\common files\acronis\cdp\afcdpsrv.exe [2010-3-13 2480048]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2011-9-8 176128]
R2 avg9wd;AVG Free WatchDog;c:\program files\avg\avg9\avgwdsvc.exe [2010-7-17 308136]
R2 DirMngr;DirMngr;c:\program files\gnu\gnupg\dirmngr.exe [2011-3-2 224256]
R2 FontCache;Mezipaměť písem Windows;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [2009-4-7 21504]
R2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files\logmein hamachi\hamachi-2.exe [2012-6-27 1385896]
R2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\drivers\NisDrvWFP.sys [2012-8-30 99272]
R3 afcdp;afcdp;c:\windows\system32\drivers\afcdp.sys [2010-3-13 160288]
R3 amdkmdag;amdkmdag;c:\windows\system32\drivers\atikmdag.sys [2011-9-8 8606208]
R3 amdkmdap;amdkmdap;c:\windows\system32\drivers\atikmpag.sys [2011-9-8 248832]
R3 itecir;ITECIR Infrared Receiver;c:\windows\system32\drivers\itecir.sys [2009-4-8 46592]
R3 NETwLv32; Ovladač adaptéru řady Intel® Wireless WiFi Link 5000 pro systém Windows Vista 32 Bit;c:\windows\system32\drivers\NETwLv32.sys [2011-7-21 6639616]
R3 NisSrv;Kontrola sítě Microsoft;c:\program files\microsoft security client\NisSrv.exe [2012-9-12 287824]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate1c9c510217b5810;Google Update Service (gupdate1c9c510217b5810);c:\program files\google\update\GoogleUpdate.exe [2009-4-24 133104]
S3 gupdatem;Služba Google Update (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2009-4-24 133104]
S3 MODRC;DiBcom Infrared Receiver;c:\windows\system32\drivers\modrc.sys [2007-7-11 13824]
S3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\drivers\netr73.sys [2009-4-8 489984]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-6-25 35088]
S3 RalinkRegistryWriter;Ralink Registry Writer;c:\program files\edimax\common\RalinkRegistryWriter.exe [2009-4-8 53760]
S3 Sony PC Companion;Sony PC Companion;c:\program files\sony\sony pc companion\PCCService.exe [2012-12-22 155320]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;c:\program files\microsoft sql server\100\shared\sqladhlp.exe [2008-7-10 47128]
S4 RsFx0102;RsFx0102 Driver;c:\windows\system32\drivers\RsFx0102.sys [2008-7-10 242712]
S4 SQLAgent$SQLEXPRESS;SQL Server Agent (SQLEXPRESS);c:\program files\microsoft sql server\mssql10.sqlexpress\mssql\binn\SQLAGENT.EXE [2008-7-10 369688]
.
=============== Created Last 30 ================
.
2013-01-04 01:47:45 6812136 ----a-w- c:\programdata\microsoft\microsoft antimalware\definition updates\{a63e0fdd-d6b8-4330-b3ef-9044f7e24b96}\mpengine.dll
2013-01-03 18:37:19 6812136 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\backup\mpengine.dll
2012-12-30 14:14:39 -------- d-----w- c:\program files\Microsoft Synchronization Services
2012-12-30 14:14:37 -------- d-----w- c:\program files\Microsoft SQL Server Compact Edition
2012-12-30 14:13:28 188128 ----a-w- c:\programdata\microsoft\vcsexpress\10.0\1033\ResourceCache.dll
2012-12-30 14:07:27 -------- d-----w- c:\program files\Microsoft Help Viewer
2012-12-30 14:07:26 -------- d-----w- c:\program files\Microsoft Visual Studio 10.0
2012-12-27 21:05:58 -------- d-----w- c:\users\pavel\appdata\local\GNU
2012-12-27 21:05:48 -------- d-----w- c:\users\pavel\.kde
2012-12-25 16:11:47 740840 ------w- c:\programdata\microsoft\microsoft antimalware\definition updates\{088ce155-857f-4a47-b279-0011f47fcb29}\gapaengine.dll
2012-12-25 16:00:04 -------- d-----w- c:\program files\Microsoft Security Client
2012-12-25 15:58:59 221568 ----a-w- c:\windows\system32\drivers\netio.sys
2012-12-25 14:46:22 -------- d-sh--w- C:\$RECYCLE.BIN
2012-12-25 03:55:20 98816 ----a-w- c:\windows\sed.exe
2012-12-25 03:55:20 256000 ----a-w- c:\windows\PEV.exe
2012-12-25 03:55:20 208896 ----a-w- c:\windows\MBR.exe
2012-12-25 03:17:24 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-25 03:17:24 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-12-25 02:39:51 -------- d-----w- c:\users\pavel\appdata\roaming\SUPERAntiSpyware.com
2012-12-25 02:39:30 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-12-25 02:39:30 -------- d-----w- c:\program files\SUPERAntiSpyware
2012-12-25 01:42:00 -------- d-----w- c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2012-12-25 01:11:03 -------- d-----w- c:\program files\stinger
2012-12-25 00:42:55 -------- d-----w- c:\users\pavel\Doctor Web
2012-12-24 18:42:27 -------- d-----w- c:\users\pavel\appdata\roaming\Malwarebytes
2012-12-24 18:42:10 -------- d-----w- c:\programdata\Malwarebytes
2012-12-24 18:42:08 -------- d-----w- c:\program files\Malwarebytes_Anti-Malware
2012-12-24 17:41:20 -------- d-----w- c:\program files\ESET
2012-12-22 19:38:27 -------- d-----w- c:\programdata\Sony Ericsson
2012-12-22 19:29:15 -------- d-----w- c:\program files\Sony
2012-12-18 03:00:08 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-18 03:00:08 293376 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 21:53:28 -------- d-----w- C:\03c10d0777a4ae7b46ae7f72
2012-12-16 21:52:20 376320 ----a-w- c:\windows\system32\dpnet.dll
2012-12-16 21:52:19 23040 ----a-w- c:\windows\system32\dpnsvr.exe
2012-12-16 21:52:16 2048000 ----a-w- c:\windows\system32\win32k.sys
2012-12-16 21:52:13 224640 ----a-w- c:\windows\system32\drivers\volsnap.sys
2012-12-16 21:52:05 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-16 00:53:42 404920 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-12-11 20:02:56 -------- d-----w- c:\users\pavel\.freemind
2012-12-07 01:23:09 -------- d-----w- c:\program files\Windows Portable Devices
2012-12-07 01:07:11 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2012-12-07 01:07:11 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2012-12-07 01:07:10 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2012-12-07 00:58:17 -------- d-----w- C:\2c9e44ddd1200a2de07d9deafd
2012-12-07 00:21:58 797696 ----a-w- c:\windows\system32\FntCache.dll
2012-12-07 00:21:57 288768 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2012-12-07 00:21:30 876032 ----a-w- c:\windows\system32\XpsPrint.dll
2012-12-07 00:21:29 75776 ----a-w- c:\windows\system32\synceng.dll
.
==================== Find3M ====================
.
2938-07-27 20:34:43 398416 ----a-w- c:\windows\system\VBRUN300.DLL
2013-01-03 16:12:27 22528 ----a-w- c:\windows\system32\drivers\nhcDriver.sys
2012-11-14 02:09:22 1800704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 01:58:15 1427968 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 01:57:37 1129472 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 01:49:25 142848 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 01:48:27 420864 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 01:44:42 2382848 ----a-w- c:\windows\system32\mshtml.tlb
.
============= FINISH: 21:20:15,18 ===============

#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 05 January 2013 - 08:27 AM

Now run the aswMBR.exe tool. Select the Fix button.

Important > you need to wait for the tool to report ... Infection fixed successfully or MBR fixed successfully"
Do not reboot the machine until it has said so.

When you see the message restart the computer normally.

Run aswBMR.exe normally this time and post the log.
===

Run the ComboFix tool again and post the log if you can.

Please let me know what problem persists.

#7 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 05 January 2013 - 12:28 PM

I've started the aswMBR.exe and only saw button FixMBR, so I've clicked it. Then I've noticed there is also a greyed button Fix, so I've thought that you meant to run a scan first and then the fix button would be available. So I've ran scan afterwards, yet the Fix button is still greyed out. I'm sorry for the mix up. What should I do next please? aswMBR.txt follows, zipped MBR.dat attached, won't reboot (at least intentionally. I've also got windows install dvd for MBR repair, if needed.

aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-03 17:12:31
-----------------------------
17:12:31.816 OS Version: Windows 6.0.6002 Service Pack 2
17:12:31.816 Number of processors: 2 586 0xF0B
17:12:31.818 ComputerName: PAVEL-NTB UserName: Pavel
17:12:44.415 Initialize success
17:13:20.974 AVAST engine defs: 13010201
17:13:24.317 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\RobsonImd-0
17:13:24.322 Disk 0 Vendor: Size: 513MB BusType: 0
17:13:24.329 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port3Path0Target0Lun0
17:13:24.334 Disk 1 Vendor: FUJITSU_ Size: 238475MB BusType: 1
17:13:24.341 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\JRAID1Port3Path0Target1Lun0
17:13:24.348 Disk 2 Vendor: Hitachi_ Size: 238475MB BusType: 1
17:13:24.401 Disk 1 MBR read successfully
17:13:24.409 Disk 1 MBR scan
17:13:24.427 Disk 1 Windows VISTA default MBR code
17:13:24.449 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122294 MB offset 2048
17:13:24.478 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 116178 MB offset 250460160
17:13:24.496 Disk 1 scanning sectors +488392704
17:13:24.581 Disk 1 scanning C:\Windows\system32\drivers
17:15:44.822 Service scanning
17:18:57.898 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
17:19:37.631 Modules scanning
17:20:38.231 Disk 1 trace - called modules:
17:20:38.275 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866321f8]<<
17:20:38.287 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x8872f030]
17:20:38.300 3 CLASSPNP.SYS[899cf8b3] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port3Path0Target0Lun0[0x8825f030]
17:20:38.314 \Driver\JRAID[0x8671c8a8] -> IRP_MJ_CREATE -> 0x866321f8
17:20:45.880 AVAST engine scan C:\Windows
17:21:06.003 AVAST engine scan C:\Windows\system32
17:30:26.336 AVAST engine scan C:\Windows\system32\drivers
17:31:08.409 AVAST engine scan C:\Users\Pavel
18:34:48.104 File: C:\Users\Pavel\Downloads\puzzles\puzzles\bridges.exe **INFECTED** Win32:Susn-N [Trj]
18:34:48.586 File: C:\Users\Pavel\Downloads\puzzles\puzzles\cube.exe **INFECTED** Win32:Susn-N [Trj]
18:34:48.994 File: C:\Users\Pavel\Downloads\puzzles\puzzles\dominosa.exe **INFECTED** Win32:Susn-N [Trj]
18:34:49.334 File: C:\Users\Pavel\Downloads\puzzles\puzzles\fifteen.exe **INFECTED** Win32:Susn-N [Trj]
18:34:49.699 File: C:\Users\Pavel\Downloads\puzzles\puzzles\filling.exe **INFECTED** Win32:Susn-N [Trj]
18:34:50.239 File: C:\Users\Pavel\Downloads\puzzles\puzzles\flip.exe **INFECTED** Win32:Susn-N [Trj]
18:34:50.658 File: C:\Users\Pavel\Downloads\puzzles\puzzles\galaxies.exe **INFECTED** Win32:Susn-N [Trj]
18:34:51.082 File: C:\Users\Pavel\Downloads\puzzles\puzzles\guess.exe **INFECTED** Win32:Susn-N [Trj]
18:34:51.464 File: C:\Users\Pavel\Downloads\puzzles\puzzles\inertia.exe **INFECTED** Win32:Susn-N [Trj]
18:34:51.778 File: C:\Users\Pavel\Downloads\puzzles\puzzles\lightup.exe **INFECTED** Win32:Susn-N [Trj]
18:34:52.079 File: C:\Users\Pavel\Downloads\puzzles\puzzles\loopy.exe **INFECTED** Win32:Susn-N [Trj]
18:34:52.448 File: C:\Users\Pavel\Downloads\puzzles\puzzles\map.exe **INFECTED** Win32:Susn-N [Trj]
18:34:52.785 File: C:\Users\Pavel\Downloads\puzzles\puzzles\mines.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.037 File: C:\Users\Pavel\Downloads\puzzles\puzzles\netgame.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.306 File: C:\Users\Pavel\Downloads\puzzles\puzzles\netslide.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.581 File: C:\Users\Pavel\Downloads\puzzles\puzzles\pattern.exe **INFECTED** Win32:Susn-N [Trj]
18:34:53.825 File: C:\Users\Pavel\Downloads\puzzles\puzzles\pegs.exe **INFECTED** Win32:Susn-N [Trj]
18:34:54.406 File: C:\Users\Pavel\Downloads\puzzles\puzzles\rect.exe **INFECTED** Win32:Susn-N [Trj]
18:34:54.706 File: C:\Users\Pavel\Downloads\puzzles\puzzles\samegame.exe **INFECTED** Win32:Susn-N [Trj]
18:34:54.925 File: C:\Users\Pavel\Downloads\puzzles\puzzles\sixteen.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.194 File: C:\Users\Pavel\Downloads\puzzles\puzzles\slant.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.409 File: C:\Users\Pavel\Downloads\puzzles\puzzles\solo.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.659 File: C:\Users\Pavel\Downloads\puzzles\puzzles\tents.exe **INFECTED** Win32:Susn-N [Trj]
18:34:55.918 File: C:\Users\Pavel\Downloads\puzzles\puzzles\twiddle.exe **INFECTED** Win32:Susn-N [Trj]
18:34:56.181 File: C:\Users\Pavel\Downloads\puzzles\puzzles\unequal.exe **INFECTED** Win32:Susn-N [Trj]
18:34:56.429 File: C:\Users\Pavel\Downloads\puzzles\puzzles\untangle.exe **INFECTED** Win32:Susn-N [Trj]
18:38:49.312 AVAST engine scan C:\ProgramData
18:56:34.127 Scan finished successfully
18:58:26.065 Disk 1 MBR has been saved successfully to "C:\Users\Pavel\Downloads\MBR.dat"
18:58:26.114 The log file has been saved successfully to "C:\Users\Pavel\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-05 16:01:47
-----------------------------
16:01:47.338 OS Version: Windows 6.0.6002 Service Pack 2
16:01:47.338 Number of processors: 2 586 0xF0B
16:01:47.339 ComputerName: PAVEL-NTB UserName: Pavel
16:01:53.815 Initialize success
16:04:30.398 AVAST engine defs: 13010500
16:05:50.180 Verifying
16:06:00.221 Disk 1 Windows 600 MBR fixed successfully
16:10:29.440 Disk 1 MBR has been saved successfully to "C:\Users\Pavel\Downloads\MBR.dat"
16:10:29.664 The log file has been saved successfully to "C:\Users\Pavel\Downloads\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright© 2011 AVAST Software
Run date: 2013-01-05 16:01:47
-----------------------------
16:01:47.338 OS Version: Windows 6.0.6002 Service Pack 2
16:01:47.338 Number of processors: 2 586 0xF0B
16:01:47.339 ComputerName: PAVEL-NTB UserName: Pavel
16:01:53.815 Initialize success
16:04:30.398 AVAST engine defs: 13010500
16:05:50.180 Verifying
16:06:00.221 Disk 1 Windows 600 MBR fixed successfully
16:10:29.440 Disk 1 MBR has been saved successfully to "C:\Users\Pavel\Downloads\MBR.dat"
16:10:29.664 The log file has been saved successfully to "C:\Users\Pavel\Downloads\aswMBR.txt"
16:12:31.892 Disk 0 \Device\Harddisk0\DR0 -> \Device\Ide\RobsonImd-0
16:12:31.899 Disk 0 Vendor: Size: 513MB BusType: 0
16:12:31.908 Disk 1 (boot) \Device\Harddisk1\DR1 -> \Device\Scsi\JRAID1Port3Path0Target0Lun0
16:12:31.916 Disk 1 Vendor: FUJITSU_ Size: 238475MB BusType: 1
16:12:31.927 Disk 2 \Device\Harddisk2\DR2 -> \Device\Scsi\JRAID1Port3Path0Target1Lun0
16:12:31.936 Disk 2 Vendor: Hitachi_ Size: 238475MB BusType: 1
16:12:32.066 Disk 1 MBR read successfully
16:12:32.078 Disk 1 MBR scan
16:12:32.416 Disk 1 Windows VISTA default MBR code
16:12:32.475 Disk 1 Partition 1 80 (A) 07 HPFS/NTFS NTFS 122294 MB offset 2048
16:12:32.515 Disk 1 Partition 2 00 07 HPFS/NTFS NTFS 116178 MB offset 250460160
16:12:32.571 Disk 1 scanning sectors +488392704
16:12:33.069 Disk 1 scanning C:\Windows\system32\drivers
16:13:20.719 Service scanning
16:14:45.809 Service sptd C:\Windows\System32\Drivers\sptd.sys **LOCKED** 32
16:15:23.544 Modules scanning
16:15:53.393 Disk 1 trace - called modules:
16:15:53.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866321f8]<<
16:15:53.407 1 nt!IofCallDriver -> \Device\Harddisk1\DR1[0x88733030]
16:15:53.408 3 CLASSPNP.SYS[899608b3] -> nt!IofCallDriver -> \Device\Scsi\JRAID1Port3Path0Target0Lun0[0x86724030]
16:15:53.409 \Driver\JRAID[0x86725140] -> IRP_MJ_CREATE -> 0x866321f8
16:15:55.327 AVAST engine scan C:\Windows
16:16:14.444 AVAST engine scan C:\Windows\system32
16:30:59.095 AVAST engine scan C:\Windows\system32\drivers
16:31:58.702 AVAST engine scan C:\Users\Pavel
17:54:15.956 File: C:\Users\Pavel\Downloads\puzzles\puzzles\bridges.exe **INFECTED** Win32:Susn-N [Trj]
17:54:16.705 File: C:\Users\Pavel\Downloads\puzzles\puzzles\cube.exe **INFECTED** Win32:Susn-N [Trj]
17:54:17.103 File: C:\Users\Pavel\Downloads\puzzles\puzzles\dominosa.exe **INFECTED** Win32:Susn-N [Trj]
17:54:17.350 File: C:\Users\Pavel\Downloads\puzzles\puzzles\fifteen.exe **INFECTED** Win32:Susn-N [Trj]
17:54:18.100 File: C:\Users\Pavel\Downloads\puzzles\puzzles\filling.exe **INFECTED** Win32:Susn-N [Trj]
17:54:18.490 File: C:\Users\Pavel\Downloads\puzzles\puzzles\flip.exe **INFECTED** Win32:Susn-N [Trj]
17:54:18.997 File: C:\Users\Pavel\Downloads\puzzles\puzzles\galaxies.exe **INFECTED** Win32:Susn-N [Trj]
17:54:19.398 File: C:\Users\Pavel\Downloads\puzzles\puzzles\guess.exe **INFECTED** Win32:Susn-N [Trj]
17:54:19.765 File: C:\Users\Pavel\Downloads\puzzles\puzzles\inertia.exe **INFECTED** Win32:Susn-N [Trj]
17:54:20.192 File: C:\Users\Pavel\Downloads\puzzles\puzzles\lightup.exe **INFECTED** Win32:Susn-N [Trj]
17:54:21.108 File: C:\Users\Pavel\Downloads\puzzles\puzzles\loopy.exe **INFECTED** Win32:Susn-N [Trj]
17:54:21.929 File: C:\Users\Pavel\Downloads\puzzles\puzzles\map.exe **INFECTED** Win32:Susn-N [Trj]
17:54:22.226 File: C:\Users\Pavel\Downloads\puzzles\puzzles\mines.exe **INFECTED** Win32:Susn-N [Trj]
17:54:22.709 File: C:\Users\Pavel\Downloads\puzzles\puzzles\netgame.exe **INFECTED** Win32:Susn-N [Trj]
17:54:23.107 File: C:\Users\Pavel\Downloads\puzzles\puzzles\netslide.exe **INFECTED** Win32:Susn-N [Trj]
17:54:23.633 File: C:\Users\Pavel\Downloads\puzzles\puzzles\pattern.exe **INFECTED** Win32:Susn-N [Trj]
17:54:23.968 File: C:\Users\Pavel\Downloads\puzzles\puzzles\pegs.exe **INFECTED** Win32:Susn-N [Trj]
17:54:24.744 File: C:\Users\Pavel\Downloads\puzzles\puzzles\rect.exe **INFECTED** Win32:Susn-N [Trj]
17:54:25.105 File: C:\Users\Pavel\Downloads\puzzles\puzzles\samegame.exe **INFECTED** Win32:Susn-N [Trj]
17:54:25.396 File: C:\Users\Pavel\Downloads\puzzles\puzzles\sixteen.exe **INFECTED** Win32:Susn-N [Trj]
17:54:26.208 File: C:\Users\Pavel\Downloads\puzzles\puzzles\slant.exe **INFECTED** Win32:Susn-N [Trj]
17:54:26.740 File: C:\Users\Pavel\Downloads\puzzles\puzzles\solo.exe **INFECTED** Win32:Susn-N [Trj]
17:54:27.085 File: C:\Users\Pavel\Downloads\puzzles\puzzles\tents.exe **INFECTED** Win32:Susn-N [Trj]
17:54:27.449 File: C:\Users\Pavel\Downloads\puzzles\puzzles\twiddle.exe **INFECTED** Win32:Susn-N [Trj]
17:54:27.893 File: C:\Users\Pavel\Downloads\puzzles\puzzles\unequal.exe **INFECTED** Win32:Susn-N [Trj]
17:54:28.225 File: C:\Users\Pavel\Downloads\puzzles\puzzles\untangle.exe **INFECTED** Win32:Susn-N [Trj]
17:58:15.143 AVAST engine scan C:\ProgramData
18:14:21.878 Scan finished successfully
18:20:54.860 Disk 1 MBR has been saved successfully to "C:\Users\Pavel\Downloads\MBR.dat"
18:20:54.935 The log file has been saved successfully to "C:\Users\Pavel\Downloads\aswMBR.txt"

#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 05 January 2013 - 02:38 PM

You have a very bad infection.
This must be fixed.

16:15:53.406 ntkrnlpa.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x866321f8]


Please download ComboFix from any of the links below, and save it to your desktop. For information regarding this download, please visit this web page: http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Link 1
Link 2


* IMPORTANT !!! Save ComboFix.exe to your Desktop

IMPORTANT....

1. Close any open browsers.

2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

3. Do not install any other programs until this if fixed.


How to : Disable Anti-virus and Firewall...
http://www.bleepingcomputer.com/forums/topic114351.html

Double click on ComboFix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt
Note:
Do not mouse click ComboFix's window while it's running. That may cause it to stall


Note: If you have difficulty properly disabling your protective programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Note: If after running ComboFix you get this error message "Illegal operation attempted on a registry key that has been marked for deletion." when attempting to run a program all you need to do is restart the computer to reset the registry.
==============

Please post the log and will take it from there.

p.s.
Are you absolutely sure that your games are not infected?
How long have you been running them?

#9 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 05 January 2013 - 05:44 PM

I've tried to ran the combofix again (from desktop, everything closed, internet cable pulled out), same result (freeze, hard reboot). I can try to uninstall whatever i don't need to have, if it could help. Or run perfmon or some other disk activity monitor (could you reccomend any?) to at least tell at which file it jams.

Those puzzles - i've forgotten to remove them earlier, but they were ran maybe once, half a year ago. I've deleted them now. Or what other games do you mean?

Some more information - i made a backup of my harddrive C: using Acronis True Image Home a few monthts ago (it's on an external drive that has been off even since before the infection). So as a last measure before total wipe and reinstall I could load that backup. Which brings on a question - should i not trust any file on other drives (my Vista notebook has 2 250 GB drives and one is split for 120GB C: and F drives) and wipe them?

Also I've been wondering - when I boot an linux OS from USB on an infected computer - is there chance of infecting some other USB connected to the computer then? (Last backup plan is downloading all my data (photos, videos, codes, file tree dump) to an external drive [the one that has been offline], wipe all drives and USBs involved reinstall the XP computer from scratch and load backup of Vista).

#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 06 January 2013 - 09:05 AM

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2


If your operating system is 64 bit download this tool:
SystemLook_x64.exe
  • Double-click SystemLook.exe to run it.
  • Copy and paste the content of the following bold text into the main textfield:


    :filefind
    disk.sys

  • Click the Look button to start the scan.
  • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt
===

Delete the current version of ComboFix.exe


Download ComboFix from any of the links below but rename it to pajasas.exe before saving it to your desktop. <- Important.

Link 1
Link 2
==================================

  • Disable your Anti-Virus and Anti-Spyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

    Double click on the renamed ComboFix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Note: If you have difficulty properly disabling your protection programs, refer to this link --> http://www.bleepingcomputer.com/forums/topic114351.html

Do not mouse click combofix's window while it's running. That may cause it to stall
===

If ComboFix fails to run please execute this scan.

  • Download OTL to your Desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Check the boxes beside LOP Check and Purity Check.
  • Under the Custom Scan box paste this in

    netsvcs
    %SYSTEMDRIVE%\*.exe
    %systemroot%\system32\drivers\*.sys /90
    %systemroot%\*. /mp /s
    c:\$recycle.bin\*.* /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    eventlog.dll
    scecli.dll
    netlogon.dll
    cngaudit.dll
    sceclt.dll
    ntelogon.dll
    logevent.dll
    iaStor.sys
    nvstor.sys
    atapi.sys
    IdeChnDr.sys
    viasraid.sys
    AGP440.sys
    vaxscsi.sys
    nvatabus.sys
    viamraid.sys
    nvata.sys
    nvgts.sys
    iastorv.sys
    ViPrt.sys
    eNetHook.dll
    explorer.exe
    svchost.exe
    userinit.exe
    qmgr.dll
    proquota.exe
    kernel32.dll
    ndis.sys
    autochk.exe
    spoolsv.exe
    xmlprov.dll
    ntmssvc.dll
    mswsock.dll
    Beep.SYS
    ntfs.sys
    termsrv.dll
    sfcfiles.dll
    st3shark.sys
    ahcix86.sys
    srsvc.dll
    /md5stop
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.
===

Please post the logs for my review.

#11 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 06 January 2013 - 06:22 PM

SystemLook log is below

Will try to run combofix and edit this post with results. //EDIT: another freeze, running OTL now

SystemLook 30.07.11 by jpshortstuff
Log created at 23:22 on 06/01/2013 by Pavel
Administrator - Elevation successful

========== filefind ==========

Searching for "disk.sys"
C:\Windows\System32\drivers\disk.sys --a---- 53736 bytes [20:41 31/05/2011] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DriverStore\FileRepository\disk.inf_5c850fad\disk.sys --a---- 53736 bytes [20:41 31/05/2011] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A
C:\Windows\System32\DriverStore\FileRepository\disk.inf_90722180\disk.sys --a---- 55352 bytes [20:29 07/04/2009] [21:42 18/01/2008] 64109E623ABD6955C8FB110B592E68B7
C:\Windows\System32\DriverStore\FileRepository\disk.inf_e0b0b355\disk.sys --a---- 52840 bytes [10:25 02/11/2006] [09:49 02/11/2006] 841AF4C4D41D3E3B2F244E976B0F7963
C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6001.18000_none_f9c681e4742c835a\disk.sys --a---- 55352 bytes [20:29 07/04/2009] [21:42 18/01/2008] 64109E623ABD6955C8FB110B592E68B7
C:\Windows\winsxs\x86_disk.inf_31bf3856ad364e35_6.0.6002.18005_none_fbb1faf0714e4ea6\disk.sys --a---- 53736 bytes [20:41 31/05/2011] [06:32 11/04/2009] 5D4AEFC3386920236A548271F8F1AF6A

-= EOF =-

Edited by pajasas, 06 January 2013 - 06:51 PM.


#12 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 06 January 2013 - 07:58 PM

OTL logs follow. I've also notice when running local webserver from this computer and downloading from it on another pc, there is ".exe" appended to the name of downloaded files.

OTL logfile created on: 7.1.2013 0:53:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pavel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,71% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 75,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,43 Gb Total Space | 1,00 Gb Free Space | 0,84% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 10,82 Gb Free Space | 4,65% Space Free | Partition Type: NTFS
Drive F: | 113,46 Gb Total Space | 0,85 Gb Free Space | 0,75% Space Free | Partition Type: NTFS

Computer Name: PAVEL-NTB | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Pavel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Google\Update\1.3.21.123\GoogleCrashHandler.exe (Google Inc.)
PRC - c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
PRC - C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Downloads\Software\pageant.exe (Simon Tatham)
PRC - C:\Program Files\GNU\GnuPG\dirmngr.exe ()
PRC - C:\Program Files\AVG\AVG9\avgcsrvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgrsx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\AVG\AVG9\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
PRC - C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Windows\System32\conime.exe (Microsoft Corporation)
PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
PRC - C:\Program Files\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Windows\System32\atitmpxx.dll ()


========== Services (SafeList) ==========

SRV - (wxpSvc) -- F:\Program Files\wLite\wService.exe /startedbyscm:5053B757-40E35B3B-webcamSRV File not found
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (NisSrv) -- c:\Program Files\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (!SASCORE) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe (SUPERAntiSpyware.com)
SRV - (Hamachi2Svc) -- C:\Program Files\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Sony PC Companion) -- C:\Program Files\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (DirMngr) -- C:\Program Files\GNU\GnuPG\dirmngr.exe ()
SRV - (avg9wd) -- C:\Program Files\AVG\AVG9\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (rpcapd) -- C:\Program Files\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (afcdpsrv) -- C:\Program Files\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis)
SRV - (AcrSch2Svc) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe (Acronis)
SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (RalinkRegistryWriter) -- C:\Program Files\EDIMAX\Common\RalinkRegistryWriter.exe ()
SRV - (VMware NAT Service) -- C:\Windows\System32\vmnat.exe (VMware, Inc.)
SRV - (VMnetDHCP) -- C:\Windows\System32\vmnetdhcp.exe (VMware, Inc.)
SRV - (VMAuthdService) -- C:\Program Files\VMware\VMware Workstation\vmware-authd.exe (VMware, Inc.)
SRV - (TOSHIBA Bluetooth Service) -- C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe (TOSHIBA CORPORATION)
SRV - (ufad-ws60) -- C:\Program Files\VMware\VMware Workstation\vmware-ufad.exe (VMware, Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (vmount2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vmount2.exe (VMware, Inc.)
SRV - (btwdins) -- C:\Program Files\MSI\Star Key Bluetooth Software\bin\btwdins.exe (Broadcom Corporation.)
SRV - (InterBaseServer) -- C:\Program Files\Borland\InterBase\bin\ibserver.exe (Borland Software Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\InterBase\bin\ibguard.exe (Borland Software Corporation)


========== Driver Services (SafeList) ==========

DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (MpKsl38849605) -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{874841F8-D75D-400B-890D-AC3302930030}\MpKsl38849605.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (cpuz135) -- C:\Users\Pavel\AppData\Local\Temp\cpuz135\cpuz135_x32.sys File not found
DRV - (BTSLBCSP) -- C:\Windows\system32\drivers\btslbcsp.sys File not found
DRV - (BTSERIAL) -- C:\Windows\system32\drivers\btserial.sys File not found
DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found
DRV - (AmdLLD) -- system32\DRIVERS\AmdLLD.sys File not found
DRV - (ah89nu0b) -- File not found
DRV - (catchme) -- C:\Users\Pavel\AppData\Local\Temp\catchme.sys ()
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (pBUS-167 Software - http://www.pbus-167.com)
DRV - (NisDrv) -- C:\Windows\System32\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV - (AvgMfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (SASDIFSV) -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (SASKUTIL) -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SUPERAdBlocker.com and SUPERAntiSpyware.com)
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (NETwLv32) -- C:\Windows\System32\drivers\NETwLv32.sys (Intel Corporation)
DRV - (AvgLdx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek )
DRV - (afcdp) -- C:\Windows\System32\drivers\afcdp.sys (Acronis)
DRV - (tdrpman258) -- C:\Windows\System32\drivers\tdrpm258.sys (Acronis)
DRV - (timounter) -- C:\Windows\System32\drivers\timntr.sys (Acronis)
DRV - (snapman) -- C:\Windows\System32\drivers\snapman.sys (Acronis)
DRV - (atksgt) -- C:\Windows\System32\drivers\atksgt.sys ()
DRV - (lirsgt) -- C:\Windows\System32\drivers\lirsgt.sys ()
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (sptd) -- C:\Windows\System32\drivers\sptd.sys ()
DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.)
DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.)
DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc)
DRV - (RsFx0102) -- C:\Windows\System32\drivers\RsFx0102.sys (Microsoft Corporation)
DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA)
DRV - (tosrfbd) -- C:\Windows\System32\drivers\tosrfbd.sys (TOSHIBA CORPORATION)
DRV - (tosporte) -- C:\Windows\System32\drivers\tosporte.sys (TOSHIBA Corporation)
DRV - (Tosrfhid) -- C:\Windows\System32\drivers\Tosrfhid.sys (TOSHIBA Corporation.)
DRV - (TosRfSnd) -- C:\Windows\System32\drivers\TosRfSnd.sys (TOSHIBA Corporation)
DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.)
DRV - (tosrfbnp) -- C:\Windows\System32\drivers\tosrfbnp.sys (TOSHIBA Corporation)
DRV - (Tosrfusb) -- C:\Windows\System32\drivers\tosrfusb.sys (TOSHIBA CORPORATION)
DRV - (vmx86) -- C:\Windows\System32\drivers\vmx86.sys (VMware, Inc.)
DRV - (hcmon) -- C:\Windows\System32\drivers\hcmon.sys (VMware, Inc.)
DRV - (VMnetuserif) -- C:\Windows\System32\drivers\vmnetuserif.sys (VMware, Inc.)
DRV - (vmkbd) -- C:\Windows\System32\drivers\VMkbd.sys (VMware, Inc.)
DRV - (vmusb) -- C:\Windows\System32\drivers\vmusb.sys (VMware, Inc.)
DRV - (VMnetBridge) -- C:\Windows\System32\drivers\vmnetbridge.sys (VMware, Inc.)
DRV - (VMnetAdapter) -- C:\Windows\System32\drivers\vmnetadapter.sys (VMware, Inc.)
DRV - (Tosrfcom) -- C:\Windows\System32\drivers\tosrfcom.sys (TOSHIBA Corporation)
DRV - (NETw4v32) -- C:\Windows\System32\drivers\NETw4v32.sys (Intel Corporation)
DRV - (vstor2-ws60) -- C:\Program Files\VMware\VMware Workstation\vstor2-ws60.sys (VMware, Inc.)
DRV - (MODRC) -- C:\Windows\System32\drivers\modrc.sys (DiBcom S.A.)
DRV - (Cam5603D) -- C:\Windows\System32\drivers\BisonCam.sys ()
DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.)
DRV - (iaNvStor) -- C:\Windows\System32\drivers\iaNvStor.sys (Intel Corporation)
DRV - (vstor2) -- C:\Program Files\Common Files\VMware\VMware Virtual Image Editing\vstor2.sys (VMware, Inc.)
DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (CamDrL) -- C:\Windows\System32\drivers\Camdrl.sys (Logitech Inc.)
DRV - (itecir) -- C:\Windows\System32\drivers\itecir.sys (Windows ® Codename Longhorn DDK provider)
DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.)
DRV - (BTWUSB) -- C:\Windows\System32\drivers\btwusb.sys (Broadcom Corporation.)
DRV - (btaudio) -- C:\Windows\System32\drivers\btaudio.sys (Broadcom Corporation.)
DRV - (BTKRNL) -- C:\Windows\System32\drivers\btkrnl.sys (Broadcom Corporation.)
DRV - (BTDriver) -- C:\Windows\System32\drivers\btport.sys (Broadcom Corporation.)
DRV - (BTWDNDIS) -- C:\Windows\System32\drivers\btwdndis.sys (Broadcom Corporation.)
DRV - (tosrfnds) -- C:\Windows\System32\drivers\tosrfnds.sys (TOSHIBA Corporation.)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://intranet.mensa.cz/index.php
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:25

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.2.2
FF - prefs.js..extensions.enabledItems: fiddlerhook@fiddler2.com:2.4.1.1
FF - prefs.js..extensions.enabledItems: {000a9d1c-beef-4f90-9363-039d445309b8}:0.5.36.0
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.4.2
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real Alternative\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pavel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pavel\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\Program Files\Google\Google Gears\Firefox\ [2010.03.06 10:54:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fiddlerhook@fiddler2.com: F:\Program Files\Fiddler2\FiddlerHook [2012.10.12 15:07:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.25 17:41:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.19\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.25 17:41:32 | 000,000,000 | ---D | M]

[2012.12.25 01:27:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Extensions
[2012.12.31 10:26:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\v7foib45.default\extensions
[2012.12.27 12:30:23 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\v7foib45.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.12.28 18:44:00 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\v7foib45.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2012.12.28 18:44:00 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Pavel\AppData\Roaming\Mozilla\Firefox\Profiles\v7foib45.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.12.25 17:41:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010.03.06 10:54:47 | 000,000,000 | ---D | M] (Google Gears) -- C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX
[2012.10.12 15:07:44 | 000,000,000 | ---D | M] (FiddlerHook) -- F:\PROGRAM FILES\FIDDLER2\FIDDLERHOOK
[2008.03.31 20:06:24 | 000,000,638 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\jyxo-cz.xml
[2008.03.31 20:06:24 | 000,001,687 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\mall-cz.xml
[2008.01.27 10:57:20 | 000,001,367 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\seznam-cz.xml
[2008.01.27 10:57:20 | 000,000,654 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\slunecnice-cz.xml
[2008.03.31 20:06:24 | 000,001,179 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-cz.xml

========== Chrome ==========

CHR - homepage: http://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: http://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pavel\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pavel\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pavel\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.140.8 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeploytk.dll
CHR - plugin: Java™ Platform SE 6 U14 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np-mswmp.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\npctrl.1.0.30401.0.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Disk Google = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: Proxy Switchy! = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\caehdcpeofiiigpdhbabniblemipncjj\1.6.3_0\
CHR - Extension: iMacros for Chrome = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\cplklnmnlbnpmjogncfgfijoopmnlemp\6.0.1_0\
CHR - Extension: Gmail Offline = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk\1.19_0\
CHR - Extension: AdBlock = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.54_0\
CHR - Extension: Cr-gpg = C:\Users\Pavel\AppData\Local\Google\Chrome\User Data\Default\Extensions\icinfhcffoidgdcgndjmfafpjjdahmej\0.8.4_0\

O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DebugBar BHO) - {69FC0024-10EB-480A-BBF2-3BF4E78E17B1} - C:\Program Files\Core Services\DebugBar\DebugInfoBar.dll (Core Services)
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O3 - HKCU\..\Toolbar\WebBrowser: (DebugBar) - {3E1201F4-1707-409F-BB45-A5F192381DA0} - C:\Program Files\Core Services\DebugBar\DebugToolBar.dll (Core Services)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [IaNvSrv] C:\Program Files\Intel\Intel Matrix Storage Manager\OROM\IaNvSrv\IaNvSrv.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\pageant.exe – zástupce.lnk = C:\Downloads\Software\pageant.exe (Simon Tatham)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O8 - Extra context menu item: Send To &Bluetooth - C:\Program Files\MSI\Star Key Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Sothink SWF Catcher - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2iexp.dll ()
O9 - Extra 'Tools' menuitem : Nastavení aplikace &Gears - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.36.0\gears.dll (Google Inc.)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: iMacros V8 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - F:\Program Files\iOpus\iMacros\iMacrosSidebar.dll ()
O9 - Extra 'Tools' menuitem : iMacros V8 - {602AB448-D389-4a54-B6A6-CE57AA0CCFC4} - Reg Error: Value error. File not found
O9 - Extra Button: Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - F:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra 'Tools' menuitem : Fiddler - {CF819DA3-9882-4944-ADF5-6EF17ECF3C6E} - F:\Program Files\Fiddler2\Fiddler.exe (Telerik)
O9 - Extra Button: Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm File not found
O9 - Extra 'Tools' menuitem : Sothink SWF Catcher - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm File not found
O13 - gopher Prefix: missing
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {A1F6C4EF-042D-4367-8750-CEA469D497E9} http://192.168.1.220/DvrOcx.cab (Dvr Net 85 Config)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 10.4.1)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05A6441F-6A8E-4B20-9757-59DC8AF59993}: NameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{106E0229-903C-46F9-84DB-69E26FEAF1B3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4EF90C7A-DA64-4633-996C-41FDD88BB07E}: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{57B00E16-4688-4B2A-98E5-4329AB699F74}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D219F20D-0E14-41BF-961C-A85821DD36A4}: DhcpNameServer = 8.8.8.8
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD6FEF1A-B411-44AC-BF17-BB4B99FE5ABD}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DD6FEF1A-B411-44AC-BF17-BB4B99FE5ABD}: NameServer = 8.8.8.8,8.8.4.4
O20 - AppInit_DLLs: (C:\Windows\System32\avgrsstx.dll) - C:\Windows\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Pavel\AppData\Roaming\Microsoft\Windows Photo Gallery\Tapeta galerie Windows Fotogalerie.jpg
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{1cbfc84d-8c80-11df-a561-001060d021ef}\Shell - "" = AutoRun
O33 - MountPoints2\{1cbfc84d-8c80-11df-a561-001060d021ef}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{1cbfc868-8c80-11df-a561-001060d021ef}\Shell - "" = AutoRun
O33 - MountPoints2\{1cbfc868-8c80-11df-a561-001060d021ef}\Shell\AutoRun\command - "" = "I:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{2ca0f80c-97f5-11df-b9a5-00030d7a021a}\Shell - "" = AutoRun
O33 - MountPoints2\{2ca0f80c-97f5-11df-b9a5-00030d7a021a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{378cfd00-9439-11df-ab47-00030d7a021a}\Shell - "" = AutoRun
O33 - MountPoints2\{378cfd00-9439-11df-ab47-00030d7a021a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{3b8f91cb-a6cd-11de-9007-001060d021ef}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\{4b7938fa-2652-11df-805d-00030d7a021a}\Shell\AutoRun\command - "" = I:\installer.exe
O33 - MountPoints2\{4b7938fa-2652-11df-805d-00030d7a021a}\Shell\verb\command - "" = I:\installer.exe
O33 - MountPoints2\{69225305-2413-11de-b8b0-00030d7a021a}\Shell - "" = AutoRun
O33 - MountPoints2\{69225305-2413-11de-b8b0-00030d7a021a}\Shell\AutoRun\command - "" = G:\autorun.exe
O33 - MountPoints2\{69225305-2413-11de-b8b0-00030d7a021a}\Shell\directx\command - "" = G:\DirectX9\dxsetup.exe
O33 - MountPoints2\{69225305-2413-11de-b8b0-00030d7a021a}\Shell\setup\command - "" = G:\setup.exe
O33 - MountPoints2\{6eb7b657-7cb8-11e1-82e1-00030d7a021a}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb7b657-7cb8-11e1-82e1-00030d7a021a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{6eb7b66a-7cb8-11e1-82e1-00030d7a021a}\Shell - "" = AutoRun
O33 - MountPoints2\{6eb7b66a-7cb8-11e1-82e1-00030d7a021a}\Shell\AutoRun\command - "" = I:\AutoRun.exe
O33 - MountPoints2\{97d6109d-7698-11de-b393-001060d021ef}\Shell\AutoRun\command - "" = I:\wubi.exe --cdmenu
O33 - MountPoints2\{9cc22473-30ca-11de-a736-005056c00008}\Shell\AutoRun\command - "" = I:\WDSetup.exe
O33 - MountPoints2\{ab67602c-761d-11de-b61a-00030d7a021a}\Shell - "" = AutoRun
O33 - MountPoints2\{ab67602c-761d-11de-b61a-00030d7a021a}\Shell\AutoRun\command - "" = H:\CDCheck.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = comfile] -- Reg Error: Key error. File not found
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found

========== Files/Folders - Created Within 30 Days ==========

[2013.01.07 00:51:26 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2013.01.07 00:37:45 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.01.07 00:36:31 | 000,000,000 | --SD | C] -- C:\pajasas
[2013.01.06 23:22:54 | 005,019,547 | R--- | C] (Swearware) -- C:\Users\Pavel\Desktop\pajasas.exe
[2013.01.05 03:31:56 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\ImgBurn
[2012.12.30 15:44:00 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\grcis
[2012.12.30 15:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2012.12.30 15:14:37 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2012.12.30 15:11:56 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\Visual Studio 2010
[2012.12.30 15:11:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express
[2012.12.30 15:07:27 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Help Viewer
[2012.12.30 15:07:26 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio 10.0
[2012.12.27 22:05:58 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Local\GNU
[2012.12.27 22:05:48 | 000,000,000 | ---D | C] -- C:\Users\Pavel\.kde
[2012.12.25 17:41:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox
[2012.12.25 17:00:04 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2012.12.25 16:58:59 | 000,221,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\netio.sys
[2012.12.25 04:55:20 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.25 04:55:20 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.25 04:55:20 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.25 04:55:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.25 04:54:13 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.25 04:54:10 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW
[2012.12.25 04:17:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.25 04:17:24 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.25 04:17:24 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.25 03:39:51 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\SUPERAntiSpyware.com
[2012.12.25 03:39:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2012.12.25 03:39:30 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2012.12.25 03:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2012.12.25 02:11:03 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.12.25 01:42:55 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Doctor Web
[2012.12.25 01:06:11 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Mozilla
[2012.12.24 19:42:27 | 000,000,000 | ---D | C] -- C:\Users\Pavel\AppData\Roaming\Malwarebytes
[2012.12.24 19:42:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.24 19:42:08 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes_Anti-Malware
[2012.12.24 18:41:20 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012.12.22 20:38:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony Ericsson
[2012.12.22 20:29:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
[2012.12.22 20:29:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony
[2012.12.22 20:29:15 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.12.19 05:01:25 | 000,000,000 | ---D | C] -- C:\Users\Pavel\Documents\osp
[2012.12.18 04:00:08 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.18 04:00:08 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.16 22:59:29 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.16 22:59:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.16 22:59:24 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.16 22:59:24 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.16 22:59:24 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.16 22:59:22 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.16 22:59:22 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.16 22:59:20 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.16 22:53:28 | 000,000,000 | ---D | C] -- C:\03c10d0777a4ae7b46ae7f72
[2012.12.16 22:52:20 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.16 22:52:19 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnsvr.exe
[2012.12.16 22:52:16 | 002,048,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.16 22:52:05 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.16 01:53:42 | 000,404,920 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.11 21:02:56 | 000,000,000 | ---D | C] -- C:\Users\Pavel\.freemind
[2012.12.11 21:02:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FreeMind
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2938.07.27 21:34:43 | 000,398,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System\VBRUN300.DLL
[2013.01.07 00:51:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pavel\Desktop\OTL.exe
[2013.01.07 00:47:12 | 000,000,936 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.07 00:44:47 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 00:44:47 | 000,003,792 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.07 00:44:12 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr
[2013.01.07 00:44:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.07 00:43:56 | 2145,820,672 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.07 00:34:00 | 000,000,962 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-915864819-4129207354-2467878725-1000UA.job
[2013.01.07 00:28:20 | 000,000,600 | ---- | M] () -- C:\Users\Pavel\AppData\Local\PUTTY.RND
[2013.01.06 23:41:10 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.06 23:23:20 | 005,019,547 | R--- | M] (Swearware) -- C:\Users\Pavel\Desktop\pajasas.exe
[2013.01.06 23:22:05 | 000,139,264 | ---- | M] () -- C:\Users\Pavel\Desktop\SystemLook (1).exe
[2013.01.06 18:26:10 | 105,341,745 | ---- | M] () -- C:\Windows\System32\drivers\Avg\incavi.avm
[2013.01.06 18:22:50 | 000,000,910 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-915864819-4129207354-2467878725-1000Core.job
[2013.01.06 01:27:04 | 000,000,600 | ---- | M] () -- C:\Users\Pavel\AppData\Roaming\winscp.rnd
[2013.01.05 23:16:10 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\Windows\System32\drivers\nhcDriver.sys
[2013.01.05 22:57:38 | 000,006,619 | ---- | M] () -- C:\Users\Pavel\.bash_history
[2013.01.05 22:35:42 | 000,058,381 | ---- | M] () -- C:\Users\Pavel\Documents\span.pdf
[2013.01.01 19:53:30 | 000,750,726 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2013.01.01 19:53:30 | 000,734,888 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.01 19:53:30 | 000,183,988 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2013.01.01 19:53:30 | 000,159,334 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.25 17:41:35 | 000,001,724 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.25 17:03:11 | 000,002,154 | ---- | M] () -- C:\Windows\epplauncher.mif
[2012.12.25 04:17:28 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.25 03:39:33 | 000,001,800 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.12.25 02:41:20 | 000,001,186 | ---- | M] () -- C:\Users\Pavel\Documents\avg.csv
[2012.12.25 01:27:31 | 000,000,000 | ---- | M] () -- C:\Windows\nsreg.dat
[2012.12.24 19:39:01 | 000,001,441 | ---- | M] () -- C:\scu.dat
[2012.12.22 20:47:02 | 000,001,879 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.12.22 01:08:39 | 000,051,474 | ---- | M] () -- C:\Users\Pavel\Documents\Contacts_20121222.vcf
[2012.12.18 04:10:21 | 000,309,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.18 00:15:13 | 000,000,918 | -H-- | M] () -- C:\Users\Pavel\.gitk
[2012.12.16 01:53:42 | 000,404,920 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.14 02:42:43 | 000,006,871 | ---- | M] () -- C:\Users\Pavel\_viminfo
[2012.12.11 21:02:31 | 000,000,712 | ---- | M] () -- C:\Users\Pavel\Desktop\FreeMind.lnk
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.01.06 23:22:03 | 000,139,264 | ---- | C] () -- C:\Users\Pavel\Desktop\SystemLook (1).exe
[2013.01.05 22:35:39 | 000,058,381 | ---- | C] () -- C:\Users\Pavel\Documents\span.pdf
[2012.12.25 17:41:35 | 000,001,724 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.12.25 17:08:05 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr
[2012.12.25 17:03:11 | 000,002,154 | ---- | C] () -- C:\Windows\epplauncher.mif
[2012.12.25 17:00:58 | 000,001,826 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Security Essentials.lnk
[2012.12.25 16:50:49 | 2145,820,672 | -HS- | C] () -- C:\hiberfil.sys
[2012.12.25 04:55:20 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.25 04:55:20 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.25 04:55:20 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.25 04:55:20 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.25 04:55:20 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.25 04:17:28 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.12.25 03:39:33 | 000,001,800 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2012.12.25 02:41:20 | 000,001,186 | ---- | C] () -- C:\Users\Pavel\Documents\avg.csv
[2012.12.25 01:27:31 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2012.12.24 19:39:01 | 000,001,441 | ---- | C] () -- C:\scu.dat
[2012.12.22 23:33:53 | 000,051,474 | ---- | C] () -- C:\Users\Pavel\Documents\Contacts_20121222.vcf
[2012.12.22 20:47:02 | 000,001,879 | ---- | C] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2012.12.11 21:02:31 | 000,000,712 | ---- | C] () -- C:\Users\Pavel\Desktop\FreeMind.lnk
[2012.09.14 10:21:56 | 000,019,764 | ---- | C] () -- C:\Users\Pavel\.recently-used.xbel
[2012.09.02 02:38:21 | 000,000,161 | ---- | C] () -- C:\Users\Pavel\.profile
[2012.06.22 12:16:37 | 000,000,680 | ---- | C] () -- C:\Users\Pavel\AppData\Local\d3d9caps.dat
[2012.06.08 23:31:56 | 000,005,174 | ---- | C] () -- C:\Users\Pavel\.bashrc~
[2012.05.04 13:38:42 | 000,000,093 | ---- | C] () -- C:\Users\Pavel\AppData\Local\fusioncache.dat
[2011.11.16 21:33:12 | 000,005,193 | ---- | C] () -- C:\Users\Pavel\.bashrc
[2011.11.16 21:33:12 | 000,002,792 | ---- | C] () -- C:\Users\Pavel\.vimrc
[2011.08.26 15:34:14 | 000,239,869 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2011.07.26 23:03:20 | 000,005,733 | ---- | C] () -- C:\Windows\unins000.dat
[2011.07.09 20:23:28 | 000,000,508 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{106E0229-903C-46F9-84DB-69E26FEAF1B3}_ap
[2011.05.31 21:42:26 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.05.31 21:42:25 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.05.31 21:41:31 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.05.20 23:59:02 | 000,000,172 | ---- | C] () -- C:\Users\Pavel\.gitconfig
[2011.05.18 18:04:20 | 000,000,064 | ---- | C] () -- C:\Users\Pavel\_bashrc
[2011.05.15 17:35:41 | 000,006,619 | ---- | C] () -- C:\Users\Pavel\.bash_history
[2011.05.15 12:36:09 | 000,000,918 | -H-- | C] () -- C:\Users\Pavel\.gitk
[2011.05.15 12:29:17 | 000,006,871 | ---- | C] () -- C:\Users\Pavel\_viminfo
[2011.03.17 18:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.02.21 21:55:19 | 000,165,376 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011.02.21 21:55:18 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.02.21 21:55:17 | 000,810,496 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011.02.21 21:55:17 | 000,183,808 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011.02.21 21:55:17 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011.02.15 15:13:45 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.01.24 13:10:00 | 003,469,499 | ---- | C] () -- C:\Users\Pavel\.thumbnails.rar
[2011.01.12 08:01:48 | 000,029,696 | ---- | C] () -- C:\Windows\System32\DvrOcxCHS.dll
[2011.01.12 08:01:48 | 000,022,528 | ---- | C] () -- C:\Windows\System32\DvrOcxDEU.dll
[2011.01.11 16:10:30 | 000,047,104 | ---- | C] () -- C:\Windows\System32\DvrOcxTHA.dll
[2011.01.11 15:37:58 | 000,019,968 | ---- | C] () -- C:\Windows\System32\DvrOcxFAR.dll
[2011.01.10 16:58:16 | 000,020,992 | ---- | C] () -- C:\Windows\System32\DvrOcxRUS.dll
[2010.04.03 17:10:44 | 000,007,168 | ---- | C] () -- C:\Users\Pavel\CORELDRW.box
[2010.03.27 20:07:18 | 000,000,600 | ---- | C] () -- C:\Users\Pavel\AppData\Local\PUTTY.RND
[2009.09.29 08:18:05 | 000,000,762 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{106E0229-903C-46F9-84DB-69E26FEAF1B3}_sta
[2009.09.29 08:18:02 | 000,001,541 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{106E0229-903C-46F9-84DB-69E26FEAF1B3}_prof
[2009.09.08 07:25:29 | 000,000,776 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{D219F20D-0E14-41BF-961C-A85821DD36A4}_sta
[2009.09.08 07:25:24 | 000,006,098 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{D219F20D-0E14-41BF-961C-A85821DD36A4}_prof
[2009.06.29 19:35:31 | 000,000,535 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{57B00E16-4688-4B2A-98E5-4329AB699F74}_ap
[2009.04.18 06:31:49 | 000,000,600 | ---- | C] () -- C:\Users\Pavel\AppData\Roaming\winscp.rnd
[2009.04.13 13:52:20 | 000,000,103 | ---- | C] () -- C:\Users\Pavel\.Xauthority
[2009.04.12 04:19:58 | 000,049,664 | ---- | C] () -- C:\Users\Pavel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009.04.08 11:35:53 | 000,000,751 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{57B00E16-4688-4B2A-98E5-4329AB699F74}_sta
[2009.04.08 11:35:49 | 000,006,023 | ---- | C] () -- C:\Users\Pavel\AppData\Local\RT73_{57B00E16-4688-4B2A-98E5-4329AB699F74}_prof

========== ZeroAccess Check ==========

[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2013.01.01 17:06:52 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\.minecraft
[2010.03.13 18:43:20 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Acronis
[2012.12.16 17:30:55 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Audacity
[2009.06.04 13:21:29 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Braid
[2010.03.21 19:04:54 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CreeperMap
[2010.03.21 19:14:48 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CreeperWorld
[2012.01.17 20:10:44 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CreeperWorld2
[2012.01.17 20:09:54 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2011.12.23 12:36:25 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CreeperWorld2Demo.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1
[2012.01.17 23:27:24 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\CreeperWorld2Editor
[2009.04.08 12:12:59 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DAEMON Tools
[2009.04.08 12:14:53 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Lite
[2011.09.03 21:56:32 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\DAEMON Tools Pro
[2009.05.08 00:20:54 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Dev-Cpp
[2013.01.04 21:17:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Free Download Manager
[2012.12.25 00:23:57 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\GHISLER
[2012.12.27 23:51:58 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\gnupg
[2012.03.14 01:44:12 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\gtk-2.0
[2013.01.05 03:50:34 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\ImgBurn
[2012.11.14 04:39:55 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\iOpus Software GmbH
[2011.11.24 20:17:43 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\LibreOffice
[2012.08.21 03:17:12 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\LyX2.0
[2012.06.13 22:48:51 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Mumble
[2010.04.26 02:00:05 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\NARS2000
[2010.07.05 19:01:59 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Nokia
[2009.04.08 22:11:06 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\OpenOffice.org
[2010.03.01 13:25:50 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Opera
[2012.11.10 21:18:52 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Picturenaut
[2011.09.22 12:19:23 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\pymclevel
[2009.05.03 13:41:23 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\SWI-Prolog
[2011.10.26 19:48:33 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Thinstall
[2012.10.12 22:09:13 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\Wireshark
[2010.09.14 14:16:07 | 000,000,000 | ---D | M] -- C:\Users\Pavel\AppData\Roaming\xpce

========== Purity Check ==========



========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\drivers\*.sys /90 >
[2013.01.05 23:16:10 | 000,022,528 | ---- | M] (pBUS-167 Software - http://www.pbus-167.com) -- C:\Windows\system32\drivers\nhcDriver.sys

< %systemroot%\*. /mp /s >

< c:\$recycle.bin\*.* /s >
[2013.01.07 00:37:45 | 000,000,129 | -HS- | M] () -- c:\$recycle.bin\S-1-5-21-915864819-4129207354-2467878725-1000\desktop.ini
[2006.11.02 14:01:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2006.11.02 14:01:49 | 000,032,568 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.03 20:40:25 | 000,000,936 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2009.07.03 20:40:41 | 000,000,940 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
[2009.10.31 17:18:48 | 000,000,910 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-915864819-4129207354-2467878725-1000Core.job
[2009.10.31 17:18:50 | 000,000,962 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-915864819-4129207354-2467878725-1000UA.job

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2012-12-18 03:01:16

< MD5 for: AGP440.SYS >
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.18 22:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys
[2006.11.02 10:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys

< MD5 for: ATAPI.SYS >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys
[2008.01.18 22:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2006.11.02 10:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys
[2007.05.30 23:36:59 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c2a1b5ae\atapi.sys
[2007.05.30 23:36:59 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=78620BDA3EC87816E5D1FA86F920BC3A -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20518_none_dbd8b4d73d81c9d0\atapi.sys

< MD5 for: AUTOCHK.EXE >
[2009.04.11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\System32\autochk.exe
[2009.04.11 07:27:20 | 000,643,072 | ---- | M] (Microsoft Corporation) MD5=10761177A6EBE45843F443E99509F5E7 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6002.18005_none_e3df6655bee2ee3b\autochk.exe
[2008.01.18 22:33:02 | 000,642,560 | ---- | M] (Microsoft Corporation) MD5=2FC5BE79B51714B479809358E4908FC3 -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6001.18000_none_e1f3ed49c1c122ef\autochk.exe
[2006.11.02 10:44:50 | 000,640,000 | ---- | M] (Microsoft Corporation) MD5=C08D1FE284C3330934E45D6E5F5B768B -- C:\Windows\winsxs\x86_microsoft-windows-autochk_31bf3856ad364e35_6.0.6000.16386_none_dfbd2b4dc4d6121b\autochk.exe

< MD5 for: BEEP.SYS >
[2008.01.18 20:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\System32\drivers\beep.sys
[2008.01.18 20:49:12 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=67E506B75BD5326A3EC7B70BD014DFB6 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6001.18000_none_c420a153079d485b\beep.sys
[2006.11.02 09:51:03 | 000,006,144 | ---- | M] (Microsoft Corporation) MD5=AC3DD1708B22761EBD7CBE14DCC3B5D7 -- C:\Windows\winsxs\x86_microsoft-windows-beepsys_31bf3856ad364e35_6.0.6000.16386_none_c1e9df570ab23787\beep.sys

< MD5 for: CNGAUDIT.DLL >
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll

< MD5 for: EXPLORER.EXE >
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2006.11.02 10:45:07 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=FD8C53FB002217F6F888BCF6F5D7084D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16386_none_4f7de5167cd15deb\explorer.exe
[2008.01.18 22:33:12 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe

< MD5 for: IASTOR.SYS >
[2009.10.13 10:09:36 | 000,331,288 | ---- | M] (Intel Corporation) MD5=0BAA4115DFFFD6A6D809A89D65E1281A -- C:\Program Files\Intel\Intel Matrix Storage Manager\winall\Driver\IaStor.sys
[2007.05.03 23:00:00 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys
[2009.10.13 10:16:40 | 000,409,624 | ---- | M] (Intel Corporation) MD5=BE7D72FCF442C26975942007E0831241 -- C:\Program Files\Intel\Intel Matrix Storage Manager\winall\Driver64\IaStor.sys
[2007.05.03 23:00:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\iaStor.sys
[2007.02.12 12:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\drivers\iaStor.sys
[2007.05.03 23:00:00 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_1cb29a96\iaStor.sys

< MD5 for: IASTORV.SYS >
[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys
[2008.01.18 22:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys
[2006.11.02 10:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys

< MD5 for: KERNEL32.DLL >
[2009.02.13 09:21:09 | 000,890,880 | ---- | M] (Microsoft Corporation) MD5=1987D817D08F5EAF0B7F334026FDDB79 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22376_none_9401d8206f9c7e67\kernel32.dll
[2006.11.02 10:46:05 | 000,874,496 | ---- | M] (Microsoft Corporation) MD5=1E36AE445E4DA83B82D51FEB2D4F8772 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16386_none_91872345596077da\kernel32.dll
[2011.04.12 15:53:05 | 000,890,368 | ---- | M] (Microsoft Corporation) MD5=306835D4E74E49A5D10F0FCA0B422EB1 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18631_none_939e812b5662e4c2\kernel32.dll
[2011.04.12 15:30:37 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=497A2DA8181560B3E2F8FFE0092FD1E6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.22898_none_93ee425a6faadaba\kernel32.dll
[2011.04.12 17:07:38 | 000,892,416 | ---- | M] (Microsoft Corporation) MD5=574B473FACAA0E91702B86578440B525 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18449_none_9582275d538a1db6\kernel32.dll
[2011.04.12 16:08:23 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=7062DEB220FA1CCB1B65FC40D6E7D807 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22625_none_961d64be6c9b1d69\kernel32.dll
[2012.09.28 15:53:03 | 000,893,440 | ---- | M] (Microsoft Corporation) MD5=A9204E65A74AF0E801EA46F5A92C87A2 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.22942_none_9604c9ba6cae00bb\kernel32.dll
[2009.02.13 08:26:37 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=B82C7AC1D559F0FD088792171D64C7F3 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.16820_none_91c20a8f593529ed\kernel32.dll
[2009.02.13 08:13:01 | 000,875,520 | ---- | M] (Microsoft Corporation) MD5=BB792054BD990EC05D9E260D50FEAD39 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6000.21010_none_92564f68724ae108\kernel32.dll
[2009.04.11 07:28:20 | 000,891,392 | ---- | M] (Microsoft Corporation) MD5=BB8509089E7DF514310814E1B2593FFC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18005_none_95a95e4d536d53fa\kernel32.dll
[2009.02.13 09:49:05 | 000,888,832 | ---- | M] (Microsoft Corporation) MD5=DB6E3731E6F5C8AE2843F80B5787F7C6 -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18215_none_93b81a93564f1da0\kernel32.dll
[2008.01.18 22:34:38 | 000,888,320 | ---- | M] (Microsoft Corporation) MD5=DC2338093F91BA4E0512208E60206DDD -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6001.18000_none_93bde541564b88ae\kernel32.dll
[2012.09.28 17:11:03 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=DC3105CC925A0D47F61B54E66AB730FC -- C:\Windows\System32\kernel32.dll
[2012.09.28 17:11:03 | 000,892,928 | ---- | M] (Microsoft Corporation) MD5=DC3105CC925A0D47F61B54E66AB730FC -- C:\Windows\winsxs\x86_microsoft-windows-kernel32_31bf3856ad364e35_6.0.6002.18704_none_95a86b4d536e26b4\kernel32.dll

< MD5 for: MSWSOCK.DLL >
[2006.11.02 10:46:10 | 000,227,328 | ---- | M] (Microsoft Corporation) MD5=54E9576169A248AD62A1EB9773225826 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6000.16386_none_b61c950a3060adba\mswsock.dll
[2009.04.11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\System32\mswsock.dll
[2009.04.11 07:28:22 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=8617350C9B590B63E620881092751BCB -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6002.18005_none_ba3ed0122a6d89da\mswsock.dll
[2008.01.18 22:35:16 | 000,223,232 | ---- | M] (Microsoft Corporation) MD5=89FD0595EEA4E505CABEFCF7008F2612 -- C:\Windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.0.6001.18000_none_b85357062d4bbe8e\mswsock.dll

< MD5 for: NDIS.SYS >
[2009.04.11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\System32\drivers\ndis.sys
[2009.04.11 07:32:49 | 000,527,848 | ---- | M] (Microsoft Corporation) MD5=1357274D1883F68300AEADD15D7BBB42 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6002.18005_none_a9b2a4d31930d864\ndis.sys
[2006.11.02 10:51:42 | 000,500,840 | ---- | M] (Microsoft Corporation) MD5=227C11E1E7CF6EF8AFB2A238D209760C -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6000.16386_none_a59069cb1f23fc44\ndis.sys
[2008.01.18 22:43:32 | 000,529,464 | ---- | M] (Microsoft Corporation) MD5=9BDC71790FA08F0A0B5F10462B1BD0B1 -- C:\Windows\winsxs\x86_microsoft-windows-ndis_31bf3856ad364e35_6.0.6001.18000_none_a7c72bc71c0f0d18\ndis.sys

< MD5 for: NETLOGON.DLL >
[2006.11.02 10:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.18 22:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll

< MD5 for: NTFS.SYS >
[2006.11.02 10:51:47 | 001,056,360 | ---- | M] (Microsoft Corporation) MD5=3F379380A4A2637F559444E338CF1B51 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6000.16386_none_a43a67c1200088bf\ntfs.sys
[2009.04.11 07:32:49 | 001,083,880 | ---- | M] (Společnost Microsoft) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\System32\drivers\ntfs.sys
[2009.04.11 07:32:49 | 001,083,880 | ---- | M] (Microsoft Corporation) MD5=6A4A98CEE84CF9E99564510DDA4BAA47 -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6002.18005_none_a85ca2c91a0d64df\ntfs.sys
[2008.01.18 22:43:42 | 001,081,912 | ---- | M] (Microsoft Corporation) MD5=B4EFFE29EB4F15538FD8A9681108492D -- C:\Windows\winsxs\x86_microsoft-windows-ntfs_31bf3856ad364e35_6.0.6001.18000_none_a67129bd1ceb9993\ntfs.sys

< MD5 for: NTMSSVC.DLL >
[2006.11.02 13:36:25 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=957CC0F372BB5D79C477363952276859 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6000.16386_none_0c076ff411279f33\ntmssvc.dll
[2008.01.18 22:36:00 | 000,460,288 | ---- | M] (Microsoft Corporation) MD5=A7DFF9642D510BE1EEC6664CD0369953 -- C:\Windows\winsxs\x86_microsoft-windows-r..emanagement-service_31bf3856ad364e35_6.0.6001.18000_none_0e3e31f00e12b007\ntmssvc.dll

< MD5 for: NVSTOR.SYS >
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\drivers\nvstor.sys
[2007.01.05 21:59:42 | 000,035,920 | ---- | M] (NVIDIA Corporation) MD5=4A5FCAB82D9BF6AF8A023A66802FE9E9 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_45f67928\nvstor.sys
[2006.11.02 10:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys
[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys
[2008.01.18 22:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys

< MD5 for: PROQUOTA.EXE >
[2006.11.02 10:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\System32\proquota.exe
[2006.11.02 10:45:33 | 000,027,648 | ---- | M] (Microsoft Corporation) MD5=C31AE90F24870B9A51655C36A9EB4BF3 -- C:\Windows\winsxs\x86_microsoft-windows-proquota_31bf3856ad364e35_6.0.6000.16386_none_259035db957a1715\proquota.exe

< MD5 for: QMGR.DLL >
[2008.01.18 22:36:14 | 000,758,272 | ---- | M] (Microsoft Corporation) MD5=02ED7B4DBC2A3232A389106DA7515C3D -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6001.18000_none_2390c4ecf9720b8c\qmgr.dll
[2006.11.02 10:46:12 | 000,749,568 | ---- | M] (Microsoft Corporation) MD5=733FB484A06B9D6A44DD9CA1D3BE937B -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6000.16386_none_215a02f0fc86fab8\qmgr.dll
[2009.04.11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\System32\qmgr.dll
[2009.04.11 07:28:23 | 000,758,784 | ---- | M] (Microsoft Corporation) MD5=93952506C6D67330367F7E7934B6A02F -- C:\Windows\winsxs\x86_microsoft-windows-bits-client_31bf3856ad364e35_6.0.6002.18005_none_257c3df8f693d6d8\qmgr.dll

< MD5 for: SCECLI.DLL >
[2008.01.18 22:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2006.11.02 10:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll

< MD5 for: SPOOLSV.EXE >
[2010.08.17 14:32:33 | 000,126,464 | ---- | M] (Microsoft Corporation) MD5=3665F79026A3F91FBCA63F2C65A09B19 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18511_none_d641dcfdc18fec21\spoolsv.exe
[2009.04.11 07:28:05 | 000,127,488 | ---- | M] (Microsoft Corporation) MD5=524BFBEA40E6E404737CCBC754647A2E -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18005_none_d8371c2dbeaa9062\spoolsv.exe
[2008.01.18 22:33:34 | 000,125,952 | ---- | M] (Microsoft Corporation) MD5=846CDF9A3CF4DA9B306ADFB7D55EE4C2 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.18000_none_d64ba321c188c516\spoolsv.exe
[2010.08.17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\System32\spoolsv.exe
[2010.08.17 15:11:37 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=8554097E5136C3BF9F69FE578A1B35F4 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.18294_none_d7d4d063bef46cd2\spoolsv.exe
[2010.08.17 15:20:09 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=AAE98B295E88D439A6E0F6E8929424FB -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6002.22468_none_d882e000d7f61b4c\spoolsv.exe
[2006.11.02 10:45:46 | 000,124,928 | ---- | M] (Microsoft Corporation) MD5=DA612EF2556776DF2630B68BF2D48935 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6000.16386_none_d414e125c49db442\spoolsv.exe
[2010.08.17 14:27:48 | 000,128,000 | ---- | M] (Microsoft Corporation) MD5=E807FC542C295BA256CE3567829E02A6 -- C:\Windows\winsxs\x86_microsoft-windows-printing-spooler-core_31bf3856ad364e35_6.0.6001.22743_none_d6ad0c7edac40f93\spoolsv.exe

< MD5 for: SVCHOST.EXE >
[2006.11.02 10:45:47 | 000,022,016 | ---- | M] (Microsoft Corporation) MD5=10DA15933D582D2FEDCF705EFE394B09 -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6000.16386_none_b38497a50862ad11\svchost.exe
[2008.01.18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\System32\svchost.exe
[2008.01.18 22:33:34 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=3794B461C45882E06856F282EEF025AF -- C:\Windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.0.6001.18000_none_b5bb59a1054dbde5\svchost.exe
[2012.09.29 19:54:26 | 000,218,184 | ---- | M] () MD5=8846E87210AD131CF71E3E2E49F647B0 -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\svchost.exe

< MD5 for: TERMSRV.DLL >
[2009.04.11 07:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\System32\termsrv.dll
[2009.04.11 07:28:24 | 000,449,024 | ---- | M] (Microsoft Corporation) MD5=BB95DA09BEF6E7A131BFF3BA5032090D -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6002.18005_none_908abad45165e2ae\termsrv.dll
[2008.01.18 22:36:40 | 000,448,512 | ---- | M] (Microsoft Corporation) MD5=D605031E225AACCBCEB5B76A4F1603A6 -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6001.18000_none_8e9f41c854441762\termsrv.dll
[2006.11.02 10:46:13 | 000,427,520 | ---- | M] (Microsoft Corporation) MD5=FAD71C1E8E4047B154E899AE31EB8CAA -- C:\Windows\winsxs\x86_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.0.6000.16386_none_8c687fcc5759068e\termsrv.dll

< MD5 for: USERINIT.EXE >
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe
[2008.01.18 22:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2006.11.02 10:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 198 bytes -> C:\ProgramData\TEMP:0C1EFF69

< End of report >

OTL Extras logfile created on: 7.1.2013 0:53:19 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Pavel\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2,00 Gb Total Physical Memory | 1,15 Gb Available Physical Memory | 57,71% Memory free
4,23 Gb Paging File | 3,17 Gb Available in Paging File | 75,08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,43 Gb Total Space | 1,00 Gb Free Space | 0,84% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 10,82 Gb Free Space | 4,65% Space Free | Partition Type: NTFS
Drive F: | 113,46 Gb Total Space | 0,85 Gb Free Space | 0,75% Space Free | Partition Type: NTFS

Computer Name: PAVEL-NTB | User Name: Pavel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = comfile] -- Reg Error: Key error. File not found
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.pif [@ = piffile] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01DA99BD-13CB-4969-818C-A503BDFC8C45}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{05DBC559-F22F-43E5-8A6B-4A4041B985E1}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{065F309F-F693-42F3-866E-537FD3760DDE}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{0DBB908B-11E2-4037-B195-325E51620851}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{0F9AC977-3851-44B9-86C7-5904983262DC}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{11494BC6-DEE6-4A4B-AD53-0CAFA272704E}" = lport=139 | protocol=6 | dir=in | app=system |
"{1AAD56C3-5BCA-4E4B-A890-D8C61143C31E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1AF6E9E9-EF25-474F-9D9E-409D0ED1C447}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{1BEE7BAD-2085-45B1-86AB-443103B03CD8}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{1CDBD671-455B-46AE-BF70-BAB0791D58F6}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{1DF7068E-5FF9-4521-8831-5C98CF59E8BA}" = lport=138 | protocol=17 | dir=in | app=system |
"{20D662FD-3ED8-442C-8A35-3F87EB97D87D}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{2AF1DC61-68FB-4E5D-9AB4-709960FB8D67}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{2C8B16F2-1229-451D-91AD-E0FAF6483CB2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{2E473336-418B-4302-97A4-CC6DB816F599}" = rport=137 | protocol=17 | dir=out | app=system |
"{2F50FD21-0D3F-4DF7-A8C4-65FD4062644E}" = lport=445 | protocol=6 | dir=in | app=system |
"{368C8816-97AD-42B7-B7E4-264EA30456B3}" = rport=138 | protocol=17 | dir=out | app=system |
"{4278200F-1D91-4635-BA24-2EDD40CB2E81}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{4357311C-2F68-4A4E-84AC-16BC2FB5EE53}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4840ECB3-1587-43AA-AE7E-972495404F3F}" = rport=445 | protocol=6 | dir=out | app=system |
"{4B64E8B2-FDFD-4D58-A352-5BDBEEC96800}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4B67790C-F8B2-4E14-9D83-B095ED79C7A4}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{56A0C7AD-2CD1-41AE-96D0-1AD53D5DB570}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{5B42A138-42D8-4AE1-9C92-F6F97BE28576}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{5F5B24BA-C4CE-48CF-8662-D192265EC008}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{62BF74A6-F434-41D2-96D3-31618B052514}" = lport=137 | protocol=17 | dir=in | app=system |
"{62C02F86-8891-412D-9061-AA264EA1D6C5}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{6758E3D5-DBE4-4A3C-89EB-07ACEC631BAB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{703CF12F-CD8B-4E49-A135-4B40CA6D9874}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7769C8DE-F303-4A80-AB9A-D0E660D86A1F}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8098C76E-0581-4274-B26B-A5D905450499}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{841395B2-1E0A-443A-905E-4C442316BED5}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{846C2787-8C72-411C-AA41-129A5104F79B}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{8822CE90-EE64-4508-BB46-7A52CA12B177}" = rport=2869 | protocol=6 | dir=out | app=system |
"{891A5664-3291-463B-87D3-F3F0130F0688}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{92BAD131-1E47-49FA-918D-E25B8ED439BD}" = rport=139 | protocol=6 | dir=out | app=system |
"{A8416388-E3D2-4FC2-B9FD-3FD8A8CE92C3}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AE5BB3F1-CAFF-4DA4-B285-765824266167}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B00264FB-87A7-4D73-9564-C37B8A3D0FC8}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{B236BD5B-F2DE-4D40-99C0-336CE9DDEB44}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{C0E2AE32-5952-47C9-9463-34FE68E33D6A}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 |
"{CCE2EDCD-4749-4E5F-873C-C7787F063440}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{D5DB03B5-C78C-4B23-9CAD-641155E36714}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DAF26527-86E9-41B9-B8E4-1FC0BED01813}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E026AB97-974B-4D94-8D0D-27C5C5F6F6C3}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E98AE47E-4104-489B-9FCF-BBAEB1DF48F1}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{ECA042D9-F465-4B4F-989F-9D950916CDE9}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe |
"{F1C2A601-6FFD-4717-9178-1B3373A0D952}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F4B47CD1-390A-4D1E-B0E0-7DCB02F7A83F}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FCAA844D-3C9C-4781-AE2F-F92AE9C79B20}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004AAD2D-BE37-4447-AC37-946449A28F06}" = protocol=6 | dir=in | app=d:\need for speed™ hot pursuit\launcher.exe |
"{008A1498-BFFC-4919-B1F8-33129E9F0E1B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{011ECEEA-4B11-424D-B8C1-B27FDDE45873}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{013DA034-8E78-435F-853E-CAEA5357473B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{027FC028-4555-43A3-A787-E06962155B6F}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{029EEDC4-1ECD-466E-BF4E-6BCD9C0AE568}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{02E51FC2-516D-4D87-A302-21C67DB01B64}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0329A7C7-52DD-4DDC-9989-7E78C4868327}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{04C05B25-C6FB-4A30-89C3-B8028731A1F2}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0599B017-B508-4728-A572-5BAD4FFCE8FA}" = protocol=17 | dir=in | app=c:\games\dragon age\bin_ship\daupdatersvc.service.exe |
"{0714C947-8CC7-4D4F-8D78-1894B64E94A5}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{0AE56632-2480-4C67-9670-7A609F781353}" = protocol=6 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{0B8524AB-81AE-4A75-9954-688E26B728FC}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DCDE702-D81D-47F9-B7E9-7A34B737E657}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{0DF0EC2E-EE0F-4019-AE94-22631B3347C3}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\alien swarm\swarm.exe |
"{0E26A469-A8C1-4F30-ABD4-5337C0B04B6A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{0E5D9F79-305C-4B6E-BBD2-8F6D8858AC35}" = protocol=6 | dir=in | app=d:\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{0F5DB100-BEC9-4BA2-AD81-B9CC5D6D44BB}" = protocol=6 | dir=in | app=d:\gamest\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe |
"{117662F7-910F-4E04-9330-B7D5A769D390}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{11B75EB3-C26F-4605-96F6-0AB0744F0788}" = protocol=17 | dir=in | app=c:\program files\activision\prototype\prototypef.exe |
"{1653B271-2BDB-438D-A4CD-2150E74032ED}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{17342DDB-1128-4E14-A438-E6743753315A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{178B6E64-95BB-4405-9CE7-2DC45AEFD616}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{18936E40-9E06-4768-AC3D-F4E01FF3C53D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{1929FD6D-0F0F-4303-B933-B4EF8A1983BE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1AE5D881-5AD7-4249-A380-1A3CA58A137D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{1E1138F7-A1A8-4BFF-A971-E25A6654766E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{1EF94516-E141-4C20-93FE-26BDACD0F62F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{2012D23C-1E52-4089-90D6-5470DBCA9E98}" = protocol=6 | dir=in | app=f:\steam\steamapps\paja_taufer\synergy\hl2.exe |
"{2019C5E9-EC9C-4826-B796-998978E2E97E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{21671F7A-0EF4-47E6-974E-9AACEBA4D11C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{21E0EDAE-63F6-41C9-9120-5C34E0F60010}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{222F8C8C-0297-4C6D-A948-7EEE87BC0E2B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{22AD6829-08E7-4507-8795-D24D26AE9747}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{23B5041F-0CB0-4357-8B9E-AF03AA87C575}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead\srcds.exe |
"{26FDEA25-020B-4753-B44D-C5C42FF05F3D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{27434F2D-B038-45C2-9EB4-426B563ED5FE}" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{29DDE8ED-3450-469B-93B0-3E76238DCD60}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2A19E8CB-40CB-45D8-8B9C-B7F953ECAB34}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{2B298B67-0D19-47F5-BABE-E611956E9E1F}" = protocol=6 | dir=in | app=f:\games\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{2B2FFDC6-50F4-48D0-9FE0-BDE0D3688DFB}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2C03E723-6592-4ACC-94FA-47DD96273CEE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2CAE04C0-8797-490F-8D7E-2E28F18E376B}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2D6B19B7-13D8-484C-B6DC-0311DE05356D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2E5EBB57-7F28-49D3-A722-5FB3346B2086}" = protocol=6 | dir=in | app=c:\games\dragon age\bin_ship\daupdatersvc.service.exe |
"{2E77DE60-994A-4A17-B456-234202AEF158}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2F08219E-5641-4546-B11D-E370BBA50DE7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2F6E1D38-C822-4ECE-9819-6013EADE2D9C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{2FA098B9-56E1-4551-BF84-1C6A5B6D27F5}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{309A62D1-919C-42A7-8AE4-89B2D106C580}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{31059EC1-E6B1-4637-B181-E6D5497C7D0B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{31B7312C-6BF1-4D62-8F9D-128B783B0B28}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{31E44A55-7682-4467-B6F1-6112073CE78D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{32F6BF48-137C-43A5-BD5B-86D84C14448E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3332DAB4-3266-4876-BDF0-13523A82F3C7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{334C8FC0-339B-4115-969F-BCCDC2820440}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{337A15B8-B396-4824-BD76-9178518C2D44}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{36DA5B26-70D8-4E06-A064-3FAE57F174FF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3873E734-5BB0-4CE6-AF92-F459C9D0BADC}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{38BCF909-021A-4683-A713-D78D61449CE1}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3915BDF9-D835-4D53-B409-D58E2CFDF11A}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe |
"{3959962E-D686-4159-B210-43AD53E44F8F}" = protocol=17 | dir=in | app=d:\gamest\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe |
"{3A3B4E96-AC87-4EE6-A9B5-FB3EEC61AB98}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{3A561E6A-F2F5-4B36-875D-A529BA507279}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3BFFAFBB-ED80-42B4-B1EB-4ED613F38751}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3C15F898-B06E-407B-AA4E-EDDB7F732EFD}" = protocol=17 | dir=in | app=d:\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{3C675BDB-2962-4F0B-BC2A-09529D71CE4E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3D3F1E0C-A6D5-496F-9E12-091708A6C8CC}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead\srcds.exe |
"{3F344753-919B-49AD-9F05-E7CE874B9B6E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3FEC49B8-FA63-4708-901A-490745ED3011}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{3FF6A425-1A86-4FE7-92E7-04A252E238C6}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4022BAC3-384F-42A6-B29E-96509E852385}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4184F013-3C74-4BE8-9431-205752943D3B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{420CA1A1-EA1B-49B1-ABCF-35719C1C2E04}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{42223644-DD68-4638-AFFA-FE70A2623AC0}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{424E799F-1045-47DF-8A2D-026BC4FA3EBF}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe |
"{4334835D-490C-4803-898A-BAAF2A7CDD0B}" = protocol=17 | dir=in | app=f:\games\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{4500A727-8A80-49DC-BD46-39AF2A59934F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{452AB9F6-0501-4BC3-ACEE-39C5CE9BC8F7}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{45BA5FF1-7C02-4019-A422-618495A458BD}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4744661D-951A-4E2B-8FAE-A79E7608C467}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4789EFF0-8BC3-48CC-8AB6-2D36FECCB83E}" = protocol=6 | dir=in | app=f:\steam\steam.exe |
"{498E69A1-ADB6-4517-A952-CDBECB04ABF7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4A18AB41-2D1A-4065-B1E4-E008C6C85BDB}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{4BB1B3A9-9F91-4F0E-9B4E-D67C65DFFBDA}" = protocol=17 | dir=in | app=d:\burnout™ paradise the ultimate box\burnoutparadise.exe |
"{4C65D7B9-D224-4ACF-AC54-32513A73CD7D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4E5AB4CC-5A1B-47CB-BF7E-CAAEFD336664}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{4E983375-F384-4233-AEE6-FC2D1A777ACC}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{505EB4A8-7F68-4A59-85CD-DE76B819437F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\supreme commander 2 demo\bin\supreme commander 2 demo.exe |
"{5281A6A1-66B6-42E1-BF16-B879043A7B17}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{52BB8A0F-8BD6-447F-AD82-970B0A5F7AB7}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{53242C4E-D39C-4D9F-A46C-2B5156546A54}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54966E06-BFC5-4643-8CE3-3FCF1061142B}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{54A98465-14EB-49A6-AA75-E7CD5238645F}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{55621F17-312B-473E-8589-E63DB7470A5B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{566C0D6F-910B-4E3E-B047-287267063E45}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{58682A5C-76EE-48AE-9AF2-6D3F84922131}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe |
"{591F818A-D25D-4F1B-9143-4C7236D766BE}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{59E88281-365D-41E7-882A-9A00AA7EF381}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe |
"{5A747519-02BD-4245-9062-9D4A4502FD08}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5D87005C-5B73-403D-947F-985D9073BFE7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5EC99B30-A7B8-41D3-8B19-EF711CCBE2B0}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{5ECC8BE7-2F9F-472B-9541-CA2D760C561C}" = protocol=6 | dir=in | app=d:\burnout™ paradise the ultimate box\burnoutconfigtool.exe |
"{5F5B1CEC-12E2-4A61-A968-3F9BA58B5442}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{601EA021-5F9B-4C40-B5C0-78D425488B52}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{60484B48-2AFC-4DEF-8B7D-9C5718B45146}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{60E07D1E-24AE-49AF-AC00-5A3D5DD155C8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{614C446C-7B0D-4F97-B008-307900A49EB1}" = dir=in | app=c:\program files\avg\avg8\avgupd.exe |
"{61FF1894-8B7F-440E-B90E-CEE2EFFB9E67}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{62211C33-F8EE-4C4B-809D-1795A637D4A6}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{630DF586-FF05-490A-9488-FDC6AE6E99F5}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\supreme commander 2 demo\bin\supreme commander 2 demo.exe |
"{6614F9AE-3D89-4FC5-AC7C-921BA2191E1C}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{67B989C4-7337-4BD3-8E5E-56865E6BAB3E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{688DC71C-E181-45B5-B0DF-FEDF4BC8D5EC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{69B23F32-4EF1-4A50-A0DC-1A903406FBD8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B151D03-7DA0-43A5-83BD-E82709E39A69}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6B47CF94-DF7D-4C23-8661-72E7D2C8B4AE}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B620D7A-D53F-48F0-9207-ACD0097C9273}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6B6F487C-0058-46D6-9982-ECDC4A152C89}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6BA33516-24B3-40C1-A45B-F438E73C5F6E}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{6EC24663-723E-4A48-87BC-CBAF33756FFF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{6EDBDE61-3EAD-4BFC-B1EA-4B589E334C19}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{72A06FCF-3A71-4744-B5E6-E28584CE1B07}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\alien swarm\srcds.exe |
"{72BE35ED-59D9-428B-B461-DC5F3C6531E8}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{72E520C0-A775-4E28-9C3F-0647AAEBD122}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{740391D2-59BB-4F36-A9EC-B2176203F731}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7447A8A6-270D-4788-B16F-C395D66BB1ED}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{748FEB3B-81D7-491B-A23B-F918637EE120}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{758B1A4A-A21C-48AB-84B6-3D741E310767}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{762E07AD-CC33-4A18-B7C1-B906F8CC0BFF}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7705AC18-F902-4550-9329-3D4ECAD8B056}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78EB960C-C1AE-4D76-B4AF-A43CDB69FA37}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{78EC42C0-67AB-4F15-92EF-20C3E298A89F}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 |
"{7A29F748-6D26-443E-82D8-6F2D56FE4F21}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A92FECB-7829-4D33-B81E-2FA58DADF249}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7A9E53E0-6616-46AA-B508-28455A26B583}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{7BFCDB84-DCAF-4B20-BE4A-EA3E1B906297}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7E307E63-6665-467C-A35F-6D885E88B0BE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7E6E65EC-A29C-437B-98D4-E35DA393EDF2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{7E89A639-97A7-4E39-9B3B-E607CF0B7013}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{7FA400D6-4C64-4F81-8368-D64D4354E575}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{80AE73DF-F5E3-491C-994B-AC91294E2DB4}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{811246B4-9BDF-466A-ACE3-1855A243F7F3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{82901C25-A610-4896-9046-17C4EFBEFA8E}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\alien swarm\bin\sdklauncher.exe |
"{854F6EEE-8CC0-4D14-8EEB-AB4DEF5F99C7}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{85A52483-21B5-4B01-9FC4-4D556D67BB16}" = protocol=17 | dir=in | app=d:\need for speed™ hot pursuit\launcher.exe |
"{85EC91D5-4D88-4FC1-B4C9-89623CB985AC}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{87488BFD-8178-4113-B150-5CCC02FA8E2C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{89CB1440-0967-4CAD-9024-2E6435BA9361}" = protocol=17 | dir=in | app=f:\games\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"{89F47FBB-921F-40F4-9448-3994C58170A3}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8A198C97-2E1E-4D12-97B3-DF85D1AD372E}" = protocol=6 | dir=in | app=d:\wow_wotlk\wow.exe |
"{8A2B1DC6-B4A7-460A-85C5-1D69A00DE506}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8B821DA3-D309-46A8-A2B5-6275B9648B95}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{8D9039D8-587B-41E0-B831-B6F0BCABDC8C}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8E5B31D6-4F49-430E-BEB9-D0E1901B50BD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{8FCD1136-0B91-4E15-BF5B-63D2A4006A77}" = protocol=17 | dir=in | app=d:\wow_wotlk\wow.exe |
"{90502750-DF1F-453A-9D5B-C824C677459E}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe |
"{9162A021-CA0A-41D0-9CC7-F87E38B81812}" = protocol=6 | dir=in | app=c:\users\pavel\appdata\roaming\.minecraft\saves - kopie\minecraft_server.exe |
"{91824549-61CB-4A48-BE95-4F4B4267E626}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9318A8B2-8435-47ED-BAA2-CD1F6FC5FDB6}" = protocol=6 | dir=in | app=c:\games\dragon age\bin_ship\daorigins.exe |
"{932DC179-FADB-4898-9ED5-7EE927F3D4B8}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{936DF791-7FDA-4A8D-85A7-BC402445796B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9375CBEF-5A6B-4744-B576-1FB7AC64F425}" = protocol=17 | dir=in | app=d:\bf2\bf2.exe |
"{943B34C8-7BA5-4F7D-8A0F-4F138CA7B608}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{95297D7E-050D-430D-AA73-9C3DED1161DE}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9747EC4E-BADF-4DAC-806C-4DB11C493473}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{98399133-1BBC-48ED-B8D0-DF110BF1DCE8}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{98B977A9-06C0-4F59-BC28-8C2722887361}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{99BA22C5-F15B-470B-B240-6C5662F0D638}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9A3E912A-F80E-4780-8F49-45330A1EE15C}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{9B62EECA-C8FF-474E-85CB-8B5EB0FE5599}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C1E8F42-4FEA-4D17-8FE4-C08AD129C66A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9C9F6364-2486-4B7A-A117-8C1C781B5BD8}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9D567924-2C67-4B6C-A2ED-4F41F724EF17}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{9E56EBB2-E969-4226-A56C-B8B8F5D1569C}" = protocol=17 | dir=in | app=f:\steam\steam.exe |
"{9F117D88-A814-4468-8552-7B305D7BF8E3}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{9F4C126A-2293-4C9B-A600-A40E5F0F6ADF}" = protocol=17 | dir=in | app=c:\users\pavel\appdata\roaming\.minecraft\saves - kopie\minecraft_server.exe |
"{A168C18F-D19E-448D-AB03-D6943157FC25}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A1D645F3-D3DA-46BD-A4D9-FC3494CC835F}" = protocol=6 | dir=in | app=d:\burnout™ paradise the ultimate box\burnoutlauncher.exe |
"{A466D8AD-5771-4642-BF72-1B7E9F0C04DA}" = protocol=6 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{A56A1B53-FF71-48C5-963C-73CAA83B0DF2}" = protocol=17 | dir=in | app=c:\games\ron_gold\thrones.exe |
"{A5A451EC-9133-4DAB-957C-FCD00743FE96}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A5DA5654-AF9C-4598-B75D-622B0B163599}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{A629AA16-7397-4588-80F3-C905EB4F0128}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A640112F-76F9-4115-B80A-687CD3F4B326}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{A86FA3D5-443E-4499-886B-DB9DD4E341B7}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{A937E9B2-C666-441E-B095-3A7DDFB92A57}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AB044258-C4D4-456C-AB87-608B701BDB7B}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead\srcds.exe |
"{AB346CD7-2ACF-40D4-B6A7-1247C68D4314}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead\left4dead.exe |
"{ABA07A23-9707-4172-A368-7360E787996B}" = protocol=17 | dir=in | app=f:\steam\steamapps\paja_taufer\counter-strike source\hl2.exe |
"{ABD76238-556A-4827-8AB8-2FB3F3EA5D08}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AC1539AA-0C5B-4D1A-82A3-09B56584E745}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AD57CA38-FC06-4C5E-A97F-2EF0450DE28F}" = protocol=6 | dir=in | app=d:\bf2\bf2.exe |
"{AE0C2151-04D9-4836-B29A-28AAD7D42D7D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{AEB1F8EC-068F-46CD-9CD3-B9E27878F812}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{AED4C2E2-8FE5-4B05-AA01-BEBF194433AD}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\alien swarm\swarm.exe |
"{B0112C5B-24CE-48AF-AA76-88052AEE6057}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B07D2806-9A4D-4C22-9053-DF3CBC921AE9}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B0DAE489-F9A0-4D39-B98B-280CD726E722}" = protocol=6 | dir=in | app=c:\games\ron_gold\thrones.exe |
"{B1425AA5-00C4-422A-AFCB-DE86E6490ECF}" = protocol=6 | dir=in | app=d:\games\openttd\openttd.exe |
"{B14E1AD8-1F61-449E-A3ED-A52D3E524FEA}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe |
"{B27CB90C-80A1-4196-99C1-9E37799C4D32}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B2BAAF25-129C-4879-8DA8-0C4C460FE87B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B4254A06-27A3-4FFB-807C-98BC49900EAD}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B54DE951-C302-4F3D-AF7F-63D3715E835B}" = protocol=17 | dir=in | app=d:\gamest\tom clancy's rainbow six vegas\binaries\r6vegas_launcher.exe |
"{B58EB9E2-8C67-412F-878E-D1B9A81F0E00}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead\left4dead.exe |
"{B59F2081-C768-48A1-AA5D-EF01557477BA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B6C5F0FE-5D5E-4CDF-BB5D-206D9694B850}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{B986533D-F75A-4295-801F-31DA74F9375B}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{B9A2AACD-57C0-4DB6-96C6-2E1100CBE06A}" = protocol=17 | dir=in | app=d:\games\openttd\openttd.exe |
"{BAF8E5BF-0D2A-40CB-9F8E-DC919E78307F}" = protocol=17 | dir=in | app=f:\steam\steamapps\paja_taufer\synergy\hl2.exe |
"{BB847137-D55F-4B58-8FC8-12CF39C18E94}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BCBFE1EA-7EE4-4908-A062-2370CBF1C1B4}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{BD2955F2-93D1-49CE-8C47-AA51292FBF6D}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BDE664B9-B109-4E8F-807F-1670444642DB}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{BE966B25-C169-4431-94C3-9450C661EBAF}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{C0F89443-83BB-4586-88BA-008CFF7C851E}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C30AEF93-D4CA-4660-88E1-B2A6EF88BF50}" = protocol=6 | dir=in | app=d:\gamest\tom clancy's rainbow six vegas\binaries\r6vegas_game.exe |
"{C5D9A736-47C2-4DDD-9EC4-55A5ED52FBB4}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{C78C8567-4D3B-4487-B7EC-2840CF57DA3A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{C91C2210-DB56-4BBA-BCDF-0A8EA8C7F599}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CA0C3A94-5AAF-49EA-BC1D-FFBB0009ADA7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CA4C1391-5FEE-44D5-AB68-8394F168F51A}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CC200BE6-DE77-497B-90C8-29D7ACBAB81D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CC81B8C0-645E-47CB-B287-7A3F2BDB9C9A}" = protocol=17 | dir=in | app=c:\games\dragon age\daoriginslauncher.exe |
"{CC8517F6-649B-43EC-ACE9-610C7EE6D600}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CDCD1036-AC52-4439-8F41-5E4661810942}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead\left4dead.exe |
"{CE5B2CBD-68AB-48C9-913F-4497D6674B16}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{CE6F7250-8BC1-4B6E-9FBB-DB701A5329CC}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CE9C2F10-BAA3-4846-A44E-28D7B56D28C2}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF8F681A-1A69-4D8C-86F2-C8AB05ACBF12}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{CF8FB1C0-DBC4-477A-996F-8ECDDA47BE20}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead\left4dead.exe |
"{D11DE2C7-D029-4FF2-8618-3FE84CF2F723}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D2E15E84-71DB-4A1E-9F24-582BDA1BD9A6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{D7103AED-D40D-446E-96BB-64CE05C8D310}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DA66FDD0-B4A8-4476-8968-8F98C677E72F}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DBD31852-2A7F-4321-81DE-022A907EBBD8}" = protocol=6 | dir=in | app=f:\games\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"{DCA3A92D-C446-4253-BBB7-3A56FFB81F47}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DDFCDEB8-1269-4100-AA53-80A9BBCAF091}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DE5E646E-E979-4FA4-BD58-BAD5ADCF3BC1}" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"{DE637B08-E720-40F2-BD9F-2C938561C03E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{DEBFF60D-59C5-49E5-97D2-487192EE9143}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{DFF744AC-A7BA-4069-A9F0-671519B83118}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E057EE83-76C0-418E-9CA6-E31F3D1E4526}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforeverlauncher.exe |
"{E11A06A4-BF47-4155-9379-0F468C65B289}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E13E483E-2E5B-493A-866A-CA0ED996459D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E3BBA268-C43F-40FC-AA64-47D5F395C8D3}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\alien swarm\srcds.exe |
"{E5730035-8FBF-45B9-97D9-4678FFE81069}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E6C385EF-98ED-415C-AF43-DC0155F29E96}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E75C50AB-5AD9-46CB-AEEF-9D2CCA9C1CF0}" = protocol=17 | dir=in | app=d:\burnout™ paradise the ultimate box\burnoutlauncher.exe |
"{E8363539-C44C-475F-8C0D-88E9F5D6CEB9}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead\srcds.exe |
"{E8B2C599-729A-4A32-9762-B22E5D7F9026}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{E8C96F6C-C734-41CD-84E1-55F592DD5E4B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{E9DA3529-FD1A-4299-A66E-A10A88876703}" = protocol=6 | dir=in | app=c:\games\dragon age\daoriginslauncher.exe |
"{EA443097-2EC4-45D9-8481-ABE4637C899D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe |
"{EAF24F2E-6433-4772-85C1-A873C71F9AD0}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EB5272AC-5D58-462D-B905-8F09934E6CC5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{EC33604D-9A07-4CC8-91C9-85C4AD8AAAA2}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EC5A9B54-6652-43C2-A71A-DC5159438693}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{ED4CF6BE-CBC7-44DA-82AC-6D2A504A20BA}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{EE521CCA-5B29-4E70-ACC2-5E8CE41B4B70}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{EE8F319B-664F-4204-B9CD-33AB454D9B00}" = protocol=17 | dir=in | app=c:\program files\opera\pluginwrapper\opera_plugin_wrapper.exe |
"{EEF4568F-FC21-45E0-98A6-BEC7353D89C2}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe |
"{F1E59422-5F42-4B71-A350-9CAD02D8690E}" = protocol=6 | dir=in | app=f:\steam\steamapps\paja_taufer\counter-strike source\hl2.exe |
"{F2031FA9-C119-4E59-96F2-888B4AB8892C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F2C7E4A0-FE95-4243-B9A3-69AB77A77392}" = protocol=17 | dir=in | app=c:\games\dragon age\bin_ship\daorigins.exe |
"{F2E93B87-290C-4AF8-BDA9-557BC7F6FB22}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F38BA536-D7E4-42EF-88BE-152EB2A9D60E}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F43158CC-FEAC-42B7-A55D-60D7F1635762}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F7577ED3-E17A-4430-852D-8B6F8817EEF0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F827B201-E7B5-47D0-A3E7-F5DFA4AED28B}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F8326100-863A-4C63-9A72-76DD750B6F08}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F854470A-FD54-4EB9-B7C1-6B3FA3A04FBA}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F85C887C-A74C-417B-9F8B-D9C81AFDC80B}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F8A60D1A-616C-4E9E-B541-CC283F3D0FD4}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F94B37FF-1D82-4082-92D6-A20078349B4E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{F974DAA7-02F6-4A67-A469-D5E06A2F0087}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F9D912E1-030F-4E9C-ADE1-BF2F9FB9BA74}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FA28A94B-1A5C-4B2F-AC59-0DE903E60CF9}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FA723171-C86D-4693-BF0D-EF33B7F599A9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{FAF91091-AE07-4595-AE22-8DA5B81F666C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FC49D40B-338F-47A1-B2FF-566BF99F4B6F}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead\bin\sdklauncher.exe |
"{FC58BCE6-14D9-4902-AE17-42F5B57AC64D}" = protocol=6 | dir=in | app=f:\steam\steamapps\common\portal 2\portal2.exe |
"{FC87541B-9F3A-4D2C-B1F5-48F59E7B5C0D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{FCD31D6D-2C98-445D-8079-BF1DA1BD0385}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FE1EC167-B739-4A57-B527-058EA1DB5B56}" = protocol=17 | dir=in | app=f:\steam\steamapps\common\trackmania nations forever\tmforever.exe |
"{FF37BB97-0702-4087-8E83-700CF4266935}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FFB0F91C-308E-462A-A356-9C356ABCB473}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"TCP Query User{0BE7B95D-983C-4642-B02E-00FE3B4E0693}D:\demigod\bin\demigod.exe" = protocol=6 | dir=in | app=d:\demigod\bin\demigod.exe |
"TCP Query User{0F18AA0F-4AF5-4FC2-B905-D7389E671041}C:\program files\winscp\winscp.exe" = protocol=6 | dir=in | app=c:\program files\winscp\winscp.exe |
"TCP Query User{103A7C9F-C39B-46A6-A54F-AC6D2FAE112F}C:\games\command & conquer generals zero hour\game.dat" = protocol=6 | dir=in | app=c:\games\command & conquer generals zero hour\game.dat |
"TCP Query User{125FDD96-9947-4BF2-BD6C-F4349C527744}D:\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\borderlands\binaries\borderlands.exe |
"TCP Query User{161FAB44-8BA2-4D80-ABAE-42D981320869}F:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\games\warcraft iii\war3.exe |
"TCP Query User{18FFF8AF-5DE7-4B75-9C2C-EE679F475CDF}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{1A52E03E-9B3D-437B-91BC-145CC59DE403}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{1AAC2CC1-49E7-4281-9F7A-E5F93625AFCD}F:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe |
"TCP Query User{1C013F64-80C9-42D2-BB22-D6BDAB049147}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{1EC7B608-F15F-469A-AA17-935C9828C923}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"TCP Query User{23E1782D-22D6-466C-BDD4-C9686DB71B99}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{24035350-BF7B-43B6-926B-E267C22BC7AB}D:\games\sharpkonquest\servidor.exe" = protocol=6 | dir=in | app=d:\games\sharpkonquest\servidor.exe |
"TCP Query User{25B9D839-4AB9-4FC9-A375-31D0E20CD5D3}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{2A659E34-B212-4C75-A5D0-DF54ACE1494A}D:\cod4\iw3mp.exe" = protocol=6 | dir=in | app=d:\cod4\iw3mp.exe |
"TCP Query User{31DE3B05-2858-48FE-BBE7-A019AE88F11E}D:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{327447E7-1608-4A55-9C2D-F886CA6B1BE8}C:\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\games\valve\hl.exe |
"TCP Query User{35022B59-DD56-4237-958D-57C6C1362568}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{3639AFCC-C0CB-4617-A94B-BEF54E6F8AC4}D:\aok\age2_x1.exe" = protocol=6 | dir=in | app=d:\aok\age2_x1.exe |
"TCP Query User{369FEFEF-794F-432E-8850-A01EB713EDE1}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"TCP Query User{3816944B-11E7-487A-A598-CDD8F8C929B5}C:\users\pavel\downloads\lancraft\lancraft.exe" = protocol=6 | dir=in | app=c:\users\pavel\downloads\lancraft\lancraft.exe |
"TCP Query User{4097265A-8C7A-4B14-BE25-398E23B280C1}C:\program files\nx client for windows2\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows2\nxclient.exe |
"TCP Query User{46202D5F-2426-4A79-895B-2E014D2ED08B}C:\Games\age of empires 2 & the conquerors expansion - full game - [hussey]~\aoc.exe" = protocol=6 | dir=in | app=c:\games\age of empires 2 & the conquerors expansion - full game - [hussey]~\aoc.exe |
"TCP Query User{49441123-2D98-4F38-8C02-30A07952D2DD}D:\aok\age2_x1.exe" = protocol=6 | dir=in | app=d:\aok\age2_x1.exe |
"TCP Query User{4BAA855E-B5EA-40F0-A2AC-550E87D56DC1}F:\program files\bullfrog\dungeon keeper 2\dkii.exe" = protocol=6 | dir=in | app=f:\program files\bullfrog\dungeon keeper 2\dkii.exe |
"TCP Query User{4C04AF10-054F-4CA3-8711-D532D6A32D78}C:\games\magictg\manalink.exe" = protocol=6 | dir=in | app=c:\games\magictg\manalink.exe |
"TCP Query User{4ED89B99-01B9-4E68-B628-CF564CAC1721}C:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=6 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"TCP Query User{51BC4CF5-0088-4347-B8AC-C874015FEC9E}C:\users\pavel\downloads\carcassonne\carcassonne.exe" = protocol=6 | dir=in | app=c:\users\pavel\downloads\carcassonne\carcassonne.exe |
"TCP Query User{523C705A-B95E-4807-896F-AEBA73355CCD}D:\cod5\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=d:\cod5\codwaw_lanfixed.exe |
"TCP Query User{5549D8BB-8F3D-49C1-9D12-13EB85B6774B}D:\bf2\bf2.exe" = protocol=6 | dir=in | app=d:\bf2\bf2.exe |
"TCP Query User{5622A619-9357-407F-AE9D-81227979DF7C}D:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{573EA460-B955-49ED-A9A2-98B85E5731DC}D:\games\starcraft ii\starcraft ii.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"TCP Query User{5A40F206-D283-4CD7-9A2B-75D77C928252}C:\users\pavel\downloads\lancraft\lancraft.exe" = protocol=6 | dir=in | app=c:\users\pavel\downloads\lancraft\lancraft.exe |
"TCP Query User{5A9E6D49-F8EB-4015-A193-5CD453C65B38}D:\aok\aoc.exe" = protocol=6 | dir=in | app=d:\aok\aoc.exe |
"TCP Query User{68BE2A55-A157-403E-9782-C750534E2EC5}C:\users\pavel\downloads\l\lancraft.exe" = protocol=6 | dir=in | app=c:\users\pavel\downloads\l\lancraft.exe |
"TCP Query User{6BDE3A25-43B3-4149-8E99-62CDA45E0ED2}C:\program files\mozilla firefox\firefox.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"TCP Query User{6DC5884F-55E4-4BB7-A9D8-11B138735C48}F:\games\openttd\openttd.exe" = protocol=6 | dir=in | app=f:\games\openttd\openttd.exe |
"TCP Query User{74822B6E-0CE4-45FD-868D-A36169D0A748}D:\demigod\bin\demigod.exe" = protocol=6 | dir=in | app=d:\demigod\bin\demigod.exe |
"TCP Query User{7A0F810D-FFCF-4E6C-9769-6D54D6EA4346}D:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=d:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"TCP Query User{7C09439C-B01E-4CE1-853F-1173FBDEB573}D:\counter strike\valve\hl.exe" = protocol=6 | dir=in | app=d:\counter strike\valve\hl.exe |
"TCP Query User{7C3B4B47-9F51-4798-BC73-EAAD57314825}D:\games\knights and merchants tpr\km_tpr.exe" = protocol=6 | dir=in | app=d:\games\knights and merchants tpr\km_tpr.exe |
"TCP Query User{7CE6B9E5-890E-4399-A844-10E15D9C6778}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{80687353-DA1D-4CF3-8854-331095617707}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"TCP Query User{82A7B415-D71B-4821-847D-62747BEFDAEF}D:\games\openttd_1.2.0\openttd.exe" = protocol=6 | dir=in | app=d:\games\openttd_1.2.0\openttd.exe |
"TCP Query User{858121D1-E8FF-4413-A4D6-13AFB59819FB}D:\games\kam_remake\kam_remake.exe" = protocol=6 | dir=in | app=d:\games\kam_remake\kam_remake.exe |
"TCP Query User{85C9BBE8-567E-46AA-AB1E-E95069B608CF}F:\games\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=6 | dir=in | app=f:\games\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"TCP Query User{8665F057-632B-4E22-97DD-B4E8722167F3}C:\users\pavel\appdata\local\google\chrome\application\chrome.exe" = protocol=6 | dir=in | app=c:\users\pavel\appdata\local\google\chrome\application\chrome.exe |
"TCP Query User{8C9BA751-60DA-4F80-B35A-7AA360DC0830}D:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=d:\srcds\orangebox\srcds.exe |
"TCP Query User{8E335CC4-1E59-443F-8111-13B03B2FC25F}F:\steam\steamapps\common\alien swarm\swarm.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\alien swarm\swarm.exe |
"TCP Query User{8FADBA67-0AC3-407D-9428-B6749AE9E3D5}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=6 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"TCP Query User{90CBBA25-5710-4C05-8020-769C3C477C0A}C:\windows\system32\dpnsvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"TCP Query User{98FE910A-DCD2-4827-B347-517AD422A112}D:\aok\aoc.exe" = protocol=6 | dir=in | app=d:\aok\aoc.exe |
"TCP Query User{998D880B-1CA2-4E04-994B-07D172DFA825}C:\windows\system32\ftp.exe" = protocol=6 | dir=in | app=c:\windows\system32\ftp.exe |
"TCP Query User{9B037C7C-268F-4F20-87F7-A69D5E09008C}D:\games\heroes of might and magic iii complete\heroes3.exe" = protocol=6 | dir=in | app=d:\games\heroes of might and magic iii complete\heroes3.exe |
"TCP Query User{9C4F4424-13E7-4A5D-A14D-251E9394FC7A}F:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"TCP Query User{9DB4B289-93D4-4B1C-B1E3-6A91ED173EA2}C:\web\tiny.exe" = protocol=6 | dir=in | app=c:\web\tiny.exe |
"TCP Query User{A015B222-C4B9-429F-B65E-4E6367F60952}C:\windows\system32\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"TCP Query User{A054E01E-F012-496A-9E2A-F38BD2BD63F8}C:\web\tiny.exe" = protocol=6 | dir=in | app=c:\web\tiny.exe |
"TCP Query User{A057348C-C871-492A-8143-6024E803F454}C:\Games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe" = protocol=6 | dir=in | app=c:\games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe |
"TCP Query User{A18F2A4E-7BB3-479C-AA3B-AB11812E21BC}C:\program files\free download manager\fdm.exe" = protocol=6 | dir=in | app=c:\program files\free download manager\fdm.exe |
"TCP Query User{A2338291-B27C-4272-9386-A6941BD998A6}C:\program files\qip\qip.exe" = protocol=6 | dir=in | app=c:\program files\qip\qip.exe |
"TCP Query User{A41A1C5C-8DE9-4A13-8E4E-93A812AE5523}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{A89322C1-424C-428B-9C11-A3ED0F422DA8}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=6 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"TCP Query User{A916AAF3-D104-41EA-B9B3-797B89F23E69}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{AA86C5A9-659C-46A6-A54B-1CD4496E1EAF}F:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe |
"TCP Query User{AAA4B694-9048-41B8-AFAE-02BFBFBE4A9C}C:\Games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe" = protocol=6 | dir=in | app=c:\games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe |
"TCP Query User{AACEA751-0828-4866-A306-B39DC2E70398}C:\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\mysql\bin\mysqld-nt.exe |
"TCP Query User{AE38DD25-6C09-444A-9962-FE237D97904E}F:5\valve\hl.exe" = protocol=6 | dir=in | app=f:5\valve\hl.exe |
"TCP Query User{B230C132-0737-45D0-AFDC-03E8B2B20ECE}C:\users\pavel\downloads\openlierox_0.58_rc3.win32\openlierox\openlierox.exe" = protocol=6 | dir=in | app=c:\users\pavel\downloads\openlierox_0.58_rc3.win32\openlierox\openlierox.exe |
"TCP Query User{BA2039BD-C5DE-4E08-A56E-D9F013682530}D:\games\kam - the peasants rebellion\km_tpr.exe" = protocol=6 | dir=in | app=d:\games\kam - the peasants rebellion\km_tpr.exe |
"TCP Query User{BB4035F4-FCE7-4B18-A858-A40AB64204FA}D:\counter strike\valve\hl.exe" = protocol=6 | dir=in | app=d:\counter strike\valve\hl.exe |
"TCP Query User{BE749CD9-343D-4628-8B93-1B56BE192272}D:\srcds\orangebox\srcds.exe" = protocol=6 | dir=in | app=d:\srcds\orangebox\srcds.exe |
"TCP Query User{C1E3FCAF-F3B9-4783-BAE4-5630CDCB9C43}C:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=6 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"TCP Query User{C23577F5-3D28-4AE2-902F-0C4BCE20054F}C:\games\magictg\manalink.exe" = protocol=6 | dir=in | app=c:\games\magictg\manalink.exe |
"TCP Query User{C466767D-C1EF-4F7A-953C-D923543D012B}C:\games\valve\hl.exe" = protocol=6 | dir=in | app=c:\games\valve\hl.exe |
"TCP Query User{C5348AFF-0FC4-40A9-B6F0-92D789D6D10F}F:\steam\steamapps\paja_taufer\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=f:\steam\steamapps\paja_taufer\counter-strike source\hl2.exe |
"TCP Query User{C57703D8-C003-4C62-A76A-1F9BD68EFB94}F:\games\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=6 | dir=in | app=f:\games\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"TCP Query User{C7D6B792-A468-447E-BC13-6BFC9CAE9095}C:\users\pavel\downloads\tftpd32.400\tftpd32.exe" = protocol=6 | dir=in | app=c:\users\pavel\downloads\tftpd32.400\tftpd32.exe |
"TCP Query User{C7E45352-C74C-4489-B871-5D7BA512A61F}C:\downloads\eclipse\eclipse.exe" = protocol=6 | dir=in | app=c:\downloads\eclipse\eclipse.exe |
"TCP Query User{C861314D-25F4-4CC2-8E42-50B426962B7F}D:\borderlands\binaries\borderlands.exe" = protocol=6 | dir=in | app=d:\borderlands\binaries\borderlands.exe |
"TCP Query User{CD34463C-9C3B-40D4-ACD9-E64A934E7942}C:\program files\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files\opera\opera.exe |
"TCP Query User{CF28D648-66C5-4A75-B7B4-7566837E6409}F:\strawberry\perl\bin\perl.exe" = protocol=6 | dir=in | app=f:\strawberry\perl\bin\perl.exe |
"TCP Query User{D293D3AC-AB2B-4C92-AF3F-D3843D58451A}D:\games\traffic giant\trafficgiant.exe" = protocol=6 | dir=in | app=d:\games\traffic giant\trafficgiant.exe |
"TCP Query User{D5C3CA62-A468-4EA1-BEEF-5890B1CE7787}D:\games\knights and merchants tpr\km_tpr.exe" = protocol=6 | dir=in | app=d:\games\knights and merchants tpr\km_tpr.exe |
"TCP Query User{D8A86075-A1D4-4B0B-BC3F-E67226C19461}C:\mysql\bin\mysqld-nt.exe" = protocol=6 | dir=in | app=c:\mysql\bin\mysqld-nt.exe |
"TCP Query User{DCC2E2A5-1B5D-4FDB-AA1E-CCF0CA2AAA32}C:\program files\nx client for windows\nxclient.exe" = protocol=6 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"TCP Query User{DCD873D7-3794-4AA5-B5A6-D1B705D9B1BD}F:\program files\xming\xming.exe" = protocol=6 | dir=in | app=f:\program files\xming\xming.exe |
"TCP Query User{E3095AE2-DD0C-4CAF-9AF3-D8212C18AC90}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe |
"TCP Query User{E31A71A4-C1B8-47A1-BE16-3EA619499F05}D:\cod5\codwaw_lanfixed.exe" = protocol=6 | dir=in | app=d:\cod5\codwaw_lanfixed.exe |
"TCP Query User{E531CB6E-983D-4E99-9F33-85F4B1423FA0}C:\totalcmd\totalcmd.exe" = protocol=6 | dir=in | app=c:\totalcmd\totalcmd.exe |
"TCP Query User{E5A88A26-4300-41A8-B144-AF81AD288C30}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=6 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"TCP Query User{EBF7BA0D-C7B5-4CBF-ACB0-E7020785B625}C:\program files\netbeans 6.8\bin\netbeans.exe" = protocol=6 | dir=in | app=c:\program files\netbeans 6.8\bin\netbeans.exe |
"TCP Query User{ED2412E9-2E5D-48FF-914C-916E0C45CA46}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"TCP Query User{EF4AFB1E-A87C-4294-B91D-500016652F4E}F:\strawberry\perl\bin\perl.exe" = protocol=6 | dir=in | app=f:\strawberry\perl\bin\perl.exe |
"TCP Query User{F1A18F8E-F3CC-486B-8A09-B5C70F5C093C}F:\program files\xming\xming.exe" = protocol=6 | dir=in | app=f:\program files\xming\xming.exe |
"TCP Query User{F66699E8-605A-4E49-94C4-18AEF273E309}C:\program files\edimax\common\apui.exe" = protocol=6 | dir=in | app=c:\program files\edimax\common\apui.exe |
"TCP Query User{FB1E2EAB-8C23-44AB-BB0E-8155B1636630}F:\games\warcraft iii\war3.exe" = protocol=6 | dir=in | app=f:\games\warcraft iii\war3.exe |
"TCP Query User{FC896872-7C88-4BB4-BA2E-1AC3350647DB}I:\hry\warcraft iii\war3.exe" = protocol=6 | dir=in | app=i:\hry\warcraft iii\war3.exe |
"UDP Query User{00570BB8-1E87-4C33-A2E8-F2A77E61F109}D:\games\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{046BD5D3-EF8B-433B-A908-54181D3CAC57}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{0CEB34D6-923B-4474-A21E-66C0C36B13AF}D:\games\kam - the peasants rebellion\km_tpr.exe" = protocol=17 | dir=in | app=d:\games\kam - the peasants rebellion\km_tpr.exe |
"UDP Query User{11984EE9-BFD8-4EB0-A39C-9617420E777C}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{120D3598-3343-48E6-B55D-7DE8E5741C1E}D:\games\heroes of might and magic iii complete\heroes3.exe" = protocol=17 | dir=in | app=d:\games\heroes of might and magic iii complete\heroes3.exe |
"UDP Query User{168A778F-A8D8-48DF-BF11-80692EAFECBE}C:\users\pavel\appdata\local\google\chrome\application\chrome.exe" = protocol=17 | dir=in | app=c:\users\pavel\appdata\local\google\chrome\application\chrome.exe |
"UDP Query User{1B00AE6D-2D80-4294-997B-30267EDA749D}D:\demigod\bin\demigod.exe" = protocol=17 | dir=in | app=d:\demigod\bin\demigod.exe |
"UDP Query User{1C6C7F4E-EAC2-4B36-AF9E-1F77EB66234B}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{1E18B8EC-07C0-402E-B639-9CC0C47C2278}D:\counter strike\valve\hl.exe" = protocol=17 | dir=in | app=d:\counter strike\valve\hl.exe |
"UDP Query User{219C16C4-B199-4A65-A312-2BC8A4D93665}C:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe" = protocol=17 | dir=in | app=c:\program files\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe |
"UDP Query User{2431AC09-A4F3-46E0-867F-676CEC19ACB0}C:\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\games\valve\hl.exe |
"UDP Query User{272790E4-62ED-41CD-8BB8-A04B96AABC3D}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
"UDP Query User{275C9B92-122B-4564-A3E2-6DEA008B9800}D:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=d:\srcds\orangebox\srcds.exe |
"UDP Query User{2F7F8F17-8C68-442D-A954-7D99D656BD98}C:\program files\nx client for windows\bin\nxssh.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\bin\nxssh.exe |
"UDP Query User{2FBCD0B6-3BB1-4225-A8B1-E55FF25050DB}D:\cod5\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=d:\cod5\codwaw_lanfixed.exe |
"UDP Query User{317C1259-4471-4A24-B4DA-A3FA63B7BC8B}F:\program files\xming\xming.exe" = protocol=17 | dir=in | app=f:\program files\xming\xming.exe |
"UDP Query User{35A45CC9-FB43-45FC-95FC-C64D5D532B12}F:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe |
"UDP Query User{37F1EF83-0A87-481F-9216-35F1DD1630FE}C:\windows\system32\ftp.exe" = protocol=17 | dir=in | app=c:\windows\system32\ftp.exe |
"UDP Query User{39370F3F-7248-4C60-AE1E-46DE231EE708}D:\counter strike\valve\hl.exe" = protocol=17 | dir=in | app=d:\counter strike\valve\hl.exe |
"UDP Query User{3CAFA992-49E1-48E6-84A4-5E006BD4FC7B}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{3CC8C027-A352-4451-AD41-609B06FA3E7B}F:\games\gas powered games\gpgnet\gpg.multiplayer.client.exe" = protocol=17 | dir=in | app=f:\games\gas powered games\gpgnet\gpg.multiplayer.client.exe |
"UDP Query User{45A3FB8A-36AB-402C-9824-8244E6DDF923}C:\users\pavel\downloads\l\lancraft.exe" = protocol=17 | dir=in | app=c:\users\pavel\downloads\l\lancraft.exe |
"UDP Query User{45BB1BFF-0774-4618-9698-BEA6790C5F75}D:\games\traffic giant\trafficgiant.exe" = protocol=17 | dir=in | app=d:\games\traffic giant\trafficgiant.exe |
"UDP Query User{47AE847A-81A0-42B1-8DE3-74E78A3133B7}D:\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\borderlands\binaries\borderlands.exe |
"UDP Query User{48A6D73B-A59D-4BAE-ABE0-549E12C3667A}C:\games\command & conquer generals zero hour\game.dat" = protocol=17 | dir=in | app=c:\games\command & conquer generals zero hour\game.dat |
"UDP Query User{4A6D9528-14AB-44CC-9E69-94B933E95C22}D:\games\knights and merchants tpr\km_tpr.exe" = protocol=17 | dir=in | app=d:\games\knights and merchants tpr\km_tpr.exe |
"UDP Query User{4AB4AE46-A3C8-4294-9B9B-CE6EE46F3C1D}C:\users\pavel\downloads\carcassonne\carcassonne.exe" = protocol=17 | dir=in | app=c:\users\pavel\downloads\carcassonne\carcassonne.exe |
"UDP Query User{4B6DC2F3-505C-4113-854B-2DF0D5E9FB29}F:\games\openttd\openttd.exe" = protocol=17 | dir=in | app=f:\games\openttd\openttd.exe |
"UDP Query User{4C1422E1-83E5-43C7-9764-51FA8850EF01}D:\srcds\orangebox\srcds.exe" = protocol=17 | dir=in | app=d:\srcds\orangebox\srcds.exe |
"UDP Query User{4CF31743-5218-4722-9632-A1FD9B453A4B}C:\users\pavel\downloads\lancraft\lancraft.exe" = protocol=17 | dir=in | app=c:\users\pavel\downloads\lancraft\lancraft.exe |
"UDP Query User{4EBA0AFA-A3E6-4C51-91FC-AB153FA339E1}D:\aok\aoc.exe" = protocol=17 | dir=in | app=d:\aok\aoc.exe |
"UDP Query User{5118561F-C0FA-4C53-95C5-381D6DBD2660}C:\users\pavel\downloads\openlierox_0.58_rc3.win32\openlierox\openlierox.exe" = protocol=17 | dir=in | app=c:\users\pavel\downloads\openlierox_0.58_rc3.win32\openlierox\openlierox.exe |
"UDP Query User{513B7E1A-B293-4CDE-B0DA-C75BF7C15234}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{545A84FC-707F-45F5-BEF9-2DF69093EA6B}C:\windows\system32\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dplaysvr.exe |
"UDP Query User{55902086-A49B-448A-BE2E-C318997D8B5C}C:\web\tiny.exe" = protocol=17 | dir=in | app=c:\web\tiny.exe |
"UDP Query User{597D5CE7-0B04-4116-AC0B-F96F41B4B3BE}C:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=17 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"UDP Query User{5B8487FB-6061-4F60-988E-1C6618720771}D:\games\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{5B8DF129-0197-454C-BED9-A7E0B477C9B9}C:\program files\nx client for windows2\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows2\nxclient.exe |
"UDP Query User{5BD59A6C-8D24-434A-A70C-EB3846E5A006}C:\program files\free download manager\fdm.exe" = protocol=17 | dir=in | app=c:\program files\free download manager\fdm.exe |
"UDP Query User{5D4BA6BD-E380-4F9E-A327-EDE41C56AC34}C:\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\mysql\bin\mysqld-nt.exe |
"UDP Query User{5E4AE922-2F77-4550-AEEE-145663AFC745}D:\bf2\bf2.exe" = protocol=17 | dir=in | app=d:\bf2\bf2.exe |
"UDP Query User{5F75EFE9-CBF4-4801-916D-9087355CB8FF}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"UDP Query User{5FA1D339-D704-4653-BB2C-65448C4CF43B}D:\games\starcraft ii\starcraft ii.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\starcraft ii.exe |
"UDP Query User{677AAEEA-0BF1-4052-A222-13B76CC09A6F}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe |
"UDP Query User{6E7EE3A8-3102-440C-8F22-AD417DF753EB}C:\Games\age of empires 2 & the conquerors expansion - full game - [hussey]~\aoc.exe" = protocol=17 | dir=in | app=c:\games\age of empires 2 & the conquerors expansion - full game - [hussey]~\aoc.exe |
"UDP Query User{749D6CA5-BAE8-4548-91F5-38CE1159133F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{76381123-26F3-44F0-9EE0-08D59BA5F3C5}C:\program files\mozilla firefox\firefox.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"UDP Query User{77F3228E-F461-4129-8DA9-79B595A2F3DA}C:\games\magictg\manalink.exe" = protocol=17 | dir=in | app=c:\games\magictg\manalink.exe |
"UDP Query User{7812CE7E-E5CB-4AFE-85BE-A8D49C8D417A}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{79A0A105-EAC6-4B66-A708-4DCD9A5C7EB2}F:\program files\bullfrog\dungeon keeper 2\dkii.exe" = protocol=17 | dir=in | app=f:\program files\bullfrog\dungeon keeper 2\dkii.exe |
"UDP Query User{7A68B5AE-0D76-4B55-818A-395FC5570D79}C:\program files\winscp\winscp.exe" = protocol=17 | dir=in | app=c:\program files\winscp\winscp.exe |
"UDP Query User{7BD0B1F3-790D-47E6-89CE-E7D391DC8005}F:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\games\warcraft iii\war3.exe |
"UDP Query User{7CC5068F-F03C-4CA1-B62E-BE8B07D27A97}D:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=d:\program files\ubisoft\tom clancy's h.a.w.x\hawx.exe |
"UDP Query User{7DEF90B4-0506-463D-BB54-B02A95A3BDB7}C:\program files\edimax\common\apui.exe" = protocol=17 | dir=in | app=c:\program files\edimax\common\apui.exe |
"UDP Query User{8CCE1C07-39E5-441E-8805-5F7D5DBD199B}I:\hry\warcraft iii\war3.exe" = protocol=17 | dir=in | app=i:\hry\warcraft iii\war3.exe |
"UDP Query User{8CDB46FE-2CE8-4444-8463-A7AF93F0290F}C:\program files\qip\qip.exe" = protocol=17 | dir=in | app=c:\program files\qip\qip.exe |
"UDP Query User{90FFE875-F6EF-446F-A89B-482BCE56A81F}D:\aok\age2_x1.exe" = protocol=17 | dir=in | app=d:\aok\age2_x1.exe |
"UDP Query User{9193BB5F-0040-40BB-ADE1-01924724E740}D:\games\openttd_1.2.0\openttd.exe" = protocol=17 | dir=in | app=d:\games\openttd_1.2.0\openttd.exe |
"UDP Query User{928D97B2-EEA6-46A1-B379-2B144DB70BEC}F:\games\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe" = protocol=17 | dir=in | app=f:\games\gas powered games\supreme commander - forged alliance\bin\forgedalliance.exe |
"UDP Query User{9791D1AB-253D-42AE-BBAA-9E92AFE42F79}C:\program files\nx client for windows\nxclient.exe" = protocol=17 | dir=in | app=c:\program files\nx client for windows\nxclient.exe |
"UDP Query User{987B3841-C450-48B3-8EF8-8B38452A9B4A}D:\demigod\bin\demigod.exe" = protocol=17 | dir=in | app=d:\demigod\bin\demigod.exe |
"UDP Query User{9B1645E5-F656-4EEC-BC5D-0F7E22243E3F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{9E2152E4-92BA-4565-87E3-005E1798E204}C:\web\tiny.exe" = protocol=17 | dir=in | app=c:\web\tiny.exe |
"UDP Query User{9F99CE17-7790-409C-9FE1-B1A0811FB091}D:\aok\aoc.exe" = protocol=17 | dir=in | app=d:\aok\aoc.exe |
"UDP Query User{A030329C-4DE9-453D-A362-136A878075CE}D:\cod4\iw3mp.exe" = protocol=17 | dir=in | app=d:\cod4\iw3mp.exe |
"UDP Query User{A402C2A9-93F9-4609-A234-7BA4F387AE7F}C:\program files\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files\opera\opera.exe |
"UDP Query User{A60BC0B7-0C3C-48DA-A8DA-ADADE05DEAC5}C:\program files\netbeans 6.8\bin\netbeans.exe" = protocol=17 | dir=in | app=c:\program files\netbeans 6.8\bin\netbeans.exe |
"UDP Query User{AF3E1A4D-611C-428D-AC3C-3B55FC7805B5}D:\games\sharpkonquest\servidor.exe" = protocol=17 | dir=in | app=d:\games\sharpkonquest\servidor.exe |
"UDP Query User{B16758BF-759F-4405-AB3F-1F9CBF0D55F1}C:\Games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe" = protocol=17 | dir=in | app=c:\games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe |
"UDP Query User{B3CA5B53-D0CA-4A2F-A2BC-8588A22FD655}F:\steam\steamapps\paja_taufer\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\paja_taufer\counter-strike source\hl2.exe |
"UDP Query User{B5F2C45F-5EEA-41CE-90DD-3B92DB50460A}D:\games\starcraft ii\support\blizzarddownloader.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\support\blizzarddownloader.exe |
"UDP Query User{B9FC5551-3BB1-479A-B36B-C5A7E1DF42AA}C:\users\pavel\downloads\tftpd32.400\tftpd32.exe" = protocol=17 | dir=in | app=c:\users\pavel\downloads\tftpd32.400\tftpd32.exe |
"UDP Query User{BA6A2992-D726-4F8B-815E-48858362DA16}F:\steam\steamapps\common\alien swarm\swarm.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\alien swarm\swarm.exe |
"UDP Query User{BA6D7920-EE12-4ABC-B58C-1F28036B0157}F:5\valve\hl.exe" = protocol=17 | dir=in | app=f:5\valve\hl.exe |
"UDP Query User{BB4073BC-0936-40EC-A1B0-14A833462D5B}C:\Games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe" = protocol=17 | dir=in | app=c:\games\age of empires 2 & the conquerors expansion - full game - [hussey]~\age2_x1.exe |
"UDP Query User{BDE51914-5FC2-443C-8C4A-282E59949443}C:\games\magictg\manalink.exe" = protocol=17 | dir=in | app=c:\games\magictg\manalink.exe |
"UDP Query User{BDF87165-87D3-4E73-A149-CBA3296FCEB1}C:\mysql\bin\mysqld-nt.exe" = protocol=17 | dir=in | app=c:\mysql\bin\mysqld-nt.exe |
"UDP Query User{C1D5E18E-DD40-484E-97BB-C1CFB9DB0BA2}C:\downloads\eclipse\eclipse.exe" = protocol=17 | dir=in | app=c:\downloads\eclipse\eclipse.exe |
"UDP Query User{C4F6E645-F750-4A1D-A26C-B0046F90515E}F:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\paja_taufer\half-life 2 deathmatch\hl2.exe |
"UDP Query User{C6ECF8A9-DE21-4E32-B415-BEC7B669A9D2}D:\games\knights and merchants tpr\km_tpr.exe" = protocol=17 | dir=in | app=d:\games\knights and merchants tpr\km_tpr.exe |
"UDP Query User{C74625BB-6F96-4756-9B66-F48C2417F16D}D:\cod5\codwaw_lanfixed.exe" = protocol=17 | dir=in | app=d:\cod5\codwaw_lanfixed.exe |
"UDP Query User{C7F4935C-4148-4589-8787-3573001F0537}D:\aok\age2_x1.exe" = protocol=17 | dir=in | app=d:\aok\age2_x1.exe |
"UDP Query User{C98BDEE7-C8DB-4F47-B15C-95825A9F97B5}F:\strawberry\perl\bin\perl.exe" = protocol=17 | dir=in | app=f:\strawberry\perl\bin\perl.exe |
"UDP Query User{CC741E49-BDE6-49BB-ADF4-FA0BD9B85F70}F:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe" = protocol=17 | dir=in | app=f:\steam\steamapps\common\left 4 dead 2 demo\left4dead2.exe |
"UDP Query User{CCA87253-BCEE-4E64-B366-C0EF969F131E}D:\games\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=d:\games\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{CE90CF8A-083D-40C0-9D98-3A8931D4746F}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe |
"UDP Query User{D12506C2-A100-4882-AA00-54A9EDA01E23}D:\games\kam_remake\kam_remake.exe" = protocol=17 | dir=in | app=d:\games\kam_remake\kam_remake.exe |
"UDP Query User{D1FE5B68-D701-4E2E-A3DF-D3DD88D2BF04}D:\borderlands\binaries\borderlands.exe" = protocol=17 | dir=in | app=d:\borderlands\binaries\borderlands.exe |
"UDP Query User{D9BDE2E4-D192-4FA7-8A52-608F4DF0FD3B}C:\users\pavel\downloads\lancraft\lancraft.exe" = protocol=17 | dir=in | app=c:\users\pavel\downloads\lancraft\lancraft.exe |
"UDP Query User{DF98CCF7-E67C-49DC-A950-6A6DF2CCF7D9}F:\strawberry\perl\bin\perl.exe" = protocol=17 | dir=in | app=f:\strawberry\perl\bin\perl.exe |
"UDP Query User{E55CB07D-088E-4B47-B0AC-1AFB42B53D6F}C:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe" = protocol=17 | dir=in | app=c:\program files\toshiba\bluetooth toshiba stack\tosbtpcs.exe |
"UDP Query User{E60766D7-EFD4-4C7A-88E0-54111377D4F0}C:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe" = protocol=17 | dir=in | app=c:\program files\pinnacle\shared files\programs\strmserver\strmserver.exe |
"UDP Query User{F06FCB71-2666-4095-8F05-2F29FAA21D42}C:\games\valve\hl.exe" = protocol=17 | dir=in | app=c:\games\valve\hl.exe |
"UDP Query User{F4352B88-1DB8-408F-96B6-BB58C8BEA0D7}C:\totalcmd\totalcmd.exe" = protocol=17 | dir=in | app=c:\totalcmd\totalcmd.exe |
"UDP Query User{FA3A0B40-2FEB-460B-AB10-6700A3802B46}C:\windows\system32\dpnsvr.exe" = protocol=17 | dir=in | app=c:\windows\system32\dpnsvr.exe |
"UDP Query User{FE4C92F2-BF26-4A7F-8B4A-CB21C4949870}F:\games\warcraft iii\war3.exe" = protocol=17 | dir=in | app=f:\games\warcraft iii\war3.exe |
"UDP Query User{FE8D1FA5-150C-4E2B-A5C0-E29AA06A2A64}F:\program files\xming\xming.exe" = protocol=17 | dir=in | app=f:\program files\xming\xming.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{044F9133-B8D7-4d11-BF39-803FA20F5C8B}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for Win32
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2™
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{1111706F-666A-4037-7777-210328764D10}" = JavaFX 2.1.0
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{15219EE8-4DCC-C6C5-CB04-351D4DD72ACF}" = Catalyst Control Center InstallProxy
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{196E77C5-F524-4B50-BD1A-2C21EEE9B8F7}" = Microsoft SQL Server 2008 Common Files
"{1C1DF401-0A3E-49C8-85AD-EB3C9F82A275}" = 3531-W-I32-D SATARAID5
"{1D222324-249C-4744-8784-3377909C59B3}" = Power Toys for the Microsoft .NET Compact Framework 3.5
"{1D458E06-924D-5131-1343-DCD16990C9CA}" = Creeper World
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24aab420-4e30-4496-9739-3e216f3de6ae}" = Python 2.6.2
"{26A24AE4-039D-4CA4-87B4-2F83216014FF}" = Java™ 6 Update 14
"{26A24AE4-039D-4CA4-87B4-2F83217004FF}" = Java™ 7 Update 4
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2FA41EBB-3F5A-35C3-85D6-51EC72A11FBD}" = Google Gears
"{31D95937-B237-405D-920C-A3EF4E482395}" = Supreme Commander - Forged Alliance
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3C3D696B-0DB7-3C6D-A356-3DB8CE541918}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{3D374523-CFDE-461A-827E-2A102E2AB365}" = Star Wars Battlefront II
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{3F4EC965-28EF-45C3-B063-04B25D4E9679}" = WIDCOMM Bluetooth Software
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4815BD99-96A4-49FE-A885-DCF06E9E4E78}" = Microsoft SQL Server 2008 Database Engine Shared
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A57592C-FF92-4083-97A9-92783BD5AFB4}" = WebCam
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{4E98F23B-1328-4322-A6EC-2EDC8FC3A4FE}" = FontNav
"{564D0000-547B-4ED8-8070-85286CC8C9BF}" = OpenOffice.org 3.0
"{58721EC3-8D4E-4B79-BC51-1054E2DDCD10}" = Microsoft SQL Server 2008 Database Engine Services
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5BE1E709-30E4-3D6D-A708-96CE8D5E5E8D}" = Microsoft Windows SDK for Visual Studio 2008 SP1 Express Tools for .NET Framework - enu
"{5C82DAE5-6EB0-4374-9254-BE3319BA4E82}" = Skype™ 3.8
"{62C68336-B969-4097-B0BD-A3A0FBFD59C1}" = Mumble 1.2.3
"{641E3749-55CD-DD82-8480-6C95C3A175BA}" = Creeper World 2 Demo
"{6463EA8A-08AE-48BB-A921-A570CA34F28B}" = Magic The Gathering
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis True Image Home
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D316D67-DA52-4659-9C98-F479963534D6}" = Audiosurf
"{6E298B0A-558C-4138-0096-740677B382CD}" = LOTR The Return of the King tm
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{78437DF6-E0CB-4284-A691-3946AD5D9117}" = Sins Editor
"{7C5123A9-30A8-4C44-89CA-A8C87A1FCC91}" = CorelDRAW Graphics Suite X3
"{7C7AC2D4-1077-45C8-826A-16445B5E0DB7}" = Pinnacle DistanTV Server
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83B2A1BD-E740-4DB8-879E-139C4D0EC1DE}" = Pharaoh - Including Cleopatra Expansion
"{842FAF7C-50EF-4463-9B8F-6222E1384D7D}" = Microsoft Windows SDK for Visual Studio 2008 Headers and Libraries
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88C2CD27-D2B4-4CFC-9A62-C77F37783C87}" = Picturenaut 3.2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Centrum zařízení Windows Mobile
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Turbo Memory a Intel® Matrix Storage Manager
"{928D2FB1-291A-362B-89A4-7075A9D904A4}" = Microsoft Windows SDK for Windows 7 (7.1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A996B6A-846E-4A89-B9C4-17546B7BE49F}" = Burnout™ Paradise The Ultimate Box
"{9ABFB92D-93DA-49EE-8ABF-F8195DE45CA9}" = Counter-Strike 1.6
"{9B22D565-E159-7E51-015E-C35CA2C55F5F}" = Creeper World 2
"{9C5118F7-E26D-4fc0-B7F4-4A067A0808FA}_is1" = iMacros Version 8.0.1.1895
"{9D6D76A6-4328-49E8-97A7-531A74841DA5}" = Microsoft SQL Server 2008 Setup Support Files (English)
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{a517a98e-d5c2-41ea-a12d-47365cbd8813}.sdb" = MagicTG
"{A73228B5-F869-3044-B3D8-7D3F0F3A5987}" = Strawberry Perl
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1029-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Czech
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{AF79E1E0-EB3B-A08A-624B-08F7296DFD65}" = AMD Catalyst Install Manager
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Display Control Panel
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA Systémový software PhysX 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{B857D868-F8B0-43EE-BC2B-D9E5ED21F237}" = Microsoft SQL Server VSS Writer
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BBB3F622-D848-4CDA-B282-CC53627432F0}" = Microsoft Application Compatibility Toolkit 5.0
"{C194D333-B84A-4BB7-B35E-060732D98DC4}" = GPGNet
"{C688457E-03FD-4941-923B-A27F4D42A7DD}" = Microsoft SQL Server 2008 Browser
"{C776FEF6-2F0E-11DD-1194-001422FBF4CC}_is1" = libsndfile-1.0.25
"{C94E45B0-6AA6-4FB9-9AAE-22085F631880}" = VBA
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBABD744-5D6C-6A14-7472-81B313A3C4AF}" = Creeper World 2 Editor
"{CCF7074B-BE72-44E1-9CAC-3FFAC582C692}" = CZ
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}" = Bluetooth Stack for Windows by Toshiba
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D64833F8-860D-4216-8EDC-DD08AD68C0B5}" = LibreOffice 3.4
"{D8087907-E255-3A41-A46D-D0F798709C71}" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"{D9D937B0-E842-4130-9588-B948E876904A}" = Microsoft SQL Server 2008 Native Client
"{E7044E25-3038-4A76-9064-344AC038043E}" = Aktualizace ovladače pro aplikaci Centrum zařízení Windows Mobile
"{E7F9E526-2324-437B-A609-E8C5309465CB}" = Microsoft Windows Performance Toolkit
"{E91E8912-769D-42F0-8408-0E329443BABC}" = Edimax Wireless LAN
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.115
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1DC7648-8623-442F-92B7-E118DF61872E}" = Microsoft SQL Server 2008 RsFx Driver
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F38ADCA4-AF7C-4C73-9021-6F1EA15D15EA}" = Pinnacle TVCenter Pro
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"{F428D0FB-765D-40EB-BDD8-A1E7F5C597FA}" = Update Manager
"{FCED9B62-34FF-4C15-8A23-F65221F7874D}" = ITECIR Driver
"{FD3BF840-973E-B730-E392-C59C4C2FF806}" = Creeper World Map Editor
"{FDE049C8-E4B2-4EB5-A534-CF5C581F5D32}_is1" = KaM Remake Full r3392
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"2ADF4484850200A062B66ED19240994480D85943" = Balíček ovladače systému Windows - ITE Tech.Inc. (itecir) HIDClass (01/05/2007 5.0.0003.2)
"4F3966A38CEE845CD2C09F9132F5029E9AD6FE07" = Balíček ovladače systému Windows - Intel (NETwNv32) net (01/19/2011 13.5.0.6)
"5F78770CB9122DFEC89ABDD689B887BCF061343C" = Balíček ovladače systému Windows - Intel (NETwLv32) net (10/07/2010 13.4.0.139)
"Active WebCam" = Active WebCam
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"AVG9Uninstall" = AVG Free 9.0
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"BF2ALL64" = BF2ALL64
"CardRecovery" = CardRecovery
"CreeperMap.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World Map Editor
"CreeperWorld.A43EBFBEAB43B4ADC42FB67A9246E19C6E8214AC.1" = Creeper World
"CreeperWorld2.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World 2
"CreeperWorld2Demo.BA6B793AB2C9FDD744493F22666C1F8DFA806A5E.1" = Creeper World 2 Demo
"CreeperWorld2Editor" = Creeper World 2 Editor
"DancingGorilla_is1" = DancingGorilla 1.1.4/1.06
"DebugBar" = DebugBar v5.4.1 for Internet Explorer (remove only)
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"EatCam Webcam Recorder Pro 4.0_is1" = EatCam Webcam Recorder Pro 4.0
"Erlang OTP R13B02 (5.7.3)" = Erlang OTP R13B02 (5.7.3)
"Fiddler2" = Fiddler
"Free Download Manager_is1" = Free Download Manager 3.0
"Git_is1" = Git version 1.7.4-preview20110204
"GPG4Win" = Gpg4win (2.1.0)
"Half-Life Dedicated Server Update Tool" = Half-Life Dedicated Server Update Tool
"HijackThis" = HijackThis 2.0.2
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer Generals
"InstallShield_{07A540AB-D785-11D5-8E89-0090275862A0}" = Corel Graphics Suite 11
"InstallShield_{6463EA8A-08AE-48BB-A921-A570CA34F28B}" = Magic The Gathering
"InstallShield_{CADDE354-C78C-46CB-A006-E2B178EFC271}" = Rise Of Legends
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and ConquerTM Generals Zero Hour
"InterBase" = InterBase 6.5
"jdownloader09" = JDownloader 0.9
"JRE 1.2" = Java 2 Runtime Environment Standard Edition v1.2.2
"KLiteCodecPack_is1" = K-Lite Codec Pack 6.9.0 (Full)
"Knights and Merchants - The Peasants Rebellion_is1" = Knights and Merchants - The Peasants Rebellion
"LogMeIn Hamachi" = LogMeIn Hamachi
"LyX20" = LyX 2.0.2-1
"Machinarium" = Machinarium
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware verze 1.65.1.1000
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Security Client" = Microsoft Security Essentials
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Microsoft Visual C++ 2008 Express Edition with SP1 - ENU" = Microsoft Visual C++ 2008 Express Edition with SP1 - ENU
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox (3.0.19)" = Mozilla Firefox (3.0.19)
"MSYS-1.0_is1" = "Minimal SYStem 1.0.10"
"nbi-nb-base-6.8.0.0.0" = NetBeans IDE 6.8
"nbi-nb-base-6.9.0.0.0" = NetBeans IDE 6.9
"nbi-nb-base-7.1.2.0.0" = NetBeans IDE 7.1.2
"Notebook Hardware Control" = Notebook Hardware Control 2.0 Pre-Release-06
"NVIDIA Drivers" = NVIDIA Drivers
"nxclient_is1" = NX Client for Windows 2.1.0-16
"OpenAL" = OpenAL
"Opera 12.00.1467" = Opera 12.00
"PC Translator" = PC Translator
"Plants Vs Zombies" = Plants Vs Zombies
"Psaní všemi deseti_is1" = Psaní všemi deseti 1.5
"PSPad editor_is1" = PSPad editor
"Qt SDK 2010.02.1 - C:_Qt_2010.02.1" = Qt SDK 2010.02.1
"RADVideo" = RAD Video Tools
"RealAlt_is1" = Real Alternative 2.0.2
"RiseOfNationsExpansion 1.0" = Rise of Nations
"SDKSetup_7.1.7600.0.30514" = Microsoft Windows SDK for Windows 7 (7.1)
"Sea3D_is1" = Sea3D 1.2.0a
"Sins of a Solar Empire Trinity_is1" = Sins of a Solar Empire Trinity
"SMSERIAL" = Motorola SM56 Data Fax Modem
"Steam App 11020" = TrackMania Nations Forever
"Steam App 17520" = Synergy
"Steam App 220" = Half-Life 2
"Steam App 340" = Half-Life 2: Lost Coast
"Steam App 380" = Half-Life 2: Episode One
"Steam App 400" = Portal
"Steam App 420" = Half-Life 2: Episode Two
"Steam App 440" = Team Fortress 2
"Steam App 510" = Left 4 Dead Dedicated Server
"Steam App 513" = Left 4 Dead Authoring Tools Beta
"Steam App 590" = Left 4 Dead 2 Demo
"Steam App 620" = Portal 2
"Steam App 630" = Alien Swarm
"Steam App 640" = Alien Swarm - SDK
"SWI-Prolog" = SWI-Prolog (remove only)
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"Total Video Converter 3.11_is1" = Total Video Converter 3.11
"Totalcmd" = Total Commander (Remove or Repair)
"Traffic Giant" = Traffic Giant
"Update Engine" = Sony Ericsson Update Engine
"WinDjView" = WinDjView 1.0.3
"WinGimp-2.0_is1" = GIMP 2.6.6
"WinPcapInst" = WinPcap 4.1.2
"WinRAR archiver" = WinRAR
"winscp3_is1" = WinSCP 4.2.1 beta
"Wireshark" = Wireshark 1.8.3 (32-bit)
"Xming_is1" = Xming 6.9.0.31

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{226b64e8-dc75-4eea-a6c8-abcb496320f2}-Google Talk" = Google Talk (remove only)
"Google Chrome" = Google Chrome
"QIP 2005" = QIP 2005 8092
"TeXLive2012" = TeX Live 2012

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 2.1.2013 17:42:58 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace nprg054_1.exe, verze 0.0.0.0, časové razítko 0x50e4a9dc,
chybující modul libgcc_s_dw2-1.dll, verze 0.0.0.0, časové razítko 0x4a404122, kód
výjimky 0xc0000094, posun chyby 0x00003c4f, ID procesu 0x1b94, čas spuštění aplikace
0x01cde9321f3165a0.

Error - 4.1.2013 22:01:44 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace FreeISOBurner.exe, verze 0.0.0.0, časové razítko
0x4d2b16db, chybující modul kernel32.dll, verze 6.0.6002.18704, časové razítko
0x5065ccb6, kód výjimky 0xc0000005, posun chyby 0x000bff8d, ID procesu 0x16fc, čas
spuštění aplikace 0x01cdeae653540d20.

Error - 5.1.2013 20:48:50 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace php.exe, verze 5.1.2.2, časové razítko 0x43c526cd,
chybující modul ntdll.dll, verze 6.0.6002.18541, časové razítko 0x4ec3e3d5, kód
výjimky 0xc0000005, posun chyby 0x0003dd6d, ID procesu 0x14b8, čas spuštění aplikace
0x01cdeba79644553f.

Error - 5.1.2013 20:48:57 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace php.exe, verze 5.1.2.2, časové razítko 0x43c526cd,
chybující modul ntdll.dll, verze 6.0.6002.18541, časové razítko 0x4ec3e3d5, kód
výjimky 0xc0000005, posun chyby 0x0003dd6d, ID procesu 0x17f4, čas spuštění aplikace
0x01cdeba79ba78f6d.

Error - 5.1.2013 20:49:09 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace php.exe, verze 5.1.2.2, časové razítko 0x43c526cd,
chybující modul ntdll.dll, verze 6.0.6002.18541, časové razítko 0x4ec3e3d5, kód
výjimky 0xc0000005, posun chyby 0x0003dd6d, ID procesu 0x7a4, čas spuštění aplikace
0x01cdeba7a3132a0d.

Error - 5.1.2013 21:41:39 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace putty.exe, verze 0.60.0.0, časové razítko 0x463484d0,
chybující modul putty.exe, verze 0.60.0.0, časové razítko 0x463484d0, kód výjimky
0xc0000005, posun chyby 0x00040f93, ID procesu 0x1454, čas spuštění aplikace 0x01cdeba489b77ae8.

Error - 5.1.2013 22:09:36 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace putty.exe, verze 0.60.0.0, časové razítko 0x463484d0,
chybující modul putty.exe, verze 0.60.0.0, časové razítko 0x463484d0, kód výjimky
0xc0000005, posun chyby 0x00040f83, ID procesu 0x11d4, čas spuštění aplikace 0x01cdebaf00cb8262.

Error - 5.1.2013 22:17:25 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace putty.exe, verze 0.60.0.0, časové razítko 0x463484d0,
chybující modul putty.exe, verze 0.60.0.0, časové razítko 0x463484d0, kód výjimky
0xc0000005, posun chyby 0x00040f83, ID procesu 0xec8, čas spuštění aplikace 0x01cdebb2e5464242.

Error - 5.1.2013 22:32:57 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace putty.exe, verze 0.60.0.0, časové razítko 0x463484d0,
chybující modul putty.exe, verze 0.60.0.0, časové razítko 0x463484d0, kód výjimky
0xc0000005, posun chyby 0x00040f93, ID procesu 0x15e0, čas spuštění aplikace 0x01cdebb407c56f9e.

Error - 5.1.2013 22:51:56 | Computer Name = Pavel-ntb | Source = Application Error | ID = 1000
Description = Chybující aplikace putty.exe, verze 0.60.0.0, časové razítko 0x463484d0,
chybující modul putty.exe, verze 0.60.0.0, časové razítko 0x463484d0, kód výjimky
0xc0000005, posun chyby 0x00040f83, ID procesu 0xc00, čas spuštění aplikace 0x01cdebb7d31cd7cf.

[ System Events ]
Error - 5.1.2013 18:10:34 | Computer Name = Pavel-ntb | Source = Service Control Manager | ID = 7000
Description =

Error - 5.1.2013 18:11:40 | Computer Name = Pavel-ntb | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =

Error - 5.1.2013 18:15:11 | Computer Name = Pavel-ntb | Source = Dhcp | ID = 1002
Description = Zapůjčení adresy IP 192.168.1.101 pro síťovou kartu s adresou 00030D7A021A
byla serverem DHCP 192.168.1.254 odmítnuta. (Server DHCP odeslal zprávu DHCPNACK).

Error - 6.1.2013 19:39:10 | Computer Name = Pavel-ntb | Source = Service Control Manager | ID = 7034
Description =

Error - 6.1.2013 19:39:15 | Computer Name = Pavel-ntb | Source = Service Control Manager | ID = 7030
Description =

Error - 6.1.2013 19:44:05 | Computer Name = Pavel-ntb | Source = EventLog | ID = 6008
Description = Předchozí vypnutí systému (0:40:16, 7.1.2013) bylo neočekávané.

Error - 6.1.2013 19:44:22 | Computer Name = Pavel-ntb | Source = Service Control Manager | ID = 7000
Description =

Error - 6.1.2013 19:44:22 | Computer Name = Pavel-ntb | Source = Service Control Manager | ID = 7000
Description =

Error - 6.1.2013 19:44:22 | Computer Name = Pavel-ntb | Source = Service Control Manager | ID = 7000
Description =

Error - 6.1.2013 19:45:25 | Computer Name = Pavel-ntb | Source = Microsoft-Windows-LanguagePackSetup | ID = 1001
Description =


< End of report >

#13 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 07 January 2013 - 10:20 AM

I need to check further on the ZeroAccess issue.

Download correct tool for your operating system.
Farbar Recovery Scan Tool (64 bit)
Farbar Recovery Scan Tool (32 bit)
and save it to a flash drive.

Plug the flash drive into the infected PC.

Restart your computer and tap F8 to bring up the Advanced Menu, then click Repair your computer

Follow the prompt to enter keyboard input method, and then the prompt to enter a password. If the machine does not have a password, simply click Enter.

In the next menu, use the arrow keys on the keyboard to highlight Command Prompt and press Enter.
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst64.exe and press Enter. Or FRST.exe if 32 bit system.

    Note: Replace letter e with the drive letter of your flash drive.

  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.


#14 pajasas

pajasas
  • Topic Starter

  • Members
  • 26 posts
  • OFFLINE
  •  
  • Local time:04:47 AM

Posted 07 January 2013 - 11:46 AM

Pressing F8 before start brings up a menu, but there is no repair option. However I did get to repair menu (and a command promt) a few times before by booting from vista install dvd. Should I do that instead?

#15 nasdaq

nasdaq

  • Malware Response Team
  • 40,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:11:47 PM

Posted 07 January 2013 - 02:04 PM

Yes try it.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users