Prosím o kontrolu (padání internetu)

[Michal_Tuma]

Dobrý den,
chtěl bych Vás poprosit o pomoc. Od doby co jsem se znovu ubytoval na koleji (ji po 4.) mi zde pořád padá internet (resp. celá kolejní síť) - najednou jakoby síťový kabel nebyl vůbec připojen k počítači. Na kolejních stránkách se objevila zmínka, že něco podobného putuje po síti, a že si máme aktualizovat firewall a projet počítač antivirovým programem, nicméně NOD ani Win Defender nic nenašel. Děkuji


Logfile of random's system information tool 1.09 (written by random/random)
Run by Michal Tůma at 2012-10-24 19:14:05
Microsoft Windows 7 Professional Service Pack 1
System drive C: has 411 GB (89%) free of 463 GB
Total RAM: 4063 MB (39% free)

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 19:14:56, on 24.10.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Unable to get Internet Explorer version!
Boot mode: Normal

Running processes:
C:\Program Files (x86)\Rocket Dock\RocketDock.exe
C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\PlayMemories Home\PMBVolumeWatcher.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisTSR.exe
C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
C:\Program Files (x86)\Windows Media Player\wmplayer.exe
C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Program Files\trend micro\Michal Tůma.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = proxy.vscht.cz:3128
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
F2 - REG:system.ini: UserInit=userinit.exe
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\bin\ssv.dll
O2 - BHO: EgisPBIE - {7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9} - C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisPBIE.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\bin\jp2ssv.dll
O2 - BHO: SmartSelect - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O4 - HKLM\..\Run: [VitaKeyTSR] C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisTSR.exe /run
O4 - HKLM\..\Run: [QlbCtrl.exe] C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" MSRun
O4 - HKLM\..\Run: [Adobe Acrobat Speed Launcher] "C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe"
O4 - HKLM\..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\PlayMemories Home\PMBVolumeWatcher.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [AlcoholAutomount] "C:\Program Files (x86)\Alcohol\AxAutoMntSrv.exe" -automount
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\Rocket Dock\RocketDock.exe"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETWORK SERVICE')
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Od&eslat do aplikace OneNote - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (file missing)
O9 - Extra 'Tools' menuitem: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Program Files (x86)\ICQ7M\ICQ.exe (file missing)
O9 - Extra button: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: P&ropojené poznámky aplikace OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.macromedia.com/get/s ... wflash.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Služba Acronis Scheduler2 (AcrSch2Svc) - Acronis - C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
O23 - Service: Služba Acronis Nonstop Backup (afcdpsrv) - Acronis - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: Com4QLBEx - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: EgisTec Service - Egis Technology Inc. - C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisService.exe
O23 - Service: EgisTec Ticket Service - Egis Technology Inc. - C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\x86\ekrn.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: HP Service (hpsrv) - Unknown owner - C:\Windows\system32\Hpservice.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: PMBDeviceInfoProvider - Sony Corporation - C:\Program Files (x86)\PlayMemories Home\PMBDeviceInfoProvider.exe
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: ServiceLayer - Nokia - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files (x86)\Skype\Updater\Updater.exe
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Audio Service (STacSV) - IDT, Inc. - C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
O23 - Service: SwitchBoard - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Validity VCS Fingerprint Service (vcsFPService) - Validity Sensors, Inc. - C:\Windows\system32\vcsFPService.exe
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\Wat\WatUX.exe,-601 (WatAdminSvc) - Unknown owner - C:\Windows\system32\Wat\WatAdminSvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 11588 bytes

======Listing Processes======

\SystemRoot\System32\smss.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
wininit.exe
%SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
winlogon.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\Hpservice.exe
C:\Windows\system32\vcsFPService.exe
atieclxx
"C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe"
"C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisService.exe"
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
"C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe"
"C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe"
C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
"C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe"
"C:\Program Files\ESET\x86\ekrn.exe"
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
"C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe"
"C:\Program Files (x86)\PlayMemories Home\PMBDeviceInfoProvider.exe"
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k bthsvcs
"C:\Windows\system32\WUDFHost.exe" -HostGUID:{193a1820-d9ac-4997-8c55-be817523f6aa} -IoEventPortName:HostProcess-75efc50e-1f73-4280-b9aa-4fc43d15b5ec -SystemEventPortName:HostProcess-dd23800d-2775-4005-b9a3-36ecb060eb46 -IoCancelEventPortName:HostProcess-5292b929-38d2-465e-8e72-d963b06d1a0f -NonStateChangingEventPortName:HostProcess-237bf315-f89a-49ad-a652-7e8f20a185c6 -ServiceSID:S-1-5-80-2652678385-582572993-1835434367-1344795993-749280709 -LifetimeId:1459da79-4ee8-4712-890b-66187b321755
C:\Windows\System32\svchost.exe -k secsvcs
"taskhost.exe"
"C:\Windows\system32\Dwm.exe"
C:\Windows\Explorer.EXE
"C:\Program Files\Synaptics\SynTP\SynTPEnh.exe"
"C:\Program Files\ESET\egui.exe" /hide /waitservice
"C:\Program Files\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe"
"C:\Program Files (x86)\Rocket Dock\RocketDock.exe"
"C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe" /Start
"C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
"C:\Program Files (x86)\PlayMemories Home\PMBVolumeWatcher.exe"
"C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"C:\Program Files (x86)\ATI\Catalyst\ATI.ACE\Core-Static\MOM" PriorityLow
"C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe"
C:\Windows\system32\wbem\wmiprvse.exe
"C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisTSR.exe"
C:\Windows\system32\SearchIndexer.exe /Embedding
"C:\Program Files\Windows Media Player\wmpnetwk.exe"
"C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe"
"C:\Program Files (x86)\ATI\Catalyst\ATI.ACE\Core-Static\CCC.exe" 0
"C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe"
C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
{B3AC0A52-1D96-44F0-B3F0-0FA3BEC567CB}
{259DD41C-C012-4683-BF2A-75C0796F6E7F}
"C:\Program Files\Windows Defender\MSASCui.exe" /ScanNow
C:\Windows\servicing\TrustedInstaller.exe
"C:\Windows\system32\wuauclt.exe"
"C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe4_ Global\UsGthrCtrlFltPipeMssGthrPipe4 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
"C:\Program Files (x86)\Windows Media Player\wmplayer.exe" /Play -Embedding
"C:\Windows\system32\wuauclt.exe" /RunHandlerComServer
C:\Windows\system32\msiexec.exe /V
"C:\Windows\SoftwareDistribution\Download\Install\Windows-KB890830-x64-V4.13-delta.exe" /Q /W
c:\3b645eecfcea56020c2ee21f\mrtstub.exe /Q /W
"C:\Windows\system32\MRT.exe" /Q /W
"C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe"
"C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxSearchSuggest/3/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4712.0.1136015859\1632665083" /prefetch:3
"C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxSearchSuggest/3/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4712.1.1488849534\941160283" /prefetch:3
"C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxSearchSuggest/3/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4712.2.1039506457\216707224" /prefetch:3
"C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxSearchSuggest/3/Prerender/ContentPrefetchPrerender1/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --extension-process --renderer-print-preview --channel="4712.3.850258811\1543695772" /prefetch:3
"C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/3/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4712.6.1855501769\1945403397" /prefetch:3
"C:\Users\Michal Tůma\AppData\Local\Google\Chrome\Application\chrome.exe" --type=renderer --lang=cs --force-fieldtrials=ConnCountImpact/conn_count_6/ConnnectBackupJobs/ConnectBackupJobsEnabled/DnsImpact/default_enabled_prefetch/GlobalSdch/global_enable_sdch/IdleSktToImpact/idle_timeout_10/OmniboxDisallowInlineHQP/Standard/OmniboxHQPNewScoring/Standard/OmniboxSearchSuggest/3/Prerender/ContentPrefetchPrerender1/PrerenderFromOmnibox/OmniboxPrerenderEnabled/ProxyConnectionImpact/proxy_connections_32/SBInterstitial/V2/SpdyCwnd/cwnd10/SpdyImpact/spdy3/UMA-Dynamic-Binary-Uniformity-Trial/default/UMA-Uniformity-Trial-1-Percent/group_30/UMA-Uniformity-Trial-10-Percent/group_02/UMA-Uniformity-Trial-20-Percent/group_02/UMA-Uniformity-Trial-5-Percent/group_07/UMA-Uniformity-Trial-50-Percent/default/WarmSocketImpact/warm_socket/ --renderer-print-preview --channel="4712.7.1483661674\1705810030" /prefetch:3
taskhost.exe $(Arg0)
"C:\Users\Michal Tůma\Downloads\RSITx64.exe"
"C:\Windows\system32\SearchFilterHost.exe" 0 508 512 520 65536 516
C:\Windows\system32\wbem\wmiprvse.exe

======Scheduled tasks folder======

C:\Windows\tasks\Adobe Flash Player Updater.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1891136015-2628778241-2636959994-1000Core.job
C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1891136015-2628778241-2636959994-1000UA.job

=========Mozilla firefox=========

ProfilePath - C:\Users\Michal Tůma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default

prefs.js - "browser.startup.homepage" - "www.hattrick.org"

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\SysWOW64\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files (x86)\Java\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0]
"Description"=Microsoft SharePoint Plug-in for Firefox
"Path"=C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin]
"Description"=Nokia Suite Enabler Plugin
"Path"=C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\Adobe Acrobat]
"Description"=Handles PDFs in-place in Firefox
"Path"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll


[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@adobe.com/FlashPlayer]
"Description"=Adobe® Flash® Player 11.4.402.278 Plugin
"Path"=C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/DTPlugin,version=10.7.2]
"Description"=Java™ Deployment Toolkit
"Path"=C:\Windows\system32\npDeployJava1.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2]
"Description"=Oracle® Next Generation Java™ Plug-In
"Path"=C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/GENUINE]
"Description"=
"Path"=disabled

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0]
"Description"=Ag Player Plugin
"Path"=c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0]
"Description"=Office Authorization plug-in for NPAPI browsers
"Path"=C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL

[HKEY_LOCAL_MACHINE\SOFTWARE\MozillaPlugins\adobe.com/AdobeAAMDetect]
"Description"=
"Path"=C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll

C:\Program Files (x86)\Mozilla Firefox\extensions\
{972ce4c6-7e08-4474-a285-3208198ce6fd}

C:\Program Files (x86)\Mozilla Firefox\components\
binary.manifest
browsercomps.dll
nsIQTScriptablePlugin.xpt

C:\Program Files (x86)\Mozilla Firefox\plugins\
np-mswmp.dll
npqtplugin.dll
npqtplugin2.dll
npqtplugin3.dll
npqtplugin4.dll
npqtplugin5.dll
npqtplugin6.dll
npqtplugin7.dll
QuickTimePlugin.class
WMP Firefox Plugin License.rtf
WMP Firefox Plugin RelNotes.txt

C:\Program Files (x86)\Mozilla Firefox\searchplugins\
google.xml
heureka-cz.xml
jyxo-cz.xml
seznam-cz.xml
slunecnice-cz.xml
wikipedia-cz.xml

C:\Users\Michal Tůma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\
{9d1f059c-cada-4111-9696-41a62d64e3ba}

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files\Java\jre7\bin\ssv.dll [2012-09-22 537576]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Sign-in Helper - C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\x64\EgisPBIE.dll [2011-09-15 721968]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL [2010-12-21 689040]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre7\bin\jp2ssv.dll [2012-09-22 193512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-07-27 63944]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
Java(tm) Plug-In SSV Helper - C:\Program Files (x86)\Java\bin\ssv.dll [2012-09-25 449512]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7B51CCBE-4AF9-44A6-BDAB-D7F7E4C4E6F9}]
EgisPBIE Sign-in Helper - C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisPBIE.dll [2011-09-15 533040]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AE7CD045-E861-484f-8273-0445EE161910}]
Adobe PDF Conversion Toolbar Helper - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27 341448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}]
Office Document Cache Handler - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL [2010-12-21 561552]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files (x86)\Java\bin\jp2ssv.dll [2012-09-25 155384]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F4971EE7-DAA0-4053-9964-665D8EE6A077}]
SmartSelect Class - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27 341448]

[HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Microsoft\Internet Explorer\Toolbar]
{47833539-D0C5-4125-9FA8-0819E2EAAC93} - Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-07-27 341448]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"=C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2011-10-14 2837288]
"egui"=C:\Program Files\ESET\egui.exe [2012-03-07 4081008]
"HP Input Device Main Program"=C:\Program Files\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe [2008-10-16 530432]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"=C:\Program Files (x86)\Alcohol\AxAutoMntSrv.exe [2010-08-20 33120]
"RocketDock"=C:\Program Files (x86)\Rocket Dock\RocketDock.exe [2009-06-15 495616]
""= []

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Acrobat Assistant 8.0]
C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [2012-07-27 823224]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2012-07-27 919008]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeAAMUpdater-1.0]
C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2012-09-20 444904]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AdobeCS6ServiceManager]
C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [2012-06-25 1073352]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [2012-02-20 59240]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisTecPMMUpdate]
C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [2011-06-22 418672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EgisUpdate]
C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [2011-06-22 202608]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Update]
C:\Users\Michal Tůma\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-21 116648]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
C:\Program Files (x86)\QuickTime\QTTask.exe [2012-04-18 421888]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Služba Acronis Scheduler2]
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe [2011-10-13 394744]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SwitchBoard]
C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SysTrayApp]
C:\Program Files\IDT\WDM\sttray64.exe []

[HKEY_LOCAL_MACHINE\Software\wow6432node\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyTSR"=C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisTSR.exe [2011-09-15 384048]
"QlbCtrl.exe"=C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe [2010-02-25 323640]
"TrueImageMonitor.exe"=C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe [2011-10-13 5574456]
"StartCCC"=C:\Program Files (x86)\ATI\Catalyst\ATI.ACE\Core-Static\CLIStart.exe [2012-07-04 641704]
""= []
"Adobe Acrobat Speed Launcher"=C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [2012-07-27 36800]
"PMBVolumeWatcher"=C:\Program Files (x86)\PlayMemories Home\PMBVolumeWatcher.exe [2012-08-20 724576]
"SunJavaUpdateSched"=C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [2012-07-03 252848]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED}

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\explorer\SharedTaskScheduler]
ObjectDockShellExt - {1984D045-52CF-49cd-DB77-08F378FEA4DB} - C:\Program Files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll []

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa]
"notification packages"=scecli
EgisPwdFilter
EgisDSPwdFilter

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"=credssp.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\AFD]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"ConsentPromptBehaviorAdmin"=0
"ConsentPromptBehaviorUser"=3
"EnableLUA"=0
"EnableUIADesktopToggle"=0
"PromptOnSecureDesktop"=0
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1
"EnableLinkedConnections"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoActiveDesktop"=1
"NoActiveDesktopChanges"=1
"ForceActiveDesktopOn"=0

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Drivers32]
"vidc.mrle"=msrle32.dll
"vidc.msvc"=msvidc32.dll
"msacm.imaadpcm"=imaadp32.acm
"msacm.msg711"=msg711.acm
"msacm.msgsm610"=msgsm32.acm
"msacm.msadpcm"=msadp32.acm
"midimapper"=midimap.dll
"wavemapper"=msacm32.drv
"VIDC.UYVY"=msyuv.dll
"VIDC.YUY2"=msyuv.dll
"VIDC.YVYU"=msyuv.dll
"VIDC.IYUV"=iyuv_32.dll
"vidc.i420"=iyuv_32.dll
"VIDC.YVU9"=tsbyuv.dll
"msacm.l3acm"=C:\Windows\System32\l3codeca.acm
"wave1"=wdmaud.drv
"midi1"=wdmaud.drv
"mixer1"=wdmaud.drv
"aux1"=wdmaud.drv
"MSVideo8"=VfWWDM32.dll
"wave"=wdmaud.drv
"midi"=wdmaud.drv
"mixer"=wdmaud.drv
"msacm.l3pacm"=l3codecp.acm
"msacm.aacacm"=AACACM.acm
"msacm.ac3acm"=ac3acm.acm
"VIDC.LAGS"=lagarith.dll
"VIDC.FFDS"=ff_vfw.dll
"vidc.x264"=x264vfw.dll
"msacm.ac3filter"=ac3filter.acm
"VIDC.MLCY"=mlc.dll

======File associations======

.js - edit - C:\Windows\System32\Notepad.exe %1
.js - open - C:\Windows\System32\WScript.exe "%1" %*

======List of files/folders created in the last 1 month======

2012-10-24 19:14:10 ----D---- C:\Program Files\trend micro
2012-10-24 19:14:05 ----D---- C:\rsit
2012-10-24 19:10:01 ----D---- C:\Windows\system32\MpEngineStore
2012-10-24 19:07:56 ----D---- C:\3b645eecfcea56020c2ee21f
2012-10-24 19:05:44 ----D---- C:\Program Files (x86)\MSXML 4.0
2012-10-24 17:00:44 ----A---- C:\Windows\SYSWOW64\WindowsAccessBridge-32.dll
2012-10-24 17:00:44 ----A---- C:\Windows\SYSWOW64\javaw.exe
2012-10-24 17:00:44 ----A---- C:\Windows\SYSWOW64\java.exe

======List of files/folders modified in the last 1 month======

2012-10-24 19:14:56 ----D---- C:\Windows\Temp
2012-10-24 19:14:10 ----RD---- C:\Program Files
2012-10-24 19:10:01 ----D---- C:\Windows\System32
2012-10-24 19:07:59 ----A---- C:\Windows\system32\MRT.exe
2012-10-24 19:07:54 ----SHD---- C:\Windows\Installer
2012-10-24 19:07:52 ----D---- C:\ProgramData\Microsoft Help
2012-10-24 19:06:27 ----D---- C:\Windows\winsxs
2012-10-24 19:06:20 ----D---- C:\Windows\SysWOW64
2012-10-24 19:06:12 ----D---- C:\Windows
2012-10-24 19:05:44 ----RD---- C:\Program Files (x86)
2012-10-24 19:02:03 ----SHD---- C:\System Volume Information
2012-10-24 19:01:29 ----D---- C:\Windows\system32\catroot
2012-10-24 19:01:28 ----D---- C:\Windows\system32\catroot2
2012-10-24 18:53:09 ----D---- C:\Windows\system32\config
2012-10-24 18:44:46 ----D---- C:\Program Files (x86)\Mozilla Firefox
2012-10-24 18:02:46 ----D---- C:\Windows\system32\NDF
2012-10-24 18:01:47 ----D---- C:\Windows\system32\wdi
2012-10-24 17:20:51 ----A---- C:\Windows\system32\PerfStringBackup.INI
2012-10-24 17:20:50 ----D---- C:\Windows\inf
2012-10-24 17:00:44 ----D---- C:\Program Files (x86)\Java
2012-10-24 16:49:14 ----HD---- C:\ProgramData
2012-10-24 16:35:02 ----D---- C:\ProgramData\regid.1986-12.com.adobe

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R0 hpdskflt;HP Filter; C:\Windows\system32\DRIVERS\hpdskflt.sys [2011-05-13 30008]
R0 PxHlpa64;PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
R0 rdyboost;ReadyBoost; C:\Windows\System32\drivers\rdyboost.sys [2010-11-21 213888]
R0 snapman;Acronis Snapshots Manager; C:\Windows\system32\DRIVERS\snapman.sys [2012-09-20 277088]
R0 sptd;sptd; C:\Windows\System32\Drivers\sptd.sys [2012-09-22 503352]
R0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273); C:\Windows\system32\DRIVERS\tdrpm273.sys [2012-09-20 1263200]
R0 timounter;Acronis Backup Archive Explorer; C:\Windows\system32\DRIVERS\timntr.sys [2012-09-20 970336]
R1 CSC;@%systemroot%\system32\cscsvc.dll,-202; C:\Windows\system32\drivers\csc.sys [2010-11-21 514560]
R1 eamonm;eamonm; C:\Windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
R1 ehdrv;ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
R1 MpKsl7f291eec;MpKsl7f291eec; \??\C:\Windows\system32\MpEngineStore\MpKsl7f291eec.sys [2012-10-24 35664]
R1 vwififlt;Virtual WiFi Filter Driver; C:\Windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
R2 epfwwfpr;epfwwfpr; C:\Windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
R3 Accelerometer;HP Mobile Data Protection Sensor; C:\Windows\system32\DRIVERS\Accelerometer.sys [2011-05-13 43320]
R3 afcdp;afcdp; C:\Windows\system32\DRIVERS\afcdp.sys [2012-09-20 285280]
R3 amdkmdag;amdkmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
R3 amdkmdap;amdkmdap; C:\Windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
R3 AVerAF15;HP DVB-T TV Tuner; C:\Windows\System32\Drivers\AVerAF15.sys [2009-05-22 311424]
R3 BCM43XX;Broadcom 802.11 Network Adapter Driver; C:\Windows\system32\DRIVERS\bcmwl664.sys [2009-07-08 2769400]
R3 BthEnum;Ovladač pro Bluetooth Request Block; C:\Windows\system32\drivers\BthEnum.sys [2009-07-14 41984]
R3 BthPan;Zařízení Bluetooth (síť PAN); C:\Windows\system32\DRIVERS\bthpan.sys [2009-07-14 118784]
R3 BTHUSB;Ovladač rozhraní USB radiostanice Bluetooth; C:\Windows\System32\Drivers\BTHUSB.sys [2011-04-28 80384]
R3 enecir;ENE CIR Receiver; C:\Windows\system32\DRIVERS\enecir.sys [2009-06-28 70656]
R3 HpGmb001;USB Mobile Packet Filter Driver; C:\Windows\system32\DRIVERS\HpGmb001.SYS [2009-05-27 13824]
R3 HpqKbFiltr;HpqKbFilter Driver; C:\Windows\system32\DRIVERS\HpqKbFiltr.sys [2010-02-25 18432]
R3 JMCR;JMCR; C:\Windows\system32\DRIVERS\jmcr.sys [2009-07-20 140712]
R3 RFCOMM;Zařízení Bluetooth (RFCOMM protokol TDI); C:\Windows\system32\DRIVERS\rfcomm.sys [2009-07-14 158720]
R3 RTL8167;Realtek 8167 NT Driver; C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
R3 STHDA;IDT High Definition Audio CODEC; C:\Windows\system32\DRIVERS\stwrt64.sys [2010-03-23 505344]
R3 SynTP;Synaptics TouchPad Driver; C:\Windows\system32\DRIVERS\SynTP.sys [2011-10-14 396848]
R3 WinUSB;WinUSB Service; C:\Windows\system32\DRIVERS\WinUSB.sys [2010-11-21 41984]
S3 aedx2ddu;aedx2ddu; C:\Windows\system32\drivers\aedx2ddu.sys []
S3 atikmdag;atikmdag; C:\Windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 BTHPORT;Ovladač portu Bluetooth; C:\Windows\System32\Drivers\BTHport.sys [2012-07-06 552960]
S3 dmvsc;dmvsc; C:\Windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
S3 nmwcd;Nokia USB Phone Parent Driver; C:\Windows\system32\drivers\ccdcmbx64.sys [2012-01-09 19968]
S3 nmwcdc;Nokia USB Communication Driver; C:\Windows\system32\drivers\ccdcmbox64.sys [2012-01-09 27136]
S3 pccsmcfd;PCCS Mode Change Filter Driver; C:\Windows\system32\DRIVERS\pccsmcfdx64.sys [2012-06-27 26112]
S3 pciide;pciide; C:\Windows\system32\drivers\pciide.sys [2009-07-14 12352]
S3 RDPDR;Terminal Server Device Redirector Driver; C:\Windows\System32\drivers\rdpdr.sys [2010-11-21 165888]
S3 s3cap;s3cap; C:\Windows\system32\drivers\vms3cap.sys [2010-11-21 6656]
S3 sdbus;sdbus; C:\Windows\system32\DRIVERS\sdbus.sys [2010-11-21 109056]
S3 storvsc;storvsc; C:\Windows\system32\drivers\storvsc.sys [2010-11-21 34688]
S3 TsUsbFlt;TsUsbFlt; C:\Windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device; C:\Windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 upperdev;upperdev; C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys [2012-01-09 9216]
S3 usbser;USB Modem Driver; C:\Windows\system32\drivers\usbser.sys [2010-11-21 32768]
S3 UsbserFilt;UsbserFilt; C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys [2012-01-09 9216]
S3 vmbus;vmbus; C:\Windows\system32\drivers\vmbus.sys [2010-11-21 199552]
S3 VMBusHID;VMBusHID; C:\Windows\system32\drivers\VMBusHID.sys [2010-11-21 21760]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 AcrSch2Svc;Služba Acronis Scheduler2; C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe [2011-10-13 1113696]
R2 AdobeARMservice;Adobe Acrobat Update Service; C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
R2 AESTFilters;Andrea ST Filters Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
R2 afcdpsrv;Služba Acronis Nonstop Backup; C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-20 3246040]
R2 AMD External Events Utility;AMD External Events Utility; C:\Windows\system32\atiesrxx.exe [2012-07-04 238080]
R2 CscService;@%systemroot%\system32\cscsvc.dll,-200; C:\Windows\System32\svchost.exe [2009-07-14 27136]
R2 EgisTec Service;EgisTec Service; C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisService.exe [2011-09-15 704048]
R2 EgisTec Ticket Service;EgisTec Ticket Service; C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-09-15 646704]
R2 ekrn;ESET Service; C:\Program Files\ESET\x86\ekrn.exe [2012-03-07 913144]
R2 hpsrv;HP Service; C:\Windows\system32\Hpservice.exe [2011-05-13 30520]
R2 LightScribeService;LightScribeService Direct Disc Labeling Service; C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe [2012-06-27 73728]
R2 PMBDeviceInfoProvider;PMBDeviceInfoProvider; C:\Program Files (x86)\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-08-20 474208]
R2 STacSV;Audio Service; C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe [2010-03-23 247808]
R2 vcsFPService;Validity VCS Fingerprint Service; C:\Windows\system32\vcsFPService.exe [2010-02-23 2192176]
R3 Com4QLBEx;Com4QLBEx; C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 hpqwmiex;hpqwmiex; C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe [2009-04-30 229944]
R3 ServiceLayer;ServiceLayer; C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe [2012-08-01 724888]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86; C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64; C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 SkypeUpdate;Skype Updater; C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service; C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
S3 AppMgmt;@appmgmts.dll,-3250; C:\Windows\system32\svchost.exe [2009-07-14 27136]
S3 MozillaMaintenance;Mozilla Maintenance Service; C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
S3 ose;Office Source Engine; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 149352]
S3 osppsvc;Office Software Protection Platform; C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
S3 PeerDistSvc;@%SystemRoot%\system32\peerdistsvc.dll,-9000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 StorSvc;@%SystemRoot%\System32\StorSvc.dll,-100; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 SwitchBoard;SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
S3 UmRdpService;@%SystemRoot%\system32\umrdp.dll,-1000; C:\Windows\System32\svchost.exe [2009-07-14 27136]
S3 WatAdminSvc;@%SystemRoot%\system32\Wat\WatUX.exe,-601; C:\Windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736]

-----------------EOF-----------------

[Rudy]

Zdravím!
Log vypadá OK. Pokud padá celá síť, obvykle to není problém pracovní stanice.

[Michal_Tuma]

Já se bohužel obávám, že "padá" jen u mě. V jednu chvíli jsem normálně připojen ke kolejní síti, najednou přestane fungovat a místo ikonky v oznamovací panely se zapojeným síťovým kabelem se objeví ikonka wifi s nabídkou, jestli se chci k nějaké připojit. Po vypnutí prohlížeče se za chvilku připojí zpět. Jinak mnohokrát děkuji za kontrolu

[Rudy]

Zkuste toto:
Startmenu>přík. řádek>(napsat) netsh winsock reset>Enter. Restart PC. Příkaz resetuje TCP/IP protokol.

[Michal_Tuma]

Bohužel, před chvilkou to spadlo opět. Opravdu nevím, kde je najednou chyba. Čytři roky to fungovalo a najednou nic.

[Rudy]

Dejte log ComboFix.

Stahnete a ulozte nejlepe na plochu ComboFix: http://download.bleepingcomputer.com/sUBs/ComboFix.exe

pote spustte aplikaci pod uctem s administratorskym opravnenim

hned po startu se zobrazi obrazovka s licencnimi podminkami, pokracujte kliknutim na tlacitko Ano.

v klidu si postavte na kafe (cela akce trva cca. 5-10 minut, nekdy i dele - dle toho, o jak rychly stroj se

jedna a kolika soubory se skener bude muset prodirat), behem skenu se nepokousejte spoustet zadne jine

aplikace ani nic jineho

behem skenovani nepropadejte panice, vas stroj muze byt restartovan (predevsim pri prvni aplikaci skeneru)

upozorneni: pokud pouzivate antispyware s rezidentnim stitem, prepnete jeho rezidentni stit do Install Mode,

pripadne jej po dobu skenu uplne deaktivujte, protoze dochazi pri skenu a vymazu pripadneho malware k

nezadoucim kolizim s rezidentem antispyware

[Michal_Tuma]

Dnes už se musím odebrat do postele, zítra musím být fit. Ještě jednou Vám mnohokrát děkuji a zítra se ozvu jakmile to bude možné. Zde je log:


ComboFix 12-10-24.02 - Michal Tůma 24.10.2012 23:13:20.1.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4063.2699 [GMT 2:00]
Spuštěný z: c:\users\Michal T¨ma\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\msxml4-KB954430-enu.LOG
c:\windows\msxml4-KB973688-enu.LOG
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-24 do 2012-10-24 )))))))))))))))))))))))))))))))
.
.
2012-10-24 21:18 . 2012-10-24 21:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-24 18:19 . 2012-10-24 18:19 -------- d-----w- c:\windows\JMCR_DIR
2012-10-24 18:19 . 2008-10-22 15:42 109568 ----a-w- c:\windows\SysWow64\JmCrIcon.dll
2012-10-24 17:45 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-24 17:45 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-24 17:45 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-24 17:43 . 2012-08-20 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-24 17:42 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-24 17:42 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-24 17:42 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-24 17:42 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-24 17:42 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-24 17:42 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-24 17:15 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-24 17:14 . 2012-10-24 17:14 -------- d-----w- c:\program files\trend micro
2012-10-24 17:14 . 2012-10-24 17:15 -------- d-----w- C:\rsit
2012-10-24 17:05 . 2012-10-24 17:05 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-24 17:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-24 17:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-24 17:03 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-24 16:54 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B3499A7-21C7-494D-BDF9-FBB51C7C9BEB}\mpengine.dll
2012-10-24 16:02 . 2012-10-24 16:02 -------- d-----w- c:\users\Michal Tůma\AppData\Local\ElevatedDiagnostics
2012-10-24 15:00 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-24 14:27 . 2012-10-24 14:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-24 14:27 . 2012-10-24 14:27 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 17:07 . 2012-09-17 20:19 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-22 17:46 . 2012-09-22 17:46 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-22 17:46 . 2012-09-22 17:46 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-22 17:46 . 2012-09-22 17:46 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-22 17:46 . 2012-09-22 17:46 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-22 17:46 . 2012-09-22 17:46 188904 ----a-w- c:\windows\system32\java.exe
2012-09-22 17:46 . 2012-09-22 17:46 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-22 13:16 . 2012-09-22 13:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-22 13:16 . 2012-09-22 13:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-21 09:56 . 2012-09-17 22:15 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 09:56 . 2012-09-17 22:15 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 19:27 . 2012-09-20 19:27 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-09-20 19:27 . 2012-09-20 19:27 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-09-20 19:27 . 2012-09-20 19:27 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-09-20 19:27 . 2012-09-20 19:27 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-09-19 09:05 . 2012-09-19 11:50 14175232 ----a-w- c:\windows\system32\shell32.dll
2012-09-18 21:11 . 2012-09-18 21:11 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-18 21:10 . 2012-09-18 21:10 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-18 21:00 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2012-09-18 21:00 . 2010-11-21 03:24 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2012-09-18 20:58 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-09-18 20:58 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-09-18 20:58 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-09-17 20:26 . 2012-09-17 20:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-17 20:26 . 2012-09-17 20:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-17 20:26 . 2012-09-17 20:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-17 20:26 . 2012-09-17 20:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-17 20:26 . 2012-09-17 20:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-17 20:26 . 2012-09-17 20:26 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-17 20:26 . 2012-09-17 20:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-17 20:26 . 2012-09-17 20:26 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-17 20:26 . 2012-09-17 20:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-17 20:26 . 2012-09-17 20:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-17 20:26 . 2012-09-17 20:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-17 20:26 . 2012-09-17 20:26 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-17 20:26 . 2012-09-17 20:26 448512 ----a-w- c:\windows\system32\html.iec
2012-09-17 20:26 . 2012-09-17 20:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-17 20:26 . 2012-09-17 20:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-17 20:26 . 2012-09-17 20:26 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-17 20:26 . 2012-09-17 20:26 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-17 20:26 . 2012-09-17 20:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-17 20:26 . 2012-09-17 20:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-17 20:26 . 2012-09-17 20:26 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-17 20:26 . 2012-09-17 20:26 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-17 20:26 . 2012-09-17 20:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-17 20:26 . 2012-09-17 20:26 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-17 20:26 . 2012-09-17 20:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-17 20:26 . 2012-09-17 20:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-17 20:26 . 2012-09-17 20:26 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-17 20:26 . 2012-09-17 20:26 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-17 20:26 . 2012-09-17 20:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-17 20:26 . 2012-09-17 20:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-17 20:26 . 2012-09-17 20:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-17 20:26 . 2012-09-17 20:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-17 20:26 . 2012-09-17 20:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-17 20:26 . 2012-09-17 20:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-17 20:26 . 2012-09-17 20:26 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-17 20:26 . 2012-09-17 20:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-17 20:26 . 2012-09-17 20:26 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-17 20:26 . 2012-09-17 20:26 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-17 20:26 . 2012-09-17 20:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-17 20:26 . 2012-09-17 20:26 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-17 20:26 . 2012-09-17 20:26 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-17 20:26 . 2012-09-17 20:26 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-17 20:26 . 2012-09-17 20:26 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-17 20:26 . 2012-09-17 20:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-17 20:26 . 2012-09-17 20:26 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-17 20:26 . 2012-09-17 20:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-17 20:26 . 2012-09-17 20:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-17 20:26 . 2012-09-17 20:26 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-15 21:17 . 2012-09-15 21:17 9216 ----a-w- c:\windows\SysWow64\Lama.dll
2012-09-15 21:17 . 2012-09-15 21:17 9216 ----a-w- c:\windows\system32\Lama.dll
2012-08-24 16:57 . 2012-10-24 17:44 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-08-24 11:15 . 2012-09-21 17:04 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-21 17:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-21 17:05 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-21 17:05 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-21 17:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-21 17:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-21 17:05 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-21 17:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-21 17:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-21 17:05 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-21 17:05 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-21 17:05 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-21 17:05 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-21 17:05 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-21 17:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-21 17:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-21 17:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-21 17:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-21 17:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-21 17:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-21 17:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-21 17:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-17 20:14 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-17 20:15 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-17 20:14 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-17 20:14 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-24 17:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7601.21669] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 1095FD66E1E44DCD81D053E9DE92FE46 . 2388992 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7601.17567] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol\AxAutoMntSrv.exe" [2010-08-20 33120]
"RocketDock"="c:\program files (x86)\Rocket Dock\RocketDock.exe" [2009-06-15 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyTSR"="c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\EgisTSR.exe" [2011-09-15 384048]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"StartCCC"="c:\program files (x86)\ATI\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"PMBVolumeWatcher"="c:\program files (x86)\PlayMemories Home\PMBVolumeWatcher.exe" [2012-08-20 724576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-22 503352]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-09-20 1263200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-20 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\EgisService.exe [2011-09-15 704048]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-09-15 646704]
S2 ekrn;ESET Service;c:\program files\ESET\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-08-20 474208]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-20 285280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2009-05-22 311424]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-28 70656]
S3 HpGmb001;USB Mobile Packet Filter Driver;c:\windows\system32\DRIVERS\HpGmb001.SYS [2009-05-26 13824]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 128352]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
--- Ostatní služby/ovladače v paměti ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 13:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-24 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 09:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"egui"="c:\program files\ESET\egui.exe" [2012-03-07 4081008]
"HP Input Device Main Program"="c:\program files\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe" [2008-10-16 530432]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = proxy.vscht.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 147.33.226.11 147.33.86.11
FF - ProfilePath - c:\users\Michal Tůma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\
FF - prefs.js: browser.startup.homepage - www.hattrick.org
FF - ExtSQL: 2012-09-17 23:54; {41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}; c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\FFExt
FF - ExtSQL: 2012-09-17 23:54; {d4da7309-b89a-45ec-8ebb-cfb2ae13618b}; c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\FFExt20
FF - ExtSQL: 2012-09-21 14:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-09-21 14:30; Stratiform@SoapySpew; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\Stratiform@SoapySpew.xpi
FF - ExtSQL: 2012-09-21 14:51; {9d1f059c-cada-4111-9696-41a62d64e3ba}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF - ExtSQL: 2012-09-21 14:53; {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
FF - ExtSQL: 2012-09-22 00:40; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
SharedTaskScheduler-{1984D045-52CF-49cd-DB77-08F378FEA4DB} - c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll
AddRemove-AVerMedia TV Tuner Card - c:\program files (x86)\AVerMedia\AVerMedia TV Tuner Card\uninst.exe
AddRemove-Hattrick Organizer - c:\program files (x86)\HattrickOrganizer\Uninstall.exe
AddRemove-ObjectDock Plus 2 - c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:50,52,8a,f1,21,8e,a6,8a,15,48,31,e7,17,cd,d0,44,a9,2b,50,43,f5,
5d,bf,c6,67,64,78,98,47,a4,c6,61,42,f7,8f,83,3f,39,27,9c,f1,8f,84,5a,5f,69,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_4_402_265.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:50,52,8a,f1,21,8e,a6,8a,15,48,31,e7,17,cd,d0,44,a9,2b,50,43,f5,
5d,bf,c6,67,64,78,98,47,a4,c6,61,42,f7,8f,83,3f,39,27,9c,f1,8f,84,5a,5f,69,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Celkový čas: 2012-10-24 23:25:34 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-24 21:25
.
Před spuštěním: Volných bajtů: 427 396 980 736
Po spuštění: Volných bajtů: 427 585 052 672
.
- - End Of File - - 40D21771D991B43FB45B3104E59A45FD

[Rudy]

Ještě dočistíme. Přesuňte ComboFix na kořenový adresář C:\. Otevřte poznámkový blok a zkopírujte do něj:

KillAll::

Firefox::
FF - ProfilePath - c:\users\Michal Tůma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\
FF - prefs.js: browser.startup.homepage - www.hattrick.org
FF - ExtSQL: 2012-09-17 23:54; {41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}; c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\FFExt
FF - ExtSQL: 2012-09-17 23:54; {d4da7309-b89a-45ec-8ebb-cfb2ae13618b}; c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\FFExt20
FF - ExtSQL: 2012-09-21 14:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-09-21 14:30; Stratiform@SoapySpew; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\Stratiform@SoapySpew.xpi
FF - ExtSQL: 2012-09-21 14:51; {9d1f059c-cada-4111-9696-41a62d64e3ba}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF - ExtSQL: 2012-09-21 14:53; {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
FF - ExtSQL: 2012-09-22 00:40; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

RegLock::
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

Reboot::

Uložte rovněž na kořenový adresář C:\ jako CFScript.txt. Pak je myší v průzkumníku windows (nebo jiném souborovém manažéru) přesuňte nad ikonu ComboFix a pusťte. CF se spustí a vykoná příkazy ze skriptu.

[Michal_Tuma]

Tady je log:

ComboFix 12-10-24.02 - Michal Tůma 25.10.2012 19:20:41.2.2 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1250.420.1029.18.4063.2352 [GMT 2:00]
Spuštěný z: C:\ComboFix.exe
Použité ovládací přepínače :: C:\CFScript.txt
AV: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {77DEAFED-8149-104B-25A1-21771CA47CD1}
SP: ESET NOD32 Antivirus 5.2 *Disabled/Updated* {CCBF4E09-A773-1FC5-1F11-1A056723366C}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\PFRO.log
.
c:\windows\SysWow64\drivers\ntfs.sys . . . je infikován!!
.
.
((((((((((((((((((((((((( Soubory vytvořené od 2012-09-25 do 2012-10-25 )))))))))))))))))))))))))))))))
.
.
2012-10-25 17:33 . 2012-10-25 17:33 -------- d-----w- c:\users\Michal Toma\AppData\Local\temp
2012-10-25 17:33 . 2012-10-25 17:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-24 18:19 . 2012-10-24 18:19 -------- d-----w- c:\windows\JMCR_DIR
2012-10-24 18:19 . 2008-10-22 15:42 109568 ----a-w- c:\windows\SysWow64\JmCrIcon.dll
2012-10-24 17:45 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-10-24 17:45 . 2012-08-30 17:12 3968880 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-10-24 17:45 . 2012-08-30 17:12 3914096 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-10-24 17:43 . 2012-08-20 18:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-24 17:42 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-10-24 17:42 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-10-24 17:42 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-10-24 17:42 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-10-24 17:42 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-10-24 17:42 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-10-24 17:15 . 2012-08-31 18:19 1659760 ----a-w- c:\windows\system32\drivers\ntfs.sys
2012-10-24 17:14 . 2012-10-24 17:14 -------- d-----w- c:\program files\trend micro
2012-10-24 17:14 . 2012-10-24 17:15 -------- d-----w- C:\rsit
2012-10-24 17:05 . 2012-10-24 17:05 -------- d-----w- c:\program files (x86)\MSXML 4.0
2012-10-24 17:04 . 2012-08-24 18:05 220160 ----a-w- c:\windows\system32\wintrust.dll
2012-10-24 17:04 . 2012-08-24 16:57 172544 ----a-w- c:\windows\SysWow64\wintrust.dll
2012-10-24 17:03 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-10-24 16:54 . 2012-10-12 07:19 9291768 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3B3499A7-21C7-494D-BDF9-FBB51C7C9BEB}\mpengine.dll
2012-10-24 16:02 . 2012-10-24 16:02 -------- d-----w- c:\users\Michal Tůma\AppData\Local\ElevatedDiagnostics
2012-10-24 15:00 . 2012-09-24 21:16 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-10-24 14:27 . 2012-10-24 14:27 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\Markup.dll
2012-10-24 14:27 . 2012-10-24 14:27 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-24 17:07 . 2012-09-17 20:19 65309168 ----a-w- c:\windows\system32\MRT.exe
2012-09-22 17:46 . 2012-09-22 17:46 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-09-22 17:46 . 2012-09-22 17:46 289768 ----a-w- c:\windows\system32\javaws.exe
2012-09-22 17:46 . 2012-09-22 17:46 189416 ----a-w- c:\windows\system32\javaw.exe
2012-09-22 17:46 . 2012-09-22 17:46 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-09-22 17:46 . 2012-09-22 17:46 188904 ----a-w- c:\windows\system32\java.exe
2012-09-22 17:46 . 2012-09-22 17:46 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-09-22 13:16 . 2012-09-22 13:16 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-22 13:16 . 2012-09-22 13:16 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-21 09:56 . 2012-09-17 22:15 73136 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-21 09:56 . 2012-09-17 22:15 696240 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-20 19:27 . 2012-09-20 19:27 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-09-20 19:27 . 2012-09-20 19:27 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-09-20 19:27 . 2012-09-20 19:27 970336 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-09-20 19:27 . 2012-09-20 19:27 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2012-09-19 09:05 . 2012-09-19 11:50 14175232 ----a-w- c:\windows\system32\shell32.dll
2012-09-18 21:11 . 2012-09-18 21:11 48648 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\Markup.dll
2012-09-18 21:10 . 2012-09-18 21:10 483952 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-09-18 21:00 . 2009-07-13 23:39 245760 ----a-w- c:\windows\SysWow64\uxtheme.dll
2012-09-18 21:00 . 2010-11-21 03:24 2755072 ----a-w- c:\windows\SysWow64\themeui.dll
2012-09-18 20:58 . 2009-07-13 23:55 332288 ----a-w- c:\windows\system32\uxtheme.dll
2012-09-18 20:58 . 2010-11-21 03:23 2851840 ----a-w- c:\windows\system32\themeui.dll
2012-09-18 20:58 . 2009-07-13 23:54 44544 ----a-w- c:\windows\system32\themeservice.dll
2012-09-17 20:26 . 2012-09-17 20:26 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-09-17 20:26 . 2012-09-17 20:26 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-09-17 20:26 . 2012-09-17 20:26 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-09-17 20:26 . 2012-09-17 20:26 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-09-17 20:26 . 2012-09-17 20:26 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-09-17 20:26 . 2012-09-17 20:26 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-09-17 20:26 . 2012-09-17 20:26 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-09-17 20:26 . 2012-09-17 20:26 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-09-17 20:26 . 2012-09-17 20:26 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-09-17 20:26 . 2012-09-17 20:26 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-09-17 20:26 . 2012-09-17 20:26 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-09-17 20:26 . 2012-09-17 20:26 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-09-17 20:26 . 2012-09-17 20:26 448512 ----a-w- c:\windows\system32\html.iec
2012-09-17 20:26 . 2012-09-17 20:26 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-09-17 20:26 . 2012-09-17 20:26 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-09-17 20:26 . 2012-09-17 20:26 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-09-17 20:26 . 2012-09-17 20:26 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-09-17 20:26 . 2012-09-17 20:26 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-09-17 20:26 . 2012-09-17 20:26 222208 ----a-w- c:\windows\system32\msls31.dll
2012-09-17 20:26 . 2012-09-17 20:26 197120 ----a-w- c:\windows\system32\msrating.dll
2012-09-17 20:26 . 2012-09-17 20:26 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-09-17 20:26 . 2012-09-17 20:26 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-09-17 20:26 . 2012-09-17 20:26 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-09-17 20:26 . 2012-09-17 20:26 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-09-17 20:26 . 2012-09-17 20:26 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-09-17 20:26 . 2012-09-17 20:26 149504 ----a-w- c:\windows\system32\occache.dll
2012-09-17 20:26 . 2012-09-17 20:26 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-09-17 20:26 . 2012-09-17 20:26 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-09-17 20:26 . 2012-09-17 20:26 12288 ----a-w- c:\windows\system32\mshta.exe
2012-09-17 20:26 . 2012-09-17 20:26 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-09-17 20:26 . 2012-09-17 20:26 114176 ----a-w- c:\windows\system32\admparse.dll
2012-09-17 20:26 . 2012-09-17 20:26 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-09-17 20:26 . 2012-09-17 20:26 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-09-17 20:26 . 2012-09-17 20:26 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-09-17 20:26 . 2012-09-17 20:26 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-09-17 20:26 . 2012-09-17 20:26 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-09-17 20:26 . 2012-09-17 20:26 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-09-17 20:26 . 2012-09-17 20:26 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-09-17 20:26 . 2012-09-17 20:26 82432 ----a-w- c:\windows\system32\icardie.dll
2012-09-17 20:26 . 2012-09-17 20:26 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-09-17 20:26 . 2012-09-17 20:26 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-09-17 20:26 . 2012-09-17 20:26 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-09-17 20:26 . 2012-09-17 20:26 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-09-17 20:26 . 2012-09-17 20:26 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-09-17 20:26 . 2012-09-17 20:26 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-09-17 20:26 . 2012-09-17 20:26 160256 ----a-w- c:\windows\system32\wextract.exe
2012-09-17 20:26 . 2012-09-17 20:26 103936 ----a-w- c:\windows\system32\inseng.dll
2012-09-15 21:17 . 2012-09-15 21:17 9216 ----a-w- c:\windows\SysWow64\Lama.dll
2012-09-15 21:17 . 2012-09-15 21:17 9216 ----a-w- c:\windows\system32\Lama.dll
2012-08-24 16:57 . 2012-10-24 17:44 247808 ----a-w- c:\windows\SysWow64\schannel.dll
2012-08-24 11:15 . 2012-09-21 17:04 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-08-24 10:39 . 2012-09-21 17:04 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-08-24 10:31 . 2012-09-21 17:05 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-08-24 10:22 . 2012-09-21 17:05 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-08-24 10:21 . 2012-09-21 17:05 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-08-24 10:20 . 2012-09-21 17:05 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-08-24 10:18 . 2012-09-21 17:05 237056 ----a-w- c:\windows\system32\url.dll
2012-08-24 10:17 . 2012-09-21 17:05 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-08-24 10:14 . 2012-09-21 17:05 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-08-24 10:14 . 2012-09-21 17:05 816640 ----a-w- c:\windows\system32\jscript.dll
2012-08-24 10:13 . 2012-09-21 17:05 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-08-24 10:12 . 2012-09-21 17:05 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-08-24 10:11 . 2012-09-21 17:05 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-08-24 10:10 . 2012-09-21 17:05 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-08-24 10:09 . 2012-09-21 17:05 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-08-24 10:04 . 2012-09-21 17:05 248320 ----a-w- c:\windows\system32\ieui.dll
2012-08-24 06:59 . 2012-09-21 17:05 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-08-24 06:51 . 2012-09-21 17:05 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-08-24 06:51 . 2012-09-21 17:05 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-08-24 06:47 . 2012-09-21 17:05 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-08-24 06:47 . 2012-09-21 17:05 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-08-24 06:43 . 2012-09-21 17:05 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-08-22 18:12 . 2012-09-17 20:14 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-08-22 18:12 . 2012-09-17 20:15 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-08-22 18:12 . 2012-09-17 20:14 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-08-22 18:12 . 2012-09-17 20:14 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-08-20 17:38 . 2012-10-24 17:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2011-02-26 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[-] 2011-02-25 . 1095FD66E1E44DCD81D053E9DE92FE46 . 2388992 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2011-02-25 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AlcoholAutomount"="c:\program files (x86)\Alcohol\AxAutoMntSrv.exe" [2010-08-20 33120]
"RocketDock"="c:\program files (x86)\Rocket Dock\RocketDock.exe" [2009-06-15 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"VitaKeyTSR"="c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\EgisTSR.exe" [2011-09-15 384048]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2011-10-13 5574456]
"StartCCC"="c:\program files (x86)\ATI\Catalyst\ATI.ACE\Core-Static\CLIStart.exe" [2012-07-04 641704]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe" [2012-07-27 36800]
"PMBVolumeWatcher"="c:\program files (x86)\PlayMemories Home\PMBVolumeWatcher.exe" [2012-08-20 724576]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-21 250288]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 WatAdminSvc;Služba Technologie aktivace Windows;c:\windows\system32\Wat\WatAdminSvc.exe [2012-09-17 1255736]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-09-22 503352]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [2012-09-20 1263200]
S1 eamonm;eamonm;c:\windows\system32\DRIVERS\eamonm.sys [2012-03-14 209768]
S1 ehdrv;ehdrv;c:\windows\system32\DRIVERS\ehdrv.sys [2012-03-14 148528]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-07-27 63960]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 afcdpsrv;Služba Acronis Nonstop Backup;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-09-20 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-07-04 238080]
S2 EgisTec Service;EgisTec Service;c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\EgisService.exe [2011-09-15 704048]
S2 EgisTec Ticket Service;EgisTec Ticket Service;c:\program files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe [2011-09-15 646704]
S2 ekrn;ESET Service;c:\program files\ESET\x86\ekrn.exe [2012-03-07 913144]
S2 epfwwfpr;epfwwfpr;c:\windows\system32\DRIVERS\epfwwfpr.sys [2012-03-14 137144]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\PlayMemories Home\PMBDeviceInfoProvider.exe [2012-08-20 474208]
S2 vcsFPService;Validity VCS Fingerprint Service;c:\windows\system32\vcsFPService.exe [2010-02-23 2192176]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [2012-09-20 285280]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-07-04 11922944]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-07-04 359936]
S3 AVerAF15;HP DVB-T TV Tuner;c:\windows\system32\Drivers\AVerAF15.sys [2009-05-22 311424]
S3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-28 70656]
S3 HpGmb001;USB Mobile Packet Filter Driver;c:\windows\system32\DRIVERS\HpGmb001.SYS [2009-05-26 13824]
S3 JMCR;JMCR;c:\windows\system32\DRIVERS\jmcr.sys [2008-10-22 128352]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2012-07-02 13:40 453736 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Obsah adresáře 'Naplánované úlohy'
.
2012-10-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-17 09:56]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"egui"="c:\program files\ESET\egui.exe" [2012-03-07 4081008]
"HP Input Device Main Program"="c:\program files\Hewlett-Packard\HP Wireless Comfort Mobile Mouse\TSR\xDaemon.exe" [2008-10-16 530432]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\SharedTaskScheduler]
"{1984D045-52CF-49cd-DB77-08F378FEA4DB}"= "c:\program files (x86)\Stardock\ObjectDockPlus2\ODMenu64.dll" [BU]
.
------- Doplňkový sken -------
.
uLocal Page = c:\windows\system32\blank.htm
uInternet Settings,ProxyServer = proxy.vscht.cz:3128
uInternet Settings,ProxyOverride = <local>
IE: E&xportovat do aplikace Microsoft Excel - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Od&eslat do aplikace OneNote - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 147.33.226.11 147.33.86.11
FF - ProfilePath - c:\users\Michal Tůma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\
FF - ExtSQL: 2012-09-17 23:54; {41ecbc0b-34d5-4cd4-935f-253a30e2cb7e}; c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\FFExt
FF - ExtSQL: 2012-09-17 23:54; {d4da7309-b89a-45ec-8ebb-cfb2ae13618b}; c:\program files (x86)\SimplePass\HP SimplePass Identity Protection\FFExt20
FF - ExtSQL: 2012-09-21 14:14; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2012-09-21 14:30; Stratiform@SoapySpew; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\Stratiform@SoapySpew.xpi
FF - ExtSQL: 2012-09-21 14:51; {9d1f059c-cada-4111-9696-41a62d64e3ba}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{9d1f059c-cada-4111-9696-41a62d64e3ba}
FF - ExtSQL: 2012-09-21 14:53; {7E77F5DF-8022-40e3-9122-F03DEBEFC43B}; c:\users\Michal TĂ…ÂŻma\AppData\Roaming\Mozilla\Firefox\Profiles\qr5glkoe.default\extensions\{7E77F5DF-8022-40e3-9122-F03DEBEFC43B}.xpi
FF - ExtSQL: 2012-09-22 00:40; web2pdfextension@web2pdf.adobedotcom; c:\program files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
AddRemove-AVerMedia TV Tuner Card - c:\program files (x86)\AVerMedia\AVerMedia TV Tuner Card\uninst.exe
AddRemove-Hattrick Organizer - c:\program files (x86)\HattrickOrganizer\Uninstall.exe
AddRemove-ObjectDock Plus 2 - c:\programdata\{0F4A7EFE-5950-4389-BF36-1E625D72456B}\shareware.exe
.
.
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_265_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version]
"Version"=hex:50,52,8a,f1,21,8e,a6,8a,15,48,31,e7,17,cd,d0,44,a9,2b,50,43,f5,
5d,bf,c6,67,64,78,98,47,a4,c6,61,42,f7,8f,83,3f,39,27,9c,f1,8f,84,5a,5f,69,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version]
"Version"=hex:50,52,8a,f1,21,8e,a6,8a,15,48,31,e7,17,cd,d0,44,a9,2b,50,43,f5,
5d,bf,c6,67,64,78,98,47,a4,c6,61,42,f7,8f,83,3f,39,27,9c,f1,8f,84,5a,5f,69,\
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
.
**************************************************************************
.
Celkový čas: 2012-10-25 19:38:05 - počítač byl restartován
ComboFix-quarantined-files.txt 2012-10-25 17:38
.
Před spuštěním: Volných bajtů: 426 099 650 560
Po spuštění: Volných bajtů: 427 236 884 480
.
- - End Of File - - 99E71EC9A95D64F70252170CBFB1BF8A

[Rudy]

Stáhněte, rozbalte a spusťte TDSSKiller: http://support.kaspersky.com/downloads/ ... killer.zip . Nechte pracovat a po akci sem vložte log.

[Michal_Tuma]

20:56:23.0860 5128 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
20:56:25.0864 5128 ============================================================
20:56:25.0864 5128 Current date / time: 2012/10/25 20:56:25.0864
20:56:25.0864 5128 SystemInfo:
20:56:25.0864 5128
20:56:25.0864 5128 OS Version: 6.1.7601 ServicePack: 1.0
20:56:25.0864 5128 Product type: Workstation
20:56:25.0864 5128 ComputerName: NOTEBOOK
20:56:25.0864 5128 UserName: Michal Tůma
20:56:25.0865 5128 Windows directory: C:\Windows
20:56:25.0865 5128 System windows directory: C:\Windows
20:56:25.0865 5128 Running under WOW64
20:56:25.0865 5128 Processor architecture: Intel x64
20:56:25.0865 5128 Number of processors: 2
20:56:25.0865 5128 Page size: 0x1000
20:56:25.0865 5128 Boot type: Normal boot
20:56:25.0865 5128 ============================================================
20:56:27.0166 5128 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:56:27.0172 5128 Drive \Device\Harddisk1\DR4 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:56:27.0609 5128 Drive \Device\Harddisk2\DR5 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:56:27.0946 5128 ============================================================
20:56:27.0946 5128 \Device\Harddisk0\DR0:
20:56:27.0946 5128 MBR partitions:
20:56:27.0946 5128 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
20:56:27.0946 5128 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x3885D800
20:56:27.0947 5128 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x388C1800, BlocksNum 0x1AC4000
20:56:27.0947 5128 \Device\Harddisk1\DR4:
20:56:27.0947 5128 MBR partitions:
20:56:27.0947 5128 \Device\Harddisk1\DR4\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x3A384C02
20:56:27.0947 5128 \Device\Harddisk2\DR5:
20:56:27.0948 5128 MBR partitions:
20:56:27.0948 5128 \Device\Harddisk2\DR5\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
20:56:27.0948 5128 ============================================================
20:56:28.0025 5128 C: <-> \Device\Harddisk0\DR0\Partition2
20:56:28.0068 5128 D: <-> \Device\Harddisk0\DR0\Partition3
20:56:28.0100 5128 M: <-> \Device\Harddisk1\DR4\Partition1
20:56:28.0365 5128 Z: <-> \Device\Harddisk2\DR5\Partition1
20:56:28.0365 5128 ============================================================
20:56:28.0365 5128 Initialize success
20:56:28.0365 5128 ============================================================
20:56:46.0231 5780 ============================================================
20:56:46.0231 5780 Scan started
20:56:46.0231 5780 Mode: Manual;
20:56:46.0231 5780 ============================================================
20:56:46.0784 5780 ================ Scan system memory ========================
20:56:46.0784 5780 System memory - ok
20:56:46.0785 5780 ================ Scan services =============================
20:56:46.0940 5780 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:56:46.0992 5780 1394ohci - ok
20:56:47.0021 5780 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
20:56:47.0023 5780 Accelerometer - ok
20:56:47.0045 5780 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:56:47.0052 5780 ACPI - ok
20:56:47.0083 5780 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:56:47.0110 5780 AcpiPmi - ok
20:56:47.0204 5780 [ FB5C5F790F0D086BC7453412DA4F46FC ] AcrSch2Svc C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
20:56:47.0235 5780 AcrSch2Svc - ok
20:56:47.0313 5780 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
20:56:47.0313 5780 AdobeARMservice - ok
20:56:47.0407 5780 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:56:47.0422 5780 AdobeFlashPlayerUpdateSvc - ok
20:56:47.0469 5780 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:56:47.0532 5780 adp94xx - ok
20:56:47.0563 5780 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:56:47.0594 5780 adpahci - ok
20:56:47.0610 5780 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:56:47.0625 5780 adpu320 - ok
20:56:47.0641 5780 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:56:47.0656 5780 AeLookupSvc - ok
20:56:47.0750 5780 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
20:56:47.0750 5780 AESTFilters - ok
20:56:47.0797 5780 [ AE1FCE2CD1E99BEA89183BA8CD320872 ] afcdp C:\Windows\system32\DRIVERS\afcdp.sys
20:56:47.0812 5780 afcdp - ok
20:56:47.0906 5780 [ AF44F7E027037628F1FAC3C13CDE73E6 ] afcdpsrv C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
20:56:47.0953 5780 afcdpsrv - ok
20:56:48.0000 5780 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:56:48.0031 5780 AFD - ok
20:56:48.0078 5780 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:56:48.0093 5780 agp440 - ok
20:56:48.0124 5780 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:56:48.0124 5780 ALG - ok
20:56:48.0169 5780 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:56:48.0188 5780 aliide - ok
20:56:48.0228 5780 [ E20DDDFBD0DBE7D8EAD4D7A51D654367 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:56:48.0233 5780 AMD External Events Utility - ok
20:56:48.0247 5780 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:56:48.0265 5780 amdide - ok
20:56:48.0294 5780 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:56:48.0313 5780 AmdK8 - ok
20:56:48.0540 5780 [ 4284FB1240537A33E6EC417EFD87D40F ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:56:48.0784 5780 amdkmdag - ok
20:56:48.0807 5780 [ 6C25C497E05EFD0CB6033A0444FC9B51 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:56:48.0825 5780 amdkmdap - ok
20:56:48.0830 5780 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
20:56:48.0849 5780 AmdPPM - ok
20:56:48.0888 5780 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:56:48.0922 5780 amdsata - ok
20:56:48.0954 5780 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:56:48.0977 5780 amdsbs - ok
20:56:48.0985 5780 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:56:49.0004 5780 amdxata - ok
20:56:49.0017 5780 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:56:49.0035 5780 AppID - ok
20:56:49.0052 5780 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:56:49.0055 5780 AppIDSvc - ok
20:56:49.0081 5780 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:56:49.0085 5780 Appinfo - ok
20:56:49.0142 5780 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:56:49.0150 5780 AppMgmt - ok
20:56:49.0161 5780 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:56:49.0176 5780 arc - ok
20:56:49.0192 5780 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:56:49.0192 5780 arcsas - ok
20:56:49.0223 5780 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:56:49.0239 5780 AsyncMac - ok
20:56:49.0239 5780 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:56:49.0239 5780 atapi - ok
20:56:49.0473 5780 [ 4284FB1240537A33E6EC417EFD87D40F ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:56:49.0535 5780 atikmdag - ok
20:56:49.0566 5780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:56:49.0582 5780 AudioEndpointBuilder - ok
20:56:49.0613 5780 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:56:49.0613 5780 AudioSrv - ok
20:56:49.0660 5780 [ 7A122973B51661F189F157002FFAA5AA ] AVerAF15 C:\Windows\system32\Drivers\AVerAF15.sys
20:56:49.0676 5780 AVerAF15 - ok
20:56:49.0676 5780 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:56:49.0691 5780 AxInstSV - ok
20:56:49.0707 5780 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:56:49.0722 5780 b06bdrv - ok
20:56:49.0754 5780 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:56:49.0769 5780 b57nd60a - ok
20:56:49.0863 5780 [ FB4FDA64F2E8552EAEB5986C3F34462C ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl664.sys
20:56:49.0894 5780 BCM43XX - ok
20:56:49.0910 5780 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:56:49.0910 5780 BDESVC - ok
20:56:49.0941 5780 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:56:49.0941 5780 Beep - ok
20:56:49.0988 5780 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:56:50.0003 5780 BFE - ok
20:56:50.0050 5780 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
20:56:50.0066 5780 BITS - ok
20:56:50.0066 5780 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:56:50.0097 5780 blbdrive - ok
20:56:50.0112 5780 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:56:50.0144 5780 bowser - ok
20:56:50.0144 5780 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:56:50.0160 5780 BrFiltLo - ok
20:56:50.0166 5780 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:56:50.0168 5780 BrFiltUp - ok
20:56:50.0208 5780 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
20:56:50.0227 5780 BridgeMP - ok
20:56:50.0255 5780 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:56:50.0257 5780 Browser - ok
20:56:50.0273 5780 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:56:50.0296 5780 Brserid - ok
20:56:50.0301 5780 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:56:50.0319 5780 BrSerWdm - ok
20:56:50.0325 5780 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:56:50.0343 5780 BrUsbMdm - ok
20:56:50.0347 5780 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:56:50.0350 5780 BrUsbSer - ok
20:56:50.0401 5780 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
20:56:50.0419 5780 BthEnum - ok
20:56:50.0427 5780 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
20:56:50.0494 5780 BTHMODEM - ok
20:56:50.0524 5780 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
20:56:50.0529 5780 BthPan - ok
20:56:50.0553 5780 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
20:56:50.0605 5780 BTHPORT - ok
20:56:50.0641 5780 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:56:50.0644 5780 bthserv - ok
20:56:50.0660 5780 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
20:56:50.0679 5780 BTHUSB - ok
20:56:50.0698 5780 catchme - ok
20:56:50.0729 5780 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:56:50.0733 5780 cdfs - ok
20:56:50.0762 5780 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:56:50.0783 5780 cdrom - ok
20:56:50.0813 5780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:56:50.0816 5780 CertPropSvc - ok
20:56:50.0833 5780 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
20:56:50.0837 5780 circlass - ok
20:56:50.0859 5780 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:56:50.0905 5780 CLFS - ok
20:56:50.0958 5780 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:56:50.0966 5780 clr_optimization_v2.0.50727_32 - ok
20:56:50.0997 5780 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:56:51.0001 5780 clr_optimization_v2.0.50727_64 - ok
20:56:51.0047 5780 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:56:51.0053 5780 clr_optimization_v4.0.30319_32 - ok
20:56:51.0078 5780 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:56:51.0092 5780 clr_optimization_v4.0.30319_64 - ok
20:56:51.0125 5780 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
20:56:51.0146 5780 CmBatt - ok
20:56:51.0154 5780 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:56:51.0173 5780 cmdide - ok
20:56:51.0206 5780 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
20:56:51.0230 5780 CNG - ok
20:56:51.0311 5780 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
20:56:51.0317 5780 Com4QLBEx - ok
20:56:51.0343 5780 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
20:56:51.0369 5780 Compbatt - ok
20:56:51.0408 5780 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:56:51.0420 5780 CompositeBus - ok
20:56:51.0434 5780 COMSysApp - ok
20:56:51.0456 5780 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:56:51.0461 5780 crcdisk - ok
20:56:51.0493 5780 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:56:51.0496 5780 CryptSvc - ok
20:56:51.0520 5780 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:56:51.0532 5780 CSC - ok
20:56:51.0569 5780 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:56:51.0594 5780 CscService - ok
20:56:51.0629 5780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:56:51.0636 5780 DcomLaunch - ok
20:56:51.0663 5780 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:56:51.0671 5780 defragsvc - ok
20:56:51.0686 5780 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:56:51.0692 5780 DfsC - ok
20:56:51.0707 5780 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:56:51.0714 5780 Dhcp - ok
20:56:51.0726 5780 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:56:51.0764 5780 discache - ok
20:56:51.0818 5780 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:56:51.0851 5780 Disk - ok
20:56:51.0887 5780 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:56:51.0895 5780 dmvsc - ok
20:56:51.0925 5780 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:56:51.0931 5780 Dnscache - ok
20:56:51.0947 5780 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:56:51.0957 5780 dot3svc - ok
20:56:51.0975 5780 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:56:51.0979 5780 DPS - ok
20:56:52.0018 5780 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:56:52.0048 5780 drmkaud - ok
20:56:52.0072 5780 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:56:52.0079 5780 DXGKrnl - ok
20:56:52.0116 5780 [ D00EAE9C735A7DEE8049E50D73D25434 ] eamonm C:\Windows\system32\DRIVERS\eamonm.sys
20:56:52.0134 5780 eamonm - ok
20:56:52.0145 5780 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:56:52.0146 5780 EapHost - ok
20:56:52.0209 5780 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:56:52.0302 5780 ebdrv - ok
20:56:52.0318 5780 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:56:52.0333 5780 EFS - ok
20:56:52.0396 5780 [ 4E482716C4B7F2CCC2649EA626463A92 ] EgisTec Service C:\Program Files (x86)\SimplePass\HP SimplePass Identity Protection\EgisService.exe
20:56:52.0411 5780 EgisTec Service - ok
20:56:52.0458 5780 [ BB7F0A4CFA9D0E618758ADC5BAB8D14A ] EgisTec Ticket Service C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe
20:56:52.0474 5780 EgisTec Ticket Service - ok
20:56:52.0505 5780 [ E5EDDE3C8158DD0CBC5812F201DCDED0 ] ehdrv C:\Windows\system32\DRIVERS\ehdrv.sys
20:56:52.0536 5780 ehdrv - ok
20:56:52.0599 5780 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:56:52.0630 5780 ehRecvr - ok
20:56:52.0645 5780 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:56:52.0645 5780 ehSched - ok
20:56:52.0723 5780 [ AD4FAADE819E0DA9933BEA7C01D2C763 ] ekrn C:\Program Files\ESET\x86\ekrn.exe
20:56:52.0739 5780 ekrn - ok
20:56:52.0786 5780 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:56:52.0817 5780 elxstor - ok
20:56:52.0833 5780 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
20:56:52.0833 5780 enecir - ok
20:56:52.0848 5780 [ 3EBB7FD3C605262B942868A1D840F4F1 ] epfwwfpr C:\Windows\system32\DRIVERS\epfwwfpr.sys
20:56:52.0864 5780 epfwwfpr - ok
20:56:52.0879 5780 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:56:52.0911 5780 ErrDev - ok
20:56:52.0973 5780 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:56:52.0989 5780 EventSystem - ok
20:56:53.0004 5780 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:56:53.0051 5780 exfat - ok
20:56:53.0067 5780 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:56:53.0098 5780 fastfat - ok
20:56:53.0129 5780 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:56:53.0145 5780 Fax - ok
20:56:53.0160 5780 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:56:53.0194 5780 fdc - ok
20:56:53.0208 5780 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:56:53.0211 5780 fdPHost - ok
20:56:53.0220 5780 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:56:53.0223 5780 FDResPub - ok
20:56:53.0235 5780 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:56:53.0253 5780 FileInfo - ok
20:56:53.0263 5780 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:56:53.0286 5780 Filetrace - ok
20:56:53.0298 5780 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:56:53.0302 5780 flpydisk - ok
20:56:53.0331 5780 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:56:53.0369 5780 FltMgr - ok
20:56:53.0413 5780 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:56:53.0438 5780 FontCache - ok
20:56:53.0486 5780 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:56:53.0489 5780 FontCache3.0.0.0 - ok
20:56:53.0502 5780 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:56:53.0527 5780 FsDepends - ok
20:56:53.0564 5780 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:56:53.0582 5780 Fs_Rec - ok
20:56:53.0601 5780 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:56:53.0642 5780 fvevol - ok
20:56:53.0661 5780 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:56:53.0709 5780 gagp30kx - ok
20:56:53.0730 5780 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:56:53.0752 5780 gpsvc - ok
20:56:53.0758 5780 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:56:53.0762 5780 hcw85cir - ok
20:56:53.0806 5780 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:56:53.0813 5780 HdAudAddService - ok
20:56:53.0828 5780 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:56:53.0832 5780 HDAudBus - ok
20:56:53.0845 5780 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:56:53.0879 5780 HidBatt - ok
20:56:53.0890 5780 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:56:53.0909 5780 HidBth - ok
20:56:53.0933 5780 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
20:56:53.0966 5780 HidIr - ok
20:56:53.0976 5780 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
20:56:53.0980 5780 hidserv - ok
20:56:54.0016 5780 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:56:54.0033 5780 HidUsb - ok
20:56:54.0060 5780 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:56:54.0064 5780 hkmsvc - ok
20:56:54.0079 5780 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:56:54.0086 5780 HomeGroupListener - ok
20:56:54.0105 5780 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:56:54.0110 5780 HomeGroupProvider - ok
20:56:54.0142 5780 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
20:56:54.0147 5780 hpdskflt - ok
20:56:54.0164 5780 [ 39A95F083FF1D623CA95D9D30BBAEB46 ] HpGmb001 C:\Windows\system32\DRIVERS\HpGmb001.SYS
20:56:54.0179 5780 HpGmb001 - ok
20:56:54.0210 5780 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
20:56:54.0226 5780 HpqKbFiltr - ok
20:56:54.0257 5780 [ FDF273A845F1FFCCEADF363AAF47582F ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
20:56:54.0257 5780 hpqwmiex - ok
20:56:54.0273 5780 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:56:54.0288 5780 HpSAMD - ok
20:56:54.0288 5780 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
20:56:54.0304 5780 hpsrv - ok
20:56:54.0320 5780 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:56:54.0366 5780 HTTP - ok
20:56:54.0382 5780 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:56:54.0398 5780 hwpolicy - ok
20:56:54.0413 5780 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:56:54.0429 5780 i8042prt - ok
20:56:54.0444 5780 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:56:54.0476 5780 iaStorV - ok
20:56:54.0522 5780 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:56:54.0554 5780 idsvc - ok
20:56:54.0585 5780 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:56:54.0585 5780 iirsp - ok
20:56:54.0616 5780 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:56:54.0647 5780 IKEEXT - ok
20:56:54.0663 5780 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:56:54.0678 5780 intelide - ok
20:56:54.0694 5780 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
20:56:54.0725 5780 intelppm - ok
20:56:54.0741 5780 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:56:54.0741 5780 IPBusEnum - ok
20:56:54.0756 5780 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:56:54.0756 5780 IpFilterDriver - ok
20:56:54.0788 5780 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:56:54.0788 5780 iphlpsvc - ok
20:56:54.0803 5780 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:56:54.0803 5780 IPMIDRV - ok
20:56:54.0819 5780 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:56:54.0834 5780 IPNAT - ok
20:56:54.0850 5780 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:56:54.0850 5780 IRENUM - ok
20:56:54.0866 5780 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:56:54.0881 5780 isapnp - ok
20:56:54.0897 5780 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:56:54.0928 5780 iScsiPrt - ok
20:56:54.0975 5780 [ 54DF9EAFB54A98E1A2AC3DB69C16CF05 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
20:56:55.0022 5780 JMCR - ok
20:56:55.0037 5780 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:56:55.0037 5780 kbdclass - ok
20:56:55.0053 5780 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:56:55.0068 5780 kbdhid - ok
20:56:55.0068 5780 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:56:55.0068 5780 KeyIso - ok
20:56:55.0100 5780 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:56:55.0100 5780 KSecDD - ok
20:56:55.0131 5780 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:56:55.0131 5780 KSecPkg - ok
20:56:55.0146 5780 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:56:55.0162 5780 ksthunk - ok
20:56:55.0178 5780 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:56:55.0201 5780 KtmRm - ok
20:56:55.0221 5780 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
20:56:55.0228 5780 LanmanServer - ok
20:56:55.0249 5780 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:56:55.0254 5780 LanmanWorkstation - ok
20:56:55.0298 5780 [ EE963D96BFD97E54BA6CE6D2AC58DE35 ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
20:56:56.0045 5780 LightScribeService - ok
20:56:56.0119 5780 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:56:56.0153 5780 lltdio - ok
20:56:56.0174 5780 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:56:56.0182 5780 lltdsvc - ok
20:56:56.0195 5780 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:56:56.0195 5780 lmhosts - ok
20:56:56.0226 5780 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:56:56.0242 5780 LSI_FC - ok
20:56:56.0258 5780 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:56:56.0273 5780 LSI_SAS - ok
20:56:56.0273 5780 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:56:56.0304 5780 LSI_SAS2 - ok
20:56:56.0304 5780 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:56:56.0336 5780 LSI_SCSI - ok
20:56:56.0336 5780 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:56:56.0336 5780 luafv - ok
20:56:56.0351 5780 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:56:56.0367 5780 Mcx2Svc - ok
20:56:56.0382 5780 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:56:56.0414 5780 megasas - ok
20:56:56.0429 5780 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:56:56.0445 5780 MegaSR - ok
20:56:56.0476 5780 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:56:56.0476 5780 MMCSS - ok
20:56:56.0492 5780 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:56:56.0507 5780 Modem - ok
20:56:56.0507 5780 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:56:56.0523 5780 monitor - ok
20:56:56.0554 5780 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:56:56.0554 5780 mouclass - ok
20:56:56.0570 5780 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:56:56.0585 5780 mouhid - ok
20:56:56.0585 5780 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:56:56.0601 5780 mountmgr - ok
20:56:56.0648 5780 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
20:56:56.0663 5780 MozillaMaintenance - ok
20:56:56.0679 5780 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:56:56.0694 5780 mpio - ok
20:56:56.0710 5780 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:56:56.0741 5780 mpsdrv - ok
20:56:56.0757 5780 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:56:56.0788 5780 MpsSvc - ok
20:56:56.0819 5780 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:56:56.0819 5780 MRxDAV - ok
20:56:56.0850 5780 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:56:56.0850 5780 mrxsmb - ok
20:56:56.0866 5780 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:56:56.0928 5780 mrxsmb10 - ok
20:56:56.0928 5780 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:56:56.0944 5780 mrxsmb20 - ok
20:56:56.0960 5780 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:56:56.0975 5780 msahci - ok
20:56:56.0991 5780 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:56:57.0022 5780 msdsm - ok
20:56:57.0038 5780 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:56:57.0038 5780 MSDTC - ok
20:56:57.0069 5780 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:56:57.0069 5780 Msfs - ok
20:56:57.0100 5780 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:56:57.0100 5780 mshidkmdf - ok
20:56:57.0116 5780 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:56:57.0131 5780 msisadrv - ok
20:56:57.0162 5780 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:56:57.0162 5780 MSiSCSI - ok
20:56:57.0178 5780 msiserver - ok
20:56:57.0217 5780 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:56:57.0219 5780 MSKSSRV - ok
20:56:57.0243 5780 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:56:57.0244 5780 MSPCLOCK - ok
20:56:57.0250 5780 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:56:57.0268 5780 MSPQM - ok
20:56:57.0286 5780 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:56:57.0294 5780 MsRPC - ok
20:56:57.0309 5780 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:56:57.0311 5780 mssmbios - ok
20:56:57.0316 5780 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:56:57.0319 5780 MSTEE - ok
20:56:57.0331 5780 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:56:57.0334 5780 MTConfig - ok
20:56:57.0350 5780 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:56:57.0370 5780 Mup - ok
20:56:57.0415 5780 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:56:57.0426 5780 napagent - ok
20:56:57.0465 5780 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:56:57.0521 5780 NativeWifiP - ok
20:56:57.0568 5780 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:56:57.0590 5780 NDIS - ok
20:56:57.0614 5780 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:56:57.0633 5780 NdisCap - ok
20:56:57.0660 5780 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:56:57.0663 5780 NdisTapi - ok
20:56:57.0670 5780 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:56:57.0673 5780 Ndisuio - ok
20:56:57.0688 5780 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:56:57.0709 5780 NdisWan - ok
20:56:57.0718 5780 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:56:57.0752 5780 NDProxy - ok
20:56:57.0765 5780 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:56:57.0784 5780 NetBIOS - ok
20:56:57.0802 5780 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:56:57.0831 5780 NetBT - ok
20:56:57.0844 5780 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:56:57.0845 5780 Netlogon - ok
20:56:57.0881 5780 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:56:57.0886 5780 Netman - ok
20:56:57.0907 5780 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:56:57.0917 5780 netprofm - ok
20:56:57.0973 5780 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:56:57.0980 5780 NetTcpPortSharing - ok
20:56:58.0013 5780 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:56:58.0056 5780 nfrd960 - ok
20:56:58.0092 5780 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:56:58.0099 5780 NlaSvc - ok
20:56:58.0122 5780 [ 5FE6F8C05F0769BBB74AFAC11453B182 ] nmwcd C:\Windows\system32\drivers\ccdcmbx64.sys
20:56:58.0140 5780 nmwcd - ok
20:56:58.0175 5780 [ 73C929945C0850B8D1FE2FEA05FDF05D ] nmwcdc C:\Windows\system32\drivers\ccdcmbox64.sys
20:56:58.0194 5780 nmwcdc - ok
20:56:58.0203 5780 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:56:58.0211 5780 Npfs - ok
20:56:58.0227 5780 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:56:58.0227 5780 nsi - ok
20:56:58.0242 5780 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:56:58.0258 5780 nsiproxy - ok
20:56:58.0305 5780 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:56:58.0336 5780 Ntfs - ok
20:56:58.0352 5780 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:56:58.0367 5780 Null - ok
20:56:58.0414 5780 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:56:58.0445 5780 nvraid - ok
20:56:58.0461 5780 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:56:58.0492 5780 nvstor - ok
20:56:58.0523 5780 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:56:58.0539 5780 nv_agp - ok
20:56:58.0554 5780 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:56:58.0586 5780 ohci1394 - ok
20:56:58.0617 5780 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
20:56:58.0632 5780 ose - ok
20:56:58.0773 5780 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
20:56:58.0898 5780 osppsvc - ok
20:56:58.0929 5780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:56:58.0944 5780 p2pimsvc - ok
20:56:58.0960 5780 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:56:58.0960 5780 p2psvc - ok
20:56:58.0976 5780 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
20:56:58.0991 5780 Parport - ok
20:56:59.0022 5780 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:56:59.0038 5780 partmgr - ok
20:56:59.0054 5780 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:56:59.0054 5780 PcaSvc - ok
20:56:59.0116 5780 [ 3FDE033DFB0D07F8B7D5C9A3044AA121 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
20:56:59.0163 5780 pccsmcfd - ok
20:56:59.0178 5780 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:56:59.0232 5780 pci - ok
20:56:59.0241 5780 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:56:59.0259 5780 pciide - ok
20:56:59.0277 5780 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:56:59.0300 5780 pcmcia - ok
20:56:59.0312 5780 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:56:59.0331 5780 pcw - ok
20:56:59.0357 5780 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:56:59.0384 5780 PEAUTH - ok
20:56:59.0423 5780 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:56:59.0457 5780 PeerDistSvc - ok
20:56:59.0514 5780 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:56:59.0519 5780 PerfHost - ok
20:56:59.0559 5780 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:56:59.0601 5780 pla - ok
20:56:59.0646 5780 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:56:59.0667 5780 PlugPlay - ok
20:56:59.0765 5780 [ 734D9EB27B76B2BA9F5030405345C707 ] PMBDeviceInfoProvider C:\Program Files (x86)\PlayMemories Home\PMBDeviceInfoProvider.exe
20:56:59.0774 5780 PMBDeviceInfoProvider - ok
20:56:59.0796 5780 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:56:59.0802 5780 PNRPAutoReg - ok
20:56:59.0822 5780 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:56:59.0828 5780 PNRPsvc - ok
20:56:59.0864 5780 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:56:59.0889 5780 PolicyAgent - ok
20:56:59.0913 5780 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:56:59.0921 5780 Power - ok
20:56:59.0961 5780 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:57:00.0025 5780 PptpMiniport - ok
20:57:00.0043 5780 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:57:00.0062 5780 Processor - ok
20:57:00.0083 5780 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:57:00.0089 5780 ProfSvc - ok
20:57:00.0104 5780 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:57:00.0106 5780 ProtectedStorage - ok
20:57:00.0118 5780 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:57:00.0142 5780 Psched - ok
20:57:00.0175 5780 [ BC08F7F3C53CBEE68670ED1314E290FD ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
20:57:00.0219 5780 PxHlpa64 - ok
20:57:00.0267 5780 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:57:00.0314 5780 ql2300 - ok
20:57:00.0329 5780 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:57:00.0329 5780 ql40xx - ok
20:57:00.0345 5780 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:57:00.0361 5780 QWAVE - ok
20:57:00.0361 5780 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:57:00.0392 5780 QWAVEdrv - ok
20:57:00.0392 5780 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:57:00.0423 5780 RasAcd - ok
20:57:00.0454 5780 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:57:00.0454 5780 RasAgileVpn - ok
20:57:00.0470 5780 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:57:00.0470 5780 RasAuto - ok
20:57:00.0485 5780 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:57:00.0517 5780 Rasl2tp - ok
20:57:00.0532 5780 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:57:00.0548 5780 RasMan - ok
20:57:00.0548 5780 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:57:00.0563 5780 RasPppoe - ok
20:57:00.0563 5780 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:57:00.0595 5780 RasSstp - ok
20:57:00.0610 5780 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:57:00.0610 5780 rdbss - ok
20:57:00.0626 5780 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:57:00.0657 5780 rdpbus - ok
20:57:00.0673 5780 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:57:00.0673 5780 RDPCDD - ok
20:57:00.0704 5780 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:57:00.0735 5780 RDPDR - ok
20:57:00.0766 5780 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:57:00.0766 5780 RDPENCDD - ok
20:57:00.0782 5780 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:57:00.0782 5780 RDPREFMP - ok
20:57:00.0844 5780 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
20:57:00.0844 5780 RdpVideoMiniport - ok
20:57:00.0875 5780 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:57:00.0907 5780 RDPWD - ok
20:57:00.0922 5780 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:57:00.0922 5780 rdyboost - ok
20:57:00.0953 5780 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:57:00.0953 5780 RemoteAccess - ok
20:57:00.0985 5780 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:57:00.0985 5780 RemoteRegistry - ok
20:57:01.0016 5780 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
20:57:01.0031 5780 RFCOMM - ok
20:57:01.0047 5780 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:57:01.0063 5780 RpcEptMapper - ok
20:57:01.0078 5780 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:57:01.0078 5780 RpcLocator - ok
20:57:01.0109 5780 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:57:01.0109 5780 RpcSs - ok
20:57:01.0125 5780 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:57:01.0141 5780 rspndr - ok
20:57:01.0156 5780 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:57:01.0203 5780 RTL8167 - ok
20:57:01.0219 5780 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:57:01.0219 5780 s3cap - ok
20:57:01.0243 5780 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:57:01.0245 5780 SamSs - ok
20:57:01.0264 5780 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:57:01.0284 5780 sbp2port - ok
20:57:01.0304 5780 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:57:01.0311 5780 SCardSvr - ok
20:57:01.0321 5780 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:57:01.0339 5780 scfilter - ok
20:57:01.0366 5780 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:57:01.0375 5780 Schedule - ok
20:57:01.0391 5780 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:57:01.0392 5780 SCPolicySvc - ok
20:57:01.0419 5780 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
20:57:01.0423 5780 sdbus - ok
20:57:01.0442 5780 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:57:01.0449 5780 SDRSVC - ok
20:57:01.0478 5780 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:57:01.0497 5780 secdrv - ok
20:57:01.0511 5780 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:57:01.0515 5780 seclogon - ok
20:57:01.0527 5780 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
20:57:01.0531 5780 SENS - ok
20:57:01.0545 5780 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:57:01.0550 5780 SensrSvc - ok
20:57:01.0565 5780 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
20:57:01.0584 5780 Serenum - ok
20:57:01.0599 5780 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
20:57:01.0660 5780 Serial - ok
20:57:01.0675 5780 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:57:01.0694 5780 sermouse - ok
20:57:01.0783 5780 [ E90CE237E99C5D26CB3872318A7799D0 ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
20:57:01.0826 5780 ServiceLayer - ok
20:57:01.0858 5780 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:57:01.0863 5780 SessionEnv - ok
20:57:01.0868 5780 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:57:01.0885 5780 sffdisk - ok
20:57:01.0891 5780 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:57:01.0909 5780 sffp_mmc - ok
20:57:01.0913 5780 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:57:01.0916 5780 sffp_sd - ok
20:57:01.0922 5780 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:57:01.0940 5780 sfloppy - ok
20:57:01.0972 5780 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:57:01.0980 5780 SharedAccess - ok
20:57:01.0995 5780 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:57:02.0000 5780 ShellHWDetection - ok
20:57:02.0027 5780 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:57:02.0061 5780 SiSRaid2 - ok
20:57:02.0072 5780 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:57:02.0091 5780 SiSRaid4 - ok
20:57:02.0133 5780 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
20:57:02.0166 5780 SkypeUpdate - ok
20:57:02.0200 5780 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:57:02.0206 5780 Smb - ok
20:57:02.0239 5780 [ 10450F432811D7FDA60A97FCC674D7B2 ] snapman C:\Windows\system32\DRIVERS\snapman.sys
20:57:02.0270 5780 snapman - ok
20:57:02.0301 5780 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:57:02.0301 5780 SNMPTRAP - ok
20:57:02.0317 5780 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:57:02.0348 5780 spldr - ok
20:57:02.0379 5780 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:57:02.0379 5780 Spooler - ok
20:57:02.0457 5780 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:57:02.0488 5780 sppsvc - ok
20:57:02.0488 5780 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:57:02.0504 5780 sppuinotify - ok
20:57:02.0551 5780 [ 34F974F8B3C86DE03A30DCBE79091C97 ] sptd C:\Windows\system32\Drivers\sptd.sys
20:57:02.0551 5780 Suspicious file (NoAccess): C:\Windows\system32\Drivers\sptd.sys. md5: 34F974F8B3C86DE03A30DCBE79091C97
20:57:02.0551 5780 sptd ( LockedFile.Multi.Generic ) - warning
20:57:02.0551 5780 sptd - detected LockedFile.Multi.Generic (1)
20:57:02.0582 5780 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:57:02.0644 5780 srv - ok
20:57:02.0644 5780 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:57:02.0675 5780 srv2 - ok
20:57:02.0691 5780 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:57:02.0707 5780 srvnet - ok
20:57:02.0738 5780 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:57:02.0738 5780 SSDPSRV - ok
20:57:02.0738 5780 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:57:02.0753 5780 SstpSvc - ok
20:57:02.0867 5780 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
20:57:02.0869 5780 STacSV - ok
20:57:02.0901 5780 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:57:02.0904 5780 stexstor - ok
20:57:02.0932 5780 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
20:57:02.0957 5780 STHDA - ok
20:57:02.0988 5780 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:57:03.0006 5780 stisvc - ok
20:57:03.0025 5780 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:57:03.0029 5780 storflt - ok
20:57:03.0047 5780 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:57:03.0051 5780 StorSvc - ok
20:57:03.0076 5780 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:57:03.0095 5780 storvsc - ok
20:57:03.0108 5780 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:57:03.0125 5780 swenum - ok
20:57:03.0297 5780 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
20:57:03.0324 5780 SwitchBoard - ok
20:57:03.0360 5780 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:57:03.0381 5780 swprv - ok
20:57:03.0441 5780 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
20:57:03.0476 5780 SynTP - ok
20:57:03.0538 5780 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:57:03.0572 5780 SysMain - ok
20:57:03.0584 5780 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:57:03.0589 5780 TabletInputService - ok
20:57:03.0603 5780 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:57:03.0608 5780 TapiSrv - ok
20:57:03.0615 5780 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:57:03.0618 5780 TBS - ok
20:57:03.0671 5780 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:57:03.0692 5780 Tcpip - ok
20:57:03.0748 5780 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:57:03.0758 5780 TCPIP6 - ok
20:57:03.0775 5780 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:57:03.0779 5780 tcpipreg - ok
20:57:03.0793 5780 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:57:03.0811 5780 TDPIPE - ok
20:57:03.0863 5780 [ 99527D49EE0A96FC25537C61B270A372 ] tdrpman273 C:\Windows\system32\DRIVERS\tdrpm273.sys
20:57:03.0888 5780 tdrpman273 - ok
20:57:03.0906 5780 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:57:03.0917 5780 TDTCP - ok
20:57:03.0932 5780 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:57:03.0949 5780 tdx - ok
20:57:03.0955 5780 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:57:03.0972 5780 TermDD - ok
20:57:03.0991 5780 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:57:03.0998 5780 TermService - ok
20:57:04.0023 5780 [ 9201BE2BAB8A9FF8E20D8439AE3BB04D ] Themes C:\Windows\system32\themeservice.dll
20:57:04.0028 5780 Themes - ok
20:57:04.0053 5780 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:57:04.0055 5780 THREADORDER - ok
20:57:04.0085 5780 [ EBBAEA02F0095A798000C7E06B16D41B ] timounter C:\Windows\system32\DRIVERS\timntr.sys
20:57:04.0135 5780 timounter - ok
20:57:04.0150 5780 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:57:04.0150 5780 TrkWks - ok
20:57:04.0196 5780 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:57:04.0196 5780 TrustedInstaller - ok
20:57:04.0212 5780 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:57:04.0212 5780 tssecsrv - ok
20:57:04.0265 5780 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:57:04.0269 5780 TsUsbFlt - ok
20:57:04.0295 5780 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:57:04.0978 5780 TsUsbGD - ok
20:57:05.0014 5780 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:57:05.0043 5780 tunnel - ok
20:57:05.0060 5780 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:57:05.0080 5780 uagp35 - ok
20:57:05.0096 5780 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:57:05.0104 5780 udfs - ok
20:57:05.0135 5780 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:57:05.0140 5780 UI0Detect - ok
20:57:05.0160 5780 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:57:05.0179 5780 uliagpkx - ok
20:57:05.0210 5780 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:57:05.0215 5780 umbus - ok
20:57:05.0231 5780 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:57:05.0246 5780 UmPass - ok
20:57:05.0278 5780 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:57:05.0293 5780 UmRdpService - ok
20:57:05.0309 5780 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:57:05.0324 5780 upnphost - ok
20:57:05.0356 5780 [ 34AFB83C7BBA370E404E52CC2290350C ] upperdev C:\Windows\system32\DRIVERS\usbser_lowerfltx64.sys
20:57:05.0371 5780 upperdev - ok
20:57:05.0402 5780 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:57:05.0480 5780 usbccgp - ok
20:57:05.0512 5780 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:57:05.0512 5780 usbcir - ok
20:57:05.0527 5780 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:57:05.0558 5780 usbehci - ok
20:57:05.0574 5780 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:57:05.0590 5780 usbhub - ok
20:57:05.0605 5780 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
20:57:05.0621 5780 usbohci - ok
20:57:05.0636 5780 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:57:05.0652 5780 usbprint - ok
20:57:05.0699 5780 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\drivers\usbser.sys
20:57:05.0714 5780 usbser - ok
20:57:05.0730 5780 [ AA75E1EFBEE7186B4CBAAACF1F15E6CA ] UsbserFilt C:\Windows\system32\DRIVERS\usbser_lowerfltjx64.sys
20:57:05.0746 5780 UsbserFilt - ok
20:57:05.0777 5780 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
20:57:05.0808 5780 USBSTOR - ok
20:57:05.0824 5780 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
20:57:05.0839 5780 usbuhci - ok
20:57:05.0870 5780 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
20:57:05.0886 5780 usbvideo - ok
20:57:05.0917 5780 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:57:05.0922 5780 UxSms - ok
20:57:05.0930 5780 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:57:05.0932 5780 VaultSvc - ok
20:57:05.0987 5780 [ 2662F24C7AEE2A32CEBDEC907A5366F1 ] vcsFPService C:\Windows\system32\vcsFPService.exe
20:57:06.0030 5780 vcsFPService - ok
20:57:06.0061 5780 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:57:06.0095 5780 vdrvroot - ok
20:57:06.0113 5780 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:57:06.0134 5780 vds - ok
20:57:06.0147 5780 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:57:06.0151 5780 vga - ok
20:57:06.0167 5780 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:57:06.0185 5780 VgaSave - ok
20:57:06.0201 5780 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:57:06.0226 5780 vhdmp - ok
20:57:06.0260 5780 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:57:06.0278 5780 viaide - ok
20:57:06.0301 5780 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:57:06.0362 5780 vmbus - ok
20:57:06.0379 5780 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:57:06.0398 5780 VMBusHID - ok
20:57:06.0410 5780 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:57:06.0443 5780 volmgr - ok
20:57:06.0459 5780 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:57:06.0466 5780 volmgrx - ok
20:57:06.0495 5780 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:57:06.0526 5780 volsnap - ok
20:57:06.0557 5780 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:57:06.0579 5780 vsmraid - ok
20:57:06.0619 5780 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:57:06.0640 5780 VSS - ok
20:57:06.0650 5780 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
20:57:06.0675 5780 vwifibus - ok
20:57:06.0690 5780 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
20:57:06.0694 5780 vwififlt - ok
20:57:06.0715 5780 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:57:06.0724 5780 W32Time - ok
20:57:06.0733 5780 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:57:06.0736 5780 WacomPen - ok
20:57:06.0770 5780 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:57:06.0789 5780 WANARP - ok
20:57:06.0793 5780 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:57:06.0795 5780 Wanarpv6 - ok
20:57:06.0854 5780 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
20:57:06.0905 5780 WatAdminSvc - ok
20:57:06.0942 5780 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:57:06.0985 5780 wbengine - ok
20:57:07.0009 5780 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:57:07.0017 5780 WbioSrvc - ok
20:57:07.0056 5780 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:57:07.0076 5780 wcncsvc - ok
20:57:07.0084 5780 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:57:07.0090 5780 WcsPlugInService - ok
20:57:07.0107 5780 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:57:07.0111 5780 Wd - ok
20:57:07.0133 5780 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:57:07.0158 5780 Wdf01000 - ok
20:57:07.0164 5780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:57:07.0168 5780 WdiServiceHost - ok
20:57:07.0173 5780 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:57:07.0176 5780 WdiSystemHost - ok
20:57:07.0205 5780 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:57:07.0213 5780 WebClient - ok
20:57:07.0222 5780 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:57:07.0222 5780 Wecsvc - ok
20:57:07.0237 5780 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:57:07.0237 5780 wercplsupport - ok
20:57:07.0253 5780 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:57:07.0253 5780 WerSvc - ok
20:57:07.0284 5780 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:57:07.0300 5780 WfpLwf - ok
20:57:07.0315 5780 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:57:07.0331 5780 WIMMount - ok
20:57:07.0362 5780 WinDefend - ok
20:57:07.0362 5780 WinHttpAutoProxySvc - ok
20:57:07.0409 5780 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:57:07.0425 5780 Winmgmt - ok
20:57:07.0487 5780 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:57:07.0565 5780 WinRM - ok
20:57:07.0627 5780 [ FE88B288356E7B47B74B13372ADD906D ] WinUSB C:\Windows\system32\DRIVERS\WinUSB.sys
20:57:07.0643 5780 WinUSB - ok
20:57:07.0690 5780 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:57:07.0721 5780 Wlansvc - ok
20:57:07.0737 5780 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:57:07.0752 5780 WmiAcpi - ok
20:57:07.0815 5780 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:57:07.0830 5780 wmiApSrv - ok
20:57:07.0830 5780 WMPNetworkSvc - ok
20:57:07.0846 5780 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:57:07.0846 5780 WPCSvc - ok
20:57:07.0861 5780 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:57:07.0861 5780 WPDBusEnum - ok
20:57:07.0893 5780 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:57:07.0908 5780 ws2ifsl - ok
20:57:07.0939 5780 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
20:57:07.0939 5780 wscsvc - ok
20:57:07.0939 5780 WSearch - ok
20:57:08.0002 5780 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:57:08.0064 5780 wuauserv - ok
20:57:08.0080 5780 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:57:08.0095 5780 WudfPf - ok
20:57:08.0127 5780 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:57:08.0158 5780 WUDFRd - ok
20:57:08.0173 5780 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:57:08.0173 5780 wudfsvc - ok
20:57:08.0189 5780 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:57:08.0205 5780 WwanSvc - ok
20:57:08.0220 5780 ================ Scan global ===============================
20:57:08.0236 5780 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:57:08.0267 5780 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:57:08.0279 5780 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
20:57:08.0299 5780 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:57:08.0326 5780 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:57:08.0331 5780 [Global] - ok
20:57:08.0331 5780 ================ Scan MBR ==================================
20:57:08.0341 5780 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:57:08.0948 5780 \Device\Harddisk0\DR0 - ok
20:57:08.0952 5780 [ 5ACDD84542736BD9118DE4B4A0D7C86F ] \Device\Harddisk1\DR4
20:57:11.0333 5780 \Device\Harddisk1\DR4 - ok
20:57:11.0333 5780 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk2\DR5
20:57:11.0707 5780 \Device\Harddisk2\DR5 - ok
20:57:11.0707 5780 ================ Scan VBR ==================================
20:57:11.0723 5780 [ 362061C67D76696E30ECE3EFC4C9C255 ] \Device\Harddisk0\DR0\Partition1
20:57:11.0723 5780 \Device\Harddisk0\DR0\Partition1 - ok
20:57:11.0738 5780 [ 78B200F7827B1F580F1FBAE9FF27A2C2 ] \Device\Harddisk0\DR0\Partition2
20:57:11.0754 5780 \Device\Harddisk0\DR0\Partition2 - ok
20:57:11.0785 5780 [ EF29268B87874ED177A8CFAEF98302A7 ] \Device\Harddisk0\DR0\Partition3
20:57:11.0785 5780 \Device\Harddisk0\DR0\Partition3 - ok
20:57:11.0785 5780 [ 033D289BEAAE5B11BB4BA39382B7125A ] \Device\Harddisk1\DR4\Partition1
20:57:11.0785 5780 \Device\Harddisk1\DR4\Partition1 - ok
20:57:11.0801 5780 [ 909DB6DDC4A409189ED3F38DBCEBAE9F ] \Device\Harddisk2\DR5\Partition1
20:57:11.0801 5780 \Device\Harddisk2\DR5\Partition1 - ok
20:57:11.0801 5780 ============================================================
20:57:11.0801 5780 Scan finished
20:57:11.0801 5780 ============================================================
20:57:11.0816 5800 Detected object count: 1
20:57:11.0816 5800 Actual detected object count: 1
20:57:32.0096 5800 sptd ( LockedFile.Multi.Generic ) - skipped by user
20:57:32.0096 5800 sptd ( LockedFile.Multi.Generic ) - User select action: Skip

[Rudy]

OK. Nastala nějaká změna?

[Michal_Tuma]

Bohužel, teď to zase 2x spadlo. Nevím kde je chyba, nastavení proxy jsem projel snad 10x, antivir taky nic nenajde.

[Rudy]

Udělejte ještě sken AVPTool: http://www.viry.cz/forum/viewtopic.php?f=29&t=58179 a dejte log.

[Michal_Tuma]

Tak log dle návodu nemohu vložit, protože nebyla žádná hrozba nalezena.